[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 20 20:10:46 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ba6efbe by security tracker role at 2023-03-20T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2023-28655
+ RESERVED
+CVE-2023-28652
+ RESERVED
+CVE-2023-28650
+ RESERVED
+CVE-2023-28647
+ RESERVED
+CVE-2023-28646
+ RESERVED
+CVE-2023-28645
+ RESERVED
+CVE-2023-28644
+ RESERVED
+CVE-2023-28643
+ RESERVED
+CVE-2023-28642
+ RESERVED
+CVE-2023-28641
+ RESERVED
+CVE-2023-28640
+ RESERVED
+CVE-2023-28639
+ RESERVED
+CVE-2023-28638
+ RESERVED
+CVE-2023-28637
+ RESERVED
+CVE-2023-28636
+ RESERVED
+CVE-2023-28635
+ RESERVED
+CVE-2023-28634
+ RESERVED
+CVE-2023-28633
+ RESERVED
+CVE-2023-28632
+ RESERVED
+CVE-2023-28631
+ RESERVED
+CVE-2023-28630
+ RESERVED
+CVE-2023-28629
+ RESERVED
+CVE-2023-28628
+ RESERVED
+CVE-2023-28627
+ RESERVED
+CVE-2023-28626
+ RESERVED
+CVE-2023-28625
+ RESERVED
+CVE-2023-28624
+ RESERVED
+CVE-2023-28623
+ RESERVED
+CVE-2023-28622
+ RESERVED
+CVE-2023-28621
+ RESERVED
+CVE-2023-28620
+ RESERVED
+CVE-2023-28619
+ RESERVED
+CVE-2023-28618
+ RESERVED
+CVE-2023-28391
+ RESERVED
+CVE-2023-27927
+ RESERVED
+CVE-2023-22300
+ RESERVED
+CVE-2023-1523
+ RESERVED
+CVE-2023-1522
+ RESERVED
+CVE-2023-1521
+ RESERVED
+CVE-2023-1520
+ RESERVED
+CVE-2023-1519
+ RESERVED
+CVE-2023-1518
+ RESERVED
+CVE-2023-1517 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...)
+ TODO: check
+CVE-2023-1516
+ RESERVED
+CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
+CVE-2023-1514
+ RESERVED
+CVE-2023-1513
+ RESERVED
+CVE-2023-1512
+ RESERVED
+CVE-2023-1511
+ RESERVED
+CVE-2023-1510
+ RESERVED
+CVE-2023-1509
+ RESERVED
+CVE-2023-1508
+ RESERVED
+CVE-2023-1507 (A vulnerability has been found in SourceCodester E-Commerce System 1.0 ...)
+ TODO: check
+CVE-2023-1506 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1505 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-1504 (A vulnerability classified as critical was found in SourceCodester Alp ...)
+ TODO: check
+CVE-2023-1503 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-1502 (A vulnerability was found in SourceCodester Alphaware Simple E-Commerc ...)
+ TODO: check
+CVE-2019-25136
+ RESERVED
CVE-2018-25082
RESERVED
CVE-2016-15029
@@ -600,18 +718,18 @@ CVE-2023-28431
RESERVED
CVE-2023-28430
RESERVED
-CVE-2023-28429
- RESERVED
-CVE-2023-28428
- RESERVED
+CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...)
+ TODO: check
+CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versions 1. ...)
+ TODO: check
CVE-2023-28427
RESERVED
-CVE-2023-28426
- RESERVED
+CVE-2023-28426 (savg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in ...)
+ TODO: check
CVE-2023-28425
RESERVED
-CVE-2023-28424
- RESERVED
+CVE-2023-28424 (Soko if the code that powers packages.gentoo.org. Prior to version 1.0 ...)
+ TODO: check
CVE-2023-28423
RESERVED
CVE-2023-28422
@@ -1688,8 +1806,8 @@ CVE-2023-1347
RESERVED
CVE-2023-28119
RESERVED
-CVE-2023-28118
- RESERVED
+CVE-2023-28118 (kaml provides YAML support for kotlinx.serialization. Prior to version ...)
+ TODO: check
CVE-2023-28117
RESERVED
CVE-2023-28116 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
@@ -2371,15 +2489,15 @@ CVE-2023-1252
NOTE: https://git.kernel.org/linus/9a254403760041528bc8f69fe2f5e1ef86950991 (5.16-rc1)
CVE-2023-1251 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Akinsoft Wolvox
-CVE-2023-1250
- RESERVED
+CVE-2023-1250 (Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), ...)
+ TODO: check
CVE-2023-1249 [coredump: Use the vma snapshot in fill_files_note]
RESERVED
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
NOTE: https://git.kernel.org/linus/390031c942116d4733310f0684beb8db19885fe6 (5.18-rc1)
-CVE-2023-1248
- RESERVED
+CVE-2023-1248 (Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Action ...)
+ TODO: check
CVE-2023-1247 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2022-4932 (The Total Upkeep plugin for WordPress is vulnerable to information dis ...)
@@ -3256,8 +3374,8 @@ CVE-2023-27588 (Hasura is an open-source product that provides users GraphQL or
NOT-FOR-US: Hasura
CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to ...)
NOT-FOR-US: ReadtoMyShoe
-CVE-2023-27586
- RESERVED
+CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Pr ...)
+ TODO: check
CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2023-27584
@@ -3515,6 +3633,7 @@ CVE-2023-27524
CVE-2023-27523
RESERVED
CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...)
+ {DSA-5376-1}
- apache2 2.4.56-1 (bug #1032476)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/2
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-27522
@@ -5207,7 +5326,8 @@ CVE-2023-26825
RESERVED
CVE-2023-26824
RESERVED
-CVE-2023-26823 (An arbitrary file upload vulnerability in the /admin/template.php comp ...)
+CVE-2023-26823
+ REJECTED
NOT-FOR-US: shopEx
CVE-2023-26822
RESERVED
@@ -5933,8 +6053,8 @@ CVE-2023-26515
RESERVED
CVE-2023-26514
RESERVED
-CVE-2023-26513
- RESERVED
+CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...)
+ TODO: check
CVE-2023-26512
RESERVED
CVE-2023-1025
@@ -6656,14 +6776,14 @@ CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to 110.0.5481.17
{DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0940
- RESERVED
+CVE-2023-0940 (The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoin ...)
+ TODO: check
CVE-2023-0939 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: NTN Information Technologies Online Services Software
CVE-2023-0938 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Music Gallery Site
-CVE-2023-0937
- RESERVED
+CVE-2023-0937 (The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does ...)
+ TODO: check
CVE-2023-0936 (A vulnerability was found in TP-Link Archer C50 V2_160801. It has been ...)
NOT-FOR-US: TP-Link
CVE-2023-0935 (A vulnerability was found in DolphinPHP up to 1.5.1. It has been decla ...)
@@ -7246,8 +7366,8 @@ CVE-2013-10019 (A vulnerability was found in OCLC-Research OAICat 1.5.61. It has
NOT-FOR-US: OAICat
CVE-2012-10008 (A vulnerability, which was classified as critical, has been found in u ...)
NOT-FOR-US: uakfdotb oneapp
-CVE-2023-0911
- RESERVED
+CVE-2023-0911 (The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress ...)
+ TODO: check
CVE-2023-0910 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-0909 (A vulnerability, which was classified as problematic, was found in cxa ...)
@@ -7522,8 +7642,8 @@ CVE-2023-0892
RESERVED
CVE-2023-0891
RESERVED
-CVE-2023-0890
- RESERVED
+CVE-2023-0890 (The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress ...)
+ TODO: check
CVE-2023-0889
RESERVED
CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...)
@@ -7592,10 +7712,10 @@ CVE-2023-0878 (Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/fr
NOT-FOR-US: Nuxt
CVE-2023-0877 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. ...)
- froxlor <itp> (bug #581792)
-CVE-2023-0876
- RESERVED
-CVE-2023-0875
- RESERVED
+CVE-2023-0876 (The WP Meta SEO WordPress plugin before 4.5.3 does not authorize sever ...)
+ TODO: check
+CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly saniti ...)
+ TODO: check
CVE-2023-0874
RESERVED
CVE-2023-0873
@@ -7664,8 +7784,8 @@ CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior t
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f
NOTE: https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937
-CVE-2023-0865
- RESERVED
+CVE-2023-0865 (The WooCommerce Multiple Customer Addresses & Shipping WordPress p ...)
+ TODO: check
CVE-2023-0864
RESERVED
CVE-2023-0863
@@ -7948,10 +8068,10 @@ CVE-2023-25797
RESERVED
CVE-2023-25796
RESERVED
-CVE-2023-25795
- RESERVED
-CVE-2023-25794
- RESERVED
+CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.I ...)
+ TODO: check
+CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...)
+ TODO: check
CVE-2023-25793
RESERVED
CVE-2023-25792
@@ -7974,8 +8094,8 @@ CVE-2023-25784
RESERVED
CVE-2023-25783
RESERVED
-CVE-2023-25782
- RESERVED
+CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...)
+ TODO: check
CVE-2023-25781
RESERVED
CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...)
@@ -8489,6 +8609,7 @@ CVE-2021-4316
CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rat ...)
NOT-FOR-US: juju2143 WalrusIRC
CVE-2023-25690 (Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 thr ...)
+ {DSA-5376-1}
- apache2 2.4.56-1 (bug #1032476)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690
@@ -9825,8 +9946,8 @@ CVE-2023-0683
RESERVED
CVE-2023-0682
RESERVED
-CVE-2023-0681
- RESERVED
+CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redir ...)
+ TODO: check
CVE-2023-0680
REJECTED
CVE-2023-0679 (A vulnerability was found in SourceCodester Canteen Management System ...)
@@ -10206,8 +10327,8 @@ CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision F
NOT-FOR-US: FolioVision
CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tab ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25064
- RESERVED
+CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
+ TODO: check
CVE-2023-25063
RESERVED
CVE-2023-25062
@@ -10396,10 +10517,10 @@ CVE-2023-0633
RESERVED
CVE-2023-0632
RESERVED
-CVE-2023-0631
- RESERVED
-CVE-2023-0630
- RESERVED
+CVE-2023-0631 (The Paid Memberships Pro WordPress plugin before 2.9.12 does not preve ...)
+ TODO: check
+CVE-2023-0630 (The Slimstat Analytics WordPress plugin before 4.9.3.3 does not preven ...)
+ TODO: check
CVE-2023-0629 (Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enh ...)
TODO: check
CVE-2023-0628 (Docker Desktop before 4.17.0 allows an attacker to execute an arbitrar ...)
@@ -12209,8 +12330,8 @@ CVE-2023-24383
RESERVED
CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24381
- RESERVED
+CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...)
+ TODO: check
CVE-2023-24380
RESERVED
CVE-2023-24379
@@ -13727,8 +13848,8 @@ CVE-2023-22307
RESERVED
CVE-2023-22294
RESERVED
-CVE-2023-22288
- RESERVED
+CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, ...)
+ TODO: check
CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...)
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
@@ -13774,10 +13895,10 @@ CVE-2023-0372 (The EmbedStories WordPress plugin before 0.7.5 does not validate
NOT-FOR-US: WordPress plugin
CVE-2023-0371 (The EmbedSocial WordPress plugin before 1.1.28 does not validate and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0370
- RESERVED
-CVE-2023-0369
- RESERVED
+CVE-2023-0370 (The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate ...)
+ TODO: check
+CVE-2023-0369 (The GoToWP WordPress plugin through 5.1.1 does not validate and escape ...)
+ TODO: check
CVE-2023-0368
RESERVED
CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as problema ...)
@@ -13850,10 +13971,10 @@ CVE-2023-0367
RESERVED
CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0365
- RESERVED
-CVE-2023-0364
- RESERVED
+CVE-2023-0365 (The React Webcam WordPress plugin through 1.2.0 does not validate and ...)
+ TODO: check
+CVE-2023-0364 (The real.Kit WordPress plugin before 5.1.1 does not validate and escap ...)
+ TODO: check
CVE-2023-0363
RESERVED
CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not validate ...)
@@ -13970,14 +14091,14 @@ CVE-2023-23723
RESERVED
CVE-2023-23722
RESERVED
-CVE-2023-23721
- RESERVED
+CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...)
+ TODO: check
CVE-2023-23720
RESERVED
CVE-2023-23719
RESERVED
-CVE-2023-23718
- RESERVED
+CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Pa ...)
+ TODO: check
CVE-2023-23717
RESERVED
CVE-2023-23716
@@ -14024,8 +14145,8 @@ CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorc
[buster] - editorconfig-core <no-dsa> (Minor issue)
NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87
NOTE: https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e
-CVE-2023-0340
- RESERVED
+CVE-2023-0340 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...)
+ TODO: check
CVE-2023-0339 (Relative Path Traversal vulnerability in ForgeRock Access Management W ...)
NOT-FOR-US: ForgeRock
CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
@@ -14374,8 +14495,8 @@ CVE-2023-0322 (Improper Neutralization of Input During Web Page Generation ('Cro
NOT-FOR-US: UNIS
CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 m ...)
NOT-FOR-US: Campbell
-CVE-2023-0320
- RESERVED
+CVE-2023-0320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-0319
RESERVED
CVE-2023-0318
@@ -14596,8 +14717,8 @@ CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.1
NOT-FOR-US: WordPress plugin
CVE-2023-0274
RESERVED
-CVE-2023-0273
- RESERVED
+CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...)
+ TODO: check
CVE-2023-0272
RESERVED
CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not validate an ...)
@@ -16280,8 +16401,8 @@ CVE-2023-0177 (The Social Like Box and Page by WpDevArt WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2023-0176 (The Giveaways and Contests by RafflePress WordPress plugin before 1.11 ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0175
- RESERVED
+CVE-2023-0175 (The Responsive Clients Logo Gallery Plugin for WordPress plugin throug ...)
+ TODO: check
CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and escape s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2 ...)
@@ -16296,8 +16417,8 @@ CVE-2023-0169 (The Zoho Forms WordPress plugin before 3.0.1 does not validate an
NOT-FOR-US: WordPress plugin
CVE-2023-0168 (The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not valid ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0167
- RESERVED
+CVE-2023-0167 (The GetResponse for WordPress plugin through 5.5.31 does not validate ...)
+ TODO: check
CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress plugin bef ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0165 (The Cost Calculator WordPress plugin through 1.8 does not validate and ...)
@@ -16391,8 +16512,8 @@ CVE-2023-0147 (The Flexible Captcha WordPress plugin through 4.1 does not valida
NOT-FOR-US: WordPress plugin
CVE-2023-0146 (The Naver Map WordPress plugin through 1.1.0 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0145
- RESERVED
+CVE-2023-0145 (The Saan World Clock WordPress plugin through 1.8 does not validate an ...)
+ TODO: check
CVE-2017-20167 (A vulnerability, which was classified as problematic, was found in Min ...)
NOT-FOR-US: Minichan
CVE-2016-15017 (A vulnerability has been found in fabarea media_upload and classified ...)
@@ -17232,16 +17353,16 @@ CVE-2023-22684
RESERVED
CVE-2023-22683
RESERVED
-CVE-2023-22682
- RESERVED
-CVE-2023-22681
- RESERVED
-CVE-2023-22680
- RESERVED
-CVE-2023-22679
- RESERVED
-CVE-2023-22678
- RESERVED
+CVE-2023-22682 (Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | P ...)
+ TODO: check
+CVE-2023-22681 (Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech On ...)
+ TODO: check
+CVE-2023-22680 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alta ...)
+ TODO: check
+CVE-2023-22679 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico ...)
+ TODO: check
+CVE-2023-22678 (Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superio ...)
+ TODO: check
CVE-2023-22677
RESERVED
CVE-2023-22676
@@ -20382,10 +20503,10 @@ CVE-2022-47594
RESERVED
CVE-2022-47593
RESERVED
-CVE-2022-47592
- RESERVED
-CVE-2022-47591
- RESERVED
+CVE-2022-47592 (Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperma ...)
+ TODO: check
+CVE-2022-47591 (Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni ...)
+ TODO: check
CVE-2022-47590
RESERVED
CVE-2022-47589
@@ -26295,8 +26416,8 @@ CVE-2022-4150 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gal
NOT-FOR-US: WordPress plugin
CVE-2022-4149
RESERVED
-CVE-2022-4148
- RESERVED
+CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...)
+ TODO: check
CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...)
NOT-FOR-US: Quarkus
CVE-2022-46139 (TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers ...)
@@ -29507,8 +29628,8 @@ CVE-2022-3896 (The WP Affiliate Platform plugin for WordPress is vulnerable to R
NOT-FOR-US: WP Affiliate Platform plugin for WordPress
CVE-2022-3895 (Some UI elements of the Common User Interface Component are not proper ...)
NOT-FOR-US: BlueSpice
-CVE-2022-3894
- RESERVED
+CVE-2022-3894 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...)
+ TODO: check
CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extens ...)
NOT-FOR-US: BlueSpice
CVE-2022-3892 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...)
@@ -48004,7 +48125,7 @@ CVE-2022-3073 (Quanos "SCHEMA ST4" example web templates in version Bootstrap 20
CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...)
NOT-FOR-US: francoisjacquet/rosariosis
CVE-2006-20001 (A carefully crafted If: request header can cause a memory read, or wri ...)
- {DLA-3351-1}
+ {DSA-5376-1 DLA-3351-1}
- apache2 2.4.55-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/5
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001
@@ -52756,7 +52877,7 @@ CVE-2022-37438 (In Splunk Enterprise versions in the following table, an authent
CVE-2022-37437 (When using Ingest Actions to configure a destination that resides on A ...)
NOT-FOR-US: Splunk
CVE-2022-37436 (Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the ...)
- {DLA-3351-1}
+ {DSA-5376-1 DLA-3351-1}
- apache2 2.4.55-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/7
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436
@@ -54683,7 +54804,7 @@ CVE-2022-36762
CVE-2022-36761
RESERVED
CVE-2022-36760 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...)
- {DLA-3351-1}
+ {DSA-5376-1 DLA-3351-1}
- apache2 2.4.55-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba6efbe3db5ebf5f83c107ec080d1f1a96072f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ba6efbe3db5ebf5f83c107ec080d1f1a96072f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230320/e1539af3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list