[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 25 21:12:16 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
529f7154 by security tracker role at 2023-05-25T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
+ TODO: check
+CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
+ TODO: check
+CVE-2023-33356 (IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2023-33355 (IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access t ...)
+ TODO: check
+CVE-2023-33280 (In the Store Commander scquickaccounting module for PrestaShop through ...)
+ TODO: check
+CVE-2023-33279 (In the Store Commander scfixmyprestashop module through 2023-05-09 for ...)
+ TODO: check
+CVE-2023-33278 (In the Store Commander scexportcustomers module for PrestaShop through ...)
+ TODO: check
+CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an openly v ...)
+ TODO: check
+CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd generation an ...)
+ TODO: check
+CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's `validate ...)
+ TODO: check
+CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.)
+ TODO: check
+CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...)
+ TODO: check
+CVE-2023-31458 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...)
+ TODO: check
+CVE-2023-2888 (A vulnerability, which was classified as problematic, was found in PHP ...)
+ TODO: check
+CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows ...)
+ TODO: check
+CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot ...)
+ TODO: check
+CVE-2023-2885 (Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allow ...)
+ TODO: check
+CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), U ...)
+ TODO: check
+CVE-2023-2883 (Authorization Bypass Through User-Controlled Key vulnerability in CBOT ...)
+ TODO: check
+CVE-2023-2882 (Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot ...)
+ TODO: check
+CVE-2023-2881 (Storing Passwords in a Recoverable Format in GitHub repository pimcore ...)
+ TODO: check
+CVE-2023-2851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-2798 (Those using HtmlUnit to browse untrusted webpages may be vulnerable to ...)
+ TODO: check
+CVE-2023-2734 (The MStore API plugin for WordPress is vulnerable to authentication by ...)
+ TODO: check
+CVE-2023-2733 (The MStore API plugin for WordPress is vulnerable to authentication by ...)
+ TODO: check
+CVE-2023-2732 (The MStore API plugin for WordPress is vulnerable to authentication by ...)
+ TODO: check
+CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...)
+ TODO: check
+CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.12598. ...)
+ TODO: check
+CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...)
+ TODO: check
+CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...)
+ TODO: check
CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data]
- wordpress 6.2.2+dfsg1-1 (bug #1036689)
NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/
@@ -2337,8 +2397,7 @@ CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions
NOT-FOR-US: Devolutions
CVE-2023-2256
RESERVED
-CVE-2023-2255 [Remote documents loaded without prompt via IFrame]
- RESERVED
+CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...)
- libreoffice 4:7.4.5-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
CVE-2023-2254
@@ -3079,8 +3138,8 @@ CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in th
NOT-FOR-US: Gradle Build Action
CVE-2023-30852 (Pimcore is an open source data and experience management platform. Pri ...)
NOT-FOR-US: Pimcore
-CVE-2023-30851
- RESERVED
+CVE-2023-30851 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
CVE-2023-30850 (Pimcore is an open source data and experience management platform. Pri ...)
NOT-FOR-US: Pimcore
CVE-2023-30849 (Pimcore is an open source data and experience management platform. Pri ...)
@@ -3813,8 +3872,8 @@ CVE-2023-30617
RESERVED
CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30615
- RESERVED
+CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...)
+ TODO: check
CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
NOT-FOR-US: Pay (payments engine for Ruby on Rails)
CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...)
@@ -4416,8 +4475,8 @@ CVE-2023-30486
RESERVED
CVE-2023-30485
RESERVED
-CVE-2023-30484
- RESERVED
+CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...)
+ TODO: check
CVE-2023-30483
RESERVED
CVE-2023-30482
@@ -6097,8 +6156,8 @@ CVE-2023-29723
RESERVED
CVE-2023-29722
RESERVED
-CVE-2023-29721
- RESERVED
+CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads to comman ...)
+ TODO: check
CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...)
NOT-FOR-US: SofaWiki
CVE-2023-29719
@@ -9288,7 +9347,7 @@ CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in
CVE-2023-28752
RESERVED
CVE-2023-1588
- RESERVED
+ REJECTED
CVE-2023-1587 (Avast and AVG Antivirus for Windows were susceptible to a NULL pointer ...)
NOT-FOR-US: Norton
CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...)
@@ -13376,8 +13435,8 @@ CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub reposi
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-1159
RESERVED
-CVE-2023-1158
- RESERVED
+CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+ TODO: check
CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...)
NOT-FOR-US: Finixbit elf-parser
CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -16559,8 +16618,7 @@ CVE-2023-0952 (Improper access controls on entries in Devolutions Server 2022.3
NOT-FOR-US: Devolutions Server
CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions Server 2 ...)
NOT-FOR-US: Devolutions Server
-CVE-2023-0950 [Array Index UnderFlow in Calc Formula Parsing]
- RESERVED
+CVE-2023-0950 (Improper Validation of Array Index vulnerability in the spreadsheet co ...)
- libreoffice 4:7.4.5-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/
CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...)
@@ -16816,10 +16874,10 @@ CVE-2023-26218
RESERVED
CVE-2023-26217
RESERVED
-CVE-2023-26216
- RESERVED
-CVE-2023-26215
- RESERVED
+CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
+ TODO: check
+CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
+ TODO: check
CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...)
NOT-FOR-US: BusinessConnect UI component of TIBCO
CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
@@ -18927,8 +18985,8 @@ CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for
- check-mk <removed>
CVE-2023-25600
RESERVED
-CVE-2023-25599
- RESERVED
+CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
+ TODO: check
CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
TODO: check
CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...)
@@ -19426,8 +19484,8 @@ CVE-2023-25441
RESERVED
CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...)
- civicrm <unfixed> (bug #1036695)
-CVE-2023-25439
- RESERVED
+CVE-2023-25439 (Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionIn ...)
+ TODO: check
CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...)
NOT-FOR-US: MilleGP5
CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H ...)
@@ -22272,8 +22330,7 @@ CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which
NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTube Mai ...)
NOT-FOR-US: YouTube Embedded 1.2 SDK
-CVE-2023-0459
- RESERVED
+CVE-2023-0459 (Copy_from_user on 64-bit versions of the Linux kernel does not impleme ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
[bullseye] - linux 5.10.178-1
@@ -28533,8 +28590,8 @@ CVE-2023-22506
RESERVED
CVE-2023-22505
RESERVED
-CVE-2023-22504
- RESERVED
+CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
+ TODO: check
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
NOT-FOR-US: Atlassian
CVE-2023-22502
@@ -29317,8 +29374,8 @@ CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been d
NOT-FOR-US: centic9 jgit-cookbook
CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo Safece ...)
NOT-FOR-US: Lenovo
-CVE-2022-4815
- RESERVED
+CVE-2022-4815 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+ TODO: check
CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
NOT-FOR-US: usememos
CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository usemem ...)
@@ -33588,16 +33645,16 @@ CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Ko
NOT-FOR-US: WordPress plugin
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47178
- RESERVED
-CVE-2022-47177
- RESERVED
+CVE-2022-47178 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Button ...)
+ TODO: check
+CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP Easy ...)
+ TODO: check
CVE-2022-47176
RESERVED
CVE-2022-47175
RESERVED
-CVE-2022-47174
- RESERVED
+CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performan ...)
+ TODO: check
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47172
@@ -33614,20 +33671,20 @@ CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharya
NOT-FOR-US: WordPress plugin
CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47165
- RESERVED
-CVE-2022-47164
- RESERVED
+CVE-2022-47165 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin < ...)
+ TODO: check
+CVE-2022-47164 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Eve ...)
+ TODO: check
CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47161
- RESERVED
+CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org c ...)
+ TODO: check
CVE-2022-47160
RESERVED
-CVE-2022-47159
- RESERVED
+CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster L ...)
+ TODO: check
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don ...)
@@ -33646,8 +33703,8 @@ CVE-2022-47151
RESERVED
CVE-2022-47150
RESERVED
-CVE-2022-47149
- RESERVED
+CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin ...)
+ TODO: check
CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF In ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ...)
@@ -33656,8 +33713,8 @@ CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
NOT-FOR-US: WordPress plugin
CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47144
- RESERVED
+CVE-2022-47144 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...)
+ TODO: check
CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...)
@@ -33666,16 +33723,16 @@ CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dyn
NOT-FOR-US: WordPress plugin
CVE-2022-47140
RESERVED
-CVE-2022-47139
- RESERVED
-CVE-2022-47138
- RESERVED
+CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Ba ...)
+ TODO: check
+CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN ...)
+ TODO: check
CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMa ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47136
- RESERVED
-CVE-2022-47135
- RESERVED
+CVE-2022-47136 (Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC N ...)
+ TODO: check
+CVE-2022-47135 (Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Ch ...)
+ TODO: check
CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47133
@@ -34274,8 +34331,8 @@ CVE-2022-4401 (A vulnerability was found in pallidlight online-course-selection-
NOT-FOR-US: pallidlight online-course-selection-system
CVE-2022-4400 (A vulnerability was found in zbl1996 FS-Blog and classified as problem ...)
NOT-FOR-US: zbl1996 FS-Blog
-CVE-2022-46907
- RESERVED
+CVE-2022-46907 (A carefully crafted request on several JSPWiki plugins could trigger a ...)
+ TODO: check
CVE-2022-4399 (A vulnerability was found in TicklishHoneyBee nodau. It has been rated ...)
- nodau 0.3.8-5 (unimportant)
NOTE: https://github.com/TicklishHoneyBee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2
@@ -34436,10 +34493,10 @@ CVE-2022-46868
RESERVED
CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46866
- RESERVED
-CVE-2022-46865
- RESERVED
+CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...)
+ TODO: check
+CVE-2022-46865 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk ...)
+ TODO: check
CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
@@ -34456,8 +34513,8 @@ CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Am
NOT-FOR-US: WordPress plugin
CVE-2022-46857
RESERVED
-CVE-2022-46856
- RESERVED
+CVE-2022-46856 (Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce P ...)
+ TODO: check
CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...)
@@ -34591,8 +34648,8 @@ CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC
NOT-FOR-US: WordPress plugin
CVE-2022-46821
RESERVED
-CVE-2022-46820
- RESERVED
+CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table O ...)
+ TODO: check
CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46818
@@ -34603,16 +34660,16 @@ CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra
NOT-FOR-US: WordPress plugin
CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...)
NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin
-CVE-2022-46814
- RESERVED
+CVE-2022-46814 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kode ...)
+ TODO: check
CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46812
- RESERVED
+CVE-2022-46812 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...)
+ TODO: check
CVE-2022-46811
RESERVED
-CVE-2022-46810
- RESERVED
+CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...)
+ TODO: check
CVE-2022-46809
RESERVED
CVE-2022-46808
@@ -34631,8 +34688,8 @@ CVE-2022-46802
RESERVED
CVE-2022-46801
RESERVED
-CVE-2022-46800
- RESERVED
+CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technolog ...)
+ TODO: check
CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...)
@@ -37651,8 +37708,8 @@ CVE-2022-45817 (Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC T
NOT-FOR-US: WordPress plugin
CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inGD bbPress Att ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45815
- RESERVED
+CVE-2022-45815 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR ...)
+ TODO: check
CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen W ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45813
@@ -39181,18 +39238,18 @@ CVE-2022-45373
RESERVED
CVE-2022-45372
RESERVED
-CVE-2022-45371
- RESERVED
+CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...)
+ TODO: check
CVE-2022-45370
RESERVED
CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45368
RESERVED
-CVE-2022-45367
- RESERVED
-CVE-2022-45366
- RESERVED
+CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cus ...)
+ TODO: check
+CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...)
+ TODO: check
CVE-2022-45365
RESERVED
CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...)
@@ -46919,8 +46976,8 @@ CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vul
NOT-FOR-US: WordPress plugin
CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-43490
- RESERVED
+CVE-2022-43490 (Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin < ...)
+ TODO: check
CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calendar pl ...)
@@ -47007,8 +47064,8 @@ CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format
NOT-FOR-US: PowerISO
CVE-2022-41990
RESERVED
-CVE-2022-41987
- RESERVED
+CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...)
+ TODO: check
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM ...)
@@ -47063,12 +47120,12 @@ CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail
NOT-FOR-US: WordPress plugin
CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post For ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38716
- RESERVED
+CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Moto ...)
+ TODO: check
CVE-2022-38702
RESERVED
-CVE-2022-38356
- RESERVED
+CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Word ...)
+ TODO: check
CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3648
@@ -52282,8 +52339,8 @@ CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerabil
NOT-FOR-US: WordPress plugin
CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41635
- RESERVED
+CVE-2022-41635 (Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Ship ...)
+ TODO: check
CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folde ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41633 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...)
@@ -53405,8 +53462,8 @@ CVE-2022-41256
RESERVED
CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3 (22.22 ...)
NOT-FOR-US: Mitel
-CVE-2022-41221
- RESERVED
+CVE-2022-41221 (The client in OpenText Archive Center Administration through 21.2 allo ...)
+ TODO: check
CVE-2022-40224 (A denial of service vulnerability exists in the web server functionali ...)
NOT-FOR-US: Moxa
CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...)
@@ -84309,8 +84366,8 @@ CVE-2022-30027
RESERVED
CVE-2022-30026
RESERVED
-CVE-2022-30025
- RESERVED
+CVE-2022-30025 (SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence ...)
+ TODO: check
CVE-2022-30024 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmwa ...)
NOT-FOR-US: TP-Link
CVE-2022-30023 (Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Comma ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/529f7154c481dd8ea0fe813f03c139899addfc8a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/529f7154c481dd8ea0fe813f03c139899addfc8a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230525/0a239812/attachment.htm>
More information about the debian-security-tracker-commits
mailing list