[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 17 20:10:37 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c1bb365 by security tracker role at 2023-03-17T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,341 @@
+CVE-2023-28603
+ RESERVED
+CVE-2023-28602
+ RESERVED
+CVE-2023-28601
+ RESERVED
+CVE-2023-28600
+ RESERVED
+CVE-2023-28599
+ RESERVED
+CVE-2023-28598
+ RESERVED
+CVE-2023-28597
+ RESERVED
+CVE-2023-28596
+ RESERVED
+CVE-2023-28595
+ RESERVED
+CVE-2023-28594
+ RESERVED
+CVE-2023-28593
+ RESERVED
+CVE-2023-28592
+ RESERVED
+CVE-2023-28591
+ RESERVED
+CVE-2023-28590
+ RESERVED
+CVE-2023-28589
+ RESERVED
+CVE-2023-28588
+ RESERVED
+CVE-2023-28587
+ RESERVED
+CVE-2023-28586
+ RESERVED
+CVE-2023-28585
+ RESERVED
+CVE-2023-28584
+ RESERVED
+CVE-2023-28583
+ RESERVED
+CVE-2023-28582
+ RESERVED
+CVE-2023-28581
+ RESERVED
+CVE-2023-28580
+ RESERVED
+CVE-2023-28579
+ RESERVED
+CVE-2023-28578
+ RESERVED
+CVE-2023-28577
+ RESERVED
+CVE-2023-28576
+ RESERVED
+CVE-2023-28575
+ RESERVED
+CVE-2023-28574
+ RESERVED
+CVE-2023-28573
+ RESERVED
+CVE-2023-28572
+ RESERVED
+CVE-2023-28571
+ RESERVED
+CVE-2023-28570
+ RESERVED
+CVE-2023-28569
+ RESERVED
+CVE-2023-28568
+ RESERVED
+CVE-2023-28567
+ RESERVED
+CVE-2023-28566
+ RESERVED
+CVE-2023-28565
+ RESERVED
+CVE-2023-28564
+ RESERVED
+CVE-2023-28563
+ RESERVED
+CVE-2023-28562
+ RESERVED
+CVE-2023-28561
+ RESERVED
+CVE-2023-28560
+ RESERVED
+CVE-2023-28559
+ RESERVED
+CVE-2023-28558
+ RESERVED
+CVE-2023-28557
+ RESERVED
+CVE-2023-28556
+ RESERVED
+CVE-2023-28555
+ RESERVED
+CVE-2023-28554
+ RESERVED
+CVE-2023-28553
+ RESERVED
+CVE-2023-28552
+ RESERVED
+CVE-2023-28551
+ RESERVED
+CVE-2023-28550
+ RESERVED
+CVE-2023-28549
+ RESERVED
+CVE-2023-28548
+ RESERVED
+CVE-2023-28547
+ RESERVED
+CVE-2023-28546
+ RESERVED
+CVE-2023-28545
+ RESERVED
+CVE-2023-28544
+ RESERVED
+CVE-2023-28543
+ RESERVED
+CVE-2023-28542
+ RESERVED
+CVE-2023-28541
+ RESERVED
+CVE-2023-28540
+ RESERVED
+CVE-2023-28539
+ RESERVED
+CVE-2023-28538
+ RESERVED
+CVE-2023-28537
+ RESERVED
+CVE-2023-28536
+ RESERVED
+CVE-2023-28535
+ RESERVED
+CVE-2023-28534
+ RESERVED
+CVE-2023-28533
+ RESERVED
+CVE-2023-28532
+ RESERVED
+CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...)
+ TODO: check
+CVE-2023-28530
+ RESERVED
+CVE-2023-28529
+ RESERVED
+CVE-2023-28528
+ RESERVED
+CVE-2023-28527
+ RESERVED
+CVE-2023-28526
+ RESERVED
+CVE-2023-28525
+ RESERVED
+CVE-2023-28524
+ RESERVED
+CVE-2023-28523
+ RESERVED
+CVE-2023-28522
+ RESERVED
+CVE-2023-28521
+ RESERVED
+CVE-2023-28520
+ RESERVED
+CVE-2023-28519
+ RESERVED
+CVE-2023-28518
+ RESERVED
+CVE-2023-28517
+ RESERVED
+CVE-2023-28516
+ RESERVED
+CVE-2023-28515
+ RESERVED
+CVE-2023-28514
+ RESERVED
+CVE-2023-28513
+ RESERVED
+CVE-2023-28512
+ RESERVED
+CVE-2023-28511
+ RESERVED
+CVE-2023-28510
+ RESERVED
+CVE-2023-28509
+ RESERVED
+CVE-2023-28508
+ RESERVED
+CVE-2023-28507
+ RESERVED
+CVE-2023-28506
+ RESERVED
+CVE-2023-28505
+ RESERVED
+CVE-2023-28504
+ RESERVED
+CVE-2023-28503
+ RESERVED
+CVE-2023-28502
+ RESERVED
+CVE-2023-28501
+ RESERVED
+CVE-2023-28500
+ RESERVED
+CVE-2023-28499
+ RESERVED
+CVE-2023-28498
+ RESERVED
+CVE-2023-28497
+ RESERVED
+CVE-2023-28496
+ RESERVED
+CVE-2023-28495
+ RESERVED
+CVE-2023-28494
+ RESERVED
+CVE-2023-28493
+ RESERVED
+CVE-2023-28492
+ RESERVED
+CVE-2023-28491
+ RESERVED
+CVE-2023-28490
+ RESERVED
+CVE-2023-28489
+ RESERVED
+CVE-2023-1478
+ RESERVED
+CVE-2023-1477
+ RESERVED
+CVE-2023-1476
+ RESERVED
+CVE-2023-1475 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-1474 (A vulnerability classified as critical was found in SourceCodester Aut ...)
+ TODO: check
+CVE-2023-1473
+ RESERVED
+CVE-2023-1472 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1471 (The WP Popup Banners plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2023-1470 (The eCommerce Product Catalog plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2023-1469 (The WP Express Checkout plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2023-1468 (A vulnerability classified as critical was found in SourceCodester Stu ...)
+ TODO: check
+CVE-2023-1467 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-1466 (A vulnerability was found in SourceCodester Student Study Center Desk ...)
+ TODO: check
+CVE-2023-1465
+ RESERVED
+CVE-2023-1464 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1463 (Improper Authorization in GitHub repository nilsteampassnet/teampass p ...)
+ TODO: check
+CVE-2023-1462
+ RESERVED
+CVE-2023-1461 (A vulnerability was found in SourceCodester Canteen Management System ...)
+ TODO: check
+CVE-2023-1460 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...)
+ TODO: check
+CVE-2023-1459 (A vulnerability was found in SourceCodester Canteen Management System ...)
+ TODO: check
+CVE-2023-1458
+ RESERVED
+CVE-2023-1457
+ RESERVED
+CVE-2023-1456
+ RESERVED
+CVE-2023-1455 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+ TODO: check
+CVE-2023-1454 (A vulnerability classified as critical has been found in jeecg-boot 3. ...)
+ TODO: check
+CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has bee ...)
+ TODO: check
+CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...)
+ TODO: check
+CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified as pr ...)
+ TODO: check
+CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as problematic ...)
+ TODO: check
+CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...)
+ TODO: check
+CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...)
+ TODO: check
+CVE-2023-1447 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-1446 (A vulnerability classified as problematic was found in Watchdog Anti-V ...)
+ TODO: check
+CVE-2023-1445 (A vulnerability classified as problematic has been found in Filseclab ...)
+ TODO: check
+CVE-2023-1444 (A vulnerability was found in Filseclab Twister Antivirus 8. It has bee ...)
+ TODO: check
+CVE-2023-1443 (A vulnerability was found in Filseclab Twister Antivirus 8. It has bee ...)
+ TODO: check
+CVE-2023-1442 (A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has be ...)
+ TODO: check
+CVE-2023-1441 (A vulnerability has been found in SourceCodester Automatic Question Pa ...)
+ TODO: check
+CVE-2023-1440 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1439 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-1438
+ RESERVED
+CVE-2023-1437
+ RESERVED
+CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing a JSO ...)
+ TODO: check
+CVE-2023-1435
+ RESERVED
+CVE-2023-1434
+ RESERVED
+CVE-2023-1433 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...)
+ TODO: check
+CVE-2023-1432 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...)
+ TODO: check
+CVE-2023-1431 (The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sens ...)
+ TODO: check
+CVE-2023-1430
+ RESERVED
+CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
+ TODO: check
+CVE-2023-1428
+ RESERVED
+CVE-2023-1427
+ RESERVED
+CVE-2023-1426
+ RESERVED
+CVE-2023-1425
+ RESERVED
CVE-2023-28488
RESERVED
CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...)
@@ -511,8 +849,7 @@ CVE-2023-1392 (A vulnerability has been found in SourceCodester Online Pizza Ord
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-1391 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
-CVE-2023-1390
- RESERVED
+CVE-2023-1390 (A remote denial of service vulnerability was found in the Linux kernel ...)
- linux 5.10.12-1
[buster] - linux 4.19.171-1
NOTE: https://git.kernel.org/linus/b77413446408fdd256599daf00d5be72b5f3e7c6 (5.11-rc4)
@@ -922,7 +1259,7 @@ CVE-2023-28177
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28177
CVE-2023-28176
RESERVED
- {DSA-5374-1}
+ {DSA-5375-1 DSA-5374-1 DLA-3364-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
- thunderbird 1:102.9.0-1
@@ -953,7 +1290,7 @@ CVE-2023-28165
RESERVED
CVE-2023-28164
RESERVED
- {DSA-5374-1}
+ {DSA-5375-1 DSA-5374-1 DLA-3364-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
- thunderbird 1:102.9.0-1
@@ -970,7 +1307,7 @@ CVE-2023-28163
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28163
CVE-2023-28162
RESERVED
- {DSA-5374-1}
+ {DSA-5375-1 DSA-5374-1 DLA-3364-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
- thunderbird 1:102.9.0-1
@@ -1032,8 +1369,8 @@ CVE-2023-28157
RESERVED
CVE-2023-28156
RESERVED
-CVE-2023-28155
- RESERVED
+CVE-2023-28155 (** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for ...)
+ TODO: check
CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...)
- node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904)
[bullseye] - node-webpack <no-dsa> (Minor issue)
@@ -1228,37 +1565,35 @@ CVE-2023-28115
RESERVED
CVE-2023-28114
RESERVED
-CVE-2023-28113
- RESERVED
-CVE-2023-28112
- RESERVED
-CVE-2023-28111
- RESERVED
-CVE-2023-28110
- RESERVED
-CVE-2023-28109
- RESERVED
-CVE-2023-28108
- RESERVED
-CVE-2023-28107
- RESERVED
-CVE-2023-28106
- RESERVED
-CVE-2023-28105
- RESERVED
-CVE-2023-28104
- RESERVED
+CVE-2023-28113 (russh is a Rust SSH client and server library. Starting in version 0.3 ...)
+ TODO: check
+CVE-2023-28112 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
+ TODO: check
+CVE-2023-28111 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
+ TODO: check
+CVE-2023-28110 (Jumpserver is a popular open source bastion host, and Koko is a Jumpse ...)
+ TODO: check
+CVE-2023-28109 (Play With Docker is a browser-based Docker playground. Versions 0.0.2 ...)
+ TODO: check
+CVE-2023-28108 (Pimcore is an open source data and experience management platform. Pri ...)
+ TODO: check
+CVE-2023-28107 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
+ TODO: check
+CVE-2023-28106 (Pimcore is an open source data and experience management platform. Pri ...)
+ TODO: check
+CVE-2023-28105 (go-used-util has commonly used utility functions for Go. Versions prio ...)
+ TODO: check
+CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL representat ...)
+ TODO: check
CVE-2023-28103
RESERVED
CVE-2023-28102
RESERVED
-CVE-2023-28101
- RESERVED
+CVE-2023-28101 (Flatpak is a system for building, distributing, and running sandboxed ...)
- flatpak 1.14.4-1 (bug #1033098)
[bullseye] - flatpak <no-dsa> (Minor issue)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8
-CVE-2023-28100
- RESERVED
+CVE-2023-28100 (Flatpak is a system for building, distributing, and running sandboxed ...)
- flatpak 1.14.4-1 (bug #1033099)
[bullseye] - flatpak <no-dsa> (Minor issue)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
@@ -1887,8 +2222,8 @@ CVE-2023-1258
RESERVED
CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series device ...)
NOT-FOR-US: Moxa UC Series devices
-CVE-2023-1256
- RESERVED
+CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server ar ...)
+ TODO: check
CVE-2023-1255
RESERVED
CVE-2023-1254 (A vulnerability has been found in SourceCodester Health Center Patient ...)
@@ -1946,8 +2281,8 @@ CVE-2023-27877
RESERVED
CVE-2023-27876
RESERVED
-CVE-2023-27875
- RESERVED
+CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow an authenticated user to change ot ...)
+ TODO: check
CVE-2023-27874
RESERVED
CVE-2023-27873
@@ -2317,20 +2652,20 @@ CVE-2023-27791
RESERVED
CVE-2023-27790
RESERVED
-CVE-2023-27789
- RESERVED
-CVE-2023-27788
- RESERVED
-CVE-2023-27787
- RESERVED
-CVE-2023-27786
- RESERVED
-CVE-2023-27785
- RESERVED
-CVE-2023-27784
- RESERVED
-CVE-2023-27783
- RESERVED
+CVE-2023-27789 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...)
+ TODO: check
+CVE-2023-27788 (An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause ...)
+ TODO: check
+CVE-2023-27787 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...)
+ TODO: check
+CVE-2023-27786 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...)
+ TODO: check
+CVE-2023-27785 (An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker t ...)
+ TODO: check
+CVE-2023-27784 (An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause ...)
+ TODO: check
+CVE-2023-27783 (An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacke ...)
+ TODO: check
CVE-2023-27782
RESERVED
CVE-2023-27781 (jpegoptim v1.5.2 was discovered to contain a heap overflow in the opti ...)
@@ -2473,16 +2808,16 @@ CVE-2023-27713
RESERVED
CVE-2023-27712
RESERVED
-CVE-2023-27711
- RESERVED
+CVE-2023-27711 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...)
+ TODO: check
CVE-2023-27710
RESERVED
-CVE-2023-27709
- RESERVED
+CVE-2023-27709 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...)
+ TODO: check
CVE-2023-27708
RESERVED
-CVE-2023-27707
- RESERVED
+CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...)
+ TODO: check
CVE-2023-27706
RESERVED
CVE-2023-27705
@@ -2762,10 +3097,10 @@ CVE-2023-27594
RESERVED
CVE-2023-27593
RESERVED
-CVE-2023-27592
- RESERVED
-CVE-2023-27591
- RESERVED
+CVE-2023-27592 (Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically ...)
+ TODO: check
+CVE-2023-27591 (Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated ...)
+ TODO: check
CVE-2023-27590 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
NOT-FOR-US: Rizin
CVE-2023-27589 (Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE ...)
@@ -2848,8 +3183,8 @@ CVE-2023-1174
RESERVED
CVE-2023-1173
REJECTED
-CVE-2023-1172
- RESERVED
+CVE-2023-1172 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
CVE-2023-1171
RESERVED
CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
@@ -3008,8 +3343,8 @@ CVE-2023-1154
RESERVED
CVE-2023-1153
RESERVED
-CVE-2023-1152
- RESERVED
+CVE-2023-1152 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-27520
RESERVED
CVE-2023-27511
@@ -3092,8 +3427,8 @@ CVE-2023-27496
RESERVED
CVE-2023-27495
RESERVED
-CVE-2023-27494
- RESERVED
+CVE-2023-27494 (Streamlit, software for turning data scripts into web applications, ha ...)
+ TODO: check
CVE-2023-27493
RESERVED
CVE-2023-27492
@@ -3817,8 +4152,8 @@ CVE-2023-27252
RESERVED
CVE-2023-27251
RESERVED
-CVE-2023-27250
- RESERVED
+CVE-2023-27250 (Online Book Store Project v1.0 is vulnerable to SQL Injection via /boo ...)
+ TODO: check
CVE-2023-27249
RESERVED
CVE-2023-27248
@@ -4055,10 +4390,10 @@ CVE-2023-27133
RESERVED
CVE-2023-27132
RESERVED
-CVE-2023-27131
- RESERVED
-CVE-2023-27130
- RESERVED
+CVE-2023-27131 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...)
+ TODO: check
+CVE-2023-27130 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...)
+ TODO: check
CVE-2023-27129
RESERVED
CVE-2023-27128
@@ -4216,8 +4551,8 @@ CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to cont
NOT-FOR-US: Tenda
CVE-2023-27060
RESERVED
-CVE-2023-27059
- RESERVED
+CVE-2023-27059 (A cross-site scripting (XSS) vulnerability in the Edit Group function ...)
+ TODO: check
CVE-2023-27058
RESERVED
CVE-2023-27057
@@ -4252,16 +4587,16 @@ CVE-2023-27043
RESERVED
CVE-2023-27042
RESERVED
-CVE-2023-27041
- RESERVED
-CVE-2023-27040
- RESERVED
+CVE-2023-27041 (School Registration and Fee System v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2023-27040 (Simple Image Gallery v1.0 was discovered to contain a remote code exec ...)
+ TODO: check
CVE-2023-27039
RESERVED
CVE-2023-27038
RESERVED
-CVE-2023-27037
- RESERVED
+CVE-2023-27037 (Qibosoft QiboCMS v7 was discovered to contain a remote code execution ...)
+ TODO: check
CVE-2023-27036
RESERVED
CVE-2023-27035
@@ -4796,12 +5131,12 @@ CVE-2023-26771
RESERVED
CVE-2023-26770
RESERVED
-CVE-2023-26769
- RESERVED
-CVE-2023-26768
- RESERVED
-CVE-2023-26767
- RESERVED
+CVE-2023-26769 (Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 all ...)
+ TODO: check
+CVE-2023-26768 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...)
+ TODO: check
+CVE-2023-26767 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...)
+ TODO: check
CVE-2023-26766
RESERVED
CVE-2023-26765
@@ -6767,8 +7102,8 @@ CVE-2023-26042 (Part-DB is an open source inventory management system for your e
NOT-FOR-US: Part-DB
CVE-2023-26041 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
NOT-FOR-US: Nextcloud Talk
-CVE-2023-26040
- RESERVED
+CVE-2023-26040 (Discourse is an open-source discussion platform. Between versions 3.1. ...)
+ TODO: check
CVE-2023-26039 (ZoneMinder is a free, open source Closed-circuit television software a ...)
- zoneminder 1.36.33+dfsg1-1 (unimportant)
NOTE: Only supported for trusted users/behind auth
@@ -7567,7 +7902,7 @@ CVE-2023-25753
RESERVED
CVE-2023-25752
RESERVED
- {DSA-5374-1}
+ {DSA-5375-1 DSA-5374-1 DLA-3364-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
- thunderbird 1:102.9.0-1
@@ -7576,7 +7911,7 @@ CVE-2023-25752
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25752
CVE-2023-25751
RESERVED
- {DSA-5374-1}
+ {DSA-5375-1 DSA-5374-1 DLA-3364-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
- thunderbird 1:102.9.0-1
@@ -7744,8 +8079,8 @@ CVE-2023-0813
NOT-FOR-US: Network Observability plugin for OpenShift console
CVE-2023-0812
RESERVED
-CVE-2023-0811
- RESERVED
+CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on the mem ...)
+ TODO: check
CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
NOT-FOR-US: btcpayserver
CVE-2023-0809
@@ -9419,8 +9754,8 @@ CVE-2023-25173 (containerd is an open source container runtime. A bug was found
- containerd 1.6.18~ds1-1
[bullseye] - containerd <no-dsa> (Minor issue; will be fixed via point release)
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
-CVE-2023-25172
- RESERVED
+CVE-2023-25172 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
+ TODO: check
CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, prior to ...)
@@ -10287,8 +10622,8 @@ CVE-2023-0600
RESERVED
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...)
NOT-FOR-US: Rapid7
-CVE-2023-0598
- RESERVED
+CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Dig ...)
+ TODO: check
CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel cpu_entry_area m ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
@@ -10704,8 +11039,8 @@ CVE-2023-24673
RESERVED
CVE-2023-24672
RESERVED
-CVE-2023-24671
- RESERVED
+CVE-2023-24671 (VX Search v13.8 and v14.7 was discovered to contain an unquoted servic ...)
+ TODO: check
CVE-2023-24670
RESERVED
CVE-2023-24669
@@ -11110,8 +11445,8 @@ CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitra
NOT-FOR-US: Dell
CVE-2023-24572 (Dell Command | Integration Suite for System Center, versions before 6. ...)
NOT-FOR-US: Dell
-CVE-2023-24571
- RESERVED
+CVE-2023-24571 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...)
+ TODO: check
CVE-2023-24570
RESERVED
CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior contain an I ...)
@@ -12768,8 +13103,8 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version
- node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418)
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
NOTE: https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 (v5.19.1)
-CVE-2023-23935
- RESERVED
+CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.1 and ...)
+ TODO: check
CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...)
{DLA-3346-1}
- python-werkzeug <unfixed> (bug #1031370)
@@ -13715,8 +14050,8 @@ CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to versio
NOT-FOR-US: Discourse
CVE-2023-23623
RESERVED
-CVE-2023-23622
- RESERVED
+CVE-2023-23622 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
+ TODO: check
CVE-2023-23621 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
NOT-FOR-US: Discourse
CVE-2023-23620 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
@@ -15841,7 +16176,7 @@ CVE-2023-0152
RESERVED
CVE-2023-0151 (The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0150 (The Cloak Front End Email WordPress plugin through 1.9.1 does not vali ...)
+CVE-2023-0150 (The Cloak Front End Email WordPress plugin before 1.9.2 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0149 (The WordPrezi WordPress plugin through 0.8.2 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
@@ -16010,14 +16345,14 @@ CVE-2014-125072 (A vulnerability classified as critical has been found in Cheris
NOT-FOR-US: CherishSin
CVE-2014-125071 (A vulnerability was found in lukehutch Gribbit. It has been classified ...)
NOT-FOR-US: lukehutch Gribbit
-CVE-2023-22883
- RESERVED
-CVE-2023-22882
- RESERVED
-CVE-2023-22881
- RESERVED
-CVE-2023-22880
- RESERVED
+CVE-2023-22883 (Zoom Client for IT Admin Windows installers before version 5.13.5 cont ...)
+ TODO: check
+CVE-2023-22882 (Zoom clients before version 5.13.5 contain a STUN parsing vulnerabilit ...)
+ TODO: check
+CVE-2023-22881 (Zoom clients before version 5.13.5 contain a STUN parsing vulnerabilit ...)
+ TODO: check
+CVE-2023-22880 (Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows ...)
+ TODO: check
CVE-2023-22879
RESERVED
CVE-2023-22878
@@ -16976,7 +17311,7 @@ CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not
NOT-FOR-US: WordPress plugin
CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0070 (The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does ...)
+CVE-2023-0070 (The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0069 (The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validat ...)
NOT-FOR-US: WordPress plugin
@@ -17631,8 +17966,8 @@ CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercuri
NOT-FOR-US: Mercurius
CVE-2023-22476 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...)
- mantis <removed>
-CVE-2023-0027
- RESERVED
+CVE-2023-0027 (Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerab ...)
+ TODO: check
CVE-2022-4854
RESERVED
CVE-2022-4853
@@ -23284,8 +23619,8 @@ CVE-2022-46869
RESERVED
CVE-2022-46868
RESERVED
-CVE-2022-46867
- RESERVED
+CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...)
+ TODO: check
CVE-2022-46866
RESERVED
CVE-2022-46865
@@ -23310,8 +23645,8 @@ CVE-2022-46856
RESERVED
CVE-2022-46855
RESERVED
-CVE-2022-46854
- RESERVED
+CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...)
+ TODO: check
CVE-2022-46853
RESERVED
CVE-2022-46852
@@ -23512,11 +23847,11 @@ CVE-2022-4359 (The WP RSS By Publishers WordPress plugin through 0.1 does not pr
NOT-FOR-US: WordPress plugin
CVE-2022-4358 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4357 (The LetsRecover WordPress plugin through 1.1.0 does not properly sanit ...)
+CVE-2022-4357 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4356 (The LetsRecover WordPress plugin through 1.1.0 does not properly sanit ...)
+CVE-2022-4356 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4355 (The LetsRecover WordPress plugin through 1.1.0 does not properly sanit ...)
+CVE-2022-4355 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4354 (A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as ...)
NOT-FOR-US: LinZhaoguan pb-cms
@@ -26493,14 +26828,14 @@ CVE-2022-45819
RESERVED
CVE-2022-45818
RESERVED
-CVE-2022-45817
- RESERVED
+CVE-2022-45817 (Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimo ...)
+ TODO: check
CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress At ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45815
RESERVED
-CVE-2022-45814
- RESERVED
+CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen W ...)
+ TODO: check
CVE-2022-45813
RESERVED
CVE-2022-45812
@@ -27745,40 +28080,40 @@ CVE-2023-21467
RESERVED
CVE-2023-21466
RESERVED
-CVE-2023-21465
- RESERVED
-CVE-2023-21464
- RESERVED
-CVE-2023-21463
- RESERVED
-CVE-2023-21462
- RESERVED
-CVE-2023-21461
- RESERVED
-CVE-2023-21460
- RESERVED
-CVE-2023-21459
- RESERVED
-CVE-2023-21458
- RESERVED
-CVE-2023-21457
- RESERVED
-CVE-2023-21456
- RESERVED
-CVE-2023-21455
- RESERVED
-CVE-2023-21454
- RESERVED
-CVE-2023-21453
- RESERVED
-CVE-2023-21452
- RESERVED
+CVE-2023-21465 (Improper access control vulnerability in BixbyTouch prior to version 3 ...)
+ TODO: check
+CVE-2023-21464 (Improper access control in Samsung Calendar prior to versions 12.4.02. ...)
+ TODO: check
+CVE-2023-21463 (Improper access control vulnerability in MyFiles application prior to ...)
+ TODO: check
+CVE-2023-21462 (The sensitive information exposure vulnerability in Quick Share Agent ...)
+ TODO: check
+CVE-2023-21461 (Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in ...)
+ TODO: check
+CVE-2023-21460 (Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 ...)
+ TODO: check
+CVE-2023-21459 (Use after free vulnerability in decon driver prior to SMR Mar-2023 Rel ...)
+ TODO: check
+CVE-2023-21458 (Improper privilege management vulnerability in PhoneStatusBarPolicy in ...)
+ TODO: check
+CVE-2023-21457 (Improper access control vulnerability in Bluetooth prior to SMR Mar-20 ...)
+ TODO: check
+CVE-2023-21456 (Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar ...)
+ TODO: check
+CVE-2023-21455 (Improper authorization implementation in Exynos baseband prior to SMR ...)
+ TODO: check
+CVE-2023-21454 (Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Relea ...)
+ TODO: check
+CVE-2023-21453 (Improper input validation vulnerability in SoftSim TA prior to SMR Mar ...)
+ TODO: check
+CVE-2023-21452 (Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 R ...)
+ TODO: check
CVE-2023-21451 (A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRI ...)
NOT-FOR-US: Samsung
CVE-2023-21450 (Missing Authorization vulnerability in One Hand Operation + prior to v ...)
NOT-FOR-US: Samsung
-CVE-2023-21449
- RESERVED
+CVE-2023-21449 (Improper access control vulnerability in Call application prior to SMR ...)
+ TODO: check
CVE-2023-21448 (Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.3 ...)
NOT-FOR-US: Samsung
CVE-2023-21447 (Improper access control vulnerabilities in Samsung Cloud prior to vers ...)
@@ -31106,7 +31441,7 @@ CVE-2022-3839 (The Analytics for WP WordPress plugin through 1.5.1 does not sani
NOT-FOR-US: WordPress plugin
CVE-2022-3838 (The WPUpper Share Buttons WordPress plugin through 3.42 does not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3837 (The Uji Countdown WordPress plugin through 2.2 does not sanitise and e ...)
+CVE-2022-3837 (The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3836
RESERVED
@@ -35487,12 +35822,12 @@ CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified
NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09
CVE-2022-43607
RESERVED
-CVE-2022-43606
- RESERVED
-CVE-2022-43605
- RESERVED
-CVE-2022-43604
- RESERVED
+CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the Forward Ope ...)
+ TODO: check
+CVE-2022-43605 (An out-of-bounds write vulnerability exists in the SetAttributeList at ...)
+ TODO: check
+CVE-2022-43604 (An out-of-bounds write vulnerability exists in the GetAttributeList at ...)
+ TODO: check
CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::close() f ...)
[experimental] - openimageio 2.4.7.1+dfsg-1
- openimageio 2.4.7.1+dfsg-2 (bug #1027808)
@@ -35739,8 +36074,8 @@ CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist ...)
NOT-FOR-US: Adeel Ahmed's IP Blacklist
-CVE-2022-43461
- RESERVED
+CVE-2022-43461 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...)
+ TODO: check
CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainFor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43458
@@ -35751,8 +36086,7 @@ CVE-2022-43450
RESERVED
CVE-2022-43445
RESERVED
-CVE-2022-43441
- RESERVED
+CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings functi ...)
{DSA-5373-1}
- node-sqlite3 5.1.5+ds1-1
NOTE: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
@@ -35841,8 +36175,8 @@ CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.
NOT-FOR-US: WordPress plugin
CVE-2022-41619
RESERVED
-CVE-2022-41554
- RESERVED
+CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...)
+ TODO: check
CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affil ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabili ...)
@@ -35857,8 +36191,8 @@ CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail
NOT-FOR-US: WordPress plugin
CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38971
- RESERVED
+CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post For ...)
+ TODO: check
CVE-2022-38716
RESERVED
CVE-2022-38702
@@ -41119,8 +41453,8 @@ CVE-2022-40702
RESERVED
CVE-2022-40700
RESERVED
-CVE-2022-40699
- RESERVED
+CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – ...)
+ TODO: check
CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News ...)
@@ -41149,8 +41483,8 @@ CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor vulne
NOT-FOR-US: WordPress plugin
CVE-2022-38141
RESERVED
-CVE-2022-38063
- RESERVED
+CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...)
+ TODO: check
CVE-2022-38057
RESERVED
CVE-2022-38055
@@ -41240,7 +41574,7 @@ CVE-2022-41559 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus c
NOT-FOR-US: TIBCO
CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...)
NOT-FOR-US: TIBCO
-CVE-2022-41342 (Improper buffer restrictions the Intel(R) C++ Compiler Classic before ...)
+CVE-2022-41342 (Improper buffer restrictions in the Intel(R) C++ Compiler Classic befo ...)
NOT-FOR-US: Intel
CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter installer so ...)
NOT-FOR-US: Intel
@@ -41256,7 +41590,7 @@ CVE-2022-40210
RESERVED
CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...)
NOT-FOR-US: Intel
-CVE-2022-38136 (Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler bef ...)
+CVE-2022-38136 (Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for ...)
NOT-FOR-US: Intel
CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC 11 Co ...)
NOT-FOR-US: Intel
@@ -60685,42 +61019,42 @@ CVE-2022-34425 (Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic
NOT-FOR-US: Dell
CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...)
NOT-FOR-US: Dell
-CVE-2022-34423
- RESERVED
-CVE-2022-34422
- RESERVED
-CVE-2022-34421
- RESERVED
-CVE-2022-34420
- RESERVED
-CVE-2022-34419
- RESERVED
-CVE-2022-34418
- RESERVED
-CVE-2022-34417
- RESERVED
-CVE-2022-34416
- RESERVED
-CVE-2022-34415
- RESERVED
-CVE-2022-34414
- RESERVED
-CVE-2022-34413
- RESERVED
-CVE-2022-34412
- RESERVED
-CVE-2022-34411
- RESERVED
-CVE-2022-34410
- RESERVED
-CVE-2022-34409
- RESERVED
-CVE-2022-34408
- RESERVED
-CVE-2022-34407
- RESERVED
-CVE-2022-34406
- RESERVED
+CVE-2022-34423 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34422 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34421 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34420 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34419 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34418 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34417 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34416 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34415 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34414 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34413 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34412 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34411 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34410 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34409 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34408 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34407 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
+CVE-2022-34406 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
+ TODO: check
CVE-2022-34405 (An improper access control vulnerability was identified in the Realtek ...)
NOT-FOR-US: Dell
CVE-2022-34404 (Dell System Update, version 2.0.0 and earlier, contains an Improper Ce ...)
@@ -60777,9 +61111,9 @@ CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an Authe
NOT-FOR-US: EMC
CVE-2022-34378 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9. ...)
NOT-FOR-US: Dell
-CVE-2022-34377 (Dell PowerEdge BIOS contains an Improper SMM communication buffer veri ...)
+CVE-2022-34377 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...)
NOT-FOR-US: Dell
-CVE-2022-34376 (Dell PowerEdge BIOS contains an improper input validation vulnerabilit ...)
+CVE-2022-34376 (Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input ...)
NOT-FOR-US: Dell
CVE-2022-34375 (Dell Container Storage Modules 1.2 contains a path traversal vulnerabi ...)
NOT-FOR-US: Dell
@@ -84311,8 +84645,8 @@ CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, a
NOT-FOR-US: Citrix XenMobile Server
CVE-2022-26150
RESERVED
-CVE-2022-26080
- RESERVED
+CVE-2022-26080 (Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus S ...)
+ TODO: check
CVE-2022-26057 (Vulnerabilities in the Mint WorkBench allow a low privileged attacker ...)
NOT-FOR-US: Mind Workbench
CVE-2022-0812 (An information leak flaw was found in NFS over RDMA in the net/sunrpc/ ...)
@@ -127086,8 +127420,8 @@ CVE-2021-36823 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPre
NOT-FOR-US: WordPress plugin
CVE-2021-36822
RESERVED
-CVE-2021-36821
- RESERVED
+CVE-2021-36821 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in WPMU DEV Fo ...)
+ TODO: check
CVE-2021-36820
REJECTED
CVE-2021-36819
@@ -140263,8 +140597,8 @@ CVE-2021-31639
RESERVED
CVE-2021-31638
RESERVED
-CVE-2021-31637
- RESERVED
+CVE-2021-31637 (An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, ...)
+ TODO: check
CVE-2021-31636
RESERVED
CVE-2021-31635
@@ -158002,7 +158336,7 @@ CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...)
+CVE-2021-24705 (The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF checks ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24704 (In the Orange Form WordPress plugin through 1.0, the process_bulk_acti ...)
NOT-FOR-US: WordPress plugin
@@ -165460,8 +165794,8 @@ CVE-2021-21550 (Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutra
NOT-FOR-US: EMC
CVE-2021-21549 (Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Reque ...)
NOT-FOR-US: EMC
-CVE-2021-21548
- RESERVED
+CVE-2021-21548 (Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Uni ...)
+ TODO: check
CVE-2021-21547 (Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 ...)
NOT-FOR-US: EMC
CVE-2021-21546 (Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 c ...)
@@ -194276,8 +194610,8 @@ CVE-2020-22649
RESERVED
CVE-2020-22648
RESERVED
-CVE-2020-22647
- RESERVED
+CVE-2020-22647 (An issue found in DepositGame v.1.0 allows an attacker to gain sensiti ...)
+ TODO: check
CVE-2020-22646
RESERVED
CVE-2020-22645
@@ -200070,8 +200404,8 @@ CVE-2020-19949 (A cross-site scripting (XSS) vulnerability in the /link/add.html
NOT-FOR-US: YzmCMS
CVE-2020-19948
RESERVED
-CVE-2020-19947
- RESERVED
+CVE-2020-19947 (Cross Site Scripting vulnerability found in Markdown Edit allows a rem ...)
+ TODO: check
CVE-2020-19946
RESERVED
CVE-2020-19945
@@ -278389,7 +278723,7 @@ CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The h
NOT-FOR-US: Node module bodymen
CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform a comma ...)
NOT-FOR-US: Node module promise-probe
-CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...)
+CVE-2019-10790 (taffydb npm module, vulnerable in all versions up to and including 2.7 ...)
NOT-FOR-US: Node module taffy
CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...)
NOT-FOR-US: curling.js
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c1bb365d2624f90e2f3536592af251fb70a5953
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c1bb365d2624f90e2f3536592af251fb70a5953
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230317/76057300/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list