[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 22 21:13:23 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e7a21fb by security tracker role at 2023-05-22T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2023-33294 (An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwe ...)
+	TODO: check
+CVE-2023-33293 (An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios ...)
+	TODO: check
+CVE-2023-32350 (Versions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firm ...)
+	TODO: check
+CVE-2023-32349 (Versions 00.07.00 through 00.07.03.4 of Teltonika\u2019s RUT router fi ...)
+	TODO: check
+CVE-2023-32348 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...)
+	TODO: check
+CVE-2023-32347 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 use ...)
+	TODO: check
+CVE-2023-32346 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...)
+	TODO: check
+CVE-2023-31923 (Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A v ...)
+	TODO: check
+CVE-2023-31779 (Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). A ...)
+	TODO: check
+CVE-2023-31742 (There is a command injection vulnerability in the Linksys WRT54GL rout ...)
+	TODO: check
+CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a vulnerabl ...)
+	TODO: check
+CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to contain a ...)
+	TODO: check
+CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
+	TODO: check
+CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.)
+	TODO: check
+CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
+	TODO: check
+CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
+	TODO: check
+CVE-2023-2832 (SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.)
+	TODO: check
+CVE-2023-2597 (In Eclipse Openj9 before version 0.38.0, in the implementation of the  ...)
+	TODO: check
+CVE-2023-2588 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 hav ...)
+	TODO: check
+CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...)
+	TODO: check
+CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...)
+	TODO: check
 CVE-2023-32067
 	[experimental] - c-ares 1.19.1-1
 	- c-ares <unfixed>
@@ -33,9 +75,9 @@ CVE-2023-32336 (IBM InfoSphere Information Server 11.7 is affected by a remote c
 	NOT-FOR-US: IBM
 CVE-2020-36694 (An issue was discovered in netfilter in the Linux kernel before 5.10.  ...)
 	- linux <unfixed>
-CVE-2023-31454
+CVE-2023-31454 (Incorrect Permission Assignment for Critical Resource Vulnerability in ...)
 	NOT-FOR-US: Apache InLong
-CVE-2023-31453
+CVE-2023-31453 (Incorrect Permission Assignment for Critical Resource Vulnerability in ...)
 	NOT-FOR-US: Apache InLong
 CVE-2021-46888 (An issue was discovered in hledger before 1.23. A Stored Cross-Site Sc ...)
 	NOT-FOR-US: hledger
@@ -1491,20 +1533,20 @@ CVE-2023-31280
 	RESERVED
 CVE-2023-31279
 	RESERVED
-CVE-2023-31245
-	RESERVED
-CVE-2023-31241
-	RESERVED
-CVE-2023-31240
-	RESERVED
-CVE-2023-31193
-	RESERVED
-CVE-2023-28649
-	RESERVED
-CVE-2023-28412
-	RESERVED
-CVE-2023-28386
-	RESERVED
+CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address when acces ...)
+	TODO: check
+CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can use to byp ...)
+	TODO: check
+CVE-2023-31240 (Snap One OvrC Pro versions prior to 7.2 have their own locally running ...)
+	TODO: check
+CVE-2023-31193 (Snap One OvrC Pro versions prior to 7.3 use HTTP connections when down ...)
+	TODO: check
+CVE-2023-28649 (The Hub in the Snap One OvrC cloud platform is a device used to centra ...)
+	TODO: check
+CVE-2023-28412 (When supplied with a random MAC address, Snap One OvrC cloud servers w ...)
+	TODO: check
+CVE-2023-28386 (Snap One OvrC Pro devices versions 7.2 and prior do not validate firmw ...)
+	TODO: check
 CVE-2023-25183
 	RESERVED
 CVE-2023-2319 (It was discovered that an update for PCS package in RHBA-2023:2151 err ...)
@@ -1742,8 +1784,7 @@ CVE-2023-2272
 	RESERVED
 CVE-2023-2271
 	RESERVED
-CVE-2023-31206
-	RESERVED
+CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software  ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-31205
 	RESERVED
@@ -2025,20 +2066,17 @@ CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Mod
 	NOT-FOR-US: JetBrains Hub
 CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` ...)
 	NOT-FOR-US: JetBrains Ktor
-CVE-2023-31103
-	RESERVED
+CVE-2023-31103 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software  ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-31102
 	RESERVED
-CVE-2023-31101
-	RESERVED
+CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in Apache So ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-31100
 	RESERVED
 CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an authenticated use ...)
 	NOT-FOR-US: Zoho ManageEngine
-CVE-2023-31098
-	RESERVED
+CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software Foundation ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-31097
 	RESERVED
@@ -2107,19 +2145,15 @@ CVE-2023-31068
 	RESERVED
 CVE-2023-31067
 	RESERVED
-CVE-2023-31066
-	RESERVED
+CVE-2023-31066 (Files or Directories Accessible to External Parties vulnerability in A ...)
 	NOT-FOR-US: Apache InLong
-CVE-2023-31065
-	RESERVED
+CVE-2023-31065 (Insufficient Session Expiration vulnerability in Apache Software Found ...)
 	NOT-FOR-US: Apache InLong
-CVE-2023-31064
-	RESERVED
+CVE-2023-31064 (Files or Directories Accessible to External Parties vulnerability in A ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-31063
 	RESERVED
-CVE-2023-31062
-	RESERVED
+CVE-2023-31062 (Improper Privilege Management Vulnerabilities in Apache Software Found ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-31061 (Repetier Server through 1.4.10 does not have CSRF protection.)
 	NOT-FOR-US: Repetier Server
@@ -2127,8 +2161,7 @@ CVE-2023-31060 (Repetier Server through 1.4.10 executes as SYSTEM. This can be l
 	NOT-FOR-US: Repetier Server
 CVE-2023-31059 (Repetier Server through 1.4.10 allows ..%5c directory traversal for re ...)
 	NOT-FOR-US: Repetier Server
-CVE-2023-31058
-	RESERVED
+CVE-2023-31058 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...)
 	NOT-FOR-US: Apache InLong
 CVE-2023-31057
 	RESERVED
@@ -5519,8 +5552,8 @@ CVE-2023-29839 (A Stored Cross Site Scripting (XSS) vulnerability exists in mult
 	[buster] - hoteldruid <no-dsa> (Minor issue)
 	NOTE: https://github.com/jichngan/CVE-2023-29839
 	NOTE: Fixed upstream in 3.0.5
-CVE-2023-29838
-	RESERVED
+CVE-2023-29838 (Insecure Permission vulnerability found in Botkind/Siber Systems SyncA ...)
+	TODO: check
 CVE-2023-29837 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...)
 	NOT-FOR-US: Exelysis Unified Communication Solution (EUCS)
 CVE-2023-29836 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...)
@@ -9105,8 +9138,8 @@ CVE-2023-1553
 	RESERVED
 CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a deserialization vulne ...)
 	NOT-FOR-US: ToolboxST
-CVE-2023-28709
-	RESERVED
+CVE-2023-28709 (The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2  ...)
+	TODO: check
 CVE-2023-28708 (When using the RemoteIpFilter with requests received from a    reverse ...)
 	{DSA-5381-1 DLA-3384-1}
 	- tomcat10 10.1.6-1
@@ -9947,8 +9980,8 @@ CVE-2023-28469
 	RESERVED
 CVE-2023-28468
 	RESERVED
-CVE-2023-28467
-	RESERVED
+CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...)
+	TODO: check
 CVE-2023-28465
 	RESERVED
 CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel throu ...)
@@ -14317,10 +14350,10 @@ CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS Ope
 	NOT-FOR-US: TotalJS OpenPlatform
 CVE-2023-27068
 	RESERVED
-CVE-2023-27067
-	RESERVED
-CVE-2023-27066
-	RESERVED
+CVE-2023-27067 (Directory Traversal vulnerability in Sitecore Experience Platform thro ...)
+	TODO: check
+CVE-2023-27066 (Directory Traversal vulnerability in Site Core Experience Platform 10. ...)
+	TODO: check
 CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
 	NOT-FOR-US: Tenda
 CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
@@ -16713,13 +16746,13 @@ CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HT
 	NOT-FOR-US: com.xuxueli:xxl-job
 CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...)
 	NOT-FOR-US: net.sourceforge.htmlunit:htmlunit
-CVE-2023-26118 (All versions of the package angular are vulnerable to Regular Expressi ...)
+CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Regular E ...)
 	- angular.js <unfixed>
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
-CVE-2023-26117 (All versions of the package angular are vulnerable to Regular Expressi ...)
+CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...)
 	- angular.js <unfixed>
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
-CVE-2023-26116 (All versions of the package angular are vulnerable to Regular Expressi ...)
+CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular  ...)
 	- angular.js <unfixed>
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
 CVE-2023-26115
@@ -18715,8 +18748,8 @@ CVE-2023-25539
 	RESERVED
 CVE-2023-25538
 	RESERVED
-CVE-2023-25537
-	RESERVED
+CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Preci ...)
+	TODO: check
 CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive informati ...)
 	NOT-FOR-US: Dell
 CVE-2023-25535
@@ -19022,10 +19055,10 @@ CVE-2023-25450
 	RESERVED
 CVE-2023-25449
 	RESERVED
-CVE-2023-25448
-	RESERVED
-CVE-2023-25447
-	RESERVED
+CVE-2023-25448 (Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archiv ...)
+	TODO: check
+CVE-2023-25447 (Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorW ...)
+	TODO: check
 CVE-2023-25446
 	RESERVED
 CVE-2023-25445
@@ -23536,8 +23569,8 @@ CVE-2023-23815 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23814
 	RESERVED
-CVE-2023-23813
-	RESERVED
+CVE-2023-23813 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My  ...)
+	TODO: check
 CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joos ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23811
@@ -23568,8 +23601,8 @@ CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23798
 	RESERVED
-CVE-2023-23797
-	RESERVED
+CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Au ...)
+	TODO: check
 CVE-2023-23796
 	RESERVED
 CVE-2023-23795
@@ -23893,8 +23926,8 @@ CVE-2023-23714
 	RESERVED
 CVE-2023-23713
 	RESERVED
-CVE-2023-23712
-	RESERVED
+CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager p ...)
+	TODO: check
 CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...)
 	NOT-FOR-US: A2 Hosting
 CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...)
@@ -24004,8 +24037,8 @@ CVE-2023-23682 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23680
-	RESERVED
+CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar ...)
+	TODO: check
 CVE-2023-23679
 	RESERVED
 CVE-2023-23678
@@ -27312,8 +27345,8 @@ CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOP
 	NOT-FOR-US: WordPress plugin
 CVE-2023-22715 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaM ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-22714
-	RESERVED
+CVE-2023-22714 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming So ...)
+	TODO: check
 CVE-2023-22713 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -27322,8 +27355,8 @@ CVE-2023-22711 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 	NOT-FOR-US: WordPress plugin
 CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-22709
-	RESERVED
+CVE-2023-22709 (Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple H ...)
+	TODO: check
 CVE-2023-22708
 	RESERVED
 CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Gre ...)
@@ -27356,16 +27389,16 @@ CVE-2023-22694
 	RESERVED
 CVE-2023-22693
 	RESERVED
-CVE-2023-22692
-	RESERVED
+CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name  ...)
+	TODO: check
 CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-22689 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-22688
-	RESERVED
+CVE-2023-22688 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs  ...)
+	TODO: check
 CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...)
 	NOT-FOR-US: Jose Mortellaro Freesoul Deactivate
 CVE-2023-22686 (Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice Pa ...)
@@ -30536,12 +30569,12 @@ CVE-2022-47613 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47611
-	RESERVED
+CVE-2022-47611 (Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // c ...)
+	TODO: check
 CVE-2022-47610 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr D ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47609
-	RESERVED
+CVE-2022-47609 (Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugi ...)
+	TODO: check
 CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...)
@@ -33179,8 +33212,8 @@ CVE-2022-47185
 	RESERVED
 CVE-2022-47184
 	RESERVED
-CVE-2022-47183
-	RESERVED
+CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Blo ...)
+	TODO: check
 CVE-2022-47182
 	RESERVED
 CVE-2022-47181
@@ -33211,8 +33244,8 @@ CVE-2022-47169
 	RESERVED
 CVE-2022-47168
 	RESERVED
-CVE-2022-47167
-	RESERVED
+CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Cray ...)
+	TODO: check
 CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47165
@@ -33261,8 +33294,8 @@ CVE-2022-47144
 	RESERVED
 CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47142
-	RESERVED
+CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...)
+	TODO: check
 CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic K ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47140
@@ -34670,8 +34703,8 @@ CVE-2022-46682 (Jenkins Plot Plugin 2.1.11 and earlier does not configure its XM
 	NOT-FOR-US: Jenkins plugin
 CVE-2022-46681
 	REJECTED
-CVE-2022-46680
-	RESERVED
+CVE-2022-46680 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
+	TODO: check
 CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...)
 	NOT-FOR-US: Dell
 CVE-2022-46678 (Wyse Management Suite   3.8 and below contain an improper access contr ...)
@@ -38771,8 +38804,8 @@ CVE-2022-45378 (In the default configuration of Apache SOAP, an RPCRouterServlet
 	NOT-FOR-US: Apache SOAP
 CVE-2022-45377
 	RESERVED
-CVE-2022-45376
-	RESERVED
+CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Wo ...)
+	TODO: check
 CVE-2022-45375 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slid ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45374
@@ -39570,14 +39603,14 @@ CVE-2022-45081
 	RESERVED
 CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multi ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45079
-	RESERVED
+CVE-2022-45079 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginiz ...)
+	TODO: check
 CVE-2022-45078
 	RESERVED
 CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in Betheme them ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45076
-	RESERVED
+CVE-2022-45076 (Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Ele ...)
+	TODO: check
 CVE-2022-45075
 	RESERVED
 CVE-2022-45074 (Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for ...)
@@ -40448,8 +40481,8 @@ CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-44739
-	RESERVED
+CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurant ...)
+	TODO: check
 CVE-2022-44738
 	RESERVED
 CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities inAll-In-One Secur ...)
@@ -51900,8 +51933,8 @@ CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-41608
-	RESERVED
+CVE-2022-41608 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...)
+	TODO: check
 CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 job ...)
 	- nomad <unfixed> (bug #1021670)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420
@@ -349305,7 +349338,7 @@ CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an authe
 	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
 	NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
 CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a  ...)
-	{DLA-2340-1 DLA-1633-1}
+	{DLA-3431-1 DLA-2340-1 DLA-1633-1}
 	- sqlite3 3.22.0-2 (bug #893195)
 	[wheezy] - sqlite3 <no-dsa> (Minor issue)
 	- sqlite <removed>
@@ -436945,7 +436978,7 @@ CVE-2016-6160 (tcprewrite in tcpreplay before 4.1.2 allows remote attackers to c
 CVE-2016-6133 (Cross-site scripting (XSS) vulnerability in Ektron Content Management  ...)
 	NOT-FOR-US: Ektron
 CVE-2016-6153 (os_unix.c in SQLite before 3.13.0 improperly implements the temporary  ...)
-	{DLA-543-1}
+	{DLA-3431-1 DLA-543-1}
 	- sqlite3 3.13.0-1
 	[jessie] - sqlite3 3.8.7.1-1+deb8u2
 	- sqlite <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e7a21fb49516e604330af56bc20d06153fe88f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e7a21fb49516e604330af56bc20d06153fe88f8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230522/0e0c5be3/attachment.htm>


More information about the debian-security-tracker-commits mailing list