[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 13 20:10:52 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
100cd8b6 by security tracker role at 2023-03-13T20:10:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2023-28215
+ RESERVED
+CVE-2023-28214
+ RESERVED
+CVE-2023-28213
+ RESERVED
+CVE-2023-28212
+ RESERVED
+CVE-2023-28211
+ RESERVED
+CVE-2023-28210
+ RESERVED
+CVE-2023-28209
+ RESERVED
+CVE-2023-28208
+ RESERVED
+CVE-2023-28207
+ RESERVED
+CVE-2023-28206
+ RESERVED
+CVE-2023-28205
+ RESERVED
+CVE-2023-28204
+ RESERVED
+CVE-2023-28203
+ RESERVED
+CVE-2023-28202
+ RESERVED
+CVE-2023-28201
+ RESERVED
+CVE-2023-28200
+ RESERVED
+CVE-2023-28199
+ RESERVED
+CVE-2023-28198
+ RESERVED
+CVE-2023-28197
+ RESERVED
+CVE-2023-28196
+ RESERVED
+CVE-2023-28195
+ RESERVED
+CVE-2023-28194
+ RESERVED
+CVE-2023-28193
+ RESERVED
+CVE-2023-28192
+ RESERVED
+CVE-2023-28191
+ RESERVED
+CVE-2023-28190
+ RESERVED
+CVE-2023-28189
+ RESERVED
+CVE-2023-28188
+ RESERVED
+CVE-2023-28187
+ RESERVED
+CVE-2023-28186
+ RESERVED
+CVE-2023-28185
+ RESERVED
+CVE-2023-28184
+ RESERVED
+CVE-2023-28183
+ RESERVED
+CVE-2023-28182
+ RESERVED
+CVE-2023-28181
+ RESERVED
+CVE-2023-28180
+ RESERVED
+CVE-2023-28179
+ RESERVED
+CVE-2023-28178
+ RESERVED
+CVE-2023-28177
+ RESERVED
+CVE-2023-28176
+ RESERVED
+CVE-2023-28175
+ RESERVED
+CVE-2023-28174
+ RESERVED
+CVE-2023-28173
+ RESERVED
+CVE-2023-28172
+ RESERVED
+CVE-2023-28171
+ RESERVED
+CVE-2023-28170
+ RESERVED
+CVE-2023-28169
+ RESERVED
+CVE-2023-28168
+ RESERVED
+CVE-2023-28167
+ RESERVED
+CVE-2023-28166
+ RESERVED
+CVE-2023-28165
+ RESERVED
+CVE-2023-28164
+ RESERVED
+CVE-2023-28163
+ RESERVED
+CVE-2023-28162
+ RESERVED
+CVE-2023-28161
+ RESERVED
+CVE-2023-28160
+ RESERVED
+CVE-2023-28159
+ RESERVED
+CVE-2023-1380
+ RESERVED
+CVE-2023-1379
+ RESERVED
+CVE-2023-1378 (A vulnerability classified as critical was found in SourceCodester Fri ...)
+ TODO: check
+CVE-2023-1377
+ RESERVED
+CVE-2023-1376
+ RESERVED
+CVE-2023-1375
+ RESERVED
+CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2023-1373
+ RESERVED
+CVE-2023-1372 (The WH Testimonials plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-1371
+ RESERVED
+CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...)
+ TODO: check
+CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has ...)
+ TODO: check
+CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as critic ...)
+ TODO: check
+CVE-2023-1367 (Code Injection in GitHub repository alextselegidis/easyappointments pr ...)
+ TODO: check
+CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+ TODO: check
+CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...)
+ TODO: check
+CVE-2023-1364 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
+ TODO: check
CVE-2023-28158
RESERVED
CVE-2023-28157
@@ -1739,8 +1887,8 @@ CVE-2023-27582
RESERVED
CVE-2023-27581
RESERVED
-CVE-2023-27580
- RESERVED
+CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...)
+ TODO: check
CVE-2023-27579
RESERVED
CVE-2023-27578
@@ -3095,8 +3243,8 @@ CVE-2023-27095
RESERVED
CVE-2023-27094
RESERVED
-CVE-2023-27093
- RESERVED
+CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...)
+ TODO: check
CVE-2023-27092
RESERVED
CVE-2023-27091
@@ -3151,16 +3299,16 @@ CVE-2023-27067
RESERVED
CVE-2023-27066
RESERVED
-CVE-2023-27065
- RESERVED
-CVE-2023-27064
- RESERVED
-CVE-2023-27063
- RESERVED
-CVE-2023-27062
- RESERVED
-CVE-2023-27061
- RESERVED
+CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...)
+ TODO: check
+CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...)
+ TODO: check
+CVE-2023-27063 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...)
+ TODO: check
+CVE-2023-27062 (Tenda V15V1.0 was discovered to contain a buffer overflow vulnerabilit ...)
+ TODO: check
+CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...)
+ TODO: check
CVE-2023-27060
RESERVED
CVE-2023-27059
@@ -3261,8 +3409,8 @@ CVE-2023-27012
RESERVED
CVE-2023-27011
RESERVED
-CVE-2023-27010
- RESERVED
+CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions ...)
+ TODO: check
CVE-2023-27009
RESERVED
CVE-2023-27008
@@ -4880,8 +5028,8 @@ CVE-2023-26315
RESERVED
CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: MedData Informatics MedDataPACS
-CVE-2023-0978
- RESERVED
+CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...)
+ TODO: check
CVE-2023-0977
RESERVED
CVE-2023-0976
@@ -4890,8 +5038,8 @@ CVE-2023-0975
RESERVED
CVE-2023-0974
RESERVED
-CVE-2023-0973
- RESERVED
+CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...)
+ TODO: check
CVE-2023-0972
RESERVED
CVE-2023-0971
@@ -5555,16 +5703,16 @@ CVE-2023-26078
RESERVED
CVE-2023-26077
RESERVED
-CVE-2023-26076
- RESERVED
+CVE-2023-26076 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
+ TODO: check
CVE-2023-26075 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
NOT-FOR-US: Samsung
-CVE-2023-26074
- RESERVED
-CVE-2023-26073
- RESERVED
-CVE-2023-26072
- RESERVED
+CVE-2023-26074 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
+ TODO: check
+CVE-2023-26073 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
+ TODO: check
+CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
+ TODO: check
CVE-2023-26071
RESERVED
CVE-2023-26070
@@ -5843,8 +5991,8 @@ CVE-2023-25993
RESERVED
CVE-2023-25992
RESERVED
-CVE-2023-25991
- RESERVED
+CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic p ...)
+ TODO: check
CVE-2023-25990
RESERVED
CVE-2023-25989
@@ -5879,8 +6027,8 @@ CVE-2023-25975
RESERVED
CVE-2023-25974
RESERVED
-CVE-2023-25973
- RESERVED
+CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
+ TODO: check
CVE-2023-25972
RESERVED
CVE-2023-25971
@@ -5935,8 +6083,8 @@ CVE-2023-0890
RESERVED
CVE-2023-0889
RESERVED
-CVE-2023-0888
- RESERVED
+CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...)
+ TODO: check
CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...)
NOT-FOR-US: phjounin TFTPD64-SE
CVE-2023-0886
@@ -6392,8 +6540,8 @@ CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of al
CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with servic ...)
- consul <not-affected> (Only affects 1.14.x)
NOTE: https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
-CVE-2023-0844
- RESERVED
+CVE-2023-0844 (The Namaste! LMS WordPress plugin before 2.6 does not sanitize and esc ...)
+ TODO: check
CVE-2023-0843
RESERVED
CVE-2023-0842
@@ -6965,8 +7113,8 @@ CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certific
NOT-FOR-US: SourceCodester Medical Certificate Generator App
CVE-2023-0773
RESERVED
-CVE-2023-0772
- RESERVED
+CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does ...)
+ TODO: check
CVE-2023-25676
RESERVED
CVE-2023-25675
@@ -7198,8 +7346,8 @@ CVE-2023-0751 (When GELI reads a key file from standard input, it does not reuse
NOT-FOR-US: FreeBSD GELI
CVE-2023-0750
RESERVED
-CVE-2023-0749
- RESERVED
+CVE-2023-0749 (The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the ...)
+ TODO: check
CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...)
NOT-FOR-US: btcpayserver
CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
@@ -8025,16 +8173,16 @@ CVE-2023-25285
RESERVED
CVE-2023-25284
RESERVED
-CVE-2023-25283
- RESERVED
+CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows att ...)
+ TODO: check
CVE-2023-25282
RESERVED
CVE-2023-25281
RESERVED
CVE-2023-25280
RESERVED
-CVE-2023-25279
- RESERVED
+CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...)
+ TODO: check
CVE-2023-25278
RESERVED
CVE-2023-25277
@@ -8348,8 +8496,8 @@ CVE-2023-25172
RESERVED
CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...)
NOT-FOR-US: Kiwi TCMS
-CVE-2023-25170
- RESERVED
+CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, prior to ...)
+ TODO: check
CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes an autom ...)
NOT-FOR-US: Discourse plugin
CVE-2023-25168 (Wings is Pterodactyl's server control plane. This vulnerability can be ...)
@@ -8787,10 +8935,10 @@ CVE-2023-0631
RESERVED
CVE-2023-0630
RESERVED
-CVE-2023-0629
- RESERVED
-CVE-2023-0628
- RESERVED
+CVE-2023-0629 (Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enh ...)
+ TODO: check
+CVE-2023-0628 (Docker Desktop before 4.17.0 allows an attacker to execute an arbitrar ...)
+ TODO: check
CVE-2023-0627
RESERVED
CVE-2023-0626
@@ -9425,8 +9573,8 @@ CVE-2023-24764
RESERVED
CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated ...)
NOT-FOR-US: PrestaShop module
-CVE-2023-24762
- RESERVED
+CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 ...)
+ TODO: check
CVE-2023-24761
RESERVED
CVE-2023-24760
@@ -9942,8 +10090,8 @@ CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does no
NOT-FOR-US: WordPress plugin
CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0538
- RESERVED
+CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not valida ...)
+ TODO: check
CVE-2023-0537
RESERVED
CVE-2023-0536
@@ -9973,12 +10121,12 @@ CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Djang
- python-django 3:3.2.18-1 (bug #1031290)
NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18)
-CVE-2023-24579
- RESERVED
-CVE-2023-24578
- RESERVED
-CVE-2023-24577
- RESERVED
+CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to trick a v ...)
+ TODO: check
+CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to elevate u ...)
+ TODO: check
+CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to elevate u ...)
+ TODO: check
CVE-2023-24543
RESERVED
CVE-2023-23908
@@ -10346,8 +10494,8 @@ CVE-2023-0479
RESERVED
CVE-2023-0478
RESERVED
-CVE-2023-0477
- RESERVED
+CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...)
+ TODO: check
CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...)
NOT-FOR-US: Tenable
CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...)
@@ -11422,8 +11570,8 @@ CVE-2023-24035
RESERVED
CVE-2023-24034
RESERVED
-CVE-2023-24033
- RESERVED
+CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...)
+ TODO: check
CVE-2023-24032
RESERVED
CVE-2023-24031
@@ -12372,8 +12520,8 @@ CVE-2023-23713
RESERVED
CVE-2023-23712
RESERVED
-CVE-2023-23711
- RESERVED
+CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...)
+ TODO: check
CVE-2023-23710
RESERVED
CVE-2023-23709
@@ -14138,8 +14286,8 @@ CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version 8.3
NOT-FOR-US: Trellix
CVE-2023-0220 (The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0219
- RESERVED
+CVE-2023-0219 (The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or esca ...)
+ TODO: check
CVE-2023-0218
RESERVED
CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...)
@@ -14666,8 +14814,8 @@ CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and esc
NOT-FOR-US: WordPress plugin
CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2 ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0172
- RESERVED
+CVE-2023-0172 (The Juicer WordPress plugin before 1.11 does not validate and escape s ...)
+ TODO: check
CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...)
@@ -15576,8 +15724,8 @@ CVE-2023-22702
RESERVED
CVE-2023-22701
RESERVED
-CVE-2023-22700
- RESERVED
+CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...)
+ TODO: check
CVE-2023-22699
RESERVED
CVE-2023-22698
@@ -15890,8 +16038,8 @@ CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0073
- RESERVED
+CVE-2023-0073 (The Client Logo Carousel WordPress plugin through 3.0.0 does not valid ...)
+ TODO: check
CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...)
@@ -15904,8 +16052,8 @@ CVE-2023-0068 (The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugi
NOT-FOR-US: WordPress plugin
CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not validate and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0066
- RESERVED
+CVE-2023-0066 (The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does ...)
+ TODO: check
CVE-2023-0065 (The i2 Pros & Cons WordPress plugin through 1.3.1 does not validat ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0064 (The eVision Responsive Column Layout Shortcodes WordPress plugin throu ...)
@@ -16110,8 +16258,8 @@ CVE-2023-0039 (The User Post Gallery - UPG plugin for WordPress is vulnerable to
NOT-FOR-US: User Post Gallery - UPG plugin for WordPress
CVE-2023-0038 (The "Survey Maker – Best WordPress Survey Plugin" plugin for Wor ...)
NOT-FOR-US: "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress
-CVE-2023-0037
- RESERVED
+CVE-2023-0037 (The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 d ...)
+ TODO: check
CVE-2023-0036 (platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and ...)
NOT-FOR-US: OpenHarmony
CVE-2023-0035 (softbus_client_stub in communication subsystem within OpenHarmony-v3.0 ...)
@@ -17892,8 +18040,8 @@ CVE-2022-4662 (A flaw incorrect access control in the Linux kernel USB core subs
[bullseye] - linux 5.10.148-1
[buster] - linux 4.19.260-1
NOTE: https://git.kernel.org/linus/9c6d778800b921bde3bff3cff5003d1650f942d1 (6.0-rc4)
-CVE-2022-4661
- RESERVED
+CVE-2022-4661 (The Widgets for WooCommerce Products on Elementor WordPress plugin bef ...)
+ TODO: check
CVE-2022-4660
RESERVED
CVE-2022-4659
@@ -17910,8 +18058,8 @@ CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3
NOT-FOR-US: WordPress plugin
CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4652
- RESERVED
+CVE-2022-4652 (The Video Background WordPress plugin before 2.7.5 does not validate a ...)
+ TODO: check
CVE-2022-4651 (The Justified Gallery WordPress plugin before 1.7.1 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...)
@@ -20449,8 +20597,8 @@ CVE-2022-47442
RESERVED
CVE-2022-47441
RESERVED
-CVE-2022-47440
- RESERVED
+CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
+ TODO: check
CVE-2022-47439
RESERVED
CVE-2022-47438
@@ -20762,8 +20910,8 @@ CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not valida
NOT-FOR-US: WordPress plugin
CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4466
- RESERVED
+CVE-2022-4466 (The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not ...)
+ TODO: check
CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...)
@@ -21379,8 +21527,8 @@ CVE-2022-47168
RESERVED
CVE-2022-47167
RESERVED
-CVE-2022-47166
- RESERVED
+CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...)
+ TODO: check
CVE-2022-47165
RESERVED
CVE-2022-47164
@@ -22576,7 +22724,7 @@ CVE-2022-4332
RESERVED
CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2022-4330 (The WP Attachments WordPress plugin through 5.0.5 does not sanitise an ...)
+CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...)
NOT-FOR-US: WordPress plugin
@@ -26284,7 +26432,7 @@ CVE-2022-45472 (CAE LearningSpace Enterprise (with Intuity License) image 267r p
NOT-FOR-US: CAE LearningSpace Enterprise
CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...)
NOT-FOR-US: JetBrains Hub
-CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Ham ...)
+CVE-2022-45470 (missing input validation in Apache Hama may cause information disclosu ...)
NOT-FOR-US: Apache Hama
CVE-2022-44456 (CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unaut ...)
NOT-FOR-US: CONPROSYS HMI System (CHS)
@@ -26356,7 +26504,7 @@ CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authent
- mattermost-server <itp> (bug #823556)
CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unserialize ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin thr ...)
+CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin bef ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4041 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...)
NOT-FOR-US: Hitachi
@@ -42380,8 +42528,8 @@ CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, def
NOT-FOR-US: WordPress plugin
CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38074
- RESERVED
+CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 1 ...)
+ TODO: check
CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36424
@@ -49605,8 +49753,8 @@ CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec TH
NOT-FOR-US: WordPress plugin
CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-31474
- RESERVED
+CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8. ...)
+ TODO: check
CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome OS and L ...)
@@ -54968,6 +55116,7 @@ CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distribut
CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training deep lea ...)
NOT-FOR-US: Deeplearning4J
CVE-2022-36021 (Redis is an in-memory database that persists on disk. Authenticated us ...)
+ {DLA-3361-1}
- redis 5:7.0.9-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
NOTE: https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
@@ -82989,7 +83138,7 @@ CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollut
NOT-FOR-US: Simple-Plist
CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, ...)
NOT-FOR-US: Xiongmai
-CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain a remote command exe ...)
+CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain remote command execu ...)
NOT-FOR-US: D-Link
CVE-2022-26257
RESERVED
@@ -93278,7 +93427,7 @@ CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability dis
NOT-FOR-US: WordPress plugin
CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
+CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP ...)
NOT-FOR-US: WordPress plugin
CVE-2021-23209 (Multiple Authenticated (admin user role) Persistent Cross-Site Scripti ...)
NOT-FOR-US: WordPress plugin
@@ -98991,8 +99140,8 @@ CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions
NOT-FOR-US: SAFARI Montage
CVE-2021-45424
RESERVED
-CVE-2021-45423
- RESERVED
+CVE-2021-45423 (A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports f ...)
+ TODO: check
CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
NOT-FOR-US: Reprise License Manager
CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100cd8b60324fe16d49babbabeb0a0be6a070229
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100cd8b60324fe16d49babbabeb0a0be6a070229
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230313/12db1728/attachment.htm>
More information about the debian-security-tracker-commits
mailing list