[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 16 20:44:51 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e62318c9 by Salvatore Bonaccorso at 2024-01-16T21:44:18+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2024-23347 (Prior to v176, when opening a new project Meta Spark Studio would exec ...)
- TODO: check
+ NOT-FOR-US: Meta Spark Studio
CVE-2024-22628 (Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: Budget and Expense Tracker System
CVE-2024-22627 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Complete Supplier Management System
CVE-2024-22626 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Complete Supplier Management System
CVE-2024-22625 (Complete Supplier Management System v1.0 is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: Complete Supplier Management System
CVE-2024-22491 (A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 all ...)
TODO: check
CVE-2024-0599 (A vulnerability was found in Jspxcms 10.2.0. It has been declared as p ...)
- TODO: check
+ NOT-FOR-US: Jspxcms
CVE-2024-0584 (A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp. ...)
- linux 6.6.8-1
[bookworm] - linux 6.1.66-1
@@ -26,163 +26,163 @@ CVE-2024-0582 (A memory leak flaw was found in the Linux kernel\u2019s io_uring
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2504
NOTE: https://git.kernel.org/linus/c392cbecd8eca4c53f2bf508731257d9d0a21c2d (6.7-rc4)
CVE-2024-0581 (An Uncontrolled Resource Consumption vulnerability has been found on S ...)
- TODO: check
+ NOT-FOR-US: Sandsprite
CVE-2024-0579 (A vulnerability classified as critical was found in Totolink X2000R 1. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0578 (A vulnerability classified as critical has been found in Totolink LR12 ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0577 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0576 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0575 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0574 (A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 a ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0573 (A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230 ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0572 (A vulnerability, which was classified as critical, was found in Totoli ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0571 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0570 (A vulnerability classified as critical was found in Totolink N350RT 9. ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0569 (A vulnerability classified as problematic has been found in Totolink T ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2024-0567 (A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTL ...)
TODO: check
CVE-2024-0556 (A Weak Cryptography for Passwords vulnerability has been detected on W ...)
- TODO: check
+ NOT-FOR-US: WIC200
CVE-2024-0555 (A Cross-Site Request Forgery (CSRF) vulnerability has been found on WI ...)
- TODO: check
+ NOT-FOR-US: WIC200
CVE-2024-0554 (A Cross-site scripting (XSS) vulnerability has been found on WIC1200, ...)
- TODO: check
+ NOT-FOR-US: WIC200
CVE-2024-0553 (A vulnerability was found in GnuTLS. The response times to malformed c ...)
TODO: check
CVE-2024-0507 (An attacker with access to a Management Console user account with the ...)
TODO: check
CVE-2024-0239 (The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0238 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0237 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0236 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0235 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0233 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-0200 (An unsafe reflection vulnerability was identified in GitHub Enterprise ...)
TODO: check
CVE-2024-0187 (The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7234 (OPCUAServerToolkit will write a log message once an OPC UA client has ...)
- TODO: check
+ NOT-FOR-US: OPCUAServerToolkit
CVE-2023-7154 (The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7151 (The Product Enquiry for WooCommerce WordPress plugin before 3.2 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7125 (The Community by PeepSo WordPress plugin before 6.3.1.2 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7084 (The Voting Record WordPress plugin through 2.0 is missing sanitisation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7083 (The Voting Record WordPress plugin through 2.0 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6824 (The WP Customer Area WordPress plugin before 8.2.1 does not properly v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6741 (The WP Customer Area WordPress plugin before 8.2.1 does not properly v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6732 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6592 (The FastDup WordPress plugin before 2.2 does not prevent directory lis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6373 (The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6336 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
TODO: check
CVE-2023-6335 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2023-6334 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2023-6292 (The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6046 (The EventON WordPress plugin before 2.2 does not sanitise and escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-6005 (The EventON WordPress plugin before 4.5.5, EventON WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5922 (The Royal Elementor Addons and Templates WordPress plugin before 1.3.8 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5558 (The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5097 (Improper Input Validation vulnerability in HYPR Workforce Access on Wi ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2023-52116 (Permission management vulnerability in the multi-screen interaction mo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52115 (The iaware module has a Use-After-Free (UAF) vulnerability. Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52114 (Data confidentiality vulnerability in the ScreenReader module. Success ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52108 (Vulnerability of process priorities being raised in the ActivityManage ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52107 (Vulnerability of permissions being not strictly verified in the WMS mo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52106 (The DownloadProviderMain module has a vulnerability in API permission ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52105 (The nearby module has a privilege escalation vulnerability. Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52104 (Vulnerability of parameters being not verified in the WMS module. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52103 (Buffer overflow vulnerability in the FLP module. Successful exploitati ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52102 (Vulnerability of parameters being not verified in the WMS module. Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52101 (Component exposure vulnerability in the Wi-Fi module. Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52100 (The Celia Keyboard module has a vulnerability in access control. Succe ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52099 (Vulnerability of foreground service restrictions being bypassed in the ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52098 (Denial of Service (DoS) vulnerability in the DMS module. Successful ex ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2023-52041 (An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows a ...)
- TODO: check
+ NOT-FOR-US: Totolink
CVE-2023-51381 (Cross-site Scripting in thetag name pattern field in the tag protectio ...)
TODO: check
CVE-2023-4969 (A GPU kernel can read sensitive data from another GPU kernel (even fro ...)
TODO: check
CVE-2023-4797 (The Newsletters WordPress plugin before 4.9.3 does not properly escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4757 (The Staff / Employee Business Directory for Active Directory WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4703 (The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4536 (The My Account Page Editor WordPress plugin before 1.3.2 does not vali ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49351 (A stack-based buffer overflow vulnerability in /bin/webs binary in Edi ...)
- TODO: check
+ NOT-FOR-US: Edimax BR6478AC V2 firmware
CVE-2023-3771 (The T1 WordPress theme through 19.0 is vulnerable to unauthenticated o ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-3647 (The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3372 (The Lana Shortcodes WordPress plugin before 1.2.0 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3211 (The WordPress Database Administrator WordPress plugin through 1.0.3 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3178 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not have prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-37523 (Missing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37522 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has mis ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37521 (HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can som ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-34063 (Aria Automation contains a Missing Access Control vulnerability. An ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2023-2655 (The Contact Form by WD WordPress plugin through 1.13.23 does not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4432 (A vulnerability was found in PCMan FTP Server 2.0.7. It has been class ...)
- TODO: check
+ NOT-FOR-US: PCMan FTP Server
CVE-2023-45237 (EDK2's Network Package is susceptible to a predictable TCP Initial Seq ...)
- edk2 <unfixed>
NOTE: https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
@@ -38689,7 +38689,7 @@ CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in distribution/d
NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1
NOTE: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw
CVE-2023-2252 (The Directorist WordPress plugin before 7.5.4 is vulnerable to Local F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.)
- node-yaml 2.1.3-2 (bug #1035580)
[bullseye] - node-yaml <not-affected> (Vulnerable code not present)
@@ -47548,7 +47548,7 @@ CVE-2023-28327 (A NULL pointer dereference flaw was found in the UNIX protocol i
CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected: Apache Open ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2023-1405 (The Formidable Forms WordPress plugin before 6.2 unserializes user inp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Si ...)
@@ -55029,7 +55029,7 @@ CVE-2023-0826
CVE-2023-0825
RESERVED
CVE-2023-0824 (The User registration & user profile WordPress plugin through 2.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior to Cave ...)
@@ -55699,7 +55699,7 @@ CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior
NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd
NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26
CVE-2023-0769 (The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin through 5.0. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25641
@@ -59287,7 +59287,7 @@ CVE-2023-22843 (An authenticated attacker with administrative access to the appl
CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...)
NOT-FOR-US: Nozomi Networks
CVE-2023-0479 (The Print Invoice & Delivery Notes for WooCommerce WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0478
RESERVED
CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...)
@@ -61138,7 +61138,7 @@ CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_f
CVE-2023-0390
RESERVED
CVE-2023-0389 (The Calculated Fields Form WordPress plugin before 1.1.151 does not sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0387
@@ -61166,7 +61166,7 @@ CVE-2023-0378 (The Greenshift WordPress plugin before 5.0 does not validate and
CVE-2023-0377 (The Scriptless Social Sharing WordPress plugin before 3.2.2 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0376 (The Qubely WordPress plugin before 1.8.5 does not validate and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0374 (The W4 Post List WordPress plugin before 2.4.6 does not validate and e ...)
@@ -62609,7 +62609,7 @@ CVE-2023-0225 (A flaw was found in Samba. An incomplete access check on dnsHostN
- samba 2:4.17.7+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-0225.html
CVE-2023-0224 (The GiveWP WordPress plugin before 2.24.1 does not properly escape use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
CVE-2022-4886 (Ingress-nginx `path` sanitization can be bypassed with `log_format` di ...)
@@ -64961,7 +64961,7 @@ CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer durin
CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with modified ...)
NOT-FOR-US: Qualcomm
CVE-2023-0094 (The UpQode Google Maps WordPress plugin through 1.0.5 does not validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are ...)
NOT-FOR-US: Okta Advanced Server Access Client
CVE-2023-0092
@@ -65071,7 +65071,7 @@ CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not valid
CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 do ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0079 (The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-0078 (The Resume Builder WordPress plugin through 3.1.1 does not sanitize an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in Synol ...)
@@ -77489,7 +77489,7 @@ CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyP
CVE-2022-45046
REJECTED
CVE-2022-3899 (The 3dprint WordPress plugin before 3.5.6.9 does not protect against C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to Cross- ...)
NOT-FOR-US: WP Affiliate Platform plugin for WordPress
CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to Stored ...)
@@ -79652,7 +79652,7 @@ CVE-2022-3838 (The WPUpper Share Buttons WordPress plugin through 3.42 does not
CVE-2022-3837 (The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3836 (The Seed Social WordPress plugin before 2.0.4 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3835 (The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not sanitise and e ...)
@@ -79666,7 +79666,7 @@ CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and
CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3829 (The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as critica ...)
@@ -80260,7 +80260,7 @@ CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thors
CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
CVE-2022-3764 (The plugin does not filter the "delete_entries" parameter from user re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
@@ -81298,7 +81298,7 @@ CVE-2022-3741 (Impact varies for each individual vulnerability in the applicatio
CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.10.8+ds1-2
CVE-2022-3739 (The WP Best Quiz WordPress plugin through 1.0 does not sanitize and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to download ...)
NOT-FOR-US: WAGO
CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 me ...)
@@ -84702,7 +84702,7 @@ CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified
CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly es ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3604 (The Contact Form Entries WordPress plugin before 1.3.0 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users csv, ex ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verification, s ...)
@@ -92496,7 +92496,7 @@ CVE-2022-3195 (Out of bounds write in Storage in Google Chrome prior to 105.0.51
- chromium 105.0.5195.125-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-3194 (The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-3193 (An HTML injection/reflected Cross-site scripting (XSS) vulnerability w ...)
NOT-FOR-US: ovirt-engine
CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...)
@@ -105442,7 +105442,7 @@ CVE-2022-2414 (Access to external entities when parsing XML documents can lead t
NOTE: https://github.com/dogtagpki/pki/pull/4021
NOTE: https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055
CVE-2022-2413 (The Slide Anything WordPress plugin before 2.3.47 does not properly sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and ...)
@@ -119162,7 +119162,7 @@ CVE-2022-1762 (The iQ Block Country WordPress plugin before 1.2.20 does not prop
CVE-2022-1761 (The Peter\u2019s Collaboration E-mails WordPress plugin through 2.2.0 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1760 (The Core Control WordPress plugin through 1.2.1 does not have CSRF che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not have CS ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...)
@@ -121094,9 +121094,9 @@ CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in Git
NOTE: https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1618 (The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF ch ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1617 (The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity is used ...)
- brave-browser <itp> (bug #864795)
CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal ...)
@@ -121230,7 +121230,7 @@ CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not prot
CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not have CSR ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1609 (The School Management WordPress plugin before 9.9.7 contains an obfusc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus Sys ...)
@@ -121732,7 +121732,7 @@ CVE-2022-1565 (The plugin WP All Import is vulnerable to arbitrary file uploads
CVE-2022-1564 (The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1563 (The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prev ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1562 (The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploade ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1561 (Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions ...)
@@ -122332,7 +122332,7 @@ CVE-2022-1540 (The PostmagThemes Demo Import WordPress plugin through 1.0.7 does
CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not sanitiz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1538 (Theme Demo Import WordPress plugin before 1.1.1 does not validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...)
{DLA-3383-1}
- grunt 1.5.3-1
@@ -122370,7 +122370,7 @@ CVE-2022-1528 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before
CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4227 (The ark-commenteditor WordPress plugin through 2.15.6 does not properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 ...)
NOT-FOR-US: Fabasoft
CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d ...)
@@ -133592,7 +133592,7 @@ CVE-2022-0777 (Weak Password Recovery Mechanism for Forgotten Password in GitHub
CVE-2022-0776 (Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.j ...)
NOT-FOR-US: hakimel/reveal.js
CVE-2022-0775 (The WooCommerce WordPress plugin before 6.2.1 does not have proper aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0774
RESERVED
CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize and es ...)
@@ -139854,7 +139854,7 @@ CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through 2
CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using an out ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0402 (The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12.)
NOT-FOR-US: Node w-zip
CVE-2022-0400 (An out-of-bounds read vulnerability was discovered in linux kernel in ...)
@@ -143658,9 +143658,9 @@ CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time o
NOTE: https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530 (8.5.74)
NOTE: Issue introduced by the fix for CVE-2020-9484
CVE-2022-23180 (The Contact Form & Lead Form Elementor Builder WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-23179 (The Contact Form & Lead Form Elementor Builder WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...)
NOT-FOR-US: Reolink
CVE-2022-0217 (It was discovered that an internal Prosody library to load XML based o ...)
@@ -206747,7 +206747,7 @@ CVE-2021-25119 (The AGIL WordPress plugin through 1.0 accepts all zip files and
CVE-2021-25118 (The Yoast SEO WordPress plugin (from versions 16.7 until 17.2) disclos ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25117 (The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-25116 (The Enqueue Anything WordPress plugin through 1.0.1 does not have auth ...)
NOT-FOR-US: WordPress plugin
CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...)
@@ -207241,9 +207241,9 @@ CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows u
CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does not esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24870 (The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24869 (The WP Fastest Cache WordPress plugin before 0.9.5 does not escape use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka Access Ke ...)
@@ -207847,9 +207847,9 @@ CVE-2021-24569 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin
CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24567 (The Simple Post WordPress plugin through 1.1 does not sanitize user in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24566 (The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 wa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...)
@@ -207863,7 +207863,7 @@ CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the
CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24559 (The Qyrr WordPress plugin before 0.7 does not escape the data-uri of t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id POST parame ...)
@@ -208115,9 +208115,9 @@ CVE-2021-24435 (The iframe-font-preview.php file of the titan-framework does not
CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24433 (The simple sort&search WordPress plugin through 0.0.3 does not make su ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24432 (The Advanced AJAX Product Filters WordPress plugin does not sanitise t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not have an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24430 (The Speed Booster Pack \u26a1 PageSpeed Optimization Suite WordPress p ...)
@@ -208679,7 +208679,7 @@ CVE-2021-24153 (A Stored Cross-Site Scripting vulnerability was discovered in th
CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24151 (The WP Editor WordPress plugin before 1.2.7 did not sanitise or valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24150 (The LikeBtn WordPress Like Button Rating \u2665 LikeBtn WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e62318c99d91f751a748e3e7a7c330370efa380e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e62318c99d91f751a748e3e7a7c330370efa380e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240116/276cadfe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list