[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 6 20:10:51 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d308317f by security tracker role at 2023-03-06T20:10:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-27853
+ RESERVED
+CVE-2023-27852
+ RESERVED
+CVE-2023-27851
+ RESERVED
+CVE-2023-27850
+ RESERVED
+CVE-2023-1205
+ RESERVED
+CVE-2023-1204
+ RESERVED
+CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...)
+ TODO: check
+CVE-2023-1202
+ RESERVED
+CVE-2023-1201
+ RESERVED
+CVE-2023-1200 (A vulnerability was found in ehuacui bbs. It has been declared as prob ...)
+ TODO: check
+CVE-2023-1199
+ RESERVED
+CVE-2023-1198
+ RESERVED
+CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...)
+ TODO: check
+CVE-2023-1196
+ RESERVED
+CVE-2023-1195
+ RESERVED
+CVE-2023-1194
+ RESERVED
+CVE-2023-1193
+ RESERVED
+CVE-2023-1192
+ RESERVED
+CVE-2023-1191 (A vulnerability classified as problematic has been found in fastcms. T ...)
+ TODO: check
+CVE-2023-1190 (A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has b ...)
+ TODO: check
+CVE-2023-1189 (A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. ...)
+ TODO: check
+CVE-2023-1188 (A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8. ...)
+ TODO: check
+CVE-2023-1187 (A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8. ...)
+ TODO: check
+CVE-2023-1186 (A vulnerability has been found in FabulaTech Webcam for Remote Desktop ...)
+ TODO: check
+CVE-2023-1185 (A vulnerability, which was classified as problematic, was found in ECs ...)
+ TODO: check
+CVE-2020-36666
+ RESERVED
CVE-2023-XXXX [Transaction cache overrides the current user]
- tryton-server 6.0.29-1
[bullseye] - tryton-server <not-affected> (Vulnerable code not present)
@@ -439,8 +491,8 @@ CVE-2023-1183
RESERVED
CVE-2023-1182
RESERVED
-CVE-2022-48364
- RESERVED
+CVE-2022-48364 (The undo_mark_statuses_as_sensitive method in app/services/approve_app ...)
+ TODO: check
CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary ...)
- debian-goodies <unfixed> (bug #1031267)
[bullseye] - debian-goodies <no-dsa> (Minor issue; user prompted before execution)
@@ -528,16 +580,16 @@ CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim
- vim 2:9.0.1378-1
NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
NOTE: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba (v9.0.1378)
-CVE-2022-4930
- RESERVED
+CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin sysPass ...)
+ TODO: check
CVE-2017-20181
RESERVED
-CVE-2017-20180
- RESERVED
+CVE-2017-20180 (A vulnerability classified as critical has been found in Zerocoin libz ...)
+ TODO: check
CVE-2015-10095
RESERVED
-CVE-2015-10094
- RESERVED
+CVE-2015-10094 (A vulnerability was found in Fastly Plugin up to 0.97. It has been rat ...)
+ TODO: check
CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. ...)
NOT-FOR-US: Mark User as Spammer Plugin
CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It h ...)
@@ -926,8 +978,8 @@ CVE-2023-27476
RESERVED
CVE-2023-27475
RESERVED
-CVE-2023-27474
- RESERVED
+CVE-2023-27474 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
CVE-2023-27473
RESERVED
CVE-2023-27472
@@ -3693,8 +3745,8 @@ CVE-2023-26316
RESERVED
CVE-2023-26315
RESERVED
-CVE-2023-0979
- RESERVED
+CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-0978
RESERVED
CVE-2023-0977
@@ -5216,8 +5268,8 @@ CVE-2023-0841 (A vulnerability, which was classified as critical, has been found
- gpac <undetermined>
CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1.1.1. ...)
NOT-FOR-US: PHPCrazy
-CVE-2023-0839
- RESERVED
+CVE-2023-0839 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...)
+ TODO: check
CVE-2023-0838
RESERVED
CVE-2023-0837
@@ -6795,8 +6847,8 @@ CVE-2023-25306
RESERVED
CVE-2023-25305
RESERVED
-CVE-2023-25304
- RESERVED
+CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal. ...)
+ TODO: check
CVE-2023-25303
RESERVED
CVE-2023-25302
@@ -8183,8 +8235,8 @@ CVE-2023-24791
RESERVED
CVE-2023-24790
RESERVED
-CVE-2023-24789
- RESERVED
+CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...)
+ TODO: check
CVE-2023-24788
RESERVED
CVE-2023-24787
@@ -10944,8 +10996,8 @@ CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does not
NOT-FOR-US: WordPress plugin
CVE-2023-0378 (The Greenshift WordPress plugin before 5.0 does not validate and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0377
- RESERVED
+CVE-2023-0377 (The Scriptless Social Sharing WordPress plugin before 3.2.2 does not v ...)
+ TODO: check
CVE-2023-0376
RESERVED
CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not valida ...)
@@ -11541,8 +11593,8 @@ CVE-2023-23597
RESERVED
- firefox 109.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23597
-CVE-2023-0328
- RESERVED
+CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7 does not have adequate privil ...)
+ TODO: check
CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been class ...)
NOT-FOR-US: saemorris TheRadSystem
CVE-2023-0326
@@ -12969,8 +13021,8 @@ CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main relea
NOT-FOR-US: Skyhigh SWG
CVE-2023-0213
RESERVED
-CVE-2023-0212
- RESERVED
+CVE-2023-0212 (The Advanced Recent Posts WordPress plugin through 0.6.14 does not val ...)
+ TODO: check
CVE-2023-0211
RESERVED
CVE-2022-4885 (A vulnerability has been found in sviehb jefferson up to 0.3 and class ...)
@@ -13476,8 +13528,8 @@ CVE-2023-0167
RESERVED
CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress plugin bef ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0165
- RESERVED
+CVE-2023-0165 (The Cost Calculator WordPress plugin through 1.8 does not validate and ...)
+ TODO: check
CVE-2023-0164 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...)
NOT-FOR-US: OrangeScrum
CVE-2022-48253 (nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that m ...)
@@ -14596,8 +14648,8 @@ CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before 5.16
NOT-FOR-US: WordPress plugin
CVE-2023-0079
RESERVED
-CVE-2023-0078
- RESERVED
+CVE-2023-0078 (The Resume Builder WordPress plugin through 3.1.1 does not sanitize an ...)
+ TODO: check
CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in Synol ...)
NOT-FOR-US: Synology
CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1 and class ...)
@@ -14676,8 +14728,8 @@ CVE-2023-22620
RESERVED
CVE-2023-22619
RESERVED
-CVE-2023-0076
- RESERVED
+CVE-2023-0076 (The Download Attachments WordPress plugin through 1.2.24 does not vali ...)
+ TODO: check
CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...)
@@ -14690,20 +14742,20 @@ CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2023-0070 (The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0069
- RESERVED
-CVE-2023-0068
- RESERVED
+CVE-2023-0069 (The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validat ...)
+ TODO: check
+CVE-2023-0068 (The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin thr ...)
+ TODO: check
CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0066
RESERVED
-CVE-2023-0065
- RESERVED
-CVE-2023-0064
- RESERVED
-CVE-2023-0063
- RESERVED
+CVE-2023-0065 (The i2 Pros & Cons WordPress plugin through 1.3.1 does not validat ...)
+ TODO: check
+CVE-2023-0064 (The eVision Responsive Column Layout Shortcodes WordPress plugin throu ...)
+ TODO: check
+CVE-2023-0063 (The WordPress Shortcodes WordPress plugin through 1.6.36 does not vali ...)
+ TODO: check
CVE-2023-0062 (The EAN for WooCommerce WordPress plugin before 4.4.3 does not validat ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0061 (The Judge.me Product Reviews for WooCommerce WordPress plugin before 1 ...)
@@ -14930,7 +14982,7 @@ CVE-2012-10003 (A vulnerability, which was classified as problematic, has been f
NOT-FOR-US: ahmyi RivetTracker
CVE-2012-10002 (A vulnerability was found in ahmyi RivetTracker. It has been declared ...)
NOT-FOR-US: ahmyi RivetTracker
-CVE-2023-0034 (The JetWidgets For Elementor WordPress plugin through 1.0.13 does not ...)
+CVE-2023-0034 (The JetWidgets For Elementor WordPress plugin before 1.0.14 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0033 (The PDF Viewer WordPress plugin before 1.0.0 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
@@ -15214,8 +15266,8 @@ CVE-2017-20154 (A vulnerability was found in ghostlander Phoenixcoin. It has bee
NOT-FOR-US: ghostlander Phoenixcoin
CVE-2022-4863 (Improper Handling of Insufficient Permissions or Privileges in GitHub ...)
NOT-FOR-US: usememos
-CVE-2022-4862
- RESERVED
+CVE-2022-4862 (Rendering of HTML provided by another authenticated user is possible i ...)
+ TODO: check
CVE-2022-4861 (Incorrect implementation in authentication protocol in M-Files Client ...)
NOT-FOR-US: M-Files
CVE-2022-4860 (A vulnerability was found in KBase Metrics. It has been classified as ...)
@@ -17352,12 +17404,12 @@ CVE-2022-47667
CVE-2022-47666
RESERVED
CVE-2022-47665 (Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image ...)
- {DSA-5346-1}
+ {DSA-5346-1 DLA-3352-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/369
NOTE: https://github.com/strukturag/libde265/commit/2f0430ecda4dc83b5a3feaa3bea4826d1840dc68 (v1.0.10)
CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qp ...)
- {DSA-5346-1}
+ {DSA-5346-1 DLA-3352-1}
- libde265 1.0.11-1
NOTE: https://github.com/strukturag/libde265/issues/368
NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10)
@@ -21372,8 +21424,8 @@ CVE-2022-4330 (The WP Attachments WordPress plugin through 5.0.5 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4328
- RESERVED
+CVE-2022-4328 (The WooCommerce Checkout Field Manager WordPress plugin before 18.0 do ...)
+ TODO: check
CVE-2022-4327 (This issue does not bear any security risk as it's only exploitable by ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix Endpoint ...)
@@ -22333,8 +22385,8 @@ CVE-2022-46397
NOT-FOR-US: FD.io VPP (Vector Packet Processor) IPSec
CVE-2022-46396
RESERVED
-CVE-2022-46395
- RESERVED
+CVE-2022-46395 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
+ TODO: check
CVE-2022-46394
RESERVED
CVE-2022-46393 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...)
@@ -22436,14 +22488,14 @@ CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files We
CVE-2022-4269 (A flaw was found in the Linux kernel Traffic Control (TC) subsystem. U ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/
-CVE-2022-4268 (The Plugin Logic WordPress plugin through 1.0.7 does not sanitise and ...)
+CVE-2022-4268 (The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4267 (The Bulk Delete Users by Email WordPress plugin through 1.2 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4266 (The Bulk Delete Users by Email WordPress plugin through 1.2 does not h ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4265
- RESERVED
+CVE-2022-4265 (The Replyable WordPress plugin before 2.2.10 does not validate the cla ...)
+ TODO: check
CVE-2022-4264 (Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files bef ...)
NOT-FOR-US: M-Files
CVE-2022-4263
@@ -39553,8 +39605,8 @@ CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions f
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3285 (Bypass of healthcheck endpoint allow list affecting all versions from ...)
- gitlab <unfixed>
-CVE-2022-3284
- RESERVED
+CVE-2022-3284 (Download key for a file in a vault was passed in an insecure way that ...)
+ TODO: check
CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...)
- gitlab <unfixed>
CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...)
@@ -58725,8 +58777,8 @@ CVE-2022-2180 (The GREYD.SUITE WordPress theme does not properly validate upload
NOT-FOR-US: WordPress theme
CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 ...)
NOT-FOR-US: Rockwell
-CVE-2022-2178
- RESERVED
+CVE-2022-2178 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...)
NOT-FOR-US: Kayrasoft
CVE-2022-2176 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...)
@@ -80834,6 +80886,7 @@ CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a cross-sit
CVE-2022-26563
RESERVED
CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 ...)
+ {DLA-3354-1}
- kopanocore <removed> (bug #1016973)
CVE-2022-26561
RESERVED
@@ -239883,6 +239936,7 @@ CVE-2019-19909 (An issue was discovered in Public Knowledge Project (PKP) pkp-li
CVE-2019-19908 (phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript inje ...)
NOT-FOR-US: phpMyChat
CVE-2019-19907 (HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core ...)
+ {DLA-3354-1}
- kopanocore 8.7.0-6 (bug #947312)
NOTE: https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff
CVE-2019-19904
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d308317ff68a33ae8d199e47596625ea6508c8ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d308317ff68a33ae8d199e47596625ea6508c8ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230306/08352ef4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list