Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca6da290 by security tracker role at 2023-05-16T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,70 +1,108 @@
-CVE-2023-2633
+CVE-2023-31890 (An XML Deserialization vulnerability in glazedlists v1.11.0
allows an ...)
+ TODO: check
+CVE-2023-31857 (Sourcecodester Online Computer and Laptop Store 1.0 allows
unrestricte ...)
+ TODO: check
+CVE-2023-31856 (A command injection vulnerability in the hostTime parameter in
the fun ...)
+ TODO: check
+CVE-2023-31587 (Tenda AC5 router V15.03.06.28 was discovered to contain a
remote code ...)
+ TODO: check
+CVE-2023-31576 (An arbitrary file upload vulnerability in Serendipity
2.4-beta1 allows ...)
+ TODO: check
+CVE-2023-31572 (An issue in Bludit 4.0.0-rc-2 allows authenticated attackers
to change ...)
+ TODO: check
+CVE-2023-31519 (Pharmacy Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
+CVE-2023-2740 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-2739 (A vulnerability classified as problematic was found in Gira
HomeServer ...)
+ TODO: check
+CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda
OA 11. ...)
+ TODO: check
+CVE-2023-2730 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2023-2726 (Inappropriate implementation in WebApp Installs in Google
Chrome prior ...)
+ TODO: check
+CVE-2023-2725 (Use after free in Guest View in Google Chrome prior to
113.0.5672.126 ...)
+ TODO: check
+CVE-2023-2724 (Type confusion in V8 in Google Chrome prior to 113.0.5672.126
allowed ...)
+ TODO: check
+CVE-2023-2723 (Use after free in DevTools in Google Chrome prior to
113.0.5672.126 al ...)
+ TODO: check
+CVE-2023-2722 (Use after free in Autofill UI in Google Chrome on Android prior
to 113 ...)
+ TODO: check
+CVE-2023-2721 (Use after free in Navigation in Google Chrome prior to
113.0.5672.126 ...)
+ TODO: check
+CVE-2023-2548 (The RegistrationMagic plugin for WordPress is vulnerable to
Insecure D ...)
+ TODO: check
+CVE-2023-2499 (The RegistrationMagic plugin for WordPress is vulnerable to
authentica ...)
+ TODO: check
+CVE-2023-2633 (Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx
server ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-2632
+CVE-2023-2632 (Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server
API key ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-2631
+CVE-2023-2631 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and
earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33007
+CVE-2023-33007 (Jenkins LoadComplete support Plugin 1.0 and earlier does not
escape th ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33006
+CVE-2023-33006 (A cross-site request forgery (CSRF) vulnerability in Jenkins
WSO2 Oaut ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33005
+CVE-2023-33005 (Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate
the prev ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33004
+CVE-2023-33004 (A missing permission check in Jenkins Tag Profiler Plugin 0.2
and earl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33003
+CVE-2023-33003 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Tag Profi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33002
+CVE-2023-33002 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not
escape ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33001
+CVE-2023-33001 (Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier
does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33000
+CVE-2023-33000 (Jenkins NS-ND Integration Performance Publisher Plugin
4.8.0.149 and e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32999
+CVE-2023-32999 (A missing permission check in Jenkins AppSpider Plugin 1.0.15
and earl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32998
+CVE-2023-32998 (A cross-site request forgery (CSRF) vulnerability in Jenkins
AppSpider ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32997
+CVE-2023-32997 (Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the
previous ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32996
+CVE-2023-32996 (A missing permission check in Jenkins SAML Single Sign On(SSO)
Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32995
+CVE-2023-32995 (A cross-site request forgery (CSRF) vulnerability in Jenkins
SAML Sing ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32994
+CVE-2023-32994 (Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier
unconditiona ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32993
+CVE-2023-32993 (Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does
not per ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32992
+CVE-2023-32992 (Missing permission checks in Jenkins SAML Single Sign On(SSO)
Plugin 2 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32991
+CVE-2023-32991 (A cross-site request forgery (CSRF) vulnerability in Jenkins
SAML Sing ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32990
+CVE-2023-32990 (A missing permission check in Jenkins Azure VM Agents Plugin
852.v8d35 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32989
+CVE-2023-32989 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Azure VM ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32988
+CVE-2023-32988 (A missing permission check in Jenkins Azure VM Agents Plugin
852.v8d35 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32987
+CVE-2023-32987 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Reverse P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32986
+CVE-2023-32986 (Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier
does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32985
+CVE-2023-32985 (Jenkins Sidebar Link Plugin 2.2.1 and earlier does not
restrict the pa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32984
+CVE-2023-32984 (Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier
does not e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32983
+CVE-2023-32983 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not
mask ex ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32982
+CVE-2023-32982 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores
extra var ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32981
+CVE-2023-32981 (An arbitrary file write vulnerability in Jenkins Pipeline
Utility Step ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32980
+CVE-2023-32980 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Email Ext ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32979
+CVE-2023-32979 (Jenkins Email Extension Plugin does not perform a permission
check in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32978
+CVE-2023-32978 (A cross-site request forgery (CSRF) vulnerability in Jenkins
LDAP Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32977
+CVE-2023-32977 (Jenkins Pipeline: Job Plugin does not escape the display name
of the b ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-32956 (Improper neutralization of special elements used in an OS
command ('OS ...)
NOT-FOR-US: Synology
@@ -2143,11 +2181,9 @@ CVE-2023-30898 (A vulnerability has been identified in
Siveillance Video 2020 R2
NOT-FOR-US: Siemens
CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to
a padd ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2023-2196
- RESERVED
+CVE-2023-2196 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and
earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-2195
- RESERVED
+CVE-2023-2195 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Code Dx P ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux
kernel's S ...)
{DLA-3404-1 DLA-3403-1}
@@ -3057,6 +3093,7 @@ CVE-2023-30609 (matrix-react-sdk is a react-based SDK for
inserting a Matrix cha
NOT-FOR-US: Node matrix-react-sdk
NOTE:
https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw
CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In
affected ...)
+ {DLA-3425-1}
- sqlparse <unfixed> (bug #1034615)
[bullseye] - sqlparse <no-dsa> (Minor issue)
NOTE:
https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
@@ -3558,26 +3595,26 @@ CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes
cluster-level privilege e
NOT-FOR-US: CubeFS
CVE-2023-30511
RESERVED
-CVE-2023-30510
- RESERVED
-CVE-2023-30509
- RESERVED
-CVE-2023-30508
- RESERVED
-CVE-2023-30507
- RESERVED
-CVE-2023-30506
- RESERVED
-CVE-2023-30505
- RESERVED
-CVE-2023-30504
- RESERVED
-CVE-2023-30503
- RESERVED
-CVE-2023-30502
- RESERVED
-CVE-2023-30501
- RESERVED
+CVE-2023-30510 (A vulnerability exists in the Aruba EdgeConnect Enterpriseweb
manageme ...)
+ TODO: check
+CVE-2023-30509 (Multiple authenticated path traversal vulnerabilities exist in
the Aru ...)
+ TODO: check
+CVE-2023-30508 (Multiple authenticated path traversal vulnerabilities exist in
the Aru ...)
+ TODO: check
+CVE-2023-30507 (Multiple authenticated path traversal vulnerabilities exist in
the Aru ...)
+ TODO: check
+CVE-2023-30506 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30505 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30504 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30503 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30502 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30501 (Vulnerabilities exist in the Aruba EdgeConnect
Enterprisecommand line ...)
+ TODO: check
CVE-2023-1998 (The Linux kernel allows userspace processes to enable
mitigations by c ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.20-1
@@ -4155,8 +4192,8 @@ CVE-2023-30283
RESERVED
CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to
Incorrect Acces ...)
NOT-FOR-US: PrestaShop scexportcustomers
-CVE-2023-30281
- RESERVED
+CVE-2023-30281 (Insecure permissions in the ps_customer table of Prestashop
scquickacc ...)
+ TODO: check
CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900
v.1.0.2.26, R6700 ...)
NOT-FOR-US: Netgear
CVE-2023-30279
@@ -4339,8 +4376,8 @@ CVE-2023-30191
RESERVED
CVE-2023-30190
RESERVED
-CVE-2023-30189
- RESERVED
+CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL
Injection via ...)
+ TODO: check
CVE-2023-30188
RESERVED
CVE-2023-30187
@@ -4903,8 +4940,8 @@ CVE-2023-29929
RESERVED
CVE-2023-29928
RESERVED
-CVE-2023-29927
- RESERVED
+CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access
controls ...)
+ TODO: check
CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote
code exe ...)
NOT-FOR-US: PowerJob
CVE-2023-29925
@@ -6125,8 +6162,8 @@ CVE-2023-29441
RESERVED
CVE-2023-29440
RESERVED
-CVE-2023-29439
- RESERVED
+CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
FooPlugi ...)
+ TODO: check
CVE-2023-29438
RESERVED
CVE-2023-29437
@@ -10843,8 +10880,8 @@ CVE-2023-28078
RESERVED
CVE-2023-28077
RESERVED
-CVE-2023-28076
- RESERVED
+CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or
risky crypt ...)
+ TODO: check
CVE-2023-28075
RESERVED
CVE-2023-28074
@@ -11990,8 +12027,8 @@ CVE-2023-27744
RESERVED
CVE-2023-27743
RESERVED
-CVE-2023-27742
- RESERVED
+CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
CVE-2023-27741
RESERVED
CVE-2023-27740
@@ -23386,8 +23423,8 @@ CVE-2023-23729
RESERVED
CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Winwa ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23727
- RESERVED
+CVE-2023-23727 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Form ...)
+ TODO: check
CVE-2023-23726
RESERVED
CVE-2023-23725
@@ -23400,8 +23437,8 @@ CVE-2023-23722 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer
Admin L ...)
NOT-FOR-US: David Gwyer Admin Log
-CVE-2023-23720
- RESERVED
+CVE-2023-23720 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in NetR ...)
+ TODO: check
CVE-2023-23719
RESERVED
CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Esstat17 Pa ...)
@@ -23422,8 +23459,8 @@ CVE-2023-23711 (Cross-Site Request Forgery (CSRF)
vulnerability in A2 Hosting A2
NOT-FOR-US: A2 Hosting
CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in mini ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23709
- RESERVED
+CVE-2023-23709 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23708 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -23434,8 +23471,8 @@ CVE-2023-23705
RESERVED
CVE-2023-23704
RESERVED
-CVE-2023-23703
- RESERVED
+CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23702
RESERVED
CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -23535,14 +23572,14 @@ CVE-2023-23678
RESERVED
CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix
GTmetri ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23676
- RESERVED
+CVE-2023-23676 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Catc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23674 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in RVOL ...)
TODO: check
-CVE-2023-23673
- RESERVED
+CVE-2023-23673 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Hari ...)
+ TODO: check
CVE-2023-23672
RESERVED
CVE-2023-23671
@@ -23573,8 +23610,8 @@ CVE-2023-23659 (Cross-Site Request Forgery (CSRF)
vulnerability in MainWP Matomo
NOT-FOR-US: MainWP Matomo Extension
CVE-2023-23658
RESERVED
-CVE-2023-23657
- RESERVED
+CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23656
RESERVED
CVE-2023-23655
@@ -23605,8 +23642,8 @@ CVE-2023-23643
RESERVED
CVE-2023-23642
RESERVED
-CVE-2023-23641
- RESERVED
+CVE-2023-23641 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23640
RESERVED
CVE-2023-23639
@@ -162479,8 +162516,8 @@ CVE-2021-27133
RESERVED
CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF
injection (for H ...)
NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices
-CVE-2021-27131
- RESERVED
+CVE-2021-27131 (Moodle 3.10.1 is vulnerable to persistent/stored cross-site
scripting ...)
+ TODO: check
CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection
vulnerability thro ...)
NOT-FOR-US: Online Reviewer System
CVE-2021-27129 (CASAP Automated Enrollment System version 1.0 contains a
cross-site sc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6da2907bdd5069fd2639f69fcd21340cd8a78c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6da2907bdd5069fd2639f69fcd21340cd8a78c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
