Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ccf0acd6 by security tracker role at 2023-05-15T20:13:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-32787 (The OPC UA Legacy Java Stack before 6f176f2 enables an
attacker to blo ...)
+ TODO: check
+CVE-2023-32314 (vm2 is a sandbox that can run untrusted code with Node's
built-in modu ...)
+ TODO: check
+CVE-2023-32313 (vm2 is a sandbox that can run untrusted code with Node's
built-in modu ...)
+ TODO: check
+CVE-2023-31986 (A Command Injection vulnerability in Edimax Wireless Router
N300 Firmw ...)
+ TODO: check
+CVE-2023-31845 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to
SQL Inj ...)
+ TODO: check
+CVE-2023-31844 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to
SQL Inj ...)
+ TODO: check
+CVE-2023-31843 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to
SQL Inj ...)
+ TODO: check
+CVE-2023-31842 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to
SQL Inj ...)
+ TODO: check
+CVE-2023-31631 (An issue in the sqlo_preds_contradiction component of openlink
virtuos ...)
+ TODO: check
+CVE-2023-31630 (An issue in the sqlo_query_spec component of openlink
virtuoso-opensou ...)
+ TODO: check
+CVE-2023-31629 (An issue in the sqlo_union_scope component of openlink
virtuoso-openso ...)
+ TODO: check
+CVE-2023-31628 (An issue in the stricmp component of openlink
virtuoso-opensource v7.2 ...)
+ TODO: check
+CVE-2023-31627 (An issue in the strhash component of openlink
virtuoso-opensource v7.2 ...)
+ TODO: check
+CVE-2023-31626 (An issue in the gpf_notice component of openlink
virtuoso-opensource v ...)
+ TODO: check
+CVE-2023-31625 (An issue in the psiginfo component of openlink
virtuoso-opensource v7. ...)
+ TODO: check
+CVE-2023-31624 (An issue in the sinv_check_exp component of openlink
virtuoso-opensour ...)
+ TODO: check
+CVE-2023-31623 (An issue in the mp_box_copy component of openlink
virtuoso-opensource ...)
+ TODO: check
+CVE-2023-31622 (An issue in the sqlc_make_policy_trig component of openlink
virtuoso-o ...)
+ TODO: check
+CVE-2023-31621 (An issue in the kc_var_col component of openlink
virtuoso-opensource v ...)
+ TODO: check
+CVE-2023-31620 (An issue in the dv_compare component of openlink
virtuoso-opensource v ...)
+ TODO: check
+CVE-2023-31619 (An issue in the sch_name_to_object component of openlink
virtuoso-open ...)
+ TODO: check
+CVE-2023-31618 (An issue in the sqlc_union_dt_wrap component of openlink
virtuoso-open ...)
+ TODO: check
+CVE-2023-31617 (An issue in the dk_set_delete component of openlink
virtuoso-opensourc ...)
+ TODO: check
+CVE-2023-31616 (An issue in the bif_mod component of openlink
virtuoso-opensource v7.2 ...)
+ TODO: check
+CVE-2023-31615 (An issue in the chash_array component of openlink
virtuoso-opensource ...)
+ TODO: check
+CVE-2023-31614 (An issue in the mp_box_deserialize_string function in openlink
virtuos ...)
+ TODO: check
+CVE-2023-31613 (An issue in the __nss_database_lookup component of openlink
virtuoso-o ...)
+ TODO: check
+CVE-2023-31612 (An issue in the dfe_qexp_list component of openlink
virtuoso-opensourc ...)
+ TODO: check
+CVE-2023-31611 (An issue in the __libc_longjmp component of openlink
virtuoso-opensour ...)
+ TODO: check
+CVE-2023-31610 (An issue in the _IO_default_xsputn component of openlink
virtuoso-open ...)
+ TODO: check
+CVE-2023-31609 (An issue in the dfe_unit_col_loci component of openlink
virtuoso-opens ...)
+ TODO: check
+CVE-2023-31608 (An issue in the artm_div_int component of openlink
virtuoso-opensource ...)
+ TODO: check
+CVE-2023-31607 (An issue in the __libc_malloc component of openlink
virtuoso-opensourc ...)
+ TODO: check
+CVE-2023-31409 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR
with Pa ...)
+ TODO: check
+CVE-2023-31408 (Cleartext Storage of Sensitive Information in SICK FTMg AIR
FLOW SENSO ...)
+ TODO: check
CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the
cleartext ma ...)
- keepass2 <unfixed>
NOTE: https://github.com/vdohney/keepass-password-dumper
@@ -182,13 +252,13 @@ CVE-2023-2444 (A cross site request forgery vulnerability
exists in Rockwell Aut
CVE-2023-2443 (Rockwell Automation ThinManager product allows the use of
medium stren ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-2455 [Row security policies disregard user ID changes after inlining]
- {DSA-5401-1}
+ {DSA-5401-1 DLA-3422-1}
- postgresql-15 15.3-0+deb12u1
- postgresql-13 <removed>
- postgresql-11 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/
CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats protective search_path
changes]
- {DSA-5401-1}
+ {DSA-5401-1 DLA-3422-1}
- postgresql-15 15.3-0+deb12u1
- postgresql-13 <removed>
- postgresql-11 <removed>
@@ -331,7 +401,7 @@ CVE-2023-32216
- firefox 113.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216
CVE-2023-32215
- {DSA-5403-1 DSA-5400-1 DLA-3417-1}
+ {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
- thunderbird 1:102.11.0-1
@@ -346,7 +416,7 @@ CVE-2023-32214
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32214
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32214
CVE-2023-32213
- {DSA-5403-1 DSA-5400-1 DLA-3417-1}
+ {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
- thunderbird 1:102.11.0-1
@@ -354,7 +424,7 @@ CVE-2023-32213
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32213
CVE-2023-32212
- {DSA-5403-1 DSA-5400-1 DLA-3417-1}
+ {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
- thunderbird 1:102.11.0-1
@@ -362,7 +432,7 @@ CVE-2023-32212
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32212
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32212
CVE-2023-32211
- {DSA-5403-1 DSA-5400-1 DLA-3417-1}
+ {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
- thunderbird 1:102.11.0-1
@@ -379,7 +449,7 @@ CVE-2023-32208
- firefox 113.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32208
CVE-2023-32207
- {DSA-5403-1 DSA-5400-1 DLA-3417-1}
+ {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
- thunderbird 1:102.11.0-1
@@ -387,7 +457,7 @@ CVE-2023-32207
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32207
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32207
CVE-2023-32206
- {DSA-5403-1 DSA-5400-1 DLA-3417-1}
+ {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
- thunderbird 1:102.11.0-1
@@ -395,7 +465,7 @@ CVE-2023-32206
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32206
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32206
CVE-2023-32205
- {DSA-5403-1 DSA-5400-1 DLA-3417-1}
+ {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1}
- firefox 113.0-1
- firefox-esr 102.11.0esr-1
- thunderbird 1:102.11.0-1
@@ -2068,10 +2138,10 @@ CVE-2023-2182 (An issue has been discovered in GitLab
EE affecting all versions
- gitlab <not-affected> (Specific to EE)
CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- gitlab <unfixed>
-CVE-2023-2180
- RESERVED
-CVE-2023-2179
- RESERVED
+CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin
through ...)
+ TODO: check
+CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin
through ...)
+ TODO: check
CVE-2023-2178
RESERVED
CVE-2023-2177 (A null pointer dereference issue was found in the sctp network
protoco ...)
@@ -3274,8 +3344,8 @@ CVE-2023-2011
RESERVED
CVE-2023-2010
RESERVED
-CVE-2023-2009
- RESERVED
+CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty
Url Wo ...)
+ TODO: check
CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver.
The spec ...)
- linux 5.18.14-1
[bullseye] - linux 5.10.127-1
@@ -4043,8 +4113,8 @@ CVE-2023-30247 (File Upload vulnerability found in
Oretnom23 Storage Unit Rental
NOT-FOR-US: Oretnom23 Storage Unit Rental Management System
CVE-2023-30246 (SQL injection vulnerability found in Judging Management System
v.1.0 a ...)
NOT-FOR-US: Judging Management System
-CVE-2023-30245
- RESERVED
+CVE-2023-30245 (SQL injection vulnerability found in Judging Management System
v.1.0 a ...)
+ TODO: check
CVE-2023-30244
RESERVED
CVE-2023-30243 (Beijing Netcon NS-ASG Application Security Gateway v6.3 is
vulnerable ...)
@@ -4849,10 +4919,10 @@ CVE-2023-29864
RESERVED
CVE-2023-29863 (Medical Systems Co. Medisys Weblab Products v19.4.03 was
discovered to ...)
NOT-FOR-US: Medical Systems Co. Medisys Weblab Products
-CVE-2023-29862
- RESERVED
-CVE-2023-29861
- RESERVED
+CVE-2023-29862 (An issue found in Agasio-Camera device version not specified
allows a ...)
+ TODO: check
+CVE-2023-29861 (An issue found in FLIR-DVTEL version not specified allows a
remote att ...)
+ TODO: check
CVE-2023-29860
RESERVED
CVE-2023-29859
@@ -5982,8 +6052,8 @@ CVE-2023-1916 (A flaw was found in tiffcrop, a program
distributed by the libtif
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/536
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/537
NOTE: Crash in CLI tool, no security impact
-CVE-2023-1915
- RESERVED
+CVE-2023-1915 (The Thumbnail carousel slider WordPress plugin before 1.1.10
does not ...)
+ TODO: check
CVE-2023-1914
RESERVED
CVE-2023-1913 (The Maps Widget for Google Maps for WordPress is vulnerable to
Stored ...)
@@ -6156,8 +6226,8 @@ CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in
GitHub repository sidek
NOTE: Fixed by:
https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214
(v7.0.8)
CVE-2023-1891
RESERVED
-CVE-2023-1890
- RESERVED
+CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape
various ge ...)
+ TODO: check
CVE-2023-1889
RESERVED
CVE-2023-1888
@@ -6591,8 +6661,8 @@ CVE-2023-23581
RESERVED
CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is
vulnerab ...)
NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress
-CVE-2023-1839
- RESERVED
+CVE-2023-1839 (The Product Addons & Fields for WooCommerce WordPress plugin
before 32 ...)
+ TODO: check
CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in
drivers/vh ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
@@ -6602,8 +6672,8 @@ CVE-2023-1837
RESERVED
CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab
affecting a ...)
- gitlab <unfixed>
-CVE-2023-1835
- RESERVED
+CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22
does not p ...)
+ TODO: check
CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives,
manufactu ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS
Electro ...)
@@ -7507,8 +7577,8 @@ CVE-2023-1700
RESERVED
CVE-2023-1699 (Rapid7 Nexpose versions 6.6.186 and below suffer from a forced
browsin ...)
NOT-FOR-US: Rapid7 Nexpose
-CVE-2023-1698
- RESERVED
+CVE-2023-1698 (In multiple products of WAGO a vulnerability allows an
unauthenticated ...)
+ TODO: check
CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the
Packet For ...)
NOT-FOR-US: Juniper
CVE-2023-1696
@@ -8253,8 +8323,8 @@ CVE-2023-1598
REJECTED
CVE-2023-1597
RESERVED
-CVE-2023-1596
- RESERVED
+CVE-2023-1596 (The tagDiv Composer WordPress plugin before 4.0 does not
sanitise and ...)
+ TODO: check
CVE-2023-1595 (A vulnerability has been found in novel-plus 3.6.2 and
classified as c ...)
NOT-FOR-US: novel-plus
CVE-2023-1594 (A vulnerability, which was classified as critical, was found in
novel- ...)
@@ -8537,8 +8607,8 @@ CVE-2023-1551
RESERVED
CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability
in NGIN ...)
NOT-FOR-US: NGINX Agent
-CVE-2023-1549
- RESERVED
+CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes
user input ...)
+ TODO: check
CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists
that cou ...)
NOT-FOR-US: Schneider
CVE-2023-1547
@@ -11495,8 +11565,8 @@ CVE-2023-1209
RESERVED
CVE-2023-1208
RESERVED
-CVE-2023-1207
- RESERVED
+CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import
functio ...)
+ TODO: check
CVE-2023-1206
RESERVED
CVE-2023-27853 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a
format s ...)
@@ -14942,8 +15012,8 @@ CVE-2023-1021 (The amr ical events lists WordPress
plugin through 6.6 does not s
NOT-FOR-US: WordPress plugin
CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1019
- RESERVED
+CVE-2023-1019 (The Help Desk WP WordPress plugin through 1.2.0 does not
sanitise and ...)
+ TODO: check
CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module
Library ...)
- libtpms 0.9.2-3.1 (bug #1032420)
NOTE:
https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4
@@ -16163,6 +16233,7 @@ CVE-2023-26083 (Memory leak vulnerability in Mali GPU
Kernel Driver in Midgard G
CVE-2023-26082
RESERVED
CVE-2023-26081 (In Epiphany (aka GNOME Web) through 43.0, untrusted web
content can tr ...)
+ {DLA-3423-1}
- epiphany-browser 43.1-1 (bug #1031727)
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275
NOTE:
https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd
@@ -16555,8 +16626,8 @@ CVE-2023-0894 (The Pickup | Delivery | Dine-in date
time WordPress plugin throug
NOT-FOR-US: WordPress plugin
CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0892
- RESERVED
+CVE-2023-0892 (The BizLibrary WordPress plugin through 1.1 does not sanitise
and esca ...)
+ TODO: check
CVE-2023-0891 (The StagTools WordPress plugin before 2.3.7 does not validate
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0890 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate
WordPress p ...)
@@ -17338,8 +17409,8 @@ CVE-2023-0814 (The Profile Builder \u2013 User Profile
& User Registration Forms
CVE-2023-0813
RESERVED
NOT-FOR-US: Network Observability plugin for OpenShift console
-CVE-2023-0812
- RESERVED
+CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress
plugin b ...)
+ TODO: check
CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on
the mem ...)
NOT-FOR-US: Omron CJ1M
CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
@@ -17798,12 +17869,12 @@ CVE-2023-0765 (The Gallery by BestWebSoft WordPress
plugin before 4.7.0 does not
NOT-FOR-US: WordPress plugin
CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does
not perf ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0763
- RESERVED
-CVE-2023-0762
- RESERVED
-CVE-2023-0761
- RESERVED
+CVE-2023-0763 (The Clock In Portal- Staff & Attendance Management WordPress
plugin th ...)
+ TODO: check
+CVE-2023-0762 (The Clock In Portal- Staff & Attendance Management WordPress
plugin th ...)
+ TODO: check
+CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress
plugin th ...)
+ TODO: check
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to V2. ...)
- gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -19403,8 +19474,8 @@ CVE-2023-0645 (An out of bounds read exists in libjxl.
An attacker using a speci
NOTE:
https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084
NOTE: https://github.com/libjxl/libjxl/issues/2100
NOTE: https://github.com/libjxl/libjxl/pull/2101
-CVE-2023-0644
- RESERVED
+CVE-2023-0644 (The Push Notifications for WordPress by PushAssist WordPress
plugin th ...)
+ TODO: check
CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub
repository s ...)
NOT-FOR-US: squidex
CVE-2023-0642 (Cross-Site Request Forgery (CSRF) in GitHub repository
squidex/squidex ...)
@@ -19903,8 +19974,8 @@ CVE-2023-24835 (Softnext Technologies Corp.\u2019s SPAM
SQR has a vulnerability
NOT-FOR-US: Softnext
CVE-2023-24834 (WisdomGarden Tronclass has improper access control when
uploading file ...)
NOT-FOR-US: WisdomGarden Tronclass
-CVE-2023-0600
- RESERVED
+CVE-2023-0600 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin
before ...)
+ TODO: check
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a
stored c ...)
NOT-FOR-US: Rapid7
CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and
GE Dig ...)
@@ -20737,8 +20808,8 @@ CVE-2023-0522 (The Enable/Disable Auto Login when
Register WordPress plugin thro
NOT-FOR-US: WordPress plugin
CVE-2023-0521
RESERVED
-CVE-2023-0520
- RESERVED
+CVE-2023-0520 (The RapidExpCart WordPress plugin through 1.0 does not sanitize
and es ...)
+ TODO: check
CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository
modoboa/modob ...)
NOT-FOR-US: Modoboa
CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -21059,8 +21130,8 @@ CVE-2023-0492 (The GS Products Slider for WooCommerce
WordPress plugin before 1.
NOT-FOR-US: WordPress plugin
CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0490
- RESERVED
+CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate
and esca ...)
+ TODO: check
CVE-2023-0489
RESERVED
CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository
pyload/pyload ...)
@@ -22961,8 +23032,8 @@ CVE-2023-22359
RESERVED
CVE-2023-22348
RESERVED
-CVE-2023-22318
- RESERVED
+CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance
before 1.6.5 ...)
+ TODO: check
CVE-2023-22309 (Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk
Applianc ...)
- check-mk <removed>
CVE-2023-22307 (Sensitive data exposure in Webconf in Tribe29 Checkmk
Appliance before ...)
@@ -23327,8 +23398,8 @@ CVE-2023-23690 (Cloud Mobility for Dell EMC Storage,
versions 1.3.0.X and below
NOT-FOR-US: EMC
CVE-2023-23689 (Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600,
F800, F810 ...)
NOT-FOR-US: Dell
-CVE-2023-23688
- RESERVED
+CVE-2023-23688 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23687 (Auth.Stored Cross-Site Scripting (XSS) vulnerability inYoutube
shortco ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23686 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -23337,10 +23408,10 @@ CVE-2023-23685 (Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23684
RESERVED
-CVE-2023-23683
- RESERVED
-CVE-2023-23682
- RESERVED
+CVE-2023-23683 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Ozan ...)
+ TODO: check
+CVE-2023-23682 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Snap ...)
+ TODO: check
CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23680
@@ -23355,8 +23426,8 @@ CVE-2023-23676
RESERVED
CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Catc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23674
- RESERVED
+CVE-2023-23674 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in RVOL ...)
+ TODO: check
CVE-2023-23673
RESERVED
CVE-2023-23672
@@ -23395,8 +23466,8 @@ CVE-2023-23656
RESERVED
CVE-2023-23655
RESERVED
-CVE-2023-23654
- RESERVED
+CVE-2023-23654 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Spar ...)
+ TODO: check
CVE-2023-23653
RESERVED
CVE-2023-23652
@@ -24212,8 +24283,8 @@ CVE-2023-0235
REJECTED
CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not
properl ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0233
- RESERVED
+CVE-2023-0233 (The ActiveCampaign WordPress plugin before 8.1.12 does not
validate an ...)
+ TODO: check
CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user
input f ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate
and esc ...)
@@ -24240,18 +24311,18 @@ CVE-2023-23452 (Missing Authentication for Critical
Function in SICK FX0-GPNT v3
NOT-FOR-US: SICK
CVE-2023-23451 (The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI
ETHERNE ...)
NOT-FOR-US: SICK
-CVE-2023-23450
- RESERVED
-CVE-2023-23449
- RESERVED
-CVE-2023-23448
- RESERVED
-CVE-2023-23447
- RESERVED
-CVE-2023-23446
- RESERVED
-CVE-2023-23445
- RESERVED
+CVE-2023-23450 (Use of Password Hash Instead of Password for Authentication in
SICK FT ...)
+ TODO: check
+CVE-2023-23449 (Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR
with Part ...)
+ TODO: check
+CVE-2023-23448 (Inclusion of Sensitive Information in Source Code in SICK FTMg
AIR FLO ...)
+ TODO: check
+CVE-2023-23447 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR
with Pa ...)
+ TODO: check
+CVE-2023-23446 (Improper Access Control in SICK FTMg AIR FLOW SENSOR with
Partnumbers ...)
+ TODO: check
+CVE-2023-23445 (Improper Access Control in SICK FTMg AIR FLOW SENSOR with
Partnumbers ...)
+ TODO: check
CVE-2023-23444 (Missing Authentication for Critical Function in SICK Flexi
Classic and ...)
TODO: check
CVE-2023-23443
@@ -26645,8 +26716,8 @@ CVE-2023-22719
RESERVED
CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason
Lau User M ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22717
- RESERVED
+CVE-2023-22717 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam
OOPSpam A ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22715 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Lester 'GaM ...)
@@ -26667,14 +26738,14 @@ CVE-2023-22708
RESERVED
CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in
Wpsoul Gre ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22706
- RESERVED
+CVE-2023-22706 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Property ...)
+ TODO: check
CVE-2023-22705 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Collne I ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22704 (Reflected Cross-Site Scripting (XSS) vulnerability in Michael
Winkler ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22703
- RESERVED
+CVE-2023-22703 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Webcodin ...)
+ TODO: check
CVE-2023-22702 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in WPMob ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22701
@@ -26699,8 +26770,8 @@ CVE-2023-22692
RESERVED
CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and
Tricks HQ, ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22690
- RESERVED
+CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Shop ...)
+ TODO: check
CVE-2023-22689
RESERVED
CVE-2023-22688
@@ -26711,8 +26782,8 @@ CVE-2023-22686 (Cross-Site Request Forgery (CSRF)
vulnerability in TriniTronic N
NOT-FOR-US: WordPress plugin
CVE-2023-22685 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tips ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22684
- RESERVED
+CVE-2023-22684 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Subs ...)
+ TODO: check
CVE-2023-22683 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Them ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22682 (Reflected Cross-Site Scripting (XSS) vulnerability in Manuel
Masia | P ...)
@@ -28489,8 +28560,8 @@ CVE-2022-4776 (The CC Child Pages WordPress plugin
before 1.43 does not validate
NOT-FOR-US: WordPress plugin
CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not
validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4774
- RESERVED
+CVE-2022-4774 (The Bit Form WordPress plugin before 1.9 does not validate the
file ty ...)
+ TODO: check
CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
NOT-FOR-US: cloudsync
CVE-2022-4772 (A vulnerability was found in Widoco and classified as critical.
Affect ...)
@@ -28853,8 +28924,8 @@ CVE-2022-4712
RESERVED
CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable
to insuf ...)
NOT-FOR-US: Royal Elementor Addons plugin for WordPress
-CVE-2022-47937
- RESERVED
+CVE-2022-47937 (** UNSUPPORTED WHEN ASSIGNED ** Improper input
validation in the ...)
+ TODO: check
CVE-2022-47936 (A vulnerability has been identified in JT Open (All versions <
V11.2.3 ...)
NOT-FOR-US: JT Open
CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions <
V11.1.1 ...)
@@ -31879,38 +31950,38 @@ CVE-2023-21725 (Windows Malicious Software Removal
Tool Elevation of Privilege V
NOT-FOR-US: Microsoft
CVE-2023-21724 (Microsoft DWM Core Library Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-47393
- RESERVED
-CVE-2022-47392
- RESERVED
-CVE-2022-47391
- RESERVED
-CVE-2022-47390
- RESERVED
-CVE-2022-47389
- RESERVED
-CVE-2022-47388
- RESERVED
-CVE-2022-47387
- RESERVED
-CVE-2022-47386
- RESERVED
-CVE-2022-47385
- RESERVED
-CVE-2022-47384
- RESERVED
-CVE-2022-47383
- RESERVED
-CVE-2022-47382
- RESERVED
-CVE-2022-47381
- RESERVED
-CVE-2022-47380
- RESERVED
-CVE-2022-47379
- RESERVED
-CVE-2022-47378
- RESERVED
+CVE-2022-47393 (An authenticated, remote attacker may use a Improper
Restriction of Op ...)
+ TODO: check
+CVE-2022-47392 (An authenticated, remote attacker may use a improper input
validation ...)
+ TODO: check
+CVE-2022-47391 (In multiple CODESYS products in multiple versions an
unauthorized, rem ...)
+ TODO: check
+CVE-2022-47390 (An authenticated, remote attacker may use a stack based
out-of-bounds ...)
+ TODO: check
+CVE-2022-47389 (An authenticated, remote attacker may use a stack based
out-of-bounds ...)
+ TODO: check
+CVE-2022-47388 (An authenticated, remote attacker may use a stack based
out-of-bounds ...)
+ TODO: check
+CVE-2022-47387 (An authenticated remote attacker may use a stack based
out-of-bounds w ...)
+ TODO: check
+CVE-2022-47386 (An authenticated, remote attacker may use a stack based
out-of-bounds ...)
+ TODO: check
+CVE-2022-47385 (An authenticated, remote attacker may use a stack based
out-of-bounds ...)
+ TODO: check
+CVE-2022-47384 (An authenticated remote attacker may use a stack based
out-of-bounds w ...)
+ TODO: check
+CVE-2022-47383 (An authenticated, remote attacker may use a stack based
out-of-bounds ...)
+ TODO: check
+CVE-2022-47382 (An authenticated remote attacker may use a stack based
out-of-bounds w ...)
+ TODO: check
+CVE-2022-47381 (An authenticated remote attacker may use a stack based
out-of-bounds w ...)
+ TODO: check
+CVE-2022-47380 (An authenticated remote attacker may use a stack based
out-of-bounds w ...)
+ TODO: check
+CVE-2022-47379 (An authenticated, remote attacker may use a out-of-bounds
write vulner ...)
+ TODO: check
+CVE-2022-47378 (Multiple CODESYS products in multiple versions are prone to a
improper ...)
+ TODO: check
CVE-2022-47377 (Password recovery vulnerability in SICK SIM2000ST Partnumber
2086502 w ...)
NOT-FOR-US: SICK SIM2000ST Partnumber 2086502
CVE-2022-47376
@@ -37530,8 +37601,8 @@ CVE-2022-4050 (The JoomSport WordPress plugin before
5.2.8 does not properly san
NOT-FOR-US: WordPress plugin
CVE-2022-4049 (The WP User WordPress plugin through 7.0 does not properly
sanitize an ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4048
- RESERVED
+CVE-2022-4048 (Inadequate Encryption Strength in CODESYS Development System V3
versio ...)
+ TODO: check
CVE-2022-4047 (The Return Refund and Exchange For WooCommerce WordPress plugin
before ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4046
@@ -107326,8 +107397,8 @@ CVE-2022-22510 (Codesys Profinet in version V4.2.0.0
is prone to null pointer de
NOT-FOR-US: Codesys
CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an
incorrect ...)
NOT-FOR-US: Phoenix Contact FL SWITCH Series
-CVE-2022-22508
- RESERVED
+CVE-2022-22508 (Improper Input Validation vulnerability in multiple CODESYS V3
product ...)
+ TODO: check
CVE-2022-22507
RESERVED
CVE-2022-22506
@@ -406318,7 +406389,7 @@ CVE-2017-6746 (A vulnerability in the web interface
of the Cisco Web Security Ap
NOT-FOR-US: Cisco
CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape
Distributi ...)
NOT-FOR-US: Cisco
-CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
+CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS a ...)
NOT-FOR-US: Cisco
CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of
Cisco IOS 1 ...)
NOT-FOR-US: Cisco
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccf0acd64332b1bd040708f7a41806965be7fe54
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccf0acd64332b1bd040708f7a41806965be7fe54
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
