diff options
author | security tracker role <sectracker@soriano.debian.org> | 2023-05-25 20:12:03 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2023-05-25 20:12:03 +0000 |
commit | 529f7154c481dd8ea0fe813f03c139899addfc8a (patch) | |
tree | 638ce582782018a98027e7ad9ed8fcb6f1612d90 | |
parent | ed6d12bc72318c2e876873cd2494fa829d2d75ed (diff) |
automatic update
-rw-r--r-- | data/CVE/list | 247 |
1 files changed, 152 insertions, 95 deletions
diff --git a/data/CVE/list b/data/CVE/list index afefbf327c..267adab6aa 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,63 @@ +CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) + TODO: check +CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) + TODO: check +CVE-2023-33356 (IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).) + TODO: check +CVE-2023-33355 (IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access t ...) + TODO: check +CVE-2023-33280 (In the Store Commander scquickaccounting module for PrestaShop through ...) + TODO: check +CVE-2023-33279 (In the Store Commander scfixmyprestashop module through 2023-05-09 for ...) + TODO: check +CVE-2023-33278 (In the Store Commander scexportcustomers module for PrestaShop through ...) + TODO: check +CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an openly v ...) + TODO: check +CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd generation an ...) + TODO: check +CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's `validate ...) + TODO: check +CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.) + TODO: check +CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...) + TODO: check +CVE-2023-31458 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) + TODO: check +CVE-2023-2888 (A vulnerability, which was classified as problematic, was found in PHP ...) + TODO: check +CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows ...) + TODO: check +CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot ...) + TODO: check +CVE-2023-2885 (Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allow ...) + TODO: check +CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), U ...) + TODO: check +CVE-2023-2883 (Authorization Bypass Through User-Controlled Key vulnerability in CBOT ...) + TODO: check +CVE-2023-2882 (Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot ...) + TODO: check +CVE-2023-2881 (Storing Passwords in a Recoverable Format in GitHub repository pimcore ...) + TODO: check +CVE-2023-2851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-2798 (Those using HtmlUnit to browse untrusted webpages may be vulnerable to ...) + TODO: check +CVE-2023-2734 (The MStore API plugin for WordPress is vulnerable to authentication by ...) + TODO: check +CVE-2023-2733 (The MStore API plugin for WordPress is vulnerable to authentication by ...) + TODO: check +CVE-2023-2732 (The MStore API plugin for WordPress is vulnerable to authentication by ...) + TODO: check +CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) + TODO: check +CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.12598. ...) + TODO: check +CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...) + TODO: check +CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...) + TODO: check CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data] - wordpress 6.2.2+dfsg1-1 (bug #1036689) NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/ @@ -2337,8 +2397,7 @@ CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions NOT-FOR-US: Devolutions CVE-2023-2256 RESERVED -CVE-2023-2255 [Remote documents loaded without prompt via IFrame] - RESERVED +CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...) - libreoffice 4:7.4.5-3 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/ CVE-2023-2254 @@ -3079,8 +3138,8 @@ CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in th NOT-FOR-US: Gradle Build Action CVE-2023-30852 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore -CVE-2023-30851 - RESERVED +CVE-2023-30851 (Cilium is a networking, observability, and security solution with an e ...) + TODO: check CVE-2023-30850 (Pimcore is an open source data and experience management platform. Pri ...) NOT-FOR-US: Pimcore CVE-2023-30849 (Pimcore is an open source data and experience management platform. Pri ...) @@ -3813,8 +3872,8 @@ CVE-2023-30617 RESERVED CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...) NOT-FOR-US: WordPress plugin -CVE-2023-30615 - RESERVED +CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...) + TODO: check CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...) NOT-FOR-US: Pay (payments engine for Ruby on Rails) CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...) @@ -4416,8 +4475,8 @@ CVE-2023-30486 RESERVED CVE-2023-30485 RESERVED -CVE-2023-30484 - RESERVED +CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...) + TODO: check CVE-2023-30483 RESERVED CVE-2023-30482 @@ -6097,8 +6156,8 @@ CVE-2023-29723 RESERVED CVE-2023-29722 RESERVED -CVE-2023-29721 - RESERVED +CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads to comman ...) + TODO: check CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...) NOT-FOR-US: SofaWiki CVE-2023-29719 @@ -9288,7 +9347,7 @@ CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in CVE-2023-28752 RESERVED CVE-2023-1588 - RESERVED + REJECTED CVE-2023-1587 (Avast and AVG Antivirus for Windows were susceptible to a NULL pointer ...) NOT-FOR-US: Norton CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...) @@ -13376,8 +13435,8 @@ CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub reposi NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-1159 RESERVED -CVE-2023-1158 - RESERVED +CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + TODO: check CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...) NOT-FOR-US: Finixbit elf-parser CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester ...) @@ -16559,8 +16618,7 @@ CVE-2023-0952 (Improper access controls on entries in Devolutions Server 2022.3 NOT-FOR-US: Devolutions Server CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions Server 2 ...) NOT-FOR-US: Devolutions Server -CVE-2023-0950 [Array Index UnderFlow in Calc Formula Parsing] - RESERVED +CVE-2023-0950 (Improper Validation of Array Index vulnerability in the spreadsheet co ...) - libreoffice 4:7.4.5-3 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/ CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...) @@ -16816,10 +16874,10 @@ CVE-2023-26218 RESERVED CVE-2023-26217 RESERVED -CVE-2023-26216 - RESERVED -CVE-2023-26215 - RESERVED +CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) + TODO: check +CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) + TODO: check CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...) NOT-FOR-US: BusinessConnect UI component of TIBCO CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) @@ -18927,8 +18985,8 @@ CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for - check-mk <removed> CVE-2023-25600 RESERVED -CVE-2023-25599 - RESERVED +CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...) + TODO: check CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...) TODO: check CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...) @@ -19426,8 +19484,8 @@ CVE-2023-25441 RESERVED CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...) - civicrm <unfixed> (bug #1036695) -CVE-2023-25439 - RESERVED +CVE-2023-25439 (Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionIn ...) + TODO: check CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...) NOT-FOR-US: MilleGP5 CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H ...) @@ -22272,8 +22330,7 @@ CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTube Mai ...) NOT-FOR-US: YouTube Embedded 1.2 SDK -CVE-2023-0459 - RESERVED +CVE-2023-0459 (Copy_from_user on 64-bit versions of the Linux kernel does not impleme ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.15-1 [bullseye] - linux 5.10.178-1 @@ -28533,8 +28590,8 @@ CVE-2023-22506 RESERVED CVE-2023-22505 RESERVED -CVE-2023-22504 - RESERVED +CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote attacker ...) + TODO: check CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian CVE-2023-22502 @@ -29317,8 +29374,8 @@ CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been d NOT-FOR-US: centic9 jgit-cookbook CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo Safece ...) NOT-FOR-US: Lenovo -CVE-2022-4815 - RESERVED +CVE-2022-4815 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + TODO: check CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) NOT-FOR-US: usememos CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository usemem ...) @@ -33588,16 +33645,16 @@ CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Ko NOT-FOR-US: WordPress plugin CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...) NOT-FOR-US: WordPress plugin -CVE-2022-47178 - RESERVED -CVE-2022-47177 - RESERVED +CVE-2022-47178 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Button ...) + TODO: check +CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP Easy ...) + TODO: check CVE-2022-47176 RESERVED CVE-2022-47175 RESERVED -CVE-2022-47174 - RESERVED +CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performan ...) + TODO: check CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...) NOT-FOR-US: WordPress plugin CVE-2022-47172 @@ -33614,20 +33671,20 @@ CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharya NOT-FOR-US: WordPress plugin CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...) NOT-FOR-US: WordPress plugin -CVE-2022-47165 - RESERVED -CVE-2022-47164 - RESERVED +CVE-2022-47165 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin < ...) + TODO: check +CVE-2022-47164 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Eve ...) + TODO: check CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...) NOT-FOR-US: WordPress plugin CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...) NOT-FOR-US: WordPress plugin -CVE-2022-47161 - RESERVED +CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org c ...) + TODO: check CVE-2022-47160 RESERVED -CVE-2022-47159 - RESERVED +CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster L ...) + TODO: check CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...) NOT-FOR-US: WordPress plugin CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don ...) @@ -33646,8 +33703,8 @@ CVE-2022-47151 RESERVED CVE-2022-47150 RESERVED -CVE-2022-47149 - RESERVED +CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin ...) + TODO: check CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF In ...) NOT-FOR-US: WordPress plugin CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ...) @@ -33656,8 +33713,8 @@ CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co NOT-FOR-US: WordPress plugin CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...) NOT-FOR-US: WordPress plugin -CVE-2022-47144 - RESERVED +CVE-2022-47144 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...) + TODO: check CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) NOT-FOR-US: WordPress plugin CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...) @@ -33666,16 +33723,16 @@ CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dyn NOT-FOR-US: WordPress plugin CVE-2022-47140 RESERVED -CVE-2022-47139 - RESERVED -CVE-2022-47138 - RESERVED +CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Ba ...) + TODO: check +CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN ...) + TODO: check CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMa ...) NOT-FOR-US: WordPress plugin -CVE-2022-47136 - RESERVED -CVE-2022-47135 - RESERVED +CVE-2022-47136 (Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC N ...) + TODO: check +CVE-2022-47135 (Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Ch ...) + TODO: check CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...) NOT-FOR-US: WordPress plugin CVE-2022-47133 @@ -34274,8 +34331,8 @@ CVE-2022-4401 (A vulnerability was found in pallidlight online-course-selection- NOT-FOR-US: pallidlight online-course-selection-system CVE-2022-4400 (A vulnerability was found in zbl1996 FS-Blog and classified as problem ...) NOT-FOR-US: zbl1996 FS-Blog -CVE-2022-46907 - RESERVED +CVE-2022-46907 (A carefully crafted request on several JSPWiki plugins could trigger a ...) + TODO: check CVE-2022-4399 (A vulnerability was found in TicklishHoneyBee nodau. It has been rated ...) - nodau 0.3.8-5 (unimportant) NOTE: https://github.com/TicklishHoneyBee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2 @@ -34436,10 +34493,10 @@ CVE-2022-46868 RESERVED CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...) NOT-FOR-US: WordPress plugin -CVE-2022-46866 - RESERVED -CVE-2022-46865 - RESERVED +CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...) + TODO: check +CVE-2022-46865 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk ...) + TODO: check CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Sa ...) NOT-FOR-US: WordPress plugin CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...) @@ -34456,8 +34513,8 @@ CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Am NOT-FOR-US: WordPress plugin CVE-2022-46857 RESERVED -CVE-2022-46856 - RESERVED +CVE-2022-46856 (Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce P ...) + TODO: check CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...) @@ -34591,8 +34648,8 @@ CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC NOT-FOR-US: WordPress plugin CVE-2022-46821 RESERVED -CVE-2022-46820 - RESERVED +CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table O ...) + TODO: check CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) NOT-FOR-US: WordPress plugin CVE-2022-46818 @@ -34603,16 +34660,16 @@ CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra NOT-FOR-US: WordPress plugin CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...) NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin -CVE-2022-46814 - RESERVED +CVE-2022-46814 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kode ...) + TODO: check CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...) NOT-FOR-US: WordPress plugin -CVE-2022-46812 - RESERVED +CVE-2022-46812 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...) + TODO: check CVE-2022-46811 RESERVED -CVE-2022-46810 - RESERVED +CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...) + TODO: check CVE-2022-46809 RESERVED CVE-2022-46808 @@ -34631,8 +34688,8 @@ CVE-2022-46802 RESERVED CVE-2022-46801 RESERVED -CVE-2022-46800 - RESERVED +CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technolog ...) + TODO: check CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) NOT-FOR-US: WordPress plugin CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...) @@ -37651,8 +37708,8 @@ CVE-2022-45817 (Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC T NOT-FOR-US: WordPress plugin CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inGD bbPress Att ...) NOT-FOR-US: WordPress plugin -CVE-2022-45815 - RESERVED +CVE-2022-45815 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR ...) + TODO: check CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen W ...) NOT-FOR-US: WordPress plugin CVE-2022-45813 @@ -39181,18 +39238,18 @@ CVE-2022-45373 RESERVED CVE-2022-45372 RESERVED -CVE-2022-45371 - RESERVED +CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...) + TODO: check CVE-2022-45370 RESERVED CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for ...) NOT-FOR-US: WordPress plugin CVE-2022-45368 RESERVED -CVE-2022-45367 - RESERVED -CVE-2022-45366 - RESERVED +CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cus ...) + TODO: check +CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...) + TODO: check CVE-2022-45365 RESERVED CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...) @@ -46919,8 +46976,8 @@ CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vul NOT-FOR-US: WordPress plugin CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...) NOT-FOR-US: WordPress plugin -CVE-2022-43490 - RESERVED +CVE-2022-43490 (Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin < ...) + TODO: check CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...) NOT-FOR-US: WordPress plugin CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calendar pl ...) @@ -47007,8 +47064,8 @@ CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format NOT-FOR-US: PowerISO CVE-2022-41990 RESERVED -CVE-2022-41987 - RESERVED +CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...) + TODO: check CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...) NOT-FOR-US: WordPress plugin CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM ...) @@ -47063,12 +47120,12 @@ CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail NOT-FOR-US: WordPress plugin CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post For ...) NOT-FOR-US: WordPress plugin -CVE-2022-38716 - RESERVED +CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Moto ...) + TODO: check CVE-2022-38702 RESERVED -CVE-2022-38356 - RESERVED +CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Word ...) + TODO: check CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) NOT-FOR-US: WordPress plugin CVE-2022-3648 @@ -52282,8 +52339,8 @@ CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerabil NOT-FOR-US: WordPress plugin CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= ...) NOT-FOR-US: WordPress plugin -CVE-2022-41635 - RESERVED +CVE-2022-41635 (Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Ship ...) + TODO: check CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folde ...) NOT-FOR-US: WordPress plugin CVE-2022-41633 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) @@ -53405,8 +53462,8 @@ CVE-2022-41256 RESERVED CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3 (22.22 ...) NOT-FOR-US: Mitel -CVE-2022-41221 - RESERVED +CVE-2022-41221 (The client in OpenText Archive Center Administration through 21.2 allo ...) + TODO: check CVE-2022-40224 (A denial of service vulnerability exists in the web server functionali ...) NOT-FOR-US: Moxa CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...) @@ -84309,8 +84366,8 @@ CVE-2022-30027 RESERVED CVE-2022-30026 RESERVED -CVE-2022-30025 - RESERVED +CVE-2022-30025 (SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence ...) + TODO: check CVE-2022-30024 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmwa ...) NOT-FOR-US: TP-Link CVE-2022-30023 (Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Comma ...) |