[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 16 20:12:15 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
24a7c4e7 by security tracker role at 2024-01-16T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,40 +1,216 @@
-CVE-2023-45237 [Use of a Weak PseudoRandom Number Generator]
+CVE-2024-23347 (Prior to v176, when opening a new project Meta Spark Studio would exec ...)
+ TODO: check
+CVE-2024-22628 (Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2024-22627 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2024-22626 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2024-22625 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...)
+ TODO: check
+CVE-2024-22491 (A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 all ...)
+ TODO: check
+CVE-2024-0599 (A vulnerability was found in Jspxcms 10.2.0. It has been declared as p ...)
+ TODO: check
+CVE-2024-0584 (A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp. ...)
+ TODO: check
+CVE-2024-0582 (A memory leak flaw was found in the Linux kernel\u2019s io_uring funct ...)
+ TODO: check
+CVE-2024-0581 (An Uncontrolled Resource Consumption vulnerability has been found on S ...)
+ TODO: check
+CVE-2024-0579 (A vulnerability classified as critical was found in Totolink X2000R 1. ...)
+ TODO: check
+CVE-2024-0578 (A vulnerability classified as critical has been found in Totolink LR12 ...)
+ TODO: check
+CVE-2024-0577 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...)
+ TODO: check
+CVE-2024-0576 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...)
+ TODO: check
+CVE-2024-0575 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...)
+ TODO: check
+CVE-2024-0574 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 a ...)
+ TODO: check
+CVE-2024-0573 (A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230 ...)
+ TODO: check
+CVE-2024-0572 (A vulnerability, which was classified as critical, was found in Totoli ...)
+ TODO: check
+CVE-2024-0571 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2024-0570 (A vulnerability classified as critical was found in Totolink N350RT 9. ...)
+ TODO: check
+CVE-2024-0569 (A vulnerability classified as problematic has been found in Totolink T ...)
+ TODO: check
+CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL ...)
+ TODO: check
+CVE-2024-0556 (A Weak Cryptography for Passwords vulnerability has been detected on W ...)
+ TODO: check
+CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) vulnerability has been found on WI ...)
+ TODO: check
+CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on WIC1200, ...)
+ TODO: check
+CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malformed c ...)
+ TODO: check
+CVE-2024-0507 (An attacker with access to a Management Console user account with the ...)
+ TODO: check
+CVE-2024-0239 (The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sa ...)
+ TODO: check
+CVE-2024-0238 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
+ TODO: check
+CVE-2024-0237 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
+ TODO: check
+CVE-2024-0236 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
+ TODO: check
+CVE-2024-0235 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
+ TODO: check
+CVE-2024-0233 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
+ TODO: check
+CVE-2024-0200 (An unsafe reflection vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2024-0187 (The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanit ...)
+ TODO: check
+CVE-2023-7234 (OPCUAServerToolkit will write a log message once an OPC UA client has ...)
+ TODO: check
+CVE-2023-7154 (The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 ...)
+ TODO: check
+CVE-2023-7151 (The Product Enquiry for WooCommerce WordPress plugin before 3.2 does n ...)
+ TODO: check
+CVE-2023-7125 (The Community by PeepSo WordPress plugin before 6.3.1.2 does not have ...)
+ TODO: check
+CVE-2023-7084 (The Voting Record WordPress plugin through 2.0 is missing sanitisation ...)
+ TODO: check
+CVE-2023-7083 (The Voting Record WordPress plugin through 2.0 does not have CSRF chec ...)
+ TODO: check
+CVE-2023-6824 (The WP Customer Area WordPress plugin before 8.2.1 does not properly v ...)
+ TODO: check
+CVE-2023-6741 (The WP Customer Area WordPress plugin before 8.2.1 does not properly v ...)
+ TODO: check
+CVE-2023-6732 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not ...)
+ TODO: check
+CVE-2023-6592 (The FastDup WordPress plugin before 2.2 does not prevent directory lis ...)
+ TODO: check
+CVE-2023-6373 (The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize ...)
+ TODO: check
+CVE-2023-6336 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+ TODO: check
+CVE-2023-6335 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+ TODO: check
+CVE-2023-6334 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ TODO: check
+CVE-2023-6292 (The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does ...)
+ TODO: check
+CVE-2023-6046 (The EventON WordPress plugin before 2.2 does not sanitise and escape s ...)
+ TODO: check
+CVE-2023-6005 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
+ TODO: check
+CVE-2023-5922 (The Royal Elementor Addons and Templates WordPress plugin before 1.3.8 ...)
+ TODO: check
+CVE-2023-5558 (The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and e ...)
+ TODO: check
+CVE-2023-5097 (Improper Input Validation vulnerability in HYPR Workforce Access on Wi ...)
+ TODO: check
+CVE-2023-52116 (Permission management vulnerability in the multi-screen interaction mo ...)
+ TODO: check
+CVE-2023-52115 (The iaware module has a Use-After-Free (UAF) vulnerability. Successful ...)
+ TODO: check
+CVE-2023-52114 (Data confidentiality vulnerability in the ScreenReader module. Success ...)
+ TODO: check
+CVE-2023-52108 (Vulnerability of process priorities being raised in the ActivityManage ...)
+ TODO: check
+CVE-2023-52107 (Vulnerability of permissions being not strictly verified in the WMS mo ...)
+ TODO: check
+CVE-2023-52106 (The DownloadProviderMain module has a vulnerability in API permission ...)
+ TODO: check
+CVE-2023-52105 (The nearby module has a privilege escalation vulnerability. Successful ...)
+ TODO: check
+CVE-2023-52104 (Vulnerability of parameters being not verified in the WMS module. Succ ...)
+ TODO: check
+CVE-2023-52103 (Buffer overflow vulnerability in the FLP module. Successful exploitati ...)
+ TODO: check
+CVE-2023-52102 (Vulnerability of parameters being not verified in the WMS module. Succ ...)
+ TODO: check
+CVE-2023-52101 (Component exposure vulnerability in the Wi-Fi module. Successful explo ...)
+ TODO: check
+CVE-2023-52100 (The Celia Keyboard module has a vulnerability in access control. Succe ...)
+ TODO: check
+CVE-2023-52099 (Vulnerability of foreground service restrictions being bypassed in the ...)
+ TODO: check
+CVE-2023-52098 (Denial of Service (DoS) vulnerability in the DMS module. Successful ex ...)
+ TODO: check
+CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows a ...)
+ TODO: check
+CVE-2023-51381 (Cross-site Scripting in thetag name pattern field in the tag protectio ...)
+ TODO: check
+CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel (even fro ...)
+ TODO: check
+CVE-2023-4797 (The Newsletters WordPress plugin before 4.9.3 does not properly escape ...)
+ TODO: check
+CVE-2023-4757 (The Staff / Employee Business Directory for Active Directory WordPress ...)
+ TODO: check
+CVE-2023-4703 (The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does ...)
+ TODO: check
+CVE-2023-4536 (The My Account Page Editor WordPress plugin before 1.3.2 does not vali ...)
+ TODO: check
+CVE-2023-49351 (A stack-based buffer overflow vulnerability in /bin/webs binary in Edi ...)
+ TODO: check
+CVE-2023-3771 (The T1 WordPress theme through 19.0 is vulnerable to unauthenticated o ...)
+ TODO: check
+CVE-2023-3647 (The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitis ...)
+ TODO: check
+CVE-2023-3372 (The Lana Shortcodes WordPress plugin before 1.2.0 does not validate an ...)
+ TODO: check
+CVE-2023-3211 (The WordPress Database Administrator WordPress plugin through 1.0.3 do ...)
+ TODO: check
+CVE-2023-3178 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not have prope ...)
+ TODO: check
+CVE-2023-37523 (Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI ...)
+ TODO: check
+CVE-2023-37522 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has mis ...)
+ TODO: check
+CVE-2023-37521 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can som ...)
+ TODO: check
+CVE-2023-34063 (Aria Automation contains a Missing Access Control vulnerability. An ...)
+ TODO: check
+CVE-2023-2655 (The Contact Form by WD WordPress plugin through 1.13.23 does not prope ...)
+ TODO: check
+CVE-2021-4432 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been class ...)
+ TODO: check
+CVE-2023-45237 (EDK2's Network Package is susceptible to a predictable TCP Initial Seq ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45236 [Predictable TCP Initial Sequence Numbers]
+CVE-2023-45236 (EDK2's Network Package is susceptible to a predictable TCP Initial Seq ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45235 [Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message]
+CVE-2023-45235 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45234 [Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message]
+CVE-2023-45234 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45233 [Infinite loop when parsing a PadN option in the Destination Options header]
+CVE-2023-45233 (EDK2's Network Package is susceptible to an infinite lop vulnerability ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45232 [Infinite loop when parsing unknown options in the Destination Options header]
+CVE-2023-45232 (EDK2's Network Package is susceptible to an infinite loop vulnerabilit ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45231 [Out of Bounds read when handling a ND Redirect message with truncated options]
+CVE-2023-45231 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45230 [Buffer overflow in the DHCPv6 client via a long Server ID option]
+CVE-2023-45230 (EDK2's Network Package is susceptible to a buffer overflow vulnerabili ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-45229 [Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message]
+CVE-2023-45229 (EDK2's Network Package is susceptible to an out-of-bounds read vulner ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/2
-CVE-2023-6395
+CVE-2023-6395 (The Mock software contains a vulnerability wherein an attacker could p ...)
- mock <removed>
NOTE: https://www.openwall.com/lists/oss-security/2024/01/16/1
NOTE: https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69
@@ -453,7 +629,7 @@ CVE-2023-50290 (Exposure of Sensitive Information to an Unauthorized Actor vulne
CVE-2023-46749 (Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a pa ...)
- shiro <unfixed> (bug #1060754)
NOTE: https://www.openwall.com/lists/oss-security/2024/01/12/2
-CVE-2024-0232 [use-after-free bug in jsonParseAddNodeArray]
+CVE-2024-0232 (A heap use-after-free issue has been identified in SQLite in the jsonP ...)
- sqlite3 3.43.2-1
[bullseye] - sqlite3 <not-affected> (Vulnerable code not present)
[buster] - sqlite3 <not-affected> (Vulnerable code not present)
@@ -38503,8 +38679,8 @@ CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in distribution/d
NOTE: Fixed by: https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 (v2.8.2-beta.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1
NOTE: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
-CVE-2023-2252
- RESERVED
+CVE-2023-2252 (The Directorist WordPress plugin before 7.5.4 is vulnerable to Local F ...)
+ TODO: check
CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.)
- node-yaml 2.1.3-2 (bug #1035580)
[bullseye] - node-yaml <not-affected> (Vulnerable code not present)
@@ -47362,8 +47538,8 @@ CVE-2023-28327 (A NULL pointer dereference flaw was found in the UNIX protocol i
NOTE: https://git.kernel.org/linus/b3abe42e94900bdd045c472f9c9be620ba5ce553 (6.1)
CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected: Apache Open ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2023-1405
- RESERVED
+CVE-2023-1405 (The Formidable Forms WordPress plugin before 6.2 unserializes user inp ...)
+ TODO: check
CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Si ...)
@@ -54843,8 +55019,8 @@ CVE-2023-0826
RESERVED
CVE-2023-0825
RESERVED
-CVE-2023-0824
- RESERVED
+CVE-2023-0824 (The User registration & user profile WordPress plugin through 2.0 does ...)
+ TODO: check
CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior to Cave ...)
@@ -55513,8 +55689,8 @@ CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
-CVE-2023-0769
- RESERVED
+CVE-2023-0769 (The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not s ...)
+ TODO: check
CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin through 5.0. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25641
@@ -59101,8 +59277,8 @@ CVE-2023-22843 (An authenticated attacker with administrative access to the appl
NOT-FOR-US: Nozomi Networks
CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...)
NOT-FOR-US: Nozomi Networks
-CVE-2023-0479
- RESERVED
+CVE-2023-0479 (The Print Invoice & Delivery Notes for WooCommerce WordPress plugin be ...)
+ TODO: check
CVE-2023-0478
RESERVED
CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...)
@@ -60952,8 +61128,8 @@ CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_f
NOTE: https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4)
CVE-2023-0390
RESERVED
-CVE-2023-0389
- RESERVED
+CVE-2023-0389 (The Calculated Fields Form WordPress plugin before 1.1.151 does not sa ...)
+ TODO: check
CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0387
@@ -60980,8 +61156,8 @@ CVE-2023-0378 (The Greenshift WordPress plugin before 5.0 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2023-0377 (The Scriptless Social Sharing WordPress plugin before 3.2.2 does not v ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0376
- RESERVED
+CVE-2023-0376 (The Qubely WordPress plugin before 1.8.5 does not validate and escape ...)
+ TODO: check
CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0374 (The W4 Post List WordPress plugin before 2.4.6 does not validate and e ...)
@@ -62423,8 +62599,8 @@ CVE-2023-0226
CVE-2023-0225 (A flaw was found in Samba. An incomplete access check on dnsHostName a ...)
- samba 2:4.17.7+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-0225.html
-CVE-2023-0224
- RESERVED
+CVE-2023-0224 (The GiveWP WordPress plugin before 2.24.1 does not properly escape use ...)
+ TODO: check
CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
CVE-2022-4886 (Ingress-nginx `path` sanitization can be bypassed with `log_format` di ...)
@@ -64775,8 +64951,8 @@ CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer durin
NOT-FOR-US: Qualcomm
CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with modified ...)
NOT-FOR-US: Qualcomm
-CVE-2023-0094
- RESERVED
+CVE-2023-0094 (The UpQode Google Maps WordPress plugin through 1.0.5 does not validat ...)
+ TODO: check
CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are ...)
NOT-FOR-US: Okta Advanced Server Access Client
CVE-2023-0092
@@ -64885,8 +65061,8 @@ CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not valid
NOT-FOR-US: WordPress plugin
CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 do ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0079
- RESERVED
+CVE-2023-0079 (The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 do ...)
+ TODO: check
CVE-2023-0078 (The Resume Builder WordPress plugin through 3.1.1 does not sanitize an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in Synol ...)
@@ -65406,12 +65582,12 @@ CVE-2023-22529
RESERVED
CVE-2023-22528
RESERVED
-CVE-2023-22527 (Summary of Vulnerability A template injection vulnerability on older v ...)
+CVE-2023-22527 (A template injection vulnerability on older versions of Confluence Dat ...)
NOT-FOR-US: Atlassian Confluence Data Center and Server
CVE-2023-22526 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
NOT-FOR-US: Atlassian Confluence Data Center
CVE-2023-22525
- RESERVED
+ REJECTED
CVE-2023-22524 (Certain versions of the Atlassian Companion App for MacOS were affecte ...)
NOT-FOR-US: Atlassian
CVE-2023-22523 (This vulnerability, if exploited, allows an attacker to perform privil ...)
@@ -65421,7 +65597,7 @@ CVE-2023-22522 (This Template Injection vulnerability allows an authenticated at
CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
NOT-FOR-US: Crowd Data Center and Server
CVE-2023-22520
- RESERVED
+ REJECTED
CVE-2023-22519
RESERVED
CVE-2023-22518 (All versions of Confluence Data Center and Server are affected by this ...)
@@ -65433,21 +65609,21 @@ CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability was
CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...)
NOT-FOR-US: Atlassian
CVE-2023-22514
- RESERVED
+ REJECTED
CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
NOT-FOR-US: Bitbucket Data Center and Server
CVE-2023-22512
- RESERVED
+ REJECTED
CVE-2023-22511
RESERVED
CVE-2023-22510
- RESERVED
+ REJECTED
CVE-2023-22509
RESERVED
CVE-2023-22508 (This High severity RCE (Remote Code Execution) vulnerability known as ...)
NOT-FOR-US: Atlassian
CVE-2023-22507
- RESERVED
+ REJECTED
CVE-2023-22506 (This High severity Injection and RCE (Remote Code Execution) vulnerabi ...)
NOT-FOR-US: Atlassian
CVE-2023-22505 (This High severity RCE (Remote Code Execution) vulnerability known as ...)
@@ -65457,7 +65633,7 @@ CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote at
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
NOT-FOR-US: Atlassian
CVE-2023-22502
- RESERVED
+ REJECTED
CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service Managem ...)
NOT-FOR-US: Atlassian
CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twak ...)
@@ -77303,8 +77479,8 @@ CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyP
NOT-FOR-US: Apache Mina SSHD
CVE-2022-45046
REJECTED
-CVE-2022-3899
- RESERVED
+CVE-2022-3899 (The 3dprint WordPress plugin before 3.5.6.9 does not protect against C ...)
+ TODO: check
CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to Cross- ...)
NOT-FOR-US: WP Affiliate Platform plugin for WordPress
CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to Stored ...)
@@ -79466,8 +79642,8 @@ CVE-2022-3838 (The WPUpper Share Buttons WordPress plugin through 3.42 does not
NOT-FOR-US: WordPress plugin
CVE-2022-3837 (The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3836
- RESERVED
+CVE-2022-3836 (The Seed Social WordPress plugin before 2.0.4 does not sanitise and es ...)
+ TODO: check
CVE-2022-3835 (The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not sanitise and e ...)
@@ -79480,8 +79656,8 @@ CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3829
- RESERVED
+CVE-2022-3829 (The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanit ...)
+ TODO: check
CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as critica ...)
@@ -80074,8 +80250,8 @@ CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thors
NOT-FOR-US: phpmyfaq
CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
-CVE-2022-3764
- RESERVED
+CVE-2022-3764 (The plugin does not filter the "delete_entries" parameter from user re ...)
+ TODO: check
CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
@@ -81112,8 +81288,8 @@ CVE-2022-3741 (Impact varies for each individual vulnerability in the applicatio
NOT-FOR-US: chatwoot
CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-3739
- RESERVED
+CVE-2022-3739 (The WP Best Quiz WordPress plugin through 1.0 does not sanitize and es ...)
+ TODO: check
CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to download ...)
NOT-FOR-US: WAGO
CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 me ...)
@@ -84516,8 +84692,8 @@ CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified
NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671 (v1.1.0)
CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly es ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3604
- RESERVED
+CVE-2022-3604 (The Contact Form Entries WordPress plugin before 1.3.0 does not valida ...)
+ TODO: check
CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users csv, ex ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verification, s ...)
@@ -92310,8 +92486,8 @@ CVE-2022-3195 (Out of bounds write in Storage in Google Chrome prior to 105.0.51
{DSA-5230-1}
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3194
- RESERVED
+CVE-2022-3194 (The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbit ...)
+ TODO: check
CVE-2022-3193 (An HTML injection/reflected Cross-site scripting (XSS) vulnerability w ...)
NOT-FOR-US: ovirt-engine
CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...)
@@ -105256,8 +105432,8 @@ CVE-2022-2414 (Access to external entities when parsing XML documents can lead t
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676
NOTE: https://github.com/dogtagpki/pki/pull/4021
NOTE: https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055
-CVE-2022-2413
- RESERVED
+CVE-2022-2413 (The Slide Anything WordPress plugin before 2.3.47 does not properly sa ...)
+ TODO: check
CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and ...)
@@ -118976,8 +119152,8 @@ CVE-2022-1762 (The iQ Block Country WordPress plugin before 1.2.20 does not prop
NOT-FOR-US: WordPress plugin
CVE-2022-1761 (The Peter\u2019s Collaboration E-mails WordPress plugin through 2.2.0 ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1760
- RESERVED
+CVE-2022-1760 (The Core Control WordPress plugin through 1.2.1 does not have CSRF che ...)
+ TODO: check
CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...)
@@ -120908,10 +121084,10 @@ CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in Git
NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
NOTE: https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899)
NOTE: Crash in CLI tool, no security impact
-CVE-2022-1618
- RESERVED
-CVE-2022-1617
- RESERVED
+CVE-2022-1618 (The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF ch ...)
+ TODO: check
+CVE-2022-1617 (The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check ...)
+ TODO: check
CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity is used ...)
- brave-browser <itp> (bug #864795)
CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal ...)
@@ -121044,8 +121220,8 @@ CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not prot
NOT-FOR-US: WordPress plugin
CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not have CSR ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1609
- RESERVED
+CVE-2022-1609 (The School Management WordPress plugin before 9.9.7 contains an obfusc ...)
+ TODO: check
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus Sys ...)
@@ -121546,8 +121722,8 @@ CVE-2022-1565 (The plugin WP All Import is vulnerable to arbitrary file uploads
NOT-FOR-US: WordPress plugin
CVE-2022-1564 (The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1563
- RESERVED
+CVE-2022-1563 (The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prev ...)
+ TODO: check
CVE-2022-1562 (The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploade ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1561 (Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions ...)
@@ -122146,8 +122322,8 @@ CVE-2022-1540 (The PostmagThemes Demo Import WordPress plugin through 1.0.7 does
NOT-FOR-US: WordPress plugin
CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not sanitiz ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1538
- RESERVED
+CVE-2022-1538 (Theme Demo Import WordPress plugin before 1.1.1 does not validate the ...)
+ TODO: check
CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...)
{DLA-3383-1}
- grunt 1.5.3-1
@@ -122184,8 +122360,8 @@ CVE-2022-1528 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-4227
- RESERVED
+CVE-2021-4227 (The ark-commenteditor WordPress plugin through 2.15.6 does not properl ...)
+ TODO: check
CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 ...)
NOT-FOR-US: Fabasoft
CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d ...)
@@ -133406,8 +133582,8 @@ CVE-2022-0777 (Weak Password Recovery Mechanism for Forgotten Password in GitHub
NOT-FOR-US: microweber
CVE-2022-0776 (Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.j ...)
NOT-FOR-US: hakimel/reveal.js
-CVE-2022-0775
- RESERVED
+CVE-2022-0775 (The WooCommerce WordPress plugin before 6.2.1 does not have proper aut ...)
+ TODO: check
CVE-2022-0774
RESERVED
CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize and es ...)
@@ -139668,8 +139844,8 @@ CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through 2
NOT-FOR-US: WordPress plugin
CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using an out ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-0402
- RESERVED
+CVE-2022-0402 (The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0 ...)
+ TODO: check
CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12.)
NOT-FOR-US: Node w-zip
CVE-2022-0400 (An out-of-bounds read vulnerability was discovered in linux kernel in ...)
@@ -143472,10 +143648,10 @@ CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time o
NOTE: https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e (9.0.57)
NOTE: https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530 (8.5.74)
NOTE: Issue introduced by the fix for CVE-2020-9484
-CVE-2022-23180
- RESERVED
-CVE-2022-23179
- RESERVED
+CVE-2022-23180 (The Contact Form & Lead Form Elementor Builder WordPress plugin before ...)
+ TODO: check
+CVE-2022-23179 (The Contact Form & Lead Form Elementor Builder WordPress plugin before ...)
+ TODO: check
CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...)
NOT-FOR-US: Reolink
CVE-2022-0217 (It was discovered that an internal Prosody library to load XML based o ...)
@@ -206561,8 +206737,8 @@ CVE-2021-25119 (The AGIL WordPress plugin through 1.0 accepts all zip files and
NOT-FOR-US: WordPress plugin
CVE-2021-25118 (The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) disclos ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-25117
- RESERVED
+CVE-2021-25117 (The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise th ...)
+ TODO: check
CVE-2021-25116 (The Enqueue Anything WordPress plugin through 1.0.1 does not have auth ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...)
@@ -207055,10 +207231,10 @@ CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows u
NOT-FOR-US: WordPress plugin
CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does not esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24870
- RESERVED
-CVE-2021-24869
- RESERVED
+CVE-2021-24870 (The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF c ...)
+ TODO: check
+CVE-2021-24869 (The WP Fastest Cache WordPress plugin before 0.9.5 does not escape use ...)
+ TODO: check
CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka Access Ke ...)
@@ -207661,10 +207837,10 @@ CVE-2021-24569 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin
NOT-FOR-US: WordPress plugin
CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24567
- RESERVED
-CVE-2021-24566
- RESERVED
+CVE-2021-24567 (The Simple Post WordPress plugin through 1.1 does not sanitize user in ...)
+ TODO: check
+CVE-2021-24566 (The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 wa ...)
+ TODO: check
CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...)
@@ -207677,8 +207853,8 @@ CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the
NOT-FOR-US: WordPress plugin
CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8 does not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24559
- RESERVED
+CVE-2021-24559 (The Qyrr WordPress plugin before 0.7 does not escape the data-uri of t ...)
+ TODO: check
CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id POST parame ...)
@@ -207929,10 +208105,10 @@ CVE-2021-24435 (The iframe-font-preview.php file of the titan-framework does not
NOT-FOR-US: WordPress plugin
CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24433
- RESERVED
-CVE-2021-24432
- RESERVED
+CVE-2021-24433 (The simple sort&search WordPress plugin through 0.0.3 does not make su ...)
+ TODO: check
+CVE-2021-24432 (The Advanced AJAX Product Filters WordPress plugin does not sanitise t ...)
+ TODO: check
CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not have an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24430 (The Speed Booster Pack \u26a1 PageSpeed Optimization Suite WordPress p ...)
@@ -208493,8 +208669,8 @@ CVE-2021-24153 (A Stored Cross-Site Scripting vulnerability was discovered in th
NOT-FOR-US: WordPress plugin
CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24151
- RESERVED
+CVE-2021-24151 (The WP Editor WordPress plugin before 1.2.7 did not sanitise or valida ...)
+ TODO: check
CVE-2021-24150 (The LikeBtn WordPress Like Button Rating \u2665 LikeBtn WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24a7c4e7cb3194227c8d4048117c3696d90047ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24a7c4e7cb3194227c8d4048117c3696d90047ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240116/667a5ee5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list