Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f6ea926 by security tracker role at 2023-01-28T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-0559
+ RESERVED
+CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to
authorization ...)
+ TODO: check
+CVE-2023-0557 (The ContentStudio plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2023-0556 (The ContentStudio plugin for WordPress is vulnerable to
authorization ...)
+ TODO: check
+CVE-2023-0555 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
author ...)
+ TODO: check
+CVE-2023-0554 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
Cross- ...)
+ TODO: check
+CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2023-0552
+ RESERVED
+CVE-2023-0551
+ RESERVED
+CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
Insecu ...)
+ TODO: check
+CVE-2022-48284
+ RESERVED
+CVE-2022-48283
+ RESERVED
+CVE-2021-4315
+ RESERVED
CVE-2023-24595
RESERVED
CVE-2023-24583
@@ -2588,34 +2614,34 @@ CVE-2023-23631
RESERVED
CVE-2023-23630
RESERVED
-CVE-2023-23629
- RESERVED
-CVE-2023-23628
- RESERVED
-CVE-2023-23627
- RESERVED
+CVE-2023-23629 (Metabase is an open source data analytics platform. Affected
versions ...)
+ TODO: check
+CVE-2023-23628 (Metabase is an open source data analytics platform. Affected
versions ...)
+ TODO: check
+CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer.
Versions 5.0.0 ...)
+ TODO: check
CVE-2023-23626
RESERVED
CVE-2023-23625
RESERVED
-CVE-2023-23624
- RESERVED
+CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to
version 3.0. ...)
+ TODO: check
CVE-2023-23623
RESERVED
CVE-2023-23622
RESERVED
-CVE-2023-23621
- RESERVED
-CVE-2023-23620
- RESERVED
+CVE-2023-23621 (Discourse is an open-source discussion platform. Prior to
version 3.0. ...)
+ TODO: check
+CVE-2023-23620 (Discourse is an open-source discussion platform. Prior to
version 3.0. ...)
+ TODO: check
CVE-2023-23619 (Modelina is a library for generating data models based on
inputs such ...)
TODO: check
CVE-2023-23618
RESERVED
-CVE-2023-23617
- RESERVED
-CVE-2023-23616
- RESERVED
+CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to
19.4.22 and ...)
+ TODO: check
+CVE-2023-23616 (Discourse is an open-source discussion platform. Prior to
version 3.0. ...)
+ TODO: check
CVE-2023-23615
RESERVED
CVE-2023-23614 (Pi-hole®'s Web interface (based off of AdminLTE) provides
a centr ...)
@@ -5375,8 +5401,8 @@ CVE-2023-22739 (Discourse is an open source platform for
community discussion. V
NOT-FOR-US: Discourse
CVE-2023-22738
RESERVED
-CVE-2023-22737
- RESERVED
+CVE-2023-22737 (wire-server provides back end services for Wire, a team
communication ...)
+ TODO: check
CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
NOT-FOR-US: Argo CD
CVE-2023-22735
@@ -5881,7 +5907,7 @@ CVE-2023-0049 (Out-of-bounds Read in GitHub repository
vim/vim prior to 9.0.1143
CVE-2023-0048 (Code Injection in GitHub repository lirantal/daloradius prior
to maste ...)
NOT-FOR-US: lirantal/daloradius
CVE-2023-0047
- RESERVED
+ REJECTED
- linux 5.15.3-1
[bullseye] - linux 5.10.84-1
[buster] - linux 4.19.232-1
@@ -6694,12 +6720,12 @@ CVE-2022-48120 (SQL Injection vulnerability in
kishan0725 Hospital Management Sy
NOT-FOR-US: kishan0725 Hospital Management System
CVE-2022-48119
RESERVED
-CVE-2022-48118
- RESERVED
+CVE-2022-48118 (Jorani v1.0 was discovered to contain a cross-site scripting
(XSS) vul ...)
+ TODO: check
CVE-2022-48117
RESERVED
-CVE-2022-48116
- RESERVED
+CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code
execution (RCE) ...)
+ TODO: check
CVE-2022-48115
RESERVED
CVE-2022-48114
@@ -6714,10 +6740,10 @@ CVE-2022-48110
RESERVED
CVE-2022-48109
RESERVED
-CVE-2022-48108
- RESERVED
-CVE-2022-48107
- RESERVED
+CVE-2022-48108 (D-Link DIR_878_FW1.30B08 was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2022-48107 (D-Link DIR_878_FW1.30B08 was discovered to contain a command
injection ...)
+ TODO: check
CVE-2022-48106
RESERVED
CVE-2022-48105
@@ -11461,7 +11487,7 @@ CVE-2022-47054
RESERVED
CVE-2022-47053
RESERVED
-CVE-2022-47052 (NETGEAR Nighthawk R6220 v1.1.0.112_1.0.1 was discovered to
contain a c ...)
+CVE-2022-47052 (The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi
Router' i ...)
NOT-FOR-US: NETGEAR
CVE-2022-47051
RESERVED
@@ -11634,8 +11660,8 @@ CVE-2022-46970
RESERVED
CVE-2022-46969
RESERVED
-CVE-2022-46968
- RESERVED
+CVE-2022-46968 (A stored cross-site scripting (XSS) vulnerability in
/index.php?page=h ...)
+ TODO: check
CVE-2022-46967 (An access control issue in Revenue Collection System v1.0
allows unaut ...)
TODO: check
CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL
injecti ...)
@@ -13676,8 +13702,8 @@ CVE-2022-4257 (A vulnerability was found in C-DATA Web
Management System. It has
NOT-FOR-US: C-DATA Web Management System
CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before
2.4.4 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4255
- RESERVED
+CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE
from 13 ...)
+ TODO: check
CVE-2022-4254 [libsss_certmap fails to sanitise certificate data used in LDAP
filters]
RESERVED
- sssd 2.3.1-1
@@ -13717,14 +13743,14 @@ CVE-2022-4241
RESERVED
CVE-2022-4240
RESERVED
-CVE-2022-46359
- RESERVED
-CVE-2022-46358
- RESERVED
-CVE-2022-46357
- RESERVED
-CVE-2022-46356
- RESERVED
+CVE-2022-46359 (Potential vulnerabilities have been identified in HP Security
Manager ...)
+ TODO: check
+CVE-2022-46358 (Potential vulnerabilities have been identified in HP Security
Manager ...)
+ TODO: check
+CVE-2022-46357 (Potential vulnerabilities have been identified in HP Security
Manager ...)
+ TODO: check
+CVE-2022-46356 (Potential vulnerabilities have been identified in HP Security
Manager ...)
+ TODO: check
CVE-2022-46355 (A vulnerability has been identified in SCALANCE X204RNA (HSR)
(All ver ...)
NOT-FOR-US: Siemens
CVE-2022-46354 (A vulnerability has been identified in SCALANCE X204RNA (HSR)
(All ver ...)
@@ -13904,8 +13930,7 @@ CVE-2022-4207 (The Image Hover Effects Ultimate plugin
for WordPress is vulnerab
CVE-2022-4206
RESERVED
- gitlab <unfixed>
-CVE-2022-4205
- RESERVED
+CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch
with a ...)
- gitlab <unfixed>
CVE-2022-4204
RESERVED
@@ -14000,8 +14025,7 @@ CVE-2022-42885
RESERVED
CVE-2022-42489
RESERVED
-CVE-2022-4201
- RESERVED
+CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to
15.4.6, ...)
- gitlab <unfixed>
CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not
sanitis ...)
NOT-FOR-US: WordPress plugin
@@ -21331,12 +21355,12 @@ CVE-2022-43982 (In Apache Airflow versions prior to
2.4.2, the "Trigger DAG with
- airflow <itp> (bug #819700)
CVE-2022-43981
RESERVED
-CVE-2022-43980
- RESERVED
-CVE-2022-43979
- RESERVED
-CVE-2022-43978
- RESERVED
+CVE-2022-43980 (There is a stored cross-site scripting vulnerability in
Pandora FMS v7 ...)
+ TODO: check
+CVE-2022-43979 (There is a Path Traversal that leads to a Local File Inclusion
in Pand ...)
+ TODO: check
+CVE-2022-43978 (There is an improper authentication vulnerability in Pandora
FMS v764. ...)
+ TODO: check
CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post
withou ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3749
@@ -34128,12 +34152,12 @@ CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS
Command Injection vulnerabi
NOT-FOR-US: NOKIA
CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs
is the ...)
NOT-FOR-US: NOKIA
-CVE-2022-39813
- RESERVED
-CVE-2022-39812
- RESERVED
-CVE-2022-39811
- RESERVED
+CVE-2022-39813 (Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple
Reflected/Stored ...)
+ TODO: check
+CVE-2022-39812 (Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path
Traversal un ...)
+ TODO: check
+CVE-2022-39811 (Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access
Control unde ...)
+ TODO: check
CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A
Reflect ...)
NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A
Reflect ...)
@@ -35094,8 +35118,8 @@ CVE-2022-39382 (Keystone is a headless CMS for Node.js
— built with GraphQ
NOT-FOR-US: Keystone CMS
CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF
with js f ...)
NOT-FOR-US: Muhammara Nodejs module
-CVE-2022-39380
- RESERVED
+CVE-2022-39380 (Wire web-app is part of Wire communications. Versions prior to
2022-11 ...)
+ TODO: check
CVE-2022-39379 (Fluentd collects events from various data sources and writes
them to f ...)
- fluentd <itp> (bug #926692)
CVE-2022-39378 (Discourse is a platform for community discussion. Under
certain condit ...)
@@ -35256,8 +35280,8 @@ CVE-2022-39326 (kartverket/github-workflows are shared
reusable workflows for Gi
NOT-FOR-US: kartverket/github-workflows
CVE-2022-39325 (BaserCMS is a content management system with a japanese
language focus ...)
NOT-FOR-US: BaserCMS
-CVE-2022-39324
- RESERVED
+CVE-2022-39324 (Grafana is an open-source platform for monitoring and
observability. P ...)
+ TODO: check
CVE-2022-39323 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI
is a Fre ...)
- glpi <removed> (unimportant)
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-cp6q-9p4x-8hr9
@@ -52877,7 +52901,7 @@ CVE-2022-32954
CVE-2022-32953
RESERVED
CVE-2022-32952
- RESERVED
+ REJECTED
CVE-2022-32951
REJECTED
CVE-2022-32950
@@ -54055,7 +54079,7 @@ CVE-2022-32474
CVE-2022-32473
RESERVED
CVE-2022-32472
- RESERVED
+ REJECTED
CVE-2022-32471
RESERVED
CVE-2022-32470
@@ -81306,8 +81330,8 @@ CVE-2022-23554 (Alpine is a scaffolding library in
Java. Alpine prior to version
TODO: check
CVE-2022-23553 (Alpine is a scaffolding library in Java. Alpine prior to
version 1.10. ...)
TODO: check
-CVE-2022-23552
- RESERVED
+CVE-2022-23552 (Grafana is an open-source platform for monitoring and
observability. S ...)
+ TODO: check
CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to
Kubernet ...)
NOT-FOR-US: aad-pod-identity
CVE-2022-23550
@@ -81365,7 +81389,8 @@ CVE-2022-23531 (GuardDog is a CLI tool to identify
malicious PyPI packages. Vers
NOT-FOR-US: GuardDog
CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages.
Versions p ...)
NOT-FOR-US: GuardDog
-CVE-2022-23529 (node-jsonwebtoken is a JsonWebToken implementation for
node.js. For ve ...)
+CVE-2022-23529
+ REJECTED
NOT-FOR-US: jsonwebtoken node module
CVE-2022-23528
RESERVED
@@ -92290,8 +92315,8 @@ CVE-2021-4034 (A local privilege escalation
vulnerability was found on polkit's
NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/11
CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: kimai2
-CVE-2019-25053
- RESERVED
+CVE-2019-25053 (A path traversal vulnerability exists in Sage FRP 1000 before
November ...)
+ TODO: check
CVE-2021-44353
RESERVED
CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the
Tenda AC15 V ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f6ea9266afd4fb0a86741702e34af0479da309f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f6ea9266afd4fb0a86741702e34af0479da309f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
