Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ca6da290 by security tracker role at 2023-05-16T20:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,70 +1,108 @@ -CVE-2023-2633 +CVE-2023-31890 (An XML Deserialization vulnerability in glazedlists v1.11.0 allows an ...) + TODO: check +CVE-2023-31857 (Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricte ...) + TODO: check +CVE-2023-31856 (A command injection vulnerability in the hostTime parameter in the fun ...) + TODO: check +CVE-2023-31587 (Tenda AC5 router V15.03.06.28 was discovered to contain a remote code ...) + TODO: check +CVE-2023-31576 (An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows ...) + TODO: check +CVE-2023-31572 (An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change ...) + TODO: check +CVE-2023-31519 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + TODO: check +CVE-2023-2740 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-2739 (A vulnerability classified as problematic was found in Gira HomeServer ...) + TODO: check +CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda OA 11. ...) + TODO: check +CVE-2023-2730 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + TODO: check +CVE-2023-2726 (Inappropriate implementation in WebApp Installs in Google Chrome prior ...) + TODO: check +CVE-2023-2725 (Use after free in Guest View in Google Chrome prior to 113.0.5672.126 ...) + TODO: check +CVE-2023-2724 (Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed ...) + TODO: check +CVE-2023-2723 (Use after free in DevTools in Google Chrome prior to 113.0.5672.126 al ...) + TODO: check +CVE-2023-2722 (Use after free in Autofill UI in Google Chrome on Android prior to 113 ...) + TODO: check +CVE-2023-2721 (Use after free in Navigation in Google Chrome prior to 113.0.5672.126 ...) + TODO: check +CVE-2023-2548 (The RegistrationMagic plugin for WordPress is vulnerable to Insecure D ...) + TODO: check +CVE-2023-2499 (The RegistrationMagic plugin for WordPress is vulnerable to authentica ...) + TODO: check +CVE-2023-2633 (Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server ...) NOT-FOR-US: Jenkins plugin -CVE-2023-2632 +CVE-2023-2632 (Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API key ...) NOT-FOR-US: Jenkins plugin -CVE-2023-2631 +CVE-2023-2631 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier ...) NOT-FOR-US: Jenkins plugin -CVE-2023-33007 +CVE-2023-33007 (Jenkins LoadComplete support Plugin 1.0 and earlier does not escape th ...) NOT-FOR-US: Jenkins plugin -CVE-2023-33006 +CVE-2023-33006 (A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oaut ...) NOT-FOR-US: Jenkins plugin -CVE-2023-33005 +CVE-2023-33005 (Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the prev ...) NOT-FOR-US: Jenkins plugin -CVE-2023-33004 +CVE-2023-33004 (A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earl ...) NOT-FOR-US: Jenkins plugin -CVE-2023-33003 +CVE-2023-33003 (A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profi ...) NOT-FOR-US: Jenkins plugin -CVE-2023-33002 +CVE-2023-33002 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape ...) NOT-FOR-US: Jenkins plugin -CVE-2023-33001 +CVE-2023-33001 (Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not ...) NOT-FOR-US: Jenkins plugin -CVE-2023-33000 +CVE-2023-33000 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and e ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32999 +CVE-2023-32999 (A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earl ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32998 +CVE-2023-32998 (A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32997 +CVE-2023-32997 (Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32996 +CVE-2023-32996 (A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32995 +CVE-2023-32995 (A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Sing ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32994 +CVE-2023-32994 (Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditiona ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32993 +CVE-2023-32993 (Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not per ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32992 +CVE-2023-32992 (Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2 ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32991 +CVE-2023-32991 (A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Sing ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32990 +CVE-2023-32990 (A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35 ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32989 +CVE-2023-32989 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32988 +CVE-2023-32988 (A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35 ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32987 +CVE-2023-32987 (A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse P ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32986 +CVE-2023-32986 (Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32985 +CVE-2023-32985 (Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the pa ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32984 +CVE-2023-32984 (Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not e ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32983 +CVE-2023-32983 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask ex ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32982 +CVE-2023-32982 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra var ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32981 +CVE-2023-32981 (An arbitrary file write vulnerability in Jenkins Pipeline Utility Step ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32980 +CVE-2023-32980 (A cross-site request forgery (CSRF) vulnerability in Jenkins Email Ext ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32979 +CVE-2023-32979 (Jenkins Email Extension Plugin does not perform a permission check in ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32978 +CVE-2023-32978 (A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plug ...) NOT-FOR-US: Jenkins plugin -CVE-2023-32977 +CVE-2023-32977 (Jenkins Pipeline: Job Plugin does not escape the display name of the b ...) NOT-FOR-US: Jenkins plugin CVE-2023-32956 (Improper neutralization of special elements used in an OS command ('OS ...) NOT-FOR-US: Synology @@ -2143,11 +2181,9 @@ CVE-2023-30898 (A vulnerability has been identified in Siveillance Video 2020 R2 NOT-FOR-US: Siemens CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padd ...) NOT-FOR-US: HashiCorp Vault -CVE-2023-2196 - RESERVED +CVE-2023-2196 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier ...) NOT-FOR-US: Jenkins plugin -CVE-2023-2195 - RESERVED +CVE-2023-2195 (A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx P ...) NOT-FOR-US: Jenkins plugin CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kernel's S ...) {DLA-3404-1 DLA-3403-1} @@ -3057,6 +3093,7 @@ CVE-2023-30609 (matrix-react-sdk is a react-based SDK for inserting a Matrix cha NOT-FOR-US: Node matrix-react-sdk NOTE: https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In affected ...) + {DLA-3425-1} - sqlparse <unfixed> (bug #1034615) [bullseye] - sqlparse <no-dsa> (Minor issue) NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 @@ -3558,26 +3595,26 @@ CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes cluster-level privilege e NOT-FOR-US: CubeFS CVE-2023-30511 RESERVED -CVE-2023-30510 - RESERVED -CVE-2023-30509 - RESERVED -CVE-2023-30508 - RESERVED -CVE-2023-30507 - RESERVED -CVE-2023-30506 - RESERVED -CVE-2023-30505 - RESERVED -CVE-2023-30504 - RESERVED -CVE-2023-30503 - RESERVED -CVE-2023-30502 - RESERVED -CVE-2023-30501 - RESERVED +CVE-2023-30510 (A vulnerability exists in the Aruba EdgeConnect Enterpriseweb manageme ...) + TODO: check +CVE-2023-30509 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) + TODO: check +CVE-2023-30508 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) + TODO: check +CVE-2023-30507 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) + TODO: check +CVE-2023-30506 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + TODO: check +CVE-2023-30505 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + TODO: check +CVE-2023-30504 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + TODO: check +CVE-2023-30503 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + TODO: check +CVE-2023-30502 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + TODO: check +CVE-2023-30501 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + TODO: check CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations by c ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.20-1 @@ -4155,8 +4192,8 @@ CVE-2023-30283 RESERVED CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Acces ...) NOT-FOR-US: PrestaShop scexportcustomers -CVE-2023-30281 - RESERVED +CVE-2023-30281 (Insecure permissions in the ps_customer table of Prestashop scquickacc ...) + TODO: check CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700 ...) NOT-FOR-US: Netgear CVE-2023-30279 @@ -4339,8 +4376,8 @@ CVE-2023-30191 RESERVED CVE-2023-30190 RESERVED -CVE-2023-30189 - RESERVED +CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via ...) + TODO: check CVE-2023-30188 RESERVED CVE-2023-30187 @@ -4903,8 +4940,8 @@ CVE-2023-29929 RESERVED CVE-2023-29928 RESERVED -CVE-2023-29927 - RESERVED +CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access controls ...) + TODO: check CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote code exe ...) NOT-FOR-US: PowerJob CVE-2023-29925 @@ -6125,8 +6162,8 @@ CVE-2023-29441 RESERVED CVE-2023-29440 RESERVED -CVE-2023-29439 - RESERVED +CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) + TODO: check CVE-2023-29438 RESERVED CVE-2023-29437 @@ -10843,8 +10880,8 @@ CVE-2023-28078 RESERVED CVE-2023-28077 RESERVED -CVE-2023-28076 - RESERVED +CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...) + TODO: check CVE-2023-28075 RESERVED CVE-2023-28074 @@ -11990,8 +12027,8 @@ CVE-2023-27744 RESERVED CVE-2023-27743 RESERVED -CVE-2023-27742 - RESERVED +CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerabil ...) + TODO: check CVE-2023-27741 RESERVED CVE-2023-27740 @@ -23386,8 +23423,8 @@ CVE-2023-23729 RESERVED CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwa ...) NOT-FOR-US: WordPress plugin -CVE-2023-23727 - RESERVED +CVE-2023-23727 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Form ...) + TODO: check CVE-2023-23726 RESERVED CVE-2023-23725 @@ -23400,8 +23437,8 @@ CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...) NOT-FOR-US: David Gwyer Admin Log -CVE-2023-23720 - RESERVED +CVE-2023-23720 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetR ...) + TODO: check CVE-2023-23719 RESERVED CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Pa ...) @@ -23422,8 +23459,8 @@ CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 NOT-FOR-US: A2 Hosting CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...) NOT-FOR-US: WordPress plugin -CVE-2023-23709 - RESERVED +CVE-2023-23709 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-23708 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -23434,8 +23471,8 @@ CVE-2023-23705 RESERVED CVE-2023-23704 RESERVED -CVE-2023-23703 - RESERVED +CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-23702 RESERVED CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -23535,14 +23572,14 @@ CVE-2023-23678 RESERVED CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...) NOT-FOR-US: WordPress plugin -CVE-2023-23676 - RESERVED +CVE-2023-23676 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catc ...) NOT-FOR-US: WordPress plugin CVE-2023-23674 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOL ...) TODO: check -CVE-2023-23673 - RESERVED +CVE-2023-23673 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hari ...) + TODO: check CVE-2023-23672 RESERVED CVE-2023-23671 @@ -23573,8 +23610,8 @@ CVE-2023-23659 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo NOT-FOR-US: MainWP Matomo Extension CVE-2023-23658 RESERVED -CVE-2023-23657 - RESERVED +CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-23656 RESERVED CVE-2023-23655 @@ -23605,8 +23642,8 @@ CVE-2023-23643 RESERVED CVE-2023-23642 RESERVED -CVE-2023-23641 - RESERVED +CVE-2023-23641 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-23640 RESERVED CVE-2023-23639 @@ -162479,8 +162516,8 @@ CVE-2021-27133 RESERVED CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...) NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices -CVE-2021-27131 - RESERVED +CVE-2021-27131 (Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting ...) + TODO: check CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...) NOT-FOR-US: Online Reviewer System CVE-2021-27129 (CASAP Automated Enrollment System version 1.0 contains a cross-site sc ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6da2907bdd5069fd2639f69fcd21340cd8a78c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6da2907bdd5069fd2639f69fcd21340cd8a78c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits