From 1909164868a343d35e89414e340f4a5d76a96d5a Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 27 Mar 2023 20:10:30 +0000 Subject: automatic update --- data/CVE/list | 375 ++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 245 insertions(+), 130 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 2fa71ed419..84e4b9cb3d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,113 @@ +CVE-2023-28927 + RESERVED +CVE-2023-28926 + RESERVED +CVE-2023-28925 + RESERVED +CVE-2023-28924 + RESERVED +CVE-2023-28923 + RESERVED +CVE-2023-28922 + RESERVED +CVE-2023-28921 + RESERVED +CVE-2023-28920 + RESERVED +CVE-2023-28919 + RESERVED +CVE-2023-28918 + RESERVED +CVE-2023-28917 + RESERVED +CVE-2023-28916 + RESERVED +CVE-2023-28915 + RESERVED +CVE-2023-28914 + RESERVED +CVE-2023-28913 + RESERVED +CVE-2023-28912 + RESERVED +CVE-2023-28911 + RESERVED +CVE-2023-28910 + RESERVED +CVE-2023-28909 + RESERVED +CVE-2023-28908 + RESERVED +CVE-2023-28907 + RESERVED +CVE-2023-28906 + RESERVED +CVE-2023-28905 + RESERVED +CVE-2023-28904 + RESERVED +CVE-2023-28903 + RESERVED +CVE-2023-28902 + RESERVED +CVE-2023-28901 + RESERVED +CVE-2023-28900 + RESERVED +CVE-2023-28899 + RESERVED +CVE-2023-28898 + RESERVED +CVE-2023-28897 + RESERVED +CVE-2023-28896 + RESERVED +CVE-2023-28895 + RESERVED +CVE-2023-28894 + RESERVED +CVE-2023-28893 + RESERVED +CVE-2023-1663 + RESERVED +CVE-2023-1662 + RESERVED +CVE-2023-1661 + RESERVED +CVE-2023-1660 + RESERVED +CVE-2023-1659 (This CVE ID has been rejected or withdrawn by its CVE Numbering Author ...) + TODO: check +CVE-2023-1658 + RESERVED +CVE-2023-1657 + RESERVED +CVE-2023-1656 + RESERVED +CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...) + TODO: check +CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. ...) + TODO: check +CVE-2023-1653 + RESERVED +CVE-2023-1652 + RESERVED +CVE-2023-1651 + RESERVED +CVE-2023-1650 + RESERVED +CVE-2023-1649 + RESERVED +CVE-2023-1648 + RESERVED +CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...) + TODO: check +CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page ...) + TODO: check +CVE-2022-48427 (In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending ch ...) + TODO: check +CVE-2022-48426 (In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connecti ...) + TODO: check CVE-2023-28892 RESERVED CVE-2023-28891 @@ -659,6 +769,7 @@ CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtu - qemu NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...) + {DSA-5379-1} - dino-im 0.4.2-1 (bug #1033370) [buster] - dino-im (Vulnerable code added in v0.1.0) NOTE: https://dino.im/security/cve-2023-28686/ @@ -1861,10 +1972,10 @@ CVE-2023-1402 (The course participation report required additional checks to pre - moodle CVE-2023-1401 RESERVED -CVE-2023-1400 - RESERVED -CVE-2023-1399 - RESERVED +CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin through 5.16.2 does n ...) + TODO: check +CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted d ...) + TODO: check CVE-2023-1398 (A vulnerability classified as critical was found in XiaoBingBy TeaCMS ...) NOT-FOR-US: XiaoBingBy TeaCMS CVE-2023-1397 (A vulnerability classified as problematic has been found in SourceCode ...) @@ -3293,7 +3404,8 @@ CVE-2023-1249 (A use-after-free flaw was found in the Linux kernel’s core NOTE: https://git.kernel.org/linus/390031c942116d4733310f0684beb8db19885fe6 (5.18-rc1) CVE-2023-1248 (Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Action ...) TODO: check -CVE-2023-1247 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) +CVE-2023-1247 + REJECTED NOT-FOR-US: pimcore CVE-2022-4932 (The Total Upkeep plugin for WordPress is vulnerable to information dis ...) NOT-FOR-US: Total Upkeep plugin for WordPress @@ -3569,8 +3681,8 @@ CVE-2023-1186 (A vulnerability has been found in FabulaTech Webcam for Remote De NOT-FOR-US: FabulaTech Webcam for Remote Desktop CVE-2023-1185 (A vulnerability, which was classified as problematic, was found in ECs ...) NOT-FOR-US: ECshop -CVE-2020-36666 - RESERVED +CVE-2020-36666 (The directory-pro WordPress plugin before 1.9.5, final-user-wp-fronten ...) + TODO: check CVE-2023-XXXX [Transaction cache overrides the current user] - tryton-server 6.0.29-1 [bullseye] - tryton-server (Vulnerable code not present) @@ -3582,8 +3694,8 @@ CVE-2023-27849 RESERVED CVE-2023-27848 RESERVED -CVE-2023-27847 - RESERVED +CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and be ...) + TODO: check CVE-2023-27846 RESERVED CVE-2023-27845 @@ -4499,32 +4611,32 @@ CVE-2023-1147 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpres NOT-FOR-US: flatpressblog CVE-2023-1146 (Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblo ...) NOT-FOR-US: flatpressblog -CVE-2023-1145 - RESERVED -CVE-2023-1144 - RESERVED -CVE-2023-1143 - RESERVED -CVE-2023-1142 - RESERVED -CVE-2023-1141 - RESERVED -CVE-2023-1140 - RESERVED -CVE-2023-1139 - RESERVED -CVE-2023-1138 - RESERVED -CVE-2023-1137 - RESERVED -CVE-2023-1136 - RESERVED -CVE-2023-1135 - RESERVED -CVE-2023-1134 - RESERVED -CVE-2023-1133 - RESERVED +CVE-2023-1145 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are ...) + TODO: check +CVE-2023-1144 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...) + TODO: check +CVE-2023-1143 (In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, ...) + TODO: check +CVE-2023-1142 (In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, ...) + TODO: check +CVE-2023-1141 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...) + TODO: check +CVE-2023-1140 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...) + TODO: check +CVE-2023-1139 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are ...) + TODO: check +CVE-2023-1138 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...) + TODO: check +CVE-2023-1137 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...) + TODO: check +CVE-2023-1136 (In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, ...) + TODO: check +CVE-2023-1135 (In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, ...) + TODO: check +CVE-2023-1134 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are ...) + TODO: check +CVE-2023-1133 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...) + TODO: check CVE-2023-1132 RESERVED CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts Sales ...) @@ -5029,22 +5141,22 @@ CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error NOTE: https://git.kernel.org/linus/580077855a40741cf511766129702d97ff02f4d9 (6.0-rc1) CVE-2023-1094 RESERVED -CVE-2023-1093 - RESERVED -CVE-2023-1092 - RESERVED +CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does not have ...) + TODO: check +CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Si ...) + TODO: check CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Alpata Licensed Warehousing Automation System CVE-2023-1090 RESERVED -CVE-2023-1089 - RESERVED -CVE-2023-1088 - RESERVED -CVE-2023-1087 - RESERVED -CVE-2023-1086 - RESERVED +CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check ...) + TODO: check +CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF ...) + TODO: check +CVE-2023-1087 (The WC Sales Notification WordPress plugin before 1.2.3 does not have ...) + TODO: check +CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does not have ...) + TODO: check CVE-2023-1085 RESERVED CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) @@ -5053,8 +5165,8 @@ CVE-2023-1083 RESERVED CVE-2023-1082 RESERVED -CVE-2023-27296 - RESERVED +CVE-2023-27296 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) + TODO: check CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure to requi ...) NOT-FOR-US: OpenCATS CVE-2023-27294 (Improper neutralization of input during web page generation allows an ...) @@ -5187,8 +5299,8 @@ CVE-2023-1071 RESERVED CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...) - teampass (bug #730180) -CVE-2023-1069 - RESERVED +CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPre ...) + TODO: check CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is vulnerable ...) NOT-FOR-US: Download Read More Excerpt Link plugin for WordPress CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) @@ -5272,16 +5384,16 @@ CVE-2023-27247 RESERVED CVE-2023-27246 RESERVED -CVE-2023-27245 - RESERVED +CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management Project ...) + TODO: check CVE-2023-27244 RESERVED CVE-2023-27243 RESERVED CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to contain a ...) NOT-FOR-US: SourceCodester Loan Management System -CVE-2023-27241 - RESERVED +CVE-2023-27241 (SourceCodester Water Billing System v1.0 was discovered to contain a c ...) + TODO: check CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command injection v ...) NOT-FOR-US: Tenda CVE-2023-27239 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...) @@ -5589,8 +5701,8 @@ CVE-2023-27098 RESERVED CVE-2023-27097 RESERVED -CVE-2023-27096 - RESERVED +CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) + TODO: check CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) NOT-FOR-US: Hippo4j CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escala ...) @@ -5863,10 +5975,10 @@ CVE-2023-26961 RESERVED CVE-2023-26960 RESERVED -CVE-2023-26959 - RESERVED -CVE-2023-26958 - RESERVED +CVE-2023-26959 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL I ...) + TODO: check +CVE-2023-26958 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross ...) + TODO: check CVE-2023-26957 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete ...) NOT-FOR-US: onekeyadmin CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...) @@ -6865,8 +6977,8 @@ CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation NOT-FOR-US: Apache Sling CVE-2023-26512 RESERVED -CVE-2023-1025 - RESERVED +CVE-2023-1025 (The Simple File List WordPress plugin before 6.0.10 does not sanitise ...) + TODO: check CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plu ...) @@ -7445,8 +7557,8 @@ CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022. NOT-FOR-US: Gitpod CVE-2023-0956 RESERVED -CVE-2023-0955 - RESERVED +CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...) + TODO: check CVE-2023-0954 RESERVED CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...) @@ -8803,8 +8915,8 @@ CVE-2023-25830 RESERVED CVE-2023-25829 RESERVED -CVE-2023-25828 - RESERVED +CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...) + TODO: check CVE-2023-25827 RESERVED CVE-2023-25826 @@ -8998,8 +9110,8 @@ CVE-2023-0825 RESERVED CVE-2023-0824 RESERVED -CVE-2023-0823 - RESERVED +CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...) + TODO: check CVE-2023-25760 RESERVED CVE-2023-25759 @@ -9204,8 +9316,8 @@ CVE-2023-25728 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25728 CVE-2023-24585 RESERVED -CVE-2023-0816 - RESERVED +CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several potentia ...) + TODO: check CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...) NOT-FOR-US: OpenNMS CVE-2023-0814 (The Profile Builder – User Profile & User Registration Forms ...) @@ -10979,8 +11091,8 @@ CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before NOTE: https://github.com/php/php-src/commit/e45850c195dcd5534394cf357a3f776d4916b655 (improvement) CVE-2023-0661 (Improper access control in Devolutions Server allows an authenticated ...) NOT-FOR-US: Devolutions -CVE-2023-0660 - RESERVED +CVE-2023-0660 (The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly ...) + TODO: check CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been clas ...) NOT-FOR-US: BDCOM CVE-2022-4901 (Multiple stored XSS vulnerabilities in Sophos Connect versions older t ...) @@ -11785,8 +11897,8 @@ CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_a - linux 6.0.6-1 [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2) -CVE-2023-0589 - RESERVED +CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise ...) + TODO: check CVE-2023-0588 RESERVED CVE-2022-4900 @@ -12743,28 +12855,28 @@ CVE-2023-0507 (Grafana is an open-source platform for monitoring and observabili - grafana CVE-2023-0506 RESERVED -CVE-2023-0505 - RESERVED -CVE-2023-0504 - RESERVED -CVE-2023-0503 - RESERVED -CVE-2023-0502 - RESERVED -CVE-2023-0501 - RESERVED -CVE-2023-0500 - RESERVED -CVE-2023-0499 - RESERVED -CVE-2023-0498 - RESERVED -CVE-2023-0497 - RESERVED -CVE-2023-0496 - RESERVED -CVE-2023-0495 - RESERVED +CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have CSRF che ...) + TODO: check +CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF check ...) + TODO: check +CVE-2023-0503 (The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2. ...) + TODO: check +CVE-2023-0502 (The WP News WordPress plugin through 1.1.9 does not have CSRF check wh ...) + TODO: check +CVE-2023-0501 (The WP Insurance WordPress plugin before 2.1.4 does not have CSRF chec ...) + TODO: check +CVE-2023-0500 (The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF ch ...) + TODO: check +CVE-2023-0499 (The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check ...) + TODO: check +CVE-2023-0498 (The WP Education WordPress plugin before 1.2.7 does not have CSRF chec ...) + TODO: check +CVE-2023-0497 (The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF chec ...) + TODO: check +CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF check wh ...) + TODO: check +CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does not hav ...) + TODO: check CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses] RESERVED {DSA-5342-1 DLA-3310-1} @@ -12814,8 +12926,8 @@ CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub NOT-FOR-US: btcpayserver CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...) NOT-FOR-US: WordPress plugin -CVE-2023-0491 - RESERVED +CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate and e ...) + TODO: check CVE-2023-0490 RESERVED CVE-2023-0489 @@ -12828,8 +12940,8 @@ CVE-2023-0486 RESERVED CVE-2023-0485 RESERVED -CVE-2023-0484 - RESERVED +CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg B ...) + TODO: check CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...) @@ -12935,8 +13047,8 @@ CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_che [buster] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7) NOTE: https://git.kernel.org/linus/a26a35e9019fd70bf3cf647dcfdae87abc7bacea (6.1-rc7) -CVE-2023-0467 - RESERVED +CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...) + TODO: check CVE-2023-0466 RESERVED CVE-2023-0465 @@ -13204,8 +13316,8 @@ CVE-2023-0443 RESERVED CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...) NOT-FOR-US: WordPress plugin -CVE-2023-0441 - RESERVED +CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an ...) + TODO: check CVE-2023-0440 (Observable Discrepancy in GitHub repository healthchecks/healthchecks ...) NOT-FOR-US: healthchecks CVE-2023-0439 @@ -13786,8 +13898,8 @@ CVE-2023-24096 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrad NOT-FOR-US: TrendNet CVE-2023-24095 (** UNSUPPORTED WHEN ASSIGNED ** TrendNet Wireless AC Easy-Upgrader TEW ...) NOT-FOR-US: TrendNet -CVE-2023-24094 - RESERVED +CVE-2023-24094 (An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows ...) + TODO: check CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows attackers ...) NOT-FOR-US: H3C A210-G A210-GV100R005 CVE-2023-24092 @@ -14502,8 +14614,8 @@ CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of S NOT-FOR-US: Zephyr CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...) NOT-FOR-US: Zephyr -CVE-2023-0395 - RESERVED +CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not validate and ...) + TODO: check CVE-2023-0393 RESERVED CVE-2023-0392 @@ -14976,10 +15088,10 @@ CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository liran NOT-FOR-US: lirantal/daloradius CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...) NOT-FOR-US: lirantal/daloradius -CVE-2023-0336 - RESERVED -CVE-2023-0335 - RESERVED +CVE-2023-0336 (The OoohBoi Steroids for Elementor WordPress plugin through 2.1.3 has ...) + TODO: check +CVE-2023-0335 (The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken acces ...) + TODO: check CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not valid ...) @@ -15542,8 +15654,8 @@ CVE-2023-0274 RESERVED CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...) NOT-FOR-US: WordPress plugin -CVE-2023-0272 - RESERVED +CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate and esca ...) + TODO: check CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does no ...) @@ -18130,8 +18242,8 @@ CVE-2023-22709 RESERVED CVE-2023-22708 RESERVED -CVE-2023-22707 - RESERVED +CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Gre ...) + TODO: check CVE-2023-22706 RESERVED CVE-2023-22705 @@ -20500,10 +20612,10 @@ CVE-2020-36625 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in des NOT-FOR-US: destiny.gg chat CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x. It has ...) NOT-FOR-US: text_helpers gem -CVE-2022-47925 - RESERVED -CVE-2022-47924 - RESERVED +CVE-2022-47925 (The validate JSON endpoint of the Secvisogram csaf-validator-service i ...) + TODO: check +CVE-2022-47924 (An high privileged attacker may pass crafted arguments to the validate ...) + TODO: check CVE-2022-4648 (The Real Testimonials WordPress plugin before 2.6.0 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) @@ -23997,8 +24109,8 @@ CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight NOT-FOR-US: WordPress plugin CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ...) NOT-FOR-US: WordPress plugin -CVE-2022-47146 - RESERVED +CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempo ...) + TODO: check CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...) NOT-FOR-US: WordPress plugin CVE-2022-47144 @@ -24822,8 +24934,8 @@ CVE-2022-46845 RESERVED CVE-2022-46844 RESERVED -CVE-2022-46843 - RESERVED +CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van T ...) + TODO: check CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin ...) NOT-FOR-US: Wordpress plugin CVE-2022-46841 @@ -43277,8 +43389,7 @@ CVE-2022-41356 RESERVED CVE-2022-41355 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) NOT-FOR-US: Online Leave Management System -CVE-2022-41354 - RESERVED +CVE-2022-41354 (An access control issue in Argo CD v2.4.12 and below allows unauthenti ...) NOT-FOR-US: ArgoCD CVE-2022-41353 RESERVED @@ -60787,8 +60898,8 @@ CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore W NOT-FOR-US: WordPress plugin CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...) NOT-FOR-US: WordPress plugin -CVE-2022-30705 - RESERVED +CVE-2022-30705 (Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPres ...) + TODO: check CVE-2022-29495 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...) NOT-FOR-US: WordPress plugin CVE-2022-29489 (Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plu ...) @@ -77065,6 +77176,7 @@ CVE-2022-29164 (Argo Workflows is an open source container-native workflow engin CVE-2022-29163 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) - nextcloud-server (bug #941708) CVE-2022-29162 (runc is a CLI tool for spawning and running containers on Linux accord ...) + {DLA-3369-1} - runc 1.1.3+ds1-1 [bullseye] - runc 1.0.0~rc93+ds1-5+deb11u2 [stretch] - runc (Vulnerable code not present) @@ -145048,6 +145160,7 @@ CVE-2021-30467 CVE-2021-30466 RESERVED CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...) + {DLA-3369-1} - runc 1.0.0~rc93+ds1-5 (bug #988768) [stretch] - runc (Intrusive to backport fix) NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2 @@ -243674,6 +243787,7 @@ CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.c [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to Escalation ...) + {DLA-3369-1} - runc (bug #1033520) NOTE: https://github.com/opencontainers/runc/issues/3751 NOTE: https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334 @@ -243682,6 +243796,7 @@ CVE-2023-27561 (runc through 1.1.4 has Incorrect Access Control leading to Escal NOTE: Pull Request: https://github.com/opencontainers/runc/pull/3773 NOTE: Fixed by: https://github.com/opencontainers/runc/commit/0abab45c9b97c113ff2cdc16f3a7388444c3fbec (release-1.1 branch) CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...) + {DLA-3369-1} - runc 1.0.0~rc10+dfsg1-1 [stretch] - runc (Minor issue) NOTE: https://github.com/opencontainers/runc/issues/2197 @@ -260356,7 +260471,7 @@ CVE-2019-16886 CVE-2019-16885 (In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remo ...) NOT-FOR-US: OkayCMS CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...) - {DLA-3322-1} + {DLA-3369-1 DLA-3322-1} - runc 1.0.0~rc9+dfsg1-1 (bug #942026) [stretch] - runc (Minor issue) - golang-github-opencontainers-selinux 1.3.0-2 (bug #942027) -- cgit v1.2.3