[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 7 20:19:50 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
349b253b by security tracker role at 2023-11-07T20:18:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,104 @@
-CVE-2023-46851
+CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
+ TODO: check
+CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2023-5819 (The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-5818 (The Amazonify plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2023-5743 (The Telephone Number Linker plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2023-5709 (The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2023-5703 (The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPr ...)
+ TODO: check
+CVE-2023-5669 (The Featured Image Caption plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2023-5661 (The Social Feed plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-5660 (The SendPress Newsletters plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5659 (The Interact: Embed A Quiz On Your Site plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2023-5658 (The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2023-5577 (The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2023-5567 (The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-5532 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2023-5507 (The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-5506 (The ImageMapper plugin for WordPress is vulnerable to unauthorized los ...)
+ TODO: check
+CVE-2023-5309 (Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5contain a fl ...)
+ TODO: check
+CVE-2023-5179 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ TODO: check
+CVE-2023-4888 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2023-4842 (The Social Sharing Plugin - Social Warfare plugin for WordPress is vul ...)
+ TODO: check
+CVE-2023-4295 (A local non-privileged user can make improper GPU memory processing op ...)
+ TODO: check
+CVE-2023-4272 (A local non-privileged user can make GPU processing operations that ex ...)
+ TODO: check
+CVE-2023-47510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSoluti ...)
+ TODO: check
+CVE-2023-47456 (Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in funct ...)
+ TODO: check
+CVE-2023-47455 (Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSch ...)
+ TODO: check
+CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an Integer underflow tha ...)
+ TODO: check
+CVE-2023-47359 (Videolan VLC prior to version 3.0.20 contains an incorrect offset read ...)
+ TODO: check
+CVE-2023-46744 (Squidex is an open source headless CMS and content management hub. In ...)
+ TODO: check
+CVE-2023-46737 (Cosign is a sigstore signing tool for OCI containers. Cosign is suscep ...)
+ TODO: check
+CVE-2023-46730 (Group-Office is an enterprise CRM and groupware tool. In affected vers ...)
+ TODO: check
+CVE-2023-46501 (An issue in BoltWire v.6.03 allows a remote attacker to obtain sensiti ...)
+ TODO: check
+CVE-2023-46253 (Squidex is an open source headless CMS and content management hub. Aff ...)
+ TODO: check
+CVE-2023-46252 (Squidex is an open source headless CMS and content management hub. Aff ...)
+ TODO: check
+CVE-2023-46244 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-46243 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-46242 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-42659 (In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted fi ...)
+ TODO: check
+CVE-2023-41798 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
+CVE-2023-41425 (Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 ...)
+ TODO: check
+CVE-2023-3889 (A local non-privileged user can make improper GPU memory processing op ...)
+ TODO: check
+CVE-2023-37835
+ REJECTED
+CVE-2023-36527 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
+CVE-2023-33481 (RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection att ...)
+ TODO: check
+CVE-2023-33480 (RemoteClinic 2.0 contains a critical vulnerability chain that can be e ...)
+ TODO: check
+CVE-2023-33479 (RemoteClinic version 2.0 contains a SQL injection vulnerability in the ...)
+ TODO: check
+CVE-2023-33478 (RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter ...)
+ TODO: check
+CVE-2023-32966 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups ...)
+ TODO: check
+CVE-2021-4431 (A vulnerability classified as problematic has been found in msyk FMDat ...)
+ TODO: check
+CVE-2023-46851 (Allura Discussion and Allura Forum importing does not restrict URL val ...)
NOT-FOR-US: Apache Allura
-CVE-2023-46819
+CVE-2023-46819 (Missing Authentication in Apache Software Foundation Apache OFBiz when ...)
NOT-FOR-US: Apache OFBiz
CVE-2023-5976 (Improper Access Control in GitHub repository microweber/microweber pri ...)
NOT-FOR-US: microweber
@@ -4985,7 +5083,7 @@ CVE-2023-4091 (A vulnerability was discovered in Samba, where the flaw allows SM
- samba 2:4.19.1+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-4091.html
NOTE: In scope for continued Samba support
-CVE-2023-4154 [Samba AD DC password exposure to privileged users and RODCs]
+CVE-2023-4154 (A design flaw was found in Samba's DirSync control implementation, whi ...)
{DSA-5525-1}
- samba 2:4.19.1+dfsg-1
[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
@@ -8470,7 +8568,7 @@ CVE-2023-4963 (The WS Facebook Like Box Widget for WordPress plugin for WordPres
NOT-FOR-US: WS Facebook Like Box Widget for WordPress plugin for WordPress
CVE-2023-4959 (A flaw was found in Quay. Cross-site request forgery (CSRF) attacks fo ...)
NOT-FOR-US: Quay
-CVE-2023-4956
+CVE-2023-4956 (A flaw was found in Quay. Clickjacking is when an attacker uses multip ...)
NOT-FOR-US: Quay
CVE-2023-4835 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: CF Software Oil Management Software
@@ -32193,6 +32291,7 @@ CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Speci
CVE-2023-28744 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2023-1672 (A race condition exists in the Tang server functionality for key gener ...)
+ {DLA-3648-1}
- tang 14-1 (bug #1038119)
[bookworm] - tang 11-2+deb12u1
[bullseye] - tang 8-3+deb11u2
@@ -33718,8 +33817,8 @@ CVE-2023-28501 (Rocket Software UniData versions prior to 8.2.4 build 3003 and U
NOT-FOR-US: Rocket Software UniData
CVE-2023-28500 (A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 v ...)
NOT-FOR-US: Adobe
-CVE-2023-28499
- RESERVED
+CVE-2023-28499 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in sim ...)
+ TODO: check
CVE-2023-28498
RESERVED
CVE-2023-28497
@@ -41172,8 +41271,8 @@ CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does not
NOT-FOR-US: WordPress plugin
CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0898
- RESERVED
+CVE-2023-0898 (General Electric MiCOM S1 Agile is vulnerable to an attacker achieving ...)
+ TODO: check
CVE-2023-0897 (Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due ...)
NOT-FOR-US: Sielco PolyEco1000
CVE-2023-26030
@@ -41270,8 +41369,8 @@ CVE-2023-25985
RESERVED
CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25983
- RESERVED
+CVE-2023-25983 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -46507,8 +46606,8 @@ CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/mo
NOT-FOR-US: Modoboa
CVE-2023-0437
RESERVED
-CVE-2023-0436
- RESERVED
+CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may print s ...)
+ TODO: check
CVE-2022-48282 (Under very specific circumstances (see Required configuration section ...)
NOT-FOR-US: MongoDB .NET/C# Driver
CVE-2023-24371
@@ -47947,8 +48046,8 @@ CVE-2023-23798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Au ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23796
- RESERVED
+CVE-2023-23796 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2023-23795 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
@@ -48386,8 +48485,8 @@ CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-
NOT-FOR-US: WordPress plugin
CVE-2023-23679 (Authorization Bypass Through User-Controlled Key vulnerability in JS H ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23678
- RESERVED
+CVE-2023-23678 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23676 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -51678,8 +51777,8 @@ CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) inOi Yandex.Maps for Wor
NOT-FOR-US: WordPress plugin
CVE-2023-22720 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22719
- RESERVED
+CVE-2023-22719 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User M ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22717 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -56730,8 +56829,8 @@ CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pr
NOT-FOR-US: WordPress plugin
CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47442
- RESERVED
+CVE-2022-47442 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-47441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitab ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
@@ -57646,8 +57745,8 @@ CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Ext
NOT-FOR-US: WordPress plugin
CVE-2022-47182
RESERVED
-CVE-2022-47181
- RESERVED
+CVE-2022-47181 (Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email T ...)
+ TODO: check
CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Fra ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
@@ -58690,8 +58789,8 @@ CVE-2022-46823 (A vulnerability has been identified in Mendix SAML (Mendix 8 com
NOT-FOR-US: Siemens
CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Devel ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46821
- RESERVED
+CVE-2022-46821 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table O ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
@@ -58714,8 +58813,8 @@ CVE-2022-46811
RESERVED
CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46809
- RESERVED
+CVE-2022-46809 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46807
@@ -58724,14 +58823,14 @@ CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Ca
NOT-FOR-US: WordPress plugin
CVE-2022-46805 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46804
- RESERVED
-CVE-2022-46803
- RESERVED
-CVE-2022-46802
- RESERVED
-CVE-2022-46801
- RESERVED
+CVE-2022-46804 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
+CVE-2022-46803 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
+CVE-2022-46802 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
+CVE-2022-46801 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technolog ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
@@ -61856,8 +61955,8 @@ CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerabil
NOT-FOR-US: WordPress plugin
CVE-2022-45811
RESERVED
-CVE-2022-45810
- RESERVED
+CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-45809
RESERVED
CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS Plugin < ...)
@@ -63388,8 +63487,8 @@ CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Prod
NOT-FOR-US: WordPress plugin
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45370
- RESERVED
+CVE-2022-45370 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45368
@@ -63408,14 +63507,14 @@ CVE-2022-45362
RESERVED
CVE-2022-45361 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bori ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45360
- RESERVED
+CVE-2022-45360 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability inYITH WooCommerce Gift Ca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45357
- RESERVED
+CVE-2022-45357 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-45356
RESERVED
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...)
@@ -63428,12 +63527,12 @@ CVE-2022-45352
RESERVED
CVE-2022-45351
RESERVED
-CVE-2022-45350
- RESERVED
+CVE-2022-45350 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-45349
RESERVED
-CVE-2022-45348
- RESERVED
+CVE-2022-45348 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as databas ...)
NOT-FOR-US: Apache ShardingSphere-Proxy
CVE-2022-45344
@@ -64179,8 +64278,8 @@ CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add
NOT-FOR-US: WordPress plugin
CVE-2022-45079 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginiz ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45078
- RESERVED
+CVE-2022-45078 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in Betheme them ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45076 (Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Ele ...)
@@ -65057,8 +65156,8 @@ CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Cr
NOT-FOR-US: WordPress plugin
CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurant ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44738
- RESERVED
+CVE-2022-44738 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities inAll-In-One Secur ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...)
@@ -69545,7 +69644,7 @@ CVE-2023-20200 (A vulnerability in the Simple Network Management Protocol (SNMP)
NOT-FOR-US: Cisco
CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS could ...)
NOT-FOR-US: Cisco
-CVE-2023-20198 (Cisco is aware of active exploitation of a previously unknown vulnerab ...)
+CVE-2023-20198 (Cisco is providing an update for the ongoing investigation into observ ...)
NOT-FOR-US: Cisco
CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...)
{DLA-3544-1}
@@ -71273,8 +71372,8 @@ CVE-2022-42884
RESERVED
CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-42882
- RESERVED
+CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-42880 (Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Uplo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42699 (Auth. Remote Code Execution vulnerability inEasy WP SMTP plugin <= 1.5 ...)
@@ -71363,8 +71462,8 @@ CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Po
NOT-FOR-US: WordPress plugin
CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Moto ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38702
- RESERVED
+CVE-2022-38702 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Word ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
@@ -76615,8 +76714,8 @@ CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability inSeoSamba for W
NOT-FOR-US: WordPress plugin
CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41616
- RESERVED
+CVE-2022-41616 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
+ TODO: check
CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shar ...)
@@ -195044,7 +195143,7 @@ CVE-2021-24368 (The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plu
NOT-FOR-US: WordPress plugin
CVE-2021-24367 (The WP Config File Editor WordPress plugin through 1.7.1 was affected ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24366 (The Admin Columns Free WordPress plugin before 4.3 and Admin Columns P ...)
+CVE-2021-24366 (The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5. ...)
NOT-FOR-US: WordPress plugin
@@ -586244,7 +586343,7 @@ CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in net/can
CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does not p ...)
{DSA-2126-1}
- linux-2.6 2.6.32-28 (low)
-CVE-2010-3872 (The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcg ...)
+CVE-2010-3872 (A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI ...)
{DSA-2140-1}
- libapache2-mod-fcgid 1:2.3.6-1 (bug #605484)
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/349b253b70fabea8428523720ff45790d0da2aeb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/349b253b70fabea8428523720ff45790d0da2aeb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231107/cf67cf7d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list