automatic update

author: security tracker role <sectracker@soriano.debian.org> 2023-05-25 20:12:03 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2023-05-25 20:12:03 +0000
commit: 529f7154c481dd8ea0fe813f03c139899addfc8a (patch)
tree: 638ce582782018a98027e7ad9ed8fcb6f1612d90
parent: ed6d12bc72318c2e876873cd2494fa829d2d75ed (diff)
1 files changed, 152 insertions, 95 deletions
diff --git a/data/CVE/list b/data/CVE/list
index afefbf327c..267adab6aa 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,63 @@
+CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
+	TODO: check
+CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
+	TODO: check
+CVE-2023-33356 (IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).)
+	TODO: check
+CVE-2023-33355 (IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access t ...)
+	TODO: check
+CVE-2023-33280 (In the Store Commander scquickaccounting module for PrestaShop through ...)
+	TODO: check
+CVE-2023-33279 (In the Store Commander scfixmyprestashop module through 2023-05-09 for ...)
+	TODO: check
+CVE-2023-33278 (In the Store Commander scexportcustomers module for PrestaShop through ...)
+	TODO: check
+CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an openly v ...)
+	TODO: check
+CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd generation an ...)
+	TODO: check
+CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's `validate ...)
+	TODO: check
+CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.)
+	TODO: check
+CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...)
+	TODO: check
+CVE-2023-31458 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...)
+	TODO: check
+CVE-2023-2888 (A vulnerability, which was classified as problematic, was found in PHP ...)
+	TODO: check
+CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows ...)
+	TODO: check
+CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot  ...)
+	TODO: check
+CVE-2023-2885 (Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allow ...)
+	TODO: check
+CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), U ...)
+	TODO: check
+CVE-2023-2883 (Authorization Bypass Through User-Controlled Key vulnerability in CBOT ...)
+	TODO: check
+CVE-2023-2882 (Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot  ...)
+	TODO: check
+CVE-2023-2881 (Storing Passwords in a Recoverable Format in GitHub repository pimcore ...)
+	TODO: check
+CVE-2023-2851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-2798 (Those using HtmlUnit to browse untrusted webpages may be vulnerable to ...)
+	TODO: check
+CVE-2023-2734 (The MStore API plugin for WordPress is vulnerable to authentication by ...)
+	TODO: check
+CVE-2023-2733 (The MStore API plugin for WordPress is vulnerable to authentication by ...)
+	TODO: check
+CVE-2023-2732 (The MStore API plugin for WordPress is vulnerable to authentication by ...)
+	TODO: check
+CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...)
+	TODO: check
+CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.12598. ...)
+	TODO: check
+CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...)
+	TODO: check
+CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...)
+	TODO: check
 CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data]
 	- wordpress 6.2.2+dfsg1-1 (bug #1036689)
 	NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/
@@ -2337,8 +2397,7 @@ CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions
 	NOT-FOR-US: Devolutions
 CVE-2023-2256
 	RESERVED
-CVE-2023-2255 [Remote documents loaded without prompt via IFrame]
-	RESERVED
+CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...)
 	- libreoffice 4:7.4.5-3
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
 CVE-2023-2254
@@ -3079,8 +3138,8 @@ CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in th
 	NOT-FOR-US: Gradle Build Action
 CVE-2023-30852 (Pimcore is an open source data and experience management platform. Pri ...)
 	NOT-FOR-US: Pimcore
-CVE-2023-30851
-	RESERVED
+CVE-2023-30851 (Cilium is a networking, observability, and security solution with an e ...)
+	TODO: check
 CVE-2023-30850 (Pimcore is an open source data and experience management platform. Pri ...)
 	NOT-FOR-US: Pimcore
 CVE-2023-30849 (Pimcore is an open source data and experience management platform. Pri ...)
@@ -3813,8 +3872,8 @@ CVE-2023-30617
 	RESERVED
 CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-30615
-	RESERVED
+CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...)
+	TODO: check
 CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
 	NOT-FOR-US: Pay (payments engine for Ruby on Rails)
 CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...)
@@ -4416,8 +4475,8 @@ CVE-2023-30486
 	RESERVED
 CVE-2023-30485
 	RESERVED
-CVE-2023-30484
-	RESERVED
+CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...)
+	TODO: check
 CVE-2023-30483
 	RESERVED
 CVE-2023-30482
@@ -6097,8 +6156,8 @@ CVE-2023-29723
 	RESERVED
 CVE-2023-29722
 	RESERVED
-CVE-2023-29721
-	RESERVED
+CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads to comman ...)
+	TODO: check
 CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...)
 	NOT-FOR-US: SofaWiki
 CVE-2023-29719
@@ -9288,7 +9347,7 @@ CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in
 CVE-2023-28752
 	RESERVED
 CVE-2023-1588
-	RESERVED
+	REJECTED
 CVE-2023-1587 (Avast and AVG Antivirus for Windows were susceptible to a NULL pointer ...)
 	NOT-FOR-US: Norton
 CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...)
@@ -13376,8 +13435,8 @@ CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub reposi
 	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
 CVE-2023-1159
 	RESERVED
-CVE-2023-1158
-	RESERVED
+CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+	TODO: check
 CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...)
 	NOT-FOR-US: Finixbit elf-parser
 CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester  ...)
@@ -16559,8 +16618,7 @@ CVE-2023-0952 (Improper access controls on entries in Devolutions Server  2022.3
 	NOT-FOR-US: Devolutions Server
 CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions Server 2 ...)
 	NOT-FOR-US: Devolutions Server
-CVE-2023-0950 [Array Index UnderFlow in Calc Formula Parsing]
-	RESERVED
+CVE-2023-0950 (Improper Validation of Array Index vulnerability in the spreadsheet co ...)
 	- libreoffice 4:7.4.5-3
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/
 CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...)
@@ -16816,10 +16874,10 @@ CVE-2023-26218
 	RESERVED
 CVE-2023-26217
 	RESERVED
-CVE-2023-26216
-	RESERVED
-CVE-2023-26215
-	RESERVED
+CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
+	TODO: check
+CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
+	TODO: check
 CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...)
 	NOT-FOR-US: BusinessConnect UI component of TIBCO
 CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
@@ -18927,8 +18985,8 @@ CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for
 	- check-mk <removed>
 CVE-2023-25600
 	RESERVED
-CVE-2023-25599
-	RESERVED
+CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
+	TODO: check
 CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
 	TODO: check
 CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...)
@@ -19426,8 +19484,8 @@ CVE-2023-25441
 	RESERVED
 CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...)
 	- civicrm <unfixed> (bug #1036695)
-CVE-2023-25439
-	RESERVED
+CVE-2023-25439 (Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionIn ...)
+	TODO: check
 CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...)
 	NOT-FOR-US: MilleGP5
 CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H ...)
@@ -22272,8 +22330,7 @@ CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which
 	NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c
 CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTube Mai ...)
 	NOT-FOR-US: YouTube Embedded 1.2 SDK
-CVE-2023-0459
-	RESERVED
+CVE-2023-0459 (Copy_from_user on 64-bit versions of the Linux kernel does not impleme ...)
 	{DLA-3404-1 DLA-3403-1}
 	- linux 6.1.15-1
 	[bullseye] - linux 5.10.178-1
@@ -28533,8 +28590,8 @@ CVE-2023-22506
 	RESERVED
 CVE-2023-22505
 	RESERVED
-CVE-2023-22504
-	RESERVED
+CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
+	TODO: check
 CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
 	NOT-FOR-US: Atlassian
 CVE-2023-22502
@@ -29317,8 +29374,8 @@ CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been d
 	NOT-FOR-US: centic9 jgit-cookbook
 CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo Safece ...)
 	NOT-FOR-US: Lenovo
-CVE-2022-4815
-	RESERVED
+CVE-2022-4815 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+	TODO: check
 CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
 	NOT-FOR-US: usememos
 CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository usemem ...)
@@ -33588,16 +33645,16 @@ CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Ko
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47178
-	RESERVED
-CVE-2022-47177
-	RESERVED
+CVE-2022-47178 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Button ...)
+	TODO: check
+CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP Easy ...)
+	TODO: check
 CVE-2022-47176
 	RESERVED
 CVE-2022-47175
 	RESERVED
-CVE-2022-47174
-	RESERVED
+CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performan ...)
+	TODO: check
 CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47172
@@ -33614,20 +33671,20 @@ CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharya
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47165
-	RESERVED
-CVE-2022-47164
-	RESERVED
+CVE-2022-47165 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin < ...)
+	TODO: check
+CVE-2022-47164 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Eve ...)
+	TODO: check
 CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47161
-	RESERVED
+CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org c ...)
+	TODO: check
 CVE-2022-47160
 	RESERVED
-CVE-2022-47159
-	RESERVED
+CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster L ...)
+	TODO: check
 CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don  ...)
@@ -33646,8 +33703,8 @@ CVE-2022-47151
 	RESERVED
 CVE-2022-47150
 	RESERVED
-CVE-2022-47149
-	RESERVED
+CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin ...)
+	TODO: check
 CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF In ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies  ...)
@@ -33656,8 +33713,8 @@ CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47144
-	RESERVED
+CVE-2022-47144 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...)
+	TODO: check
 CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...)
@@ -33666,16 +33723,16 @@ CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dyn
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47140
 	RESERVED
-CVE-2022-47139
-	RESERVED
-CVE-2022-47138
-	RESERVED
+CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Ba ...)
+	TODO: check
+CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN ...)
+	TODO: check
 CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMa ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-47136
-	RESERVED
-CVE-2022-47135
-	RESERVED
+CVE-2022-47136 (Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC N ...)
+	TODO: check
+CVE-2022-47135 (Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Ch ...)
+	TODO: check
 CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47133
@@ -34274,8 +34331,8 @@ CVE-2022-4401 (A vulnerability was found in pallidlight online-course-selection-
 	NOT-FOR-US: pallidlight online-course-selection-system
 CVE-2022-4400 (A vulnerability was found in zbl1996 FS-Blog and classified as problem ...)
 	NOT-FOR-US: zbl1996 FS-Blog
-CVE-2022-46907
-	RESERVED
+CVE-2022-46907 (A carefully crafted request on several JSPWiki plugins could trigger a ...)
+	TODO: check
 CVE-2022-4399 (A vulnerability was found in TicklishHoneyBee nodau. It has been rated ...)
 	- nodau 0.3.8-5 (unimportant)
 	NOTE: https://github.com/TicklishHoneyBee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2
@@ -34436,10 +34493,10 @@ CVE-2022-46868
 	RESERVED
 CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-46866
-	RESERVED
-CVE-2022-46865
-	RESERVED
+CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...)
+	TODO: check
+CVE-2022-46865 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk ...)
+	TODO: check
 CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Sa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...)
@@ -34456,8 +34513,8 @@ CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Am
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46857
 	RESERVED
-CVE-2022-46856
-	RESERVED
+CVE-2022-46856 (Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce P ...)
+	TODO: check
 CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...)
@@ -34591,8 +34648,8 @@ CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46821
 	RESERVED
-CVE-2022-46820
-	RESERVED
+CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table O ...)
+	TODO: check
 CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46818
@@ -34603,16 +34660,16 @@ CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP  ...)
 	NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin
-CVE-2022-46814
-	RESERVED
+CVE-2022-46814 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kode ...)
+	TODO: check
 CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-46812
-	RESERVED
+CVE-2022-46812 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...)
+	TODO: check
 CVE-2022-46811
 	RESERVED
-CVE-2022-46810
-	RESERVED
+CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...)
+	TODO: check
 CVE-2022-46809
 	RESERVED
 CVE-2022-46808
@@ -34631,8 +34688,8 @@ CVE-2022-46802
 	RESERVED
 CVE-2022-46801
 	RESERVED
-CVE-2022-46800
-	RESERVED
+CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technolog ...)
+	TODO: check
 CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...)
@@ -37651,8 +37708,8 @@ CVE-2022-45817 (Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC T
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inGD bbPress Att ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45815
-	RESERVED
+CVE-2022-45815 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR ...)
+	TODO: check
 CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45813
@@ -39181,18 +39238,18 @@ CVE-2022-45373
 	RESERVED
 CVE-2022-45372
 	RESERVED
-CVE-2022-45371
-	RESERVED
+CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...)
+	TODO: check
 CVE-2022-45370
 	RESERVED
 CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45368
 	RESERVED
-CVE-2022-45367
-	RESERVED
-CVE-2022-45366
-	RESERVED
+CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cus ...)
+	TODO: check
+CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...)
+	TODO: check
 CVE-2022-45365
 	RESERVED
 CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...)
@@ -46919,8 +46976,8 @@ CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vul
 	NOT-FOR-US: WordPress plugin
 CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-43490
-	RESERVED
+CVE-2022-43490 (Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin < ...)
+	TODO: check
 CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calendar pl ...)
@@ -47007,8 +47064,8 @@ CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format
 	NOT-FOR-US: PowerISO
 CVE-2022-41990
 	RESERVED
-CVE-2022-41987
-	RESERVED
+CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...)
+	TODO: check
 CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM ...)
@@ -47063,12 +47120,12 @@ CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail
 	NOT-FOR-US: WordPress plugin
 CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post For ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-38716
-	RESERVED
+CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Moto ...)
+	TODO: check
 CVE-2022-38702
 	RESERVED
-CVE-2022-38356
-	RESERVED
+CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Word ...)
+	TODO: check
 CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3648
@@ -52282,8 +52339,8 @@ CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerabil
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <=  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-41635
-	RESERVED
+CVE-2022-41635 (Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Ship ...)
+	TODO: check
 CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folde ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41633 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...)
@@ -53405,8 +53462,8 @@ CVE-2022-41256
 	RESERVED
 CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3 (22.22 ...)
 	NOT-FOR-US: Mitel
-CVE-2022-41221
-	RESERVED
+CVE-2022-41221 (The client in OpenText Archive Center Administration through 21.2 allo ...)
+	TODO: check
 CVE-2022-40224 (A denial of service vulnerability exists in the web server functionali ...)
 	NOT-FOR-US: Moxa
 CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...)
@@ -84309,8 +84366,8 @@ CVE-2022-30027
 	RESERVED
 CVE-2022-30026
 	RESERVED
-CVE-2022-30025
-	RESERVED
+CVE-2022-30025 (SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence  ...)
+	TODO: check
 CVE-2022-30024 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmwa ...)
 	NOT-FOR-US: TP-Link
 CVE-2022-30023 (Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Comma ...)
author	security tracker role <sectracker@soriano.debian.org>	2023-05-25 20:12:03 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2023-05-25 20:12:03 +0000
commit	529f7154c481dd8ea0fe813f03c139899addfc8a (patch)
tree	638ce582782018a98027e7ad9ed8fcb6f1612d90
parent	ed6d12bc72318c2e876873cd2494fa829d2d75ed (diff)