[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 20 09:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a9491a8a by security tracker role at 2023-10-20T08:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2023-5668 (The WhatsApp Share Button plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5656 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...)
+ TODO: check
+CVE-2023-5655 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2023-5647 (The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File De ...)
+ TODO: check
+CVE-2023-5646 (The AI ChatBot for WordPress is vulnerable to Directory Traversal in v ...)
+ TODO: check
+CVE-2023-5615 (The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5614 (The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2023-5613 (The Super Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2023-5602 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...)
+ TODO: check
+CVE-2023-5576 (The Migration, Backup, Staging - WPvivid plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2023-5534 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2023-5533 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...)
+ TODO: check
+CVE-2023-5524 (Insufficient blacklisting in M-Files Web Companion before release vers ...)
+ TODO: check
+CVE-2023-5523 (Execution of downloaded content flaw in M-Files Web Companion before r ...)
+ TODO: check
+CVE-2023-5414 (The Icegram Express plugin for WordPress is vulnerable to Directory Tr ...)
+ TODO: check
+CVE-2023-5337 (The Contact form Form For All plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2023-5308 (The Podcast Subscribe Buttons plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2023-5292 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2023-5231 (The Magic Action Box plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2023-5200 (The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-5121 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
+ TODO: check
+CVE-2023-5120 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
+ TODO: check
+CVE-2023-5109 (The WP Mailto Links \u2013 Protect Email Addresses plugin for WordPres ...)
+ TODO: check
+CVE-2023-5086 (The Copy Anything to Clipboard plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2023-5071 (The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2023-5070 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...)
+ TODO: check
+CVE-2023-5050 (The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-4999 (The Horizontal scrolling announcement plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2023-4975 (The Website Builder by SeedProd plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-4968 (The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2023-4961 (The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2023-4947 (The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-4943 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
+ TODO: check
+CVE-2023-4942 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
+ TODO: check
+CVE-2023-4941 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
+ TODO: check
+CVE-2023-4940 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
+ TODO: check
+CVE-2023-4937 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
+ TODO: check
+CVE-2023-4935 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
+ TODO: check
+CVE-2023-4926 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
+ TODO: check
+CVE-2023-4924 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
+ TODO: check
+CVE-2023-4923 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
+ TODO: check
+CVE-2023-4920 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...)
+ TODO: check
+CVE-2023-4919 (The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2023-4796 (The Booster for WooCommerce for WordPress is vulnerable to Information ...)
+ TODO: check
+CVE-2023-4668 (The Ad Inserter for WordPress is vulnerable to Sensitive Information E ...)
+ TODO: check
+CVE-2023-4648 (The WP Customer Reviews plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2023-4598 (The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2023-4488 (The Dropbox Folder Share for WordPress is vulnerable to Local File Inc ...)
+ TODO: check
+CVE-2023-4482 (The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2023-4402 (The Essential Blocks plugin for WordPress is vulnerable to PHP Object ...)
+ TODO: check
+CVE-2023-4386 (The Essential Blocks plugin for WordPress is vulnerable to PHP Object ...)
+ TODO: check
+CVE-2023-4274 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
+ TODO: check
+CVE-2023-4271 (The Photospace Responsive plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-4021 (The Modern Events Calendar lite plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-46277 (please (aka pleaser) through 0.5.4 allows privilege escalation through ...)
+ TODO: check
+CVE-2023-46267 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...)
+ TODO: check
+CVE-2023-46115 (Tauri is a framework for building binaries for all major desktop platf ...)
+ TODO: check
+CVE-2023-45823 (Artifact Hub is a web-based application that enables finding, installi ...)
+ TODO: check
+CVE-2023-45822 (Artifact Hub is a web-based application that enables finding, installi ...)
+ TODO: check
+CVE-2023-45821 (Artifact Hub is a web-based application that enables finding, installi ...)
+ TODO: check
+CVE-2023-45819 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...)
+ TODO: check
+CVE-2023-45818 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...)
+ TODO: check
+CVE-2023-45815 (ArchiveBox is an open source self-hosted web archiving system. Any use ...)
+ TODO: check
+CVE-2023-45471 (The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XS ...)
+ TODO: check
+CVE-2023-45394 (Stored Cross-Site Scripting (XSS) vulnerability in the Company field i ...)
+ TODO: check
+CVE-2023-45280 (Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its p ...)
+ TODO: check
+CVE-2023-45279 (Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its p ...)
+ TODO: check
+CVE-2023-44690 (Inadequate encryption strength in mycli 1.27.0 allows attackers to vie ...)
+ TODO: check
+CVE-2023-44385 (The Home Assistant Companion for iOS and macOS app up to version 2023. ...)
+ TODO: check
+CVE-2023-43875 (Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of ...)
+ TODO: check
+CVE-2023-43359 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...)
+ TODO: check
+CVE-2023-43345 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
+ TODO: check
+CVE-2023-43344 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
+ TODO: check
+CVE-2023-43342 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
+ TODO: check
+CVE-2023-43341 (Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allo ...)
+ TODO: check
+CVE-2023-43340 (Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a ...)
+ TODO: check
+CVE-2023-41899 (Home assistant is an open source home automation. In affected versions ...)
+ TODO: check
+CVE-2023-41898 (Home assistant is an open source home automation. The Home Assistant C ...)
+ TODO: check
+CVE-2023-41897 (Home assistant is an open source home automation. Home Assistant serve ...)
+ TODO: check
+CVE-2023-41896 (Home assistant is an open source home automation. Whilst auditing the ...)
+ TODO: check
+CVE-2023-41895 (Home assistant is an open source home automation. The Home Assistant l ...)
+ TODO: check
+CVE-2023-41894 (Home assistant is an open source home automation. The assessment verif ...)
+ TODO: check
+CVE-2023-41893 (Home assistant is an open source home automation. The audit team\u2019 ...)
+ TODO: check
+CVE-2023-40361 (SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the preview ...)
+ TODO: check
+CVE-2023-3998 (The wpDiscuz plugin for WordPress is vulnerable to unauthorized modifi ...)
+ TODO: check
+CVE-2023-3996 (The ARMember Lite - Membership Plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2023-3869 (The wpDiscuz plugin for WordPress is vulnerable to unauthorized modifi ...)
+ TODO: check
+CVE-2023-39731 (The leakage of the client secret in Kaibutsunosato v13.6.1 allows atta ...)
+ TODO: check
+CVE-2023-39680 (Sollace Unicopia version 1.1.1 and before was discovered to deserializ ...)
+ TODO: check
+CVE-2023-34052 (VMware Aria Operations for Logs contains a deserialization vulnerabili ...)
+ TODO: check
+CVE-2023-34051 (VMware Aria Operations for Logs contains an authentication bypass vuln ...)
+ TODO: check
+CVE-2023-2325 (Stored XSS Vulnerability in M-Files Classic Web versions before 23.10a ...)
+ TODO: check
+CVE-2022-4954 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2021-4418 (The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2021-4353 (The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is ...)
+ TODO: check
+CVE-2020-36759 (The Woody code snippets plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2020-36758 (The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2020-36755 (The Customizr theme for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2020-36754 (The Paid Memberships Pro plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2020-36753 (The Hueman theme for WordPress is vulnerable to Cross-Site Request For ...)
+ TODO: check
+CVE-2020-36751 (The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2020-36714 (The Brizy plugin for WordPress is vulnerable to authorization bypass d ...)
+ TODO: check
+CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...)
+ TODO: check
CVE-2023-45802
- apache2 2.4.58-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
@@ -717,7 +925,7 @@ CVE-2023-45898 (The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ex
NOTE: https://git.kernel.org/linus/768d612f79822d30a1e7d132a4d4b05337ce42ec (6.6-rc1)
CVE-2023-45757 (Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows ...)
NOT-FOR-US: Apache bRPC
-CVE-2023-45580 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
+CVE-2023-45580 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45579 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
@@ -731,7 +939,7 @@ CVE-2023-45575 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23
NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45574 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45573 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
+CVE-2023-45573 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45572 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
@@ -23057,8 +23265,8 @@ CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in drivers/inf
NOTE: https://www.spinics.net/lists/linux-rdma/msg114749.html
NOTE: https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leonro@nvidia.com/
NOTE: https://git.kernel.org/linus/8d037973d48c026224ab285e6a06985ccac6f7bf (6.3-rc1)
-CVE-2022-4943
- RESERVED
+CVE-2022-4943 (The miniOrange's Google Authenticator plugin for WordPress is vulnerab ...)
+ TODO: check
CVE-2023-2175
RESERVED
CVE-2023-2174 (The BadgeOS plugin for WordPress is vulnerable to unauthorized modific ...)
@@ -24542,7 +24750,7 @@ CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-
NOTE: STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C, NFC_ST_NCI_SPI) not
NOTE: enabled in Debian
CVE-2023-1989 (A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\ ...)
- {DSA-5492-1 DLA-3623-1 DLA-3404-1 DLA-3403-1}
+ {DSA-5492-1 DLA-3404-1 DLA-3403-1}
- linux 6.3.7-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/1e9ac114c4428fdb7ff4635b45d4f46017e8916f (6.3-rc4)
@@ -25323,10 +25531,10 @@ CVE-2023-30134
RESERVED
CVE-2023-30133
RESERVED
-CVE-2023-30132
- RESERVED
-CVE-2023-30131
- RESERVED
+CVE-2023-30132 (An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attacke ...)
+ TODO: check
+CVE-2023-30131 (An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to ...)
+ TODO: check
CVE-2023-30130 (An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute ...)
NOT-FOR-US: CraftCMS
CVE-2023-30129
@@ -26727,7 +26935,7 @@ CVE-2023-1943 (Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mod
NOT-FOR-US: Kubernetes Operations (kOps)
CVE-2015-10099 (A vulnerability classified as critical has been found in CP Appointmen ...)
NOT-FOR-US: WordPress plugin
-CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been ...)
+CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12 on WordPress. ...)
NOT-FOR-US: WordPress plugin
CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPre ...)
NOT-FOR-US: WordPress plugin
@@ -26797,11 +27005,11 @@ CVE-2023-1938 (The WP Fastest Cache WordPress plugin before 1.1.5 does not have
NOT-FOR-US: WordPress plugin
CVE-2023-1937 (A vulnerability, which was classified as problematic, was found in zhe ...)
NOT-FOR-US: zhenfeng13 My-Blog
-CVE-2014-125095 (A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and ...)
+CVE-2014-125095 (A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on ...)
NOT-FOR-US: WordPress plugin
-CVE-2013-10025 (A vulnerability was found in Exit Strategy Plugin 1.55 and classified ...)
+CVE-2013-10025 (A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress an ...)
NOT-FOR-US: WordPress plugin
-CVE-2013-10024 (A vulnerability has been found in Exit Strategy Plugin 1.55 and classi ...)
+CVE-2013-10024 (A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2012-10010 (A vulnerability was found in BestWebSoft Contact Form 3.21. It has bee ...)
NOT-FOR-US: WordPress plugin
@@ -27151,7 +27359,7 @@ CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly e
NOT-FOR-US: WordPress plugin
CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. ...)
NOT-FOR-US: WordPress plugin
-CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6. It h ...)
+CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6 on Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-XXXX [https://rustsec.org/advisories/RUSTSEC-2023-0031.html]
- rust-spin 0.9.5-2 (bug #1034374)
@@ -27497,10 +27705,10 @@ CVE-2022-4936 (The WCFM Marketplace plugin for WordPress is vulnerable to Cross-
NOT-FOR-US: WCFM Marketplace plugin for WordPress
CVE-2022-4935 (The WCFM Marketplace plugin for WordPress is vulnerable to unauthorize ...)
NOT-FOR-US: WCFM Marketplace plugin for WordPress
-CVE-2021-4335
- RESERVED
-CVE-2021-4334
- RESERVED
+CVE-2021-4335 (The Fancy Product Designer plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2021-4334 (The Fancy Product Designer plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniAdmin up ...)
NOT-FOR-US: phpMiniAdmin
CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into field ...)
@@ -32247,7 +32455,7 @@ CVE-2023-1309 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester Online Graduate Tracer System
CVE-2023-1308 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Online Graduate Tracer System
-CVE-2013-10021 (A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has b ...)
+CVE-2013-10021 (A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPr ...)
NOT-FOR-US: dd32 Debug Bar Plugin
CVE-2023-28025
RESERVED
@@ -33094,14 +33302,14 @@ CVE-2023-27797
RESERVED
CVE-2023-27796 (RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wire ...)
NOT-FOR-US: RG-EW1200G PRO Wireless Routers
-CVE-2023-27795
- RESERVED
+CVE-2023-27795 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local a ...)
+ TODO: check
CVE-2023-27794
RESERVED
-CVE-2023-27793
- RESERVED
-CVE-2023-27792
- RESERVED
+CVE-2023-27793 (An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows loca ...)
+ TODO: check
+CVE-2023-27792 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attack ...)
+ TODO: check
CVE-2023-27791 (An issue found in IXP Data Easy Install 6.6.148840 allows a remote att ...)
NOT-FOR-US: IXP Data Easy Install
CVE-2023-27790
@@ -33567,7 +33775,7 @@ CVE-2015-10091 (A vulnerability has been found in ByWater Solutions bywater-koha
NOT-FOR-US: bywater-koha-xslt
CVE-2015-10090 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WordPress plugin
-CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classi ...)
+CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2006-10001 (A vulnerability, which was classified as problematic, was found in Sub ...)
NOT-FOR-US: WordPress plugin
@@ -33717,9 +33925,9 @@ CVE-2015-10088 (A vulnerability, which was classified as critical, was found in
- ayttm <removed>
NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046
NOTE: https://sourceforge.net/p/ayttm/mailman/message/34397158/
-CVE-2014-125091 (A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and ...)
+CVE-2014-125091 (A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on ...)
NOT-FOR-US: WordPress plugin
-CVE-2014-125090 (A vulnerability was found in Media Downloader Plugin 0.1.992. It has b ...)
+CVE-2014-125090 (A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2008-10003 (A vulnerability was found in iGamingModules flashgames 1.1.0. It has b ...)
NOT-FOR-US: iGamingModules flashgames
@@ -40621,7 +40829,7 @@ CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attack
NOTE: Original fix: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc
NOTE: Reverted: https://github.com/harfbuzz/harfbuzz/commit/661050b4659ee490dfe622821bc7fde7d1c40510
NOTE: Fixed by: https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8 (7.0.0)
-CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 and classified a ...)
+CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and ...)
NOT-FOR-US: Gimmie
CVE-2014-125085 (A vulnerability, which was classified as critical, was found in Gimmie ...)
NOT-FOR-US: Gimmie
@@ -50632,8 +50840,8 @@ CVE-2022-4714 (The WP Dark Mode WordPress plugin before 4.0.0 does not validate
NOT-FOR-US: WordPress plugin
CVE-2022-4713
RESERVED
-CVE-2022-4712
- RESERVED
+CVE-2022-4712 (The WP Cerber Security plugin for WordPress is vulnerable to stored cr ...)
+ TODO: check
CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-47937 (** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the ...)
@@ -53245,7 +53453,7 @@ CVE-2022-4533
CVE-2022-4532
RESERVED
CVE-2022-4531
- RESERVED
+ REJECTED
CVE-2022-4530
RESERVED
CVE-2022-4529
@@ -56537,8 +56745,8 @@ CVE-2022-4292 (Use After Free in GitHub repository vim/vim prior to 9.0.0882.)
NOTE: Crash in CLI tool, no security impact
CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a pote ...)
NOT-FOR-US: Avast Antivirus
-CVE-2022-4290
- RESERVED
+CVE-2022-4290 (The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL ...)
+ TODO: check
CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
CVE-2022-4288
@@ -68186,8 +68394,8 @@ CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared a
- linux 6.0.3-1
[buster] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1)
-CVE-2022-3622
- RESERVED
+CVE-2022-3622 (The Blog2Social plugin for WordPress is vulnerable to authorization b ...)
+ TODO: check
CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...)
{DLA-3245-1 DLA-3173-1}
- linux 6.0.2-1
@@ -73492,8 +73700,8 @@ CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A
NOTE: https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/
CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a companion p ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3342
- RESERVED
+CVE-2022-3342 (The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserializa ...)
+ TODO: check
CVE-2022-3341 (A null pointer dereference issue was discovered in 'FFmpeg' in decode_ ...)
{DLA-3454-1}
- ffmpeg 7:5.1-1
@@ -88869,8 +89077,8 @@ CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cro
NOT-FOR-US: WordPress plugin
CVE-2022-2442 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2441
- RESERVED
+CVE-2022-2441 (The ImageMagick Engine plugin for WordPress is vulnerable to remote co ...)
+ TODO: check
CVE-2022-2440
RESERVED
CVE-2022-2439
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9491a8a9e3362a79669cf01268a8d761a8d41d9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9491a8a9e3362a79669cf01268a8d761a8d41d9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231020/e236ad2a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list