[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 13 20:10:52 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
100cd8b6 by security tracker role at 2023-03-13T20:10:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2023-28215
+	RESERVED
+CVE-2023-28214
+	RESERVED
+CVE-2023-28213
+	RESERVED
+CVE-2023-28212
+	RESERVED
+CVE-2023-28211
+	RESERVED
+CVE-2023-28210
+	RESERVED
+CVE-2023-28209
+	RESERVED
+CVE-2023-28208
+	RESERVED
+CVE-2023-28207
+	RESERVED
+CVE-2023-28206
+	RESERVED
+CVE-2023-28205
+	RESERVED
+CVE-2023-28204
+	RESERVED
+CVE-2023-28203
+	RESERVED
+CVE-2023-28202
+	RESERVED
+CVE-2023-28201
+	RESERVED
+CVE-2023-28200
+	RESERVED
+CVE-2023-28199
+	RESERVED
+CVE-2023-28198
+	RESERVED
+CVE-2023-28197
+	RESERVED
+CVE-2023-28196
+	RESERVED
+CVE-2023-28195
+	RESERVED
+CVE-2023-28194
+	RESERVED
+CVE-2023-28193
+	RESERVED
+CVE-2023-28192
+	RESERVED
+CVE-2023-28191
+	RESERVED
+CVE-2023-28190
+	RESERVED
+CVE-2023-28189
+	RESERVED
+CVE-2023-28188
+	RESERVED
+CVE-2023-28187
+	RESERVED
+CVE-2023-28186
+	RESERVED
+CVE-2023-28185
+	RESERVED
+CVE-2023-28184
+	RESERVED
+CVE-2023-28183
+	RESERVED
+CVE-2023-28182
+	RESERVED
+CVE-2023-28181
+	RESERVED
+CVE-2023-28180
+	RESERVED
+CVE-2023-28179
+	RESERVED
+CVE-2023-28178
+	RESERVED
+CVE-2023-28177
+	RESERVED
+CVE-2023-28176
+	RESERVED
+CVE-2023-28175
+	RESERVED
+CVE-2023-28174
+	RESERVED
+CVE-2023-28173
+	RESERVED
+CVE-2023-28172
+	RESERVED
+CVE-2023-28171
+	RESERVED
+CVE-2023-28170
+	RESERVED
+CVE-2023-28169
+	RESERVED
+CVE-2023-28168
+	RESERVED
+CVE-2023-28167
+	RESERVED
+CVE-2023-28166
+	RESERVED
+CVE-2023-28165
+	RESERVED
+CVE-2023-28164
+	RESERVED
+CVE-2023-28163
+	RESERVED
+CVE-2023-28162
+	RESERVED
+CVE-2023-28161
+	RESERVED
+CVE-2023-28160
+	RESERVED
+CVE-2023-28159
+	RESERVED
+CVE-2023-1380
+	RESERVED
+CVE-2023-1379
+	RESERVED
+CVE-2023-1378 (A vulnerability classified as critical was found in SourceCodester Fri ...)
+	TODO: check
+CVE-2023-1377
+	RESERVED
+CVE-2023-1376
+	RESERVED
+CVE-2023-1375
+	RESERVED
+CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+	TODO: check
+CVE-2023-1373
+	RESERVED
+CVE-2023-1372 (The WH Testimonials plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2023-1371
+	RESERVED
+CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...)
+	TODO: check
+CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has  ...)
+	TODO: check
+CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as critic ...)
+	TODO: check
+CVE-2023-1367 (Code Injection in GitHub repository alextselegidis/easyappointments pr ...)
+	TODO: check
+CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...)
+	TODO: check
+CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...)
+	TODO: check
+CVE-2023-1364 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
+	TODO: check
 CVE-2023-28158
 	RESERVED
 CVE-2023-28157
@@ -1739,8 +1887,8 @@ CVE-2023-27582
 	RESERVED
 CVE-2023-27581
 	RESERVED
-CVE-2023-27580
-	RESERVED
+CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...)
+	TODO: check
 CVE-2023-27579
 	RESERVED
 CVE-2023-27578
@@ -3095,8 +3243,8 @@ CVE-2023-27095
 	RESERVED
 CVE-2023-27094
 	RESERVED
-CVE-2023-27093
-	RESERVED
+CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...)
+	TODO: check
 CVE-2023-27092
 	RESERVED
 CVE-2023-27091
@@ -3151,16 +3299,16 @@ CVE-2023-27067
 	RESERVED
 CVE-2023-27066
 	RESERVED
-CVE-2023-27065
-	RESERVED
-CVE-2023-27064
-	RESERVED
-CVE-2023-27063
-	RESERVED
-CVE-2023-27062
-	RESERVED
-CVE-2023-27061
-	RESERVED
+CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
+	TODO: check
+CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
+	TODO: check
+CVE-2023-27063 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
+	TODO: check
+CVE-2023-27062 (Tenda V15V1.0 was discovered to contain a buffer overflow vulnerabilit ...)
+	TODO: check
+CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
+	TODO: check
 CVE-2023-27060
 	RESERVED
 CVE-2023-27059
@@ -3261,8 +3409,8 @@ CVE-2023-27012
 	RESERVED
 CVE-2023-27011
 	RESERVED
-CVE-2023-27010
-	RESERVED
+CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions ...)
+	TODO: check
 CVE-2023-27009
 	RESERVED
 CVE-2023-27008
@@ -4880,8 +5028,8 @@ CVE-2023-26315
 	RESERVED
 CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: MedData Informatics MedDataPACS
-CVE-2023-0978
-	RESERVED
+CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...)
+	TODO: check
 CVE-2023-0977
 	RESERVED
 CVE-2023-0976
@@ -4890,8 +5038,8 @@ CVE-2023-0975
 	RESERVED
 CVE-2023-0974
 	RESERVED
-CVE-2023-0973
-	RESERVED
+CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...)
+	TODO: check
 CVE-2023-0972
 	RESERVED
 CVE-2023-0971
@@ -5555,16 +5703,16 @@ CVE-2023-26078
 	RESERVED
 CVE-2023-26077
 	RESERVED
-CVE-2023-26076
-	RESERVED
+CVE-2023-26076 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
+	TODO: check
 CVE-2023-26075 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
 	NOT-FOR-US: Samsung
-CVE-2023-26074
-	RESERVED
-CVE-2023-26073
-	RESERVED
-CVE-2023-26072
-	RESERVED
+CVE-2023-26074 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
+	TODO: check
+CVE-2023-26073 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
+	TODO: check
+CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...)
+	TODO: check
 CVE-2023-26071
 	RESERVED
 CVE-2023-26070
@@ -5843,8 +5991,8 @@ CVE-2023-25993
 	RESERVED
 CVE-2023-25992
 	RESERVED
-CVE-2023-25991
-	RESERVED
+CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic p ...)
+	TODO: check
 CVE-2023-25990
 	RESERVED
 CVE-2023-25989
@@ -5879,8 +6027,8 @@ CVE-2023-25975
 	RESERVED
 CVE-2023-25974
 	RESERVED
-CVE-2023-25973
-	RESERVED
+CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
+	TODO: check
 CVE-2023-25972
 	RESERVED
 CVE-2023-25971
@@ -5935,8 +6083,8 @@ CVE-2023-0890
 	RESERVED
 CVE-2023-0889
 	RESERVED
-CVE-2023-0888
-	RESERVED
+CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...)
+	TODO: check
 CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...)
 	NOT-FOR-US: phjounin TFTPD64-SE
 CVE-2023-0886
@@ -6392,8 +6540,8 @@ CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of al
 CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with servic ...)
 	- consul <not-affected> (Only affects 1.14.x)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
-CVE-2023-0844
-	RESERVED
+CVE-2023-0844 (The Namaste! LMS WordPress plugin before 2.6 does not sanitize and esc ...)
+	TODO: check
 CVE-2023-0843
 	RESERVED
 CVE-2023-0842
@@ -6965,8 +7113,8 @@ CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certific
 	NOT-FOR-US: SourceCodester Medical Certificate Generator App
 CVE-2023-0773
 	RESERVED
-CVE-2023-0772
-	RESERVED
+CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does  ...)
+	TODO: check
 CVE-2023-25676
 	RESERVED
 CVE-2023-25675
@@ -7198,8 +7346,8 @@ CVE-2023-0751 (When GELI reads a key file from standard input, it does not reuse
 	NOT-FOR-US: FreeBSD GELI
 CVE-2023-0750
 	RESERVED
-CVE-2023-0749
-	RESERVED
+CVE-2023-0749 (The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the ...)
+	TODO: check
 CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to  ...)
 	NOT-FOR-US: btcpayserver
 CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
@@ -8025,16 +8173,16 @@ CVE-2023-25285
 	RESERVED
 CVE-2023-25284
 	RESERVED
-CVE-2023-25283
-	RESERVED
+CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows att ...)
+	TODO: check
 CVE-2023-25282
 	RESERVED
 CVE-2023-25281
 	RESERVED
 CVE-2023-25280
 	RESERVED
-CVE-2023-25279
-	RESERVED
+CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...)
+	TODO: check
 CVE-2023-25278
 	RESERVED
 CVE-2023-25277
@@ -8348,8 +8496,8 @@ CVE-2023-25172
 	RESERVED
 CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...)
 	NOT-FOR-US: Kiwi TCMS
-CVE-2023-25170
-	RESERVED
+CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, prior to ...)
+	TODO: check
 CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes an autom ...)
 	NOT-FOR-US: Discourse plugin
 CVE-2023-25168 (Wings is Pterodactyl's server control plane. This vulnerability can be ...)
@@ -8787,10 +8935,10 @@ CVE-2023-0631
 	RESERVED
 CVE-2023-0630
 	RESERVED
-CVE-2023-0629
-	RESERVED
-CVE-2023-0628
-	RESERVED
+CVE-2023-0629 (Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enh ...)
+	TODO: check
+CVE-2023-0628 (Docker Desktop before 4.17.0 allows an attacker to execute an arbitrar ...)
+	TODO: check
 CVE-2023-0627
 	RESERVED
 CVE-2023-0626
@@ -9425,8 +9573,8 @@ CVE-2023-24764
 	RESERVED
 CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated  ...)
 	NOT-FOR-US: PrestaShop module
-CVE-2023-24762
-	RESERVED
+CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 ...)
+	TODO: check
 CVE-2023-24761
 	RESERVED
 CVE-2023-24760
@@ -9942,8 +10090,8 @@ CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does no
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not valida ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0538
-	RESERVED
+CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not valida ...)
+	TODO: check
 CVE-2023-0537
 	RESERVED
 CVE-2023-0536
@@ -9973,12 +10121,12 @@ CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Djang
 	- python-django 3:3.2.18-1 (bug #1031290)
 	NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/
 	NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18)
-CVE-2023-24579
-	RESERVED
-CVE-2023-24578
-	RESERVED
-CVE-2023-24577
-	RESERVED
+CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to trick a v ...)
+	TODO: check
+CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to elevate u ...)
+	TODO: check
+CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to elevate u ...)
+	TODO: check
 CVE-2023-24543
 	RESERVED
 CVE-2023-23908
@@ -10346,8 +10494,8 @@ CVE-2023-0479
 	RESERVED
 CVE-2023-0478
 	RESERVED
-CVE-2023-0477
-	RESERVED
+CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before  ...)
+	TODO: check
 CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...)
 	NOT-FOR-US: Tenable
 CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...)
@@ -11422,8 +11570,8 @@ CVE-2023-24035
 	RESERVED
 CVE-2023-24034
 	RESERVED
-CVE-2023-24033
-	RESERVED
+CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...)
+	TODO: check
 CVE-2023-24032
 	RESERVED
 CVE-2023-24031
@@ -12372,8 +12520,8 @@ CVE-2023-23713
 	RESERVED
 CVE-2023-23712
 	RESERVED
-CVE-2023-23711
-	RESERVED
+CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...)
+	TODO: check
 CVE-2023-23710
 	RESERVED
 CVE-2023-23709
@@ -14138,8 +14286,8 @@ CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version 8.3
 	NOT-FOR-US: Trellix
 CVE-2023-0220 (The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0219
-	RESERVED
+CVE-2023-0219 (The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or esca ...)
+	TODO: check
 CVE-2023-0218
 	RESERVED
 CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...)
@@ -14666,8 +14814,8 @@ CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and esc
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2 ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0172
-	RESERVED
+CVE-2023-0172 (The Juicer WordPress plugin before 1.11 does not validate and escape s ...)
+	TODO: check
 CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does n ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...)
@@ -15576,8 +15724,8 @@ CVE-2023-22702
 	RESERVED
 CVE-2023-22701
 	RESERVED
-CVE-2023-22700
-	RESERVED
+CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...)
+	TODO: check
 CVE-2023-22699
 	RESERVED
 CVE-2023-22698
@@ -15890,8 +16038,8 @@ CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0073
-	RESERVED
+CVE-2023-0073 (The Client Logo Carousel WordPress plugin through 3.0.0 does not valid ...)
+	TODO: check
 CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not vali ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...)
@@ -15904,8 +16052,8 @@ CVE-2023-0068 (The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugi
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0066
-	RESERVED
+CVE-2023-0066 (The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does  ...)
+	TODO: check
 CVE-2023-0065 (The i2 Pros & Cons WordPress plugin through 1.3.1 does not validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0064 (The eVision Responsive Column Layout Shortcodes WordPress plugin throu ...)
@@ -16110,8 +16258,8 @@ CVE-2023-0039 (The User Post Gallery - UPG plugin for WordPress is vulnerable to
 	NOT-FOR-US: User Post Gallery - UPG plugin for WordPress
 CVE-2023-0038 (The "Survey Maker – Best WordPress Survey Plugin" plugin for Wor ...)
 	NOT-FOR-US: "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress
-CVE-2023-0037
-	RESERVED
+CVE-2023-0037 (The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 d ...)
+	TODO: check
 CVE-2023-0036 (platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2023-0035 (softbus_client_stub in communication subsystem within OpenHarmony-v3.0 ...)
@@ -17892,8 +18040,8 @@ CVE-2022-4662 (A flaw incorrect access control in the Linux kernel USB core subs
 	[bullseye] - linux 5.10.148-1
 	[buster] - linux 4.19.260-1
 	NOTE: https://git.kernel.org/linus/9c6d778800b921bde3bff3cff5003d1650f942d1 (6.0-rc4)
-CVE-2022-4661
-	RESERVED
+CVE-2022-4661 (The Widgets for WooCommerce Products on Elementor WordPress plugin bef ...)
+	TODO: check
 CVE-2022-4660
 	RESERVED
 CVE-2022-4659
@@ -17910,8 +18058,8 @@ CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate and esc ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4652
-	RESERVED
+CVE-2022-4652 (The Video Background WordPress plugin before 2.7.5 does not validate a ...)
+	TODO: check
 CVE-2022-4651 (The Justified Gallery WordPress plugin before 1.7.1 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...)
@@ -20449,8 +20597,8 @@ CVE-2022-47442
 	RESERVED
 CVE-2022-47441
 	RESERVED
-CVE-2022-47440
-	RESERVED
+CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My  ...)
+	TODO: check
 CVE-2022-47439
 	RESERVED
 CVE-2022-47438
@@ -20762,8 +20910,8 @@ CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not valida
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not valida ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4466
-	RESERVED
+CVE-2022-4466 (The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not ...)
+	TODO: check
 CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...)
@@ -21379,8 +21527,8 @@ CVE-2022-47168
 	RESERVED
 CVE-2022-47167
 	RESERVED
-CVE-2022-47166
-	RESERVED
+CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...)
+	TODO: check
 CVE-2022-47165
 	RESERVED
 CVE-2022-47164
@@ -22576,7 +22724,7 @@ CVE-2022-4332
 	RESERVED
 CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
-CVE-2022-4330 (The WP Attachments WordPress plugin through 5.0.5 does not sanitise an ...)
+CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...)
 	NOT-FOR-US: WordPress plugin
@@ -26284,7 +26432,7 @@ CVE-2022-45472 (CAE LearningSpace Enterprise (with Intuity License) image 267r p
 	NOT-FOR-US: CAE LearningSpace Enterprise
 CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...)
 	NOT-FOR-US: JetBrains Hub
-CVE-2022-45470 (** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Ham ...)
+CVE-2022-45470 (missing input validation in Apache Hama may cause information disclosu ...)
 	NOT-FOR-US: Apache Hama
 CVE-2022-44456 (CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unaut ...)
 	NOT-FOR-US: CONPROSYS HMI System (CHS)
@@ -26356,7 +26504,7 @@ CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authent
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unserialize ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin thr ...)
+CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin bef ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4041 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...)
 	NOT-FOR-US: Hitachi
@@ -42380,8 +42528,8 @@ CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, def
 	NOT-FOR-US: WordPress plugin
 CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-38074
-	RESERVED
+CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 1 ...)
+	TODO: check
 CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-36424
@@ -49605,8 +49753,8 @@ CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec TH
 	NOT-FOR-US: WordPress plugin
 CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-31474
-	RESERVED
+CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8. ...)
+	TODO: check
 CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome OS and L ...)
@@ -54968,6 +55116,7 @@ CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distribut
 CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training deep lea ...)
 	NOT-FOR-US: Deeplearning4J
 CVE-2022-36021 (Redis is an in-memory database that persists on disk. Authenticated us ...)
+	{DLA-3361-1}
 	- redis 5:7.0.9-1
 	NOTE: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
 	NOTE: https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
@@ -82989,7 +83138,7 @@ CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollut
 	NOT-FOR-US: Simple-Plist
 CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, ...)
 	NOT-FOR-US: Xiongmai
-CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain a remote command exe ...)
+CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain remote command execu ...)
 	NOT-FOR-US: D-Link
 CVE-2022-26257
 	RESERVED
@@ -93278,7 +93427,7 @@ CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability dis
 	NOT-FOR-US: WordPress plugin
 CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
+CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-23209 (Multiple Authenticated (admin user role) Persistent Cross-Site Scripti ...)
 	NOT-FOR-US: WordPress plugin
@@ -98991,8 +99140,8 @@ CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions
 	NOT-FOR-US: SAFARI Montage
 CVE-2021-45424
 	RESERVED
-CVE-2021-45423
-	RESERVED
+CVE-2021-45423 (A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports f ...)
+	TODO: check
 CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
 	NOT-FOR-US: Reprise License Manager
 CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100cd8b60324fe16d49babbabeb0a0be6a070229

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/100cd8b60324fe16d49babbabeb0a0be6a070229
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230313/12db1728/attachment.htm>


More information about the debian-security-tracker-commits mailing list