[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 2 09:11:41 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8590de4f by security tracker role at 2023-05-02T08:11:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2022-48483 (3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthentica ...)
+ TODO: check
+CVE-2022-48482 (3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows all ...)
+ TODO: check
+CVE-2014-125100 (A vulnerability classified as problematic was found in BestWebSoft Job ...)
+ TODO: check
+CVE-2013-10026 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
CVE-2023-2451 (A vulnerability was found in SourceCodester Online DJ Management Syste ...)
NOT-FOR-US: SourceCodester Online DJ Management System
CVE-2018-25085 (A vulnerability classified as problematic was found in Responsive Menu ...)
@@ -854,8 +862,8 @@ CVE-2023-31044
RESERVED
CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...)
NOT-FOR-US: EnterpriseDB
-CVE-2023-2247
- RESERVED
+CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask variab ...)
+ TODO: check
CVE-2023-31042
RESERVED
CVE-2023-31041
@@ -2094,8 +2102,8 @@ CVE-2023-30641
RESERVED
CVE-2023-30640
RESERVED
-CVE-2023-30639
- RESERVED
+CVE-2023-30639 (Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored ...)
+ TODO: check
CVE-2023-30638 (Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 befor ...)
NOT-FOR-US: Unify
CVE-2023-30637 (Baidu braft 1.1.2 has a memory leak related to use of the new operator ...)
@@ -4437,10 +4445,10 @@ CVE-2023-29683
RESERVED
CVE-2023-29682
RESERVED
-CVE-2023-29681
- RESERVED
-CVE-2023-29680
- RESERVED
+CVE-2023-29681 (Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware ...)
+ TODO: check
+CVE-2023-29680 (Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmwar ...)
+ TODO: check
CVE-2023-29679
RESERVED
CVE-2023-29678
@@ -5202,8 +5210,8 @@ CVE-2023-1913 (The Maps Widget for Google Maps for WordPress is vulnerable to St
NOT-FOR-US: WordPress plugin
CVE-2023-1912 (The Limit Login Attempts plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: Limit Login Attempts plugin for WordPress
-CVE-2023-1911
- RESERVED
+CVE-2023-1911 (The Blocksy Companion WordPress plugin before 1.8.82 does not ensure t ...)
+ TODO: check
CVE-2023-1910
RESERVED
CVE-2023-1909 (A vulnerability, which was classified as critical, was found in PHPGur ...)
@@ -5417,8 +5425,8 @@ CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Eskom Computer Water Metering Software
CVE-2023-1862
RESERVED
-CVE-2023-1861
- RESERVED
+CVE-2023-1861 (The Limit Login Attempts WordPress plugin through 1.7.2 does not sanit ...)
+ TODO: check
CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...)
NOT-FOR-US: WCFM Membership plugin for WordPress
CVE-2022-4940 (The WCFM Membership plugin for WordPress is vulnerable to unauthorized ...)
@@ -5929,8 +5937,8 @@ CVE-2023-1810 (Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5
{DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-1809
- RESERVED
+CVE-2023-1809 (The Download Manager WordPress plugin before 6.3.0 leaks master key in ...)
+ TODO: check
CVE-2023-1808
RESERVED
CVE-2023-29216 (In Apache Linkis <=1.3.1, because the parameters are not effectively f ...)
@@ -6039,10 +6047,10 @@ CVE-2023-1807
RESERVED
CVE-2023-1806
RESERVED
-CVE-2023-1805
- RESERVED
-CVE-2023-1804
- RESERVED
+CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...)
+ TODO: check
+CVE-2023-1804 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...)
+ TODO: check
CVE-2023-1803 (Authentication Bypass by Alternate Name vulnerability in DTS Electroni ...)
NOT-FOR-US: DTS Electronics Redline Router firmware
CVE-2023-1802 (In Docker Desktop 4.17.x the Artifactory Integration falls back to sen ...)
@@ -6465,8 +6473,8 @@ CVE-2023-1732
RESERVED
CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file upload fun ...)
NOT-FOR-US: LTOS
-CVE-2023-1730
- RESERVED
+CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...)
+ TODO: check
CVE-2023-1729
RESERVED
- libraw <undetermined>
@@ -6845,8 +6853,8 @@ CVE-2023-1670 (A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (P
- linux 6.1.20-2
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44
-CVE-2023-1669
- RESERVED
+CVE-2023-1669 (The SEOPress WordPress plugin before 6.5.0.3 unserializes user input p ...)
+ TODO: check
CVE-2022-4934 (A post-auth command injection vulnerability in the exception wizard of ...)
NOT-FOR-US: Sophos
CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of Sophos W ...)
@@ -7303,8 +7311,8 @@ CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an acces
NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products
CVE-2023-1615
RESERVED
-CVE-2023-1614
- RESERVED
+CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not saniti ...)
+ TODO: check
CVE-2023-28807
RESERVED
CVE-2023-28806
@@ -7654,8 +7662,8 @@ CVE-2023-27394 (Osprey Pump Controller version 1.01 is vulnerable an unauthentic
NOT-FOR-US: Osprey Pump Controller
CVE-2023-25071
RESERVED
-CVE-2023-1554
- RESERVED
+CVE-2023-1554 (The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sa ...)
+ TODO: check
CVE-2023-1553
RESERVED
CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a deserialization vulne ...)
@@ -7724,8 +7732,8 @@ CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists tha
NOT-FOR-US: Schneider
CVE-2023-1547
RESERVED
-CVE-2023-1546
- RESERVED
+CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not escape som ...)
+ TODO: check
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
- teampass <itp> (bug #730180)
CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
@@ -7847,8 +7855,8 @@ CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsoluci
NOT-FOR-US: Corebos
CVE-2023-1526 (Certain DesignJet and PageWide XL TAA compliant models may have risk o ...)
NOT-FOR-US: HP
-CVE-2023-1525
- RESERVED
+CVE-2023-1525 (The Site Reviews WordPress plugin before 6.7.1 does not sanitise and e ...)
+ TODO: check
CVE-2023-1524
RESERVED
CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...)
@@ -11949,8 +11957,8 @@ CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.)
NOTE: Crash in CLI tool, no security impact
CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1125
- RESERVED
+CVE-2023-1125 (The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that ...)
+ TODO: check
CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1123
@@ -12221,8 +12229,8 @@ CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAu
NOT-FOR-US: WordPress plugin
CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Alpata Licensed Warehousing Automation System
-CVE-2023-1090
- RESERVED
+CVE-2023-1090 (The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise ...)
+ TODO: check
CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF ...)
@@ -12750,8 +12758,8 @@ CVE-2023-27110
RESERVED
CVE-2023-27109
RESERVED
-CVE-2023-27108
- RESERVED
+CVE-2023-27108 (An issue was discovered in KaiOS 3.0. The pre-installed Communications ...)
+ TODO: check
CVE-2023-27107 (Incorrect access control in the runReport function of MyQ Solution Pri ...)
NOT-FOR-US: MyQ Solution
CVE-2023-27106
@@ -12910,8 +12918,8 @@ CVE-2023-27037 (Qibosoft QiboCMS v7 was discovered to contain a remote code exec
NOT-FOR-US: Qibosoft QiboCMS
CVE-2023-27036
RESERVED
-CVE-2023-27035
- RESERVED
+CVE-2023-27035 (An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers t ...)
+ TODO: check
CVE-2023-27034 (PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vul ...)
NOT-FOR-US: PrestaShop
CVE-2023-27033 (Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code ...)
@@ -13008,8 +13016,8 @@ CVE-2023-26989
RESERVED
CVE-2023-26988
RESERVED
-CVE-2023-26987
- RESERVED
+CVE-2023-26987 (An issue discovered in Konga 0.14.9 allows remote attackers to manipul ...)
+ TODO: check
CVE-2023-26986 (An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers ...)
NOT-FOR-US: China Mobile OA Mailbox PC
CVE-2023-26985
@@ -14110,8 +14118,8 @@ CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorize
NOT-FOR-US: WP Meta SEO plugin for WordPress
CVE-2023-1022 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized opt ...)
NOT-FOR-US: WP Meta SEO plugin for WordPress
-CVE-2023-1021
- RESERVED
+CVE-2023-1021 (The amr ical events lists WordPress plugin through 6.6 does not saniti ...)
+ TODO: check
CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1019
@@ -15277,8 +15285,8 @@ CVE-2023-0926
RESERVED
CVE-2023-0925
RESERVED
-CVE-2023-0924
- RESERVED
+CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate the typ ...)
+ TODO: check
CVE-2023-0923
RESERVED
NOT-FOR-US: Red Hat OpenShift Data Science
@@ -15724,8 +15732,8 @@ CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not sanitise
NOT-FOR-US: WordPress plugin
CVE-2023-0892
RESERVED
-CVE-2023-0891
- RESERVED
+CVE-2023-0891 (The StagTools WordPress plugin before 2.3.7 does not validate and esca ...)
+ TODO: check
CVE-2023-0890 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0889 (Themeflection Numbers WordPress plugin before 2.0.1 does not have auth ...)
@@ -32892,10 +32900,10 @@ CVE-2023-21668
RESERVED
CVE-2023-21667
RESERVED
-CVE-2023-21666
- RESERVED
-CVE-2023-21665
- RESERVED
+CVE-2023-21666 (Memory Corruption in Graphics while accessing a buffer allocated throu ...)
+ TODO: check
+CVE-2023-21665 (Memory corruption in Graphics while importing a file.)
+ TODO: check
CVE-2023-21664
RESERVED
CVE-2023-21663
@@ -32940,8 +32948,8 @@ CVE-2023-21644
RESERVED
CVE-2023-21643
RESERVED
-CVE-2023-21642
- RESERVED
+CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...)
+ TODO: check
CVE-2023-21641
RESERVED
CVE-2023-21640
@@ -53233,16 +53241,16 @@ CVE-2022-40510
RESERVED
CVE-2022-40509
RESERVED
-CVE-2022-40508
- RESERVED
+CVE-2022-40508 (Transient DOS due to reachable assertion in Modem while processing con ...)
+ TODO: check
CVE-2022-40507
RESERVED
CVE-2022-40506
RESERVED
-CVE-2022-40505
- RESERVED
-CVE-2022-40504
- RESERVED
+CVE-2022-40505 (Information disclosure due to buffer over-read in Modem while parsing ...)
+ TODO: check
+CVE-2022-40504 (Transient DOS due to reachable assertion in Modem when UE received Dow ...)
+ TODO: check
CVE-2022-40503 (Information disclosure due to buffer over-read in Bluetooth Host while ...)
NOT-FOR-US: Qualcomm
CVE-2022-40502 (Transient DOS due to improper input validation in WLAN Host.)
@@ -70777,8 +70785,8 @@ CVE-2022-34146 (Transient DOS due to improper input validation in WLAN Host whil
NOT-FOR-US: Qualcomm
CVE-2022-34145 (Transient DOS due to buffer over-read in WLAN Host while parsing frame ...)
NOT-FOR-US: Qualcomm
-CVE-2022-34144
- RESERVED
+CVE-2022-34144 (Transient DOS due to reachable assertion in Modem during OSI decode sc ...)
+ TODO: check
CVE-2022-34143
RESERVED
CVE-2022-34142
@@ -72839,10 +72847,10 @@ CVE-2022-33307
RESERVED
CVE-2022-33306 (Transient DOS due to buffer over-read in WLAN while processing an inco ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33305
- RESERVED
-CVE-2022-33304
- RESERVED
+CVE-2022-33305 (Transient DOS due to NULL pointer dereference in Modem while sending i ...)
+ TODO: check
+CVE-2022-33304 (Transient DOS due to NULL pointer dereference in Modem while performin ...)
+ TODO: check
CVE-2022-33303
RESERVED
CVE-2022-33302 (Memory corruption due to improper validation of array index in User Id ...)
@@ -72865,8 +72873,8 @@ CVE-2022-33294 (Transient DOS in Modem due to NULL pointer dereference while rec
NOT-FOR-US: Qualcomm
CVE-2022-33293
RESERVED
-CVE-2022-33292
- RESERVED
+CVE-2022-33292 (Memory corruption in Qualcomm IPC due to use after free while receivin ...)
+ TODO: check
CVE-2022-33291 (Information disclosure in Modem due to buffer over-read while receivin ...)
NOT-FOR-US: Qualcomm
CVE-2022-33290 (Transient DOS in Bluetooth HOST due to null pointer dereference when a ...)
@@ -72887,8 +72895,8 @@ CVE-2022-33283 (Information disclosure due to buffer over-read in WLAN while WLA
NOT-FOR-US: Qualcomm
CVE-2022-33282 (Memory corruption in Automotive Multimedia due to integer overflow to ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33281
- RESERVED
+CVE-2022-33281 (Memory corruption due to improper validation of array index in compute ...)
+ TODO: check
CVE-2022-33280 (Memory corruption due to access of uninitialized pointer in Bluetooth ...)
NOT-FOR-US: Qualcomm
CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN having in ...)
@@ -72903,8 +72911,8 @@ CVE-2022-33275
RESERVED
CVE-2022-33274 (Memory corruption in android core due to improper validation of array ...)
NOT-FOR-US: Qualcomm
-CVE-2022-33273
- RESERVED
+CVE-2022-33273 (Information disclosure due to buffer over-read in Trusted Execution En ...)
+ TODO: check
CVE-2022-33272 (Transient DOS in modem due to reachable assertion.)
NOT-FOR-US: Qualcomm
CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while parsing N ...)
@@ -94924,8 +94932,8 @@ CVE-2022-25715 (Memory corruption in display driver due to incorrect type castin
NOT-FOR-US: Qualcomm
CVE-2022-25714
RESERVED
-CVE-2022-25713
- RESERVED
+CVE-2022-25713 (Memory corruption in Automotive due to Improper Restriction of Operati ...)
+ TODO: check
CVE-2022-25712 (Memory corruption in camera due to buffer copy without checking size o ...)
NOT-FOR-US: Snapdragon
CVE-2022-25711 (Memory corruption in camera due to improper validation of array index ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8590de4ffbb5986295958d54a4a3a1c1fa2224b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8590de4ffbb5986295958d54a4a3a1c1fa2224b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230502/f72c10a8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list