Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c57a9b3 by security tracker role at 2023-05-23T20:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-33617 (An OS Command Injection vulnerability in Parks Fiberlink 210
firmware ...)
+ TODO: check
+CVE-2023-33599 (EasyImages2.0 \u2264 2.8.1 is vulnerable to Cross Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2023-33362 (Piwigo 13.6.0 is vulnerable to SQL Injection via in the
"profile" func ...)
+ TODO: check
+CVE-2023-33361 (Piwigo 13.6.0 is vulnerable to SQL Injection via
/admin/permalinks.php ...)
+ TODO: check
+CVE-2023-33359 (Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery
(CSRF) in th ...)
+ TODO: check
+CVE-2023-33338 (Old Age Home Management 1.0 is vulnerable to SQL Injection via
the use ...)
+ TODO: check
+CVE-2023-31860 (Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the
backend o ...)
+ TODO: check
+CVE-2023-31752 (SourceCodester Employee and Visitor Gate Pass Logging System
v1.0 is v ...)
+ TODO: check
+CVE-2023-31669 (WebAssembly wat2wasm v1.0.32 allows attackers to cause a
libc++abi.dyl ...)
+ TODO: check
+CVE-2023-31518 (A heap use-after-free in the component
CDataFileReader::GetItem of tee ...)
+ TODO: check
+CVE-2023-31517 (Teeworlds v0.7.5 was discovered to contain memory leaks.)
+ TODO: check
+CVE-2023-2703 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
+ TODO: check
+CVE-2023-2702 (Authorization Bypass Through User-Controlled Key vulnerability
in Fine ...)
+ TODO: check
CVE-2023-31996 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command
Injection ...)
NOT-FOR-US: Hanwha
CVE-2023-31995 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross
Site Script ...)
@@ -1348,6 +1374,7 @@ CVE-2023-31434 (The parameters nutzer_titel, nutzer_vn,
and nutzer_nn in the use
CVE-2023-31433 (A SQL injection issue in Logbuch in evasys before 8.2 Build
2286 and 9 ...)
NOT-FOR-US: evasys
CVE-2023-2483 [net: qcom/emac: Fix use after free bug in emac_remove due to
race condition]
+ REJECTED
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
[buster] - linux 4.19.282-1
@@ -1822,6 +1849,7 @@ CVE-2023-31207 (Transmission of credentials within query
parameters in Checkmk <
- check-mk <removed>
CVE-2023-2283 [Authorization bypass in pki_verify_data_signature]
RESERVED
+ {DSA-5409-1}
- libssh 0.10.5-1 (bug #1035832)
[buster] - libssh <not-affected> (Vulnerable code introduced later)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt
@@ -4345,8 +4373,8 @@ CVE-2023-30442
RESERVED
CVE-2023-30441 (IBM Runtime Environment, Java Technology Edition IBMJCEPlus
and JSSE 8 ...)
NOT-FOR-US: IBM
-CVE-2023-30440
- RESERVED
+CVE-2023-30440 (IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00
through FW9 ...)
+ TODO: check
CVE-2023-30439
RESERVED
CVE-2023-30438 (An internally discovered vulnerability in PowerVM on IBM
Power9 and Po ...)
@@ -4485,8 +4513,8 @@ CVE-2023-30384
RESERVED
CVE-2023-30383
RESERVED
-CVE-2023-30382
- RESERVED
+CVE-2023-30382 (A buffer overflow in the component hl.exe of Valve Half-Life
up to 543 ...)
+ TODO: check
CVE-2023-30381
RESERVED
CVE-2023-30380 (An issue in the component /dialog/select_media.php of DedeCMS
v5.7.107 ...)
@@ -7324,8 +7352,8 @@ CVE-2023-1838 (A use-after-free flaw was found in
vhost_net_set_backend in drive
[bullseye] - linux 5.10.120-1
[buster] - linux 4.19.249-1
NOTE:
https://git.kernel.org/linus/fb4554c2232e44d595920f4d5c66cf8f7d13f9bc (5.18)
-CVE-2023-1837
- RESERVED
+CVE-2023-1837 (Missing Authentication for critical function vulnerability in
HYPR Ser ...)
+ TODO: check
CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab
affecting a ...)
- gitlab <unfixed>
CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22
does not p ...)
@@ -8405,6 +8433,7 @@ CVE-2023-1668 (A flaw was found in openvswitch (OVS).
When processing an IP pack
NOTE:
https://github.com/openvswitch/ovs/commit/f36509fd64e339ffd33593451099be6baa12ffe6
(v2.15.8)
CVE-2023-1667 [Potential NULL dereference during rekeying with algorithm
guessing]
RESERVED
+ {DSA-5409-1}
- libssh 0.10.5-1 (bug #1035832)
NOTE: https://www.libssh.org/security/advisories/CVE-2023-1667.txt
NOTE:
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=a30339d7b16da7784413e4a4667feb3604ed0458
(libssh-0.10.5)
@@ -9522,8 +9551,8 @@ CVE-2023-1510
RESERVED
CVE-2023-1509 (The GMAce plugin for WordPress is vulnerable to Cross-Site
Request For ...)
NOT-FOR-US: GMAce plugin for WordPress
-CVE-2023-1508
- RESERVED
+CVE-2023-1508 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-1507 (A vulnerability has been found in SourceCodester E-Commerce
System 1.0 ...)
NOT-FOR-US: SourceCodester E-Commerce System
CVE-2023-1506 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -12254,8 +12283,8 @@ CVE-2023-1211 (SQL Injection in GitHub repository
phpipam/phpipam prior to v1.5.
- phpipam <itp> (bug #731713)
CVE-2023-1210
RESERVED
-CVE-2023-1209
- RESERVED
+CVE-2023-1209 (Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow
records ...)
+ TODO: check
CVE-2023-1208
RESERVED
CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import
functio ...)
@@ -17196,14 +17225,14 @@ CVE-2023-26016 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26015
RESERVED
-CVE-2023-26014
- RESERVED
+CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel
Minify HT ...)
+ TODO: check
CVE-2023-26013
RESERVED
CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Denz ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26011
- RESERVED
+CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel
Read More ...)
+ TODO: check
CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPMo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26009
@@ -18167,8 +18196,8 @@ CVE-2023-25709 (Cross-Site Request Forgery (CSRF)
vulnerability in Plainware Loc
NOT-FOR-US: WordPress plugin
CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP
VR \u20 ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25707
- RESERVED
+CVE-2023-25707 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L.
VikBooki ...)
+ TODO: check
CVE-2023-25706
RESERVED
CVE-2023-25705 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Go P ...)
@@ -19079,8 +19108,8 @@ CVE-2023-25483
RESERVED
CVE-2023-25482
RESERVED
-CVE-2023-25481
- RESERVED
+CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove
Podlove Sub ...)
+ TODO: check
CVE-2023-25480
RESERVED
CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Podl ...)
@@ -19093,12 +19122,12 @@ CVE-2023-25476
RESERVED
CVE-2023-25475
RESERVED
-CVE-2023-25474
- RESERVED
+CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi
About M ...)
+ TODO: check
CVE-2023-25473
RESERVED
-CVE-2023-25472
- RESERVED
+CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove
Podlove Pod ...)
+ TODO: check
CVE-2023-25471
RESERVED
CVE-2023-25470
@@ -20074,8 +20103,8 @@ CVE-2023-25058
RESERVED
CVE-2023-25057
RESERVED
-CVE-2023-25056
- RESERVED
+CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix
Feed The ...)
+ TODO: check
CVE-2023-25055
RESERVED
CVE-2023-25054
@@ -23998,8 +24027,8 @@ CVE-2023-23726
RESERVED
CVE-2023-23725
RESERVED
-CVE-2023-23724
- RESERVED
+CVE-2023-23724 (Cross-Site Request Forgery (CSRF) vulnerability in Winwar
Media WP Ema ...)
+ TODO: check
CVE-2023-23723 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Winw ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Winw ...)
@@ -24020,8 +24049,8 @@ CVE-2023-23715
RESERVED
CVE-2023-23714
RESERVED
-CVE-2023-23713
- RESERVED
+CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj
Thulasidas Th ...)
+ TODO: check
CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta
Manager p ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting
A2 Optim ...)
@@ -24034,10 +24063,10 @@ CVE-2023-23708 (Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23706
- RESERVED
-CVE-2023-23705
- RESERVED
+CVE-2023-23706 (Cross-Site Request Forgery (CSRF) vulnerability in miniOrange
WordPres ...)
+ TODO: check
+CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin
WordPress ...)
+ TODO: check
CVE-2023-23704
RESERVED
CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -25339,24 +25368,24 @@ CVE-2023-23308
RESERVED
CVE-2023-23307
RESERVED
-CVE-2023-23306
- RESERVED
-CVE-2023-23305
- RESERVED
-CVE-2023-23304
- RESERVED
-CVE-2023-23303
- RESERVED
-CVE-2023-23302
- RESERVED
-CVE-2023-23301
- RESERVED
-CVE-2023-23300
- RESERVED
-CVE-2023-23299
- RESERVED
-CVE-2023-23298
- RESERVED
+CVE-2023-23306 (The `Toybox.Ant.BurstPayload.add` API method in CIQ API
version 2.2.0 ...)
+ TODO: check
+CVE-2023-23305 (The GarminOS TVM component in CIQ API version 1.0.0 through
4.1.7 is v ...)
+ TODO: check
+CVE-2023-23304 (The GarminOS TVM component in CIQ API version 2.1.0 through
4.1.7 allo ...)
+ TODO: check
+CVE-2023-23303 (The `Toybox.Ant.GenericChannel.enableEncryption` API method in
CIQ API ...)
+ TODO: check
+CVE-2023-23302 (The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ
API vers ...)
+ TODO: check
+CVE-2023-23301 (The `news` MonkeyC operation code in CIQ API version 1.0.0
through 4.1 ...)
+ TODO: check
+CVE-2023-23300 (The `Toybox.Cryptography.Cipher.initialize` API method in CIQ
API vers ...)
+ TODO: check
+CVE-2023-23299 (The permission system implemented and enforced by the GarminOS
TVM com ...)
+ TODO: check
+CVE-2023-23298 (The `Toybox.Graphics.BufferedBitmap.initialize` API method in
CIQ API ...)
+ TODO: check
CVE-2023-23297
RESERVED
CVE-2023-23296 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series
1.6.0 are vu ...)
@@ -34190,12 +34219,12 @@ CVE-2022-46855 (Auth. (contributor+) Stored
Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes
Launchp ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46853
- RESERVED
+CVE-2022-46853 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme
The Pos ...)
+ TODO: check
CVE-2022-46852 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP T ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46851
- RESERVED
+CVE-2022-46851 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm
Force St ...)
+ TODO: check
CVE-2022-46850
RESERVED
CVE-2022-46849
@@ -34333,8 +34362,8 @@ CVE-2022-46815 (Cross-Site Request Forgery (CSRF)
vulnerability inLauri Karisola
NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for
WooCommerce plugin
CVE-2022-46814
RESERVED
-CVE-2022-46813
- RESERVED
+CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR.
Advance ...)
+ TODO: check
CVE-2022-46812
RESERVED
CVE-2022-46811
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c57a9b3fe75b19d42789b1605d3dcb6ca378989
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c57a9b3fe75b19d42789b1605d3dcb6ca378989
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
