Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fec92388 by security tracker role at 2023-01-23T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,225 @@
+CVE-2023-24459
+ RESERVED
+CVE-2023-24458
+ RESERVED
+CVE-2023-24457
+ RESERVED
+CVE-2023-24456
+ RESERVED
+CVE-2023-24455
+ RESERVED
+CVE-2023-24454
+ RESERVED
+CVE-2023-24453
+ RESERVED
+CVE-2023-24452
+ RESERVED
+CVE-2023-24451
+ RESERVED
+CVE-2023-24450
+ RESERVED
+CVE-2023-24449
+ RESERVED
+CVE-2023-24448
+ RESERVED
+CVE-2023-24447
+ RESERVED
+CVE-2023-24446
+ RESERVED
+CVE-2023-24445
+ RESERVED
+CVE-2023-24444
+ RESERVED
+CVE-2023-24443
+ RESERVED
+CVE-2023-24442
+ RESERVED
+CVE-2023-24441
+ RESERVED
+CVE-2023-24440
+ RESERVED
+CVE-2023-24439
+ RESERVED
+CVE-2023-24438
+ RESERVED
+CVE-2023-24437
+ RESERVED
+CVE-2023-24436
+ RESERVED
+CVE-2023-24435
+ RESERVED
+CVE-2023-24434
+ RESERVED
+CVE-2023-24433
+ RESERVED
+CVE-2023-24432
+ RESERVED
+CVE-2023-24431
+ RESERVED
+CVE-2023-24430
+ RESERVED
+CVE-2023-24429
+ RESERVED
+CVE-2023-24428
+ RESERVED
+CVE-2023-24427
+ RESERVED
+CVE-2023-24426
+ RESERVED
+CVE-2023-24425
+ RESERVED
+CVE-2023-24424
+ RESERVED
+CVE-2023-24423
+ RESERVED
+CVE-2023-24422
+ RESERVED
+CVE-2023-24421
+ RESERVED
+CVE-2023-24420
+ RESERVED
+CVE-2023-24419
+ RESERVED
+CVE-2023-24418
+ RESERVED
+CVE-2023-24417
+ RESERVED
+CVE-2023-24416
+ RESERVED
+CVE-2023-24415
+ RESERVED
+CVE-2023-24414
+ RESERVED
+CVE-2023-24413
+ RESERVED
+CVE-2023-24412
+ RESERVED
+CVE-2023-24411
+ RESERVED
+CVE-2023-24410
+ RESERVED
+CVE-2023-24409
+ RESERVED
+CVE-2023-24408
+ RESERVED
+CVE-2023-24407
+ RESERVED
+CVE-2023-24406
+ RESERVED
+CVE-2023-24405
+ RESERVED
+CVE-2023-24404
+ RESERVED
+CVE-2023-24403
+ RESERVED
+CVE-2023-24402
+ RESERVED
+CVE-2023-24401
+ RESERVED
+CVE-2023-24400
+ RESERVED
+CVE-2023-24399
+ RESERVED
+CVE-2023-24398
+ RESERVED
+CVE-2023-24397
+ RESERVED
+CVE-2023-24396
+ RESERVED
+CVE-2023-24395
+ RESERVED
+CVE-2023-24394
+ RESERVED
+CVE-2023-24393
+ RESERVED
+CVE-2023-24392
+ RESERVED
+CVE-2023-24391
+ RESERVED
+CVE-2023-24390
+ RESERVED
+CVE-2023-24389
+ RESERVED
+CVE-2023-24388
+ RESERVED
+CVE-2023-24387
+ RESERVED
+CVE-2023-24386
+ RESERVED
+CVE-2023-24385
+ RESERVED
+CVE-2023-24384
+ RESERVED
+CVE-2023-24383
+ RESERVED
+CVE-2023-24382
+ RESERVED
+CVE-2023-24381
+ RESERVED
+CVE-2023-24380
+ RESERVED
+CVE-2023-24379
+ RESERVED
+CVE-2023-24378
+ RESERVED
+CVE-2023-24377
+ RESERVED
+CVE-2023-24376
+ RESERVED
+CVE-2023-24375
+ RESERVED
+CVE-2023-24374
+ RESERVED
+CVE-2023-24373
+ RESERVED
+CVE-2023-24372
+ RESERVED
+CVE-2023-23579
+ RESERVED
+CVE-2023-22846
+ RESERVED
+CVE-2023-22354
+ RESERVED
+CVE-2023-22321
+ RESERVED
+CVE-2023-22295
+ RESERVED
+CVE-2023-0452
+ RESERVED
+CVE-2023-0451
+ RESERVED
+CVE-2023-0450
+ RESERVED
+CVE-2023-0449
+ RESERVED
+CVE-2023-0448
+ RESERVED
+CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to
authoriza ...)
+ TODO: check
+CVE-2023-0446 (The My YouTube Channel plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2023-0445
+ RESERVED
+CVE-2023-0444
+ RESERVED
+CVE-2023-0443
+ RESERVED
+CVE-2023-0442
+ RESERVED
+CVE-2023-0441
+ RESERVED
+CVE-2023-0440 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ TODO: check
+CVE-2023-0439
+ RESERVED
+CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository
modoboa/modoboa ...)
+ TODO: check
+CVE-2023-0437
+ RESERVED
+CVE-2023-0436
+ RESERVED
+CVE-2022-48282
+ RESERVED
CVE-2023-24371
RESERVED
CVE-2023-24370
@@ -542,16 +764,16 @@ CVE-2023-24101
RESERVED
CVE-2023-24100
RESERVED
-CVE-2023-24099
- RESERVED
-CVE-2023-24098
- RESERVED
-CVE-2023-24097
- RESERVED
-CVE-2023-24096
- RESERVED
-CVE-2023-24095
- RESERVED
+CVE-2023-24099 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC
Easy-Upgrader TEW ...)
+ TODO: check
+CVE-2023-24098 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC
Easy-Upgrader TEW ...)
+ TODO: check
+CVE-2023-24097 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC
Easy-Upgrader TEW ...)
+ TODO: check
+CVE-2023-24096 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC
Easy-Upgrader TEW ...)
+ TODO: check
+CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC
Easy-Upgrader TEW ...)
+ TODO: check
CVE-2023-24094
RESERVED
CVE-2023-24093
@@ -1257,8 +1479,8 @@ CVE-2023-23826
RESERVED
CVE-2023-23825
RESERVED
-CVE-2023-23824
- RESERVED
+CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <=
5.36 versi ...)
+ TODO: check
CVE-2023-23823
RESERVED
CVE-2023-23822
@@ -1377,6 +1599,7 @@ CVE-2023-22288
RESERVED
CVE-2023-0394 [ipv6: raw: Deduct extension header length in
rawv6_push_pending_frames]
RESERVED
+ {DSA-5324-1}
- linux 6.1.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2
NOTE:
https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4)
@@ -1725,8 +1948,8 @@ CVE-2023-23689
RESERVED
CVE-2023-23688
RESERVED
-CVE-2023-23687
- RESERVED
+CVE-2023-23687 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in
Youtube short ...)
+ TODO: check
CVE-2023-23686
RESERVED
CVE-2023-23685
@@ -2402,6 +2625,7 @@ CVE-2023-22281
RESERVED
CVE-2023-0266 [ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
UAF]
RESERVED
+ {DSA-5324-1}
- linux 6.1.7-1
NOTE:
https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVE-2023-0265
@@ -2579,9 +2803,11 @@ CVE-2013-10011 (A vulnerability was found in aeharding
classroom-engagement-syst
CVE-2012-10005 (A vulnerability has been found in manikandan170890
php-form-builder-cl ...)
NOT-FOR-US: manikandan170890 php-form-builder-class
CVE-2023-23455 (atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel
through 6.1. ...)
+ {DSA-5324-1}
- linux 6.1.7-1
NOTE:
https://git.kernel.org/linus/a2965c7be0522eaa18808684b7b82b248515511b
CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel
through 6.1.4 ...)
+ {DSA-5324-1}
- linux 6.1.7-1
NOTE:
https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
CVE-2023-23453
@@ -3637,7 +3863,7 @@ CVE-2023-22966
RESERVED
CVE-2023-22965
RESERVED
-CVE-2023-22964 (Zoho ManageEngine ServiceDesk Plus MSP through 13003 is
vulnerable to ...)
+CVE-2023-22964 (Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x
before 13 ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-22963 (The personnummer implementation before 3.0.3 for Dart
mishandles numbe ...)
NOT-FOR-US: Dart language (different from src:dart)
@@ -3799,6 +4025,7 @@ CVE-2023-0180
RESERVED
CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching
VLAN header bits]
RESERVED
+ {DSA-5324-1}
- linux 6.1.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/13/2
@@ -4655,8 +4882,8 @@ CVE-2023-22723
RESERVED
CVE-2023-22722
RESERVED
-CVE-2023-22721
- RESERVED
+CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for
WordPres ...)
+ TODO: check
CVE-2023-22720
RESERVED
CVE-2023-22719
@@ -5690,8 +5917,8 @@ CVE-2022-4834
RESERVED
CVE-2022-4833
RESERVED
-CVE-2022-4832
- RESERVED
+CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not
validate and ...)
+ TODO: check
CVE-2022-4831
RESERVED
CVE-2022-4830
@@ -6194,8 +6421,8 @@ CVE-2018-25057 (A vulnerability was found in
simple_php_link_shortener. It has b
NOT-FOR-US: simple_php_link_shortener
CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been
declar ...)
NOT-FOR-US: centic9 jgit-cookbook
-CVE-2022-4816
- RESERVED
+CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo
Safece ...)
+ TODO: check
CVE-2022-4815
RESERVED
CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos
prior to 0 ...)
@@ -6280,10 +6507,10 @@ CVE-2022-4792
RESERVED
CVE-2022-4791
RESERVED
-CVE-2022-4790
- RESERVED
-CVE-2022-4789
- RESERVED
+CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before
3.4 doe ...)
+ TODO: check
+CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not
validate a ...)
+ TODO: check
CVE-2022-4788
RESERVED
CVE-2022-4787
@@ -6423,8 +6650,8 @@ CVE-2022-4777
RESERVED
CVE-2022-4776
RESERVED
-CVE-2022-4775
- RESERVED
+CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not
validate and ...)
+ TODO: check
CVE-2022-4774
RESERVED
CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
@@ -6545,12 +6772,12 @@ CVE-2022-4762
RESERVED
CVE-2022-4761
RESERVED
-CVE-2022-4760
- RESERVED
+CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does
not va ...)
+ TODO: check
CVE-2022-4759
RESERVED
-CVE-2022-4758
- RESERVED
+CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not
validate a ...)
+ TODO: check
CVE-2022-4757
RESERVED
CVE-2022-4756
@@ -6559,12 +6786,12 @@ CVE-2022-4755 (A vulnerability was found in FlatPress
and classified as problema
NOT-FOR-US: FlatPress
CVE-2022-4754
RESERVED
-CVE-2022-4753
- RESERVED
+CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not
validate and ...)
+ TODO: check
CVE-2022-4752
RESERVED
-CVE-2022-4751
- RESERVED
+CVE-2022-4751 (The Word Balloon WordPress plugin before 4.19.3 does not
validate and ...)
+ TODO: check
CVE-2022-4750
RESERVED
CVE-2022-4749
@@ -6612,8 +6839,8 @@ CVE-2015-10005 (A vulnerability was found in markdown-it
up to 2.x. It has been
NOT-FOR-US: Fuji Electric
CVE-2022-47966 (Multiple Zoho ManageEngine on-premise products, such as
ServiceDesk Pl ...)
NOT-FOR-US: Zoho
-CVE-2022-4746
- RESERVED
+CVE-2022-4746 (The FluentAuth WordPress plugin before 1.0.2 prioritizes
getting a vis ...)
+ TODO: check
CVE-2022-4745
RESERVED
CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and
classified as ...)
@@ -6759,14 +6986,14 @@ CVE-2022-4720 (Open Redirect in GitHub repository
ikus060/rdiffweb prior to 2.5.
- rdiffweb <itp> (bug #969974)
CVE-2022-4719 (Business Logic Errors in GitHub repository ikus060/rdiffweb
prior to 2 ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-4718
- RESERVED
+CVE-2022-4718 (The Landing Page Builder WordPress plugin before 1.4.9.9 does
not vali ...)
+ TODO: check
CVE-2022-4717
RESERVED
-CVE-2022-4716
- RESERVED
-CVE-2022-4715
- RESERVED
+CVE-2022-4716 (The WP Popups WordPress plugin before 2.1.4.8 does not validate
and es ...)
+ TODO: check
+CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not
validate ...)
+ TODO: check
CVE-2022-4714
RESERVED
CVE-2022-4713
@@ -6789,8 +7016,8 @@ CVE-2022-4708 (The Royal Elementor Addons plugin for
WordPress is vulnerable to
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-4707 (The Royal Elementor Addons plugin for WordPress is vulnerable
to Cross ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
-CVE-2022-4706
- RESERVED
+CVE-2022-4706 (The Genesis Columns Advanced WordPress plugin before 2.0.4 does
not va ...)
+ TODO: check
CVE-2022-4705 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
CVE-2022-4704 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
@@ -6810,6 +7037,7 @@ CVE-2022-4698 (The ProfilePress plugin for WordPress is
vulnerable to Stored Cro
CVE-2022-4697 (The ProfilePress plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: ProfilePress plugin for WordPress
CVE-2022-4696 (There exists a use-after-free vulnerability in the Linux kernel
throug ...)
+ {DSA-5324-1}
- linux 5.14.6-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a
@@ -6817,8 +7045,8 @@ CVE-2022-4695 (Cross-site Scripting (XSS) - Stored in
GitHub repository usememos
NOT-FOR-US: usememos
CVE-2022-4694 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
NOT-FOR-US: usememos
-CVE-2022-4693
- RESERVED
+CVE-2022-4693 (The User Verification WordPress plugin before 1.0.94 was
affected by a ...)
+ TODO: check
CVE-2022-4692 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
NOT-FOR-US: usememos
CVE-2022-4691 (Cross-site Scripting (XSS) - Stored in GitHub repository
usememos/memo ...)
@@ -6888,6 +7116,7 @@ CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a
collision of hash values
CVE-2022-47930
RESERVED
CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference
bug in th ...)
+ {DSA-5324-1}
- linux 6.1.7-1
NOTE:
https://git.kernel.org/linus/96398560f26aa07e8f2969d73c8197e6a6d10407 (6.2-rc4)
CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file
uploads in a ...)
@@ -6910,8 +7139,8 @@ CVE-2022-4677
RESERVED
CVE-2022-4676
RESERVED
-CVE-2022-4675
- RESERVED
+CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not
valida ...)
+ TODO: check
CVE-2022-4674
RESERVED
CVE-2022-46739
@@ -6920,18 +7149,18 @@ CVE-2022-46735
RESERVED
CVE-2022-46734
RESERVED
-CVE-2022-4673
- RESERVED
-CVE-2022-4672
- RESERVED
+CVE-2022-4673 (The Rate my Post WordPress plugin before 3.3.9 does not
validate and e ...)
+ TODO: check
+CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before
4.6.2 does ...)
+ TODO: check
CVE-2022-4671
RESERVED
CVE-2022-4670
RESERVED
CVE-2022-4669
RESERVED
-CVE-2022-4668
- RESERVED
+CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not
validate ...)
+ TODO: check
CVE-2022-4667
RESERVED
CVE-2022-4666
@@ -6993,8 +7222,8 @@ CVE-2022-4652
RESERVED
CVE-2022-4651
RESERVED
-CVE-2022-4650
- RESERVED
+CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and
escape ...)
+ TODO: check
CVE-2022-4649
RESERVED
CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
destiny.g ...)
@@ -7093,20 +7322,20 @@ CVE-2022-46300
RESERVED
CVE-2022-4630 (Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository
lirantal ...)
NOT-FOR-US: daloRADIUS
-CVE-2022-4629
- RESERVED
+CVE-2022-4629 (The Product Slider for WooCommerce WordPress plugin before
2.6.4 does ...)
+ TODO: check
CVE-2022-46286
RESERVED
CVE-2022-4628
RESERVED
-CVE-2022-4627
- RESERVED
+CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate
and escap ...)
+ TODO: check
CVE-2022-4626
RESERVED
-CVE-2022-4625
- RESERVED
-CVE-2022-4624
- RESERVED
+CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not
validate ...)
+ TODO: check
+CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not
validate and ...)
+ TODO: check
CVE-2022-4623
RESERVED
CVE-2022-45876
@@ -9150,8 +9379,8 @@ CVE-2022-4578 (The Video Conferencing with Zoom WordPress
plugin before 4.0.10 d
NOT-FOR-US: WordPress plugin
CVE-2022-4577
RESERVED
-CVE-2022-4576
- RESERVED
+CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4
does not v ...)
+ TODO: check
CVE-2022-4575
RESERVED
CVE-2022-4574
@@ -9162,8 +9391,8 @@ CVE-2022-4572 (A vulnerability, which was classified as
problematic, has been fo
NOT-FOR-US: UBI reader
CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4570
- RESERVED
+CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3 does not validate and
escape ...)
+ TODO: check
CVE-2022-4569
RESERVED
CVE-2022-4568
@@ -9252,14 +9481,14 @@ CVE-2022-4550
RESERVED
CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF
check i ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4548
- RESERVED
+CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI
WordPress pl ...)
+ TODO: check
CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress
plugin throu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4546
RESERVED
-CVE-2022-4545
- RESERVED
+CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and
escape s ...)
+ TODO: check
CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page
Table Iso ...)
@@ -9276,8 +9505,8 @@ CVE-2023-0013 (The ABAP Keyword Documentation of SAP
NetWeaver Application Serve
NOT-FOR-US: SAP
CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker
who gai ...)
NOT-FOR-US: SAP
-CVE-2022-4542
- RESERVED
+CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does
not val ...)
+ TODO: check
CVE-2022-4541
RESERVED
CVE-2022-4540
@@ -9479,8 +9708,8 @@ CVE-2022-4511 (A vulnerability has been found in RainyGao
DocSys and classified
NOT-FOR-US: RainyGao DocSys
CVE-2022-4510
RESERVED
-CVE-2022-4509
- RESERVED
+CVE-2022-4509 (The Content Control WordPress plugin before 1.1.10 does not
validate a ...)
+ TODO: check
CVE-2022-43494 (An unauthorized user could be able to read any file on the
system, pot ...)
NOT-FOR-US: GE Digital
CVE-2022-38469 (An unauthorized user with network access and the decryption
key could ...)
@@ -9641,8 +9870,8 @@ CVE-2022-4487 (The Easy Accordion WordPress plugin before
2.2.0 does not validat
NOT-FOR-US: WordPress plugin
CVE-2022-4486 (The Meteor Slides WordPress plugin through 1.5.6 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4485
- RESERVED
+CVE-2022-4485 (The Page-list WordPress plugin before 5.3 does not validate and
escape ...)
+ TODO: check
CVE-2022-4484 (The Social Share, Social Login and Social Comments Plugin
WordPress pl ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4483 (The Insert Pages WordPress plugin before 3.7.5 does not
validate and e ...)
@@ -9799,10 +10028,10 @@ CVE-2022-47376
RESERVED
CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides
install ...)
NOT-FOR-US: Squirrel.Windows
-CVE-2022-4475
- RESERVED
-CVE-2022-4474
- RESERVED
+CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not
validate a ...)
+ TODO: check
+CVE-2022-4474 (The Easy Social Feed WordPress plugin before 6.4.0 does not
validate a ...)
+ TODO: check
CVE-2022-4473
RESERVED
CVE-2022-4472
@@ -9815,8 +10044,8 @@ CVE-2022-4469 (The Simple Membership WordPress plugin
before 4.2.2 does not vali
NOT-FOR-US: WordPress plugin
CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not
validate an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4467
- RESERVED
+CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not
valida ...)
+ TODO: check
CVE-2022-4466
RESERVED
CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not
validate ...)
@@ -9973,8 +10202,8 @@ CVE-2022-4445
RESERVED
CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared
as prob ...)
NOT-FOR-US: ipti br.tag
-CVE-2022-4443
- RESERVED
+CVE-2022-4443 (The BruteBank WordPress plugin before 1.9 does not have CSRF
check in ...)
+ TODO: check
CVE-2022-4442 (The Custom Post Types and Custom Fields creator WordPress
plugin befor ...)
NOT-FOR-US: WordPress plugin
CVE-2019-25078 (A vulnerability classified as problematic was found in
pacparser up to ...)
@@ -10667,8 +10896,8 @@ CVE-2022-47067
RESERVED
CVE-2022-47066
RESERVED
-CVE-2022-47065
- RESERVED
+CVE-2022-47065 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC
Easy-Upgrader TEW ...)
+ TODO: check
CVE-2022-47064
RESERVED
CVE-2022-47063
@@ -11305,8 +11534,8 @@ CVE-2022-4385
RESERVED
CVE-2022-4384
RESERVED
-CVE-2022-4383
- RESERVED
+CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not
properly ...)
+ TODO: check
CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock
operations ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1
@@ -11530,8 +11759,8 @@ CVE-2022-46770 (qubes-mirage-firewall (aka Mirage
firewall for QubesOS) 0.8.x th
NOT-FOR-US: qubes-mirage-firewall
CVE-2022-46769 (An improper neutralization of input during web page generation
('Cross ...)
NOT-FOR-US: Apache Sling
-CVE-2022-4346
- RESERVED
+CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3
leaked se ...)
+ TODO: check
CVE-2022-4343
RESERVED
CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -11622,8 +11851,8 @@ CVE-2022-4325 (The Post Status Notifier Lite WordPress
plugin before 1.10.1 does
NOT-FOR-US: WordPress plugin
CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8
unserialises t ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4323
- RESERVED
+CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes
user input ...)
+ TODO: check
CVE-2018-25048
RESERVED
CVE-2023-21673
@@ -11948,16 +12177,16 @@ CVE-2022-4309 (The Subscribe2 WordPress plugin before
10.38 does not have CSRF c
NOT-FOR-US: WordPress plugin
CVE-2022-4308
RESERVED
-CVE-2022-4307
- RESERVED
+CVE-2022-4307 (The پلاگین
پرد&# ...)
+ TODO: check
CVE-2022-4306
RESERVED
-CVE-2022-4305
- RESERVED
+CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks
author ...)
+ TODO: check
CVE-2022-4304
RESERVED
-CVE-2022-4303
- RESERVED
+CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4
prioritizes ...)
+ TODO: check
CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes
user inpu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not
saniti ...)
@@ -12986,8 +13215,8 @@ CVE-2022-4232 (A vulnerability, which was classified as
critical, was found in S
NOT-FOR-US: SourceCodester Event Registration System
CVE-2022-4231 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Tribal Systems Zenario CMS
-CVE-2022-4230
- RESERVED
+CVE-2022-4230 (The WP Statistics WordPress plugin before 13.2.9 does not
escape a par ...)
+ TODO: check
CVE-2022-4229 (A vulnerability classified as critical was found in
SourceCodester Boo ...)
NOT-FOR-US: SourceCodester Book Store Management System
CVE-2022-4228 (A vulnerability classified as problematic has been found in
SourceCode ...)
@@ -14097,6 +14326,7 @@ CVE-2022-4146
CVE-2022-45935 (Usage of temporary files with insecure permissions by the
Apache James ...)
NOT-FOR-US: Apache James
CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10.
l2cap_conf ...)
+ {DSA-5324-1}
- linux 6.1.4-1
NOTE:
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of
a Kubern ...)
@@ -15430,8 +15660,8 @@ CVE-2022-4019 (A denial-of-service vulnerability in the
Mattermost Playbooks plu
NOT-FOR-US: Mattermost plugin
CVE-2022-4018 (Missing Authentication for Critical Function in GitHub
repository ikus ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-4017
- RESERVED
+CVE-2022-4017 (The Booster for WooCommerce WordPress plugin before 6.0.1,
Booster Plu ...)
+ TODO: check
CVE-2022-4016 (The Booster for WooCommerce WordPress plugin before 5.6.7,
Booster Plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4015 (A vulnerability, which was classified as critical, was found in
Sports ...)
@@ -19229,8 +19459,8 @@ CVE-2022-44565 (An improper access validation
vulnerability exists in airMAX AC
NOT-FOR-US: airMAX
CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal
vulnerability. Succ ...)
NOT-FOR-US: Huawei
-CVE-2022-3811
- RESERVED
+CVE-2022-3811 (The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6
does no ...)
+ TODO: check
CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been
classified ...)
NOT-FOR-US: Bento4
CVE-2022-3809 (A vulnerability was found in Axiomatic Bento4 and classified as
proble ...)
@@ -23790,6 +24020,7 @@ CVE-2022-3624 (A vulnerability was found in Linux
Kernel and classified as probl
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4f5d33f4f798b1c6d92b613f0087f639d9836971 (6.0-rc1)
CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared
as pro ...)
+ {DSA-5324-1}
- linux 6.0.3-1
[buster] - linux <not-affected> (Vulnerability introduced later)
NOTE:
https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1)
@@ -24998,6 +25229,7 @@ CVE-2022-3547 (A vulnerability was found in
SourceCodester Simple Cold Storage M
CVE-2022-3546 (A vulnerability was found in SourceCodester Simple Cold Storage
Manage ...)
NOT-FOR-US: SourceCodester Simple Cold Storage Management System
CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified
as criti ...)
+ {DSA-5324-1}
- linux 6.0.2-1
NOTE:
https://git.kernel.org/linus/02e1a114fdb71e59ee6770294166c30d437bf86a (6.0-rc1)
CVE-2022-3544 (A vulnerability, which was classified as problematic, was found
in Lin ...)
@@ -26480,8 +26712,8 @@ CVE-2022-3432
RESERVED
CVE-2022-3431
RESERVED
-CVE-2022-3430
- RESERVED
+CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some
consumer Len ...)
+ TODO: check
CVE-2022-42493
RESERVED
CVE-2022-42492
@@ -26556,8 +26788,8 @@ CVE-2022-3427 (The Corner Ad plugin for WordPress is
vulnerable to Cross-Site Re
NOT-FOR-US: Corner Ad plugin for WordPress
CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not
saniti ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3425
- RESERVED
+CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes
user input ...)
+ TODO: check
CVE-2022-3424 [misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os]
RESERVED
- linux 6.1.4-1
@@ -28417,7 +28649,7 @@ CVE-2022-3361 (The Ultimate Member plugin for WordPress
is vulnerable to directo
NOT-FOR-US: Ultimate Member plugin for WordPress
CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises
user input ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3359 (The Shortcodes and extra features for Phlox WordPress plugin
through 2 ...)
+CVE-2022-3359 (The Shortcodes and extra features for Phlox theme WordPress
plugin bef ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy
EVP_CIPHER_me ...)
- openssl 3.0.7-1 (bug #1021620)
@@ -29218,8 +29450,8 @@ CVE-2022-41507
RESERVED
CVE-2022-41506
RESERVED
-CVE-2022-41505
- RESERVED
+CVE-2022-41505 (An access control issue on TP-LInk Tapo C200 V1 devices allows
physica ...)
+ TODO: check
CVE-2022-41504 (An arbitrary file upload vulnerability in the component
/php_action/ed ...)
NOT-FOR-US: Billing System Project
CVE-2022-41503
@@ -29962,6 +30194,7 @@ CVE-2022-41220 (** DISPUTED ** md2roff 1.9 has a
stack-based buffer overflow via
CVE-2022-41219
RESERVED
CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through
5.19.10 ...)
+ {DSA-5324-1}
- linux 6.1.4-1
NOTE: https://lore.kernel.org/all/[email protected]/
NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/4
@@ -32582,6 +32815,7 @@ CVE-2022-36402 (An integer overflow vulnerability was
found in vmwgfx driver in
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2072
NOTE: Might be OpenAnolis specific issues, check when Bugzilla entries
are public
CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in
vmwgfx ...)
+ {DSA-5324-1}
- linux 6.1.4-1
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
NOTE:
https://git.kernel.org/linus/4cf949c7fafe21e085a4ee386bb2dade9067316e
@@ -36289,8 +36523,8 @@ CVE-2022-38727
RESERVED
CVE-2022-38726
RESERVED
-CVE-2022-38725
- RESERVED
+CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity
syslog-ng 3. ...)
+ TODO: check
CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0,
silverstripe/asset ...)
NOT-FOR-US: SilverStripe CMS
CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal
through H ...)
@@ -37355,6 +37589,7 @@ CVE-2022-2874 (NULL Pointer Dereference in GitHub
repository vim/vim prior to 9.
NOTE:
https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d
(v9.0.0224)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux
kernel Inte ...)
+ {DSA-5324-1}
- linux 6.1.4-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2119048
NOTE:
https://lore.kernel.org/lkml/[email protected]/T/
@@ -37992,7 +38227,7 @@ CVE-2022-38183 (In Gitea before 1.16.9, it was possible
for users to add existin
- gitea <removed>
CVE-2022-38182
RESERVED
-CVE-2022-38181 (An Arm product family through 2022-08-12 mail GPU kernel
driver allows ...)
+CVE-2022-38181 (The Arm Mali GPU kernel driver allows unprivileged users to
access fre ...)
NOT-FOR-US: ARM Mali GPU driver
CVE-2022-2809 (A vulnerability in bmcweb of OpenBMC Project allows user to
cause deni ...)
NOT-FOR-US: OpenBMC
@@ -39186,10 +39421,10 @@ CVE-2022-37721 (PyroCMS 3.9 is vulnerable to a stored
Cross Site Scripting (XSS_
NOT-FOR-US: PyroCMS
CVE-2022-37720 (Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site
Scriptin ...)
NOT-FOR-US: Orchard CMS
-CVE-2022-37719
- RESERVED
-CVE-2022-37718
- RESERVED
+CVE-2022-37719 (A Cross-Site Request Forgery (CSRF) in the management portal
of JetNex ...)
+ TODO: check
+CVE-2022-37718 (The management portal component of JetNexus/EdgeNexus ADC
4.2.8 was di ...)
+ TODO: check
CVE-2022-37717
RESERVED
CVE-2022-37716
@@ -55216,7 +55451,7 @@ CVE-2022-31782 (ftbench.c in FreeType Demo Programs
through 2.12.1 has a heap-ba
CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular
Expressio ...)
NOT-FOR-US: Apache Tapestry
CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame
handling of Ap ...)
- {DSA-5206-1}
+ {DSA-5206-1 DLA-3279-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header
parsing of Ap ...)
@@ -66313,7 +66548,7 @@ CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip
in encoding/xml before Go
CVE-2022-28130
RESERVED
CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header
parsing of ...)
- {DSA-5206-1}
+ {DSA-5206-1 DLA-3279-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab
CE/EE affe ...)
@@ -73071,7 +73306,7 @@ CVE-2022-25769
CVE-2022-25768
RESERVED
CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request
validation o ...)
- {DSA-5206-1}
+ {DSA-5206-1 DLA-3279-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2022-21182 (A privilege escalation vulnerability exists in the router
configuratio ...)
@@ -79940,8 +80175,8 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim
prior to 8.2. ...)
NOTE: Crash in CLI tool, no security impact
CVE-2022-0317 (An improper input validation vulnerability in go-attestation
before 0. ...)
NOT-FOR-US: go-attestation
-CVE-2022-0316
- RESERVED
+CVE-2022-0316 (The WeStand WordPress theme before 2.1, footysquare WordPress
theme, a ...)
+ TODO: check
CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod
prior to ...)
NOT-FOR-US: horovod
CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes
the insta ...)
@@ -95438,18 +95673,18 @@ CVE-2021-43451 (SQL Injection vulnerability exists in
PHPGURUKUL Employee Record
NOT-FOR-US: PHPGURUKUL
CVE-2021-43450
RESERVED
-CVE-2021-43449
- RESERVED
-CVE-2021-43448
- RESERVED
-CVE-2021-43447
- RESERVED
-CVE-2021-43446
- RESERVED
-CVE-2021-43445
- RESERVED
-CVE-2021-43444
- RESERVED
+CVE-2021-43449 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to
Server-Side ...)
+ TODO: check
+CVE-2021-43448 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to
Improper Inp ...)
+ TODO: check
+CVE-2021-43447 (ONLYOFFICE all versions as of 2021-11-08 is affected by
Incorrect Acce ...)
+ TODO: check
+CVE-2021-43446 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to
Cross Site S ...)
+ TODO: check
+CVE-2021-43445 (ONLYOFFICE all versions as of 2021-11-08 is affected by
Incorrect Acce ...)
+ TODO: check
+CVE-2021-43444 (ONLYOFFICE all versions as of 2021-11-08 is affected by
Incorrect Acce ...)
+ TODO: check
CVE-2021-43443
RESERVED
CVE-2021-43442 (A Logic Flaw vulnerability exists in i3 International Inc
Annexxus Cam ...)
@@ -113873,7 +114108,7 @@ CVE-2021-37159 (hso_free_net_device in
drivers/net/usb/hso.c in the Linux kernel
[buster] - linux 4.19.208-1
NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
CVE-2021-37150 (Improper Input Validation vulnerability in header parsing of
Apache Tr ...)
- {DSA-5206-1}
+ {DSA-5206-1 DLA-3279-1}
- trafficserver 9.1.3+ds-1
NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of
Apache Tr ...)
@@ -145130,8 +145365,8 @@ CVE-2021-24883 (The Popup Anything WordPress plugin
before 2.0.4 does not escape
NOT-FOR-US: WordPress plugin
CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24881
- RESERVED
+CVE-2021-24881 (The Passster WordPress plugin before 3.5.5.9 does not properly
check f ...)
+ TODO: check
CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have
CSRF chec ...)
@@ -145218,8 +145453,8 @@ CVE-2021-24839 (The SupportCandy WordPress plugin
before 2.2.5 does not have aut
NOT-FOR-US: WordPress plugin
CVE-2021-24838 (The AnyComment WordPress plugin before 0.3.5 has an API
endpoint which ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24837
- RESERVED
+CVE-2021-24837 (The Passster WordPress plugin before 3.5.5.8 does not escape
the area ...)
+ TODO: check
CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before
1.7.1 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with
Bookings ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec92388390c1c4402846e94c74782e62b02fc79
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fec92388390c1c4402846e94c74782e62b02fc79
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
