Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80dfd9bf by security tracker role at 2023-06-05T20:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository
admidio/admid ...)
+ TODO: check
+CVE-2023-3066 (Incorrect Authorization vulnerability in Mobatime mobile
application A ...)
+ TODO: check
+CVE-2023-3065 (Improper Authentication vulnerability in Mobatime mobile
application A ...)
+ TODO: check
+CVE-2023-3064 (Anonymous user may get the list of existing users managed by
the appli ...)
+ TODO: check
+CVE-2023-34097 (hoppscotch is an open source API development ecosystem. In
versions pr ...)
+ TODO: check
+CVE-2023-33970 (Kanboard is open source project management software that
focuses on th ...)
+ TODO: check
+CVE-2023-33969 (Kanboard is open source project management software that
focuses on th ...)
+ TODO: check
+CVE-2023-33968 (Kanboard is open source project management software that
focuses on th ...)
+ TODO: check
+CVE-2023-33956 (Kanboard is open source project management software that
focuses on th ...)
+ TODO: check
+CVE-2023-33733 (Reportlab up to v3.6.12 allows attackers to execute arbitrary
code via ...)
+ TODO: check
+CVE-2023-33693 (A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to
v3.6.19.0823 al ...)
+ TODO: check
+CVE-2023-33690 (SonicJS up to v0.7.0 allows attackers to execute an
authenticated path ...)
+ TODO: check
+CVE-2023-33524 (Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory
Traversal ...)
+ TODO: check
+CVE-2023-33518 (emoncms v11 and later was discovered to contain an information
disclos ...)
+ TODO: check
+CVE-2023-33386 (MarsCTF 1.2.1 has an arbitrary file upload vulnerability in
the interf ...)
+ TODO: check
+CVE-2023-32766 (Gitpod before 2022.11.3 allows XSS because redirection can
occur for s ...)
+ TODO: check
+CVE-2023-31893 (Telefnica Brasil Vivo Play (IPTV) Firmware:
2023.04.04.01.06.15 is vul ...)
+ TODO: check
+CVE-2023-2634 (The Get your number WordPress plugin through 1.1.3 does not
sanitise a ...)
+ TODO: check
+CVE-2023-2572 (The Survey Maker WordPress plugin before 3.4.7 does not escape
some pa ...)
+ TODO: check
+CVE-2023-2571 (The Quiz Maker WordPress plugin before 6.4.2.7 does not escape
some pa ...)
+ TODO: check
+CVE-2023-2503 (The 10Web Social Post Feed WordPress plugin before 1.2.9 does
not sani ...)
+ TODO: check
+CVE-2023-2489 (The Stop Spammers Security | Block Spam Users, Comments, Forms
WordPre ...)
+ TODO: check
+CVE-2023-2488 (The Stop Spammers Security | Block Spam Users, Comments, Forms
WordPre ...)
+ TODO: check
+CVE-2023-2472 (The Newsletter, SMTP, Email marketing and Subscribe forms by
Sendinblu ...)
+ TODO: check
+CVE-2023-2337 (The ConvertKit WordPress plugin before 2.2.1 does not escape a
paramet ...)
+ TODO: check
+CVE-2022-4946 (The Frontend Post WordPress Plugin WordPress plugin through
2.8.4 does ...)
+ TODO: check
+CVE-2015-10115 (A vulnerability, which was classified as problematic, was
found in Woo ...)
+ TODO: check
+CVE-2015-10114 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2015-10113 (A vulnerability classified as problematic was found in
WooFramework Tw ...)
+ TODO: check
CVE-2023-3100 (A vulnerability, which was classified as critical, has been
found in I ...)
TODO: check
CVE-2023-3099 (A vulnerability classified as critical was found in KylinSoft
youker-a ...)
@@ -2516,7 +2574,7 @@ CVE-2023-32269 (An issue was discovered in the Linux
kernel before 6.1.11. In ne
CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary
files wi ...)
NOT-FOR-US: Ghost CMS
CVE-2023-32233 (In the Linux kernel through 6.3.1, a use-after-free in
Netfilter nf_ta ...)
- {DSA-5402-1}
+ {DSA-5402-1 DLA-3446-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/4
NOTE:
https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab (6.4-rc1)
@@ -2823,7 +2881,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0035: enumflags2: Adverserial
use of make_bitflags!
- rust-enumflags2 <not-affected> (Introduced in 0.7.0)
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0035.html
CVE-2023-31436 (qfq_change_class in net/sched/sch_qfq.c in the Linux kernel
before 6.2 ...)
- {DSA-5402-1}
+ {DSA-5402-1 DLA-3446-1}
- linux 6.1.27-1
[buster] - linux 4.19.282-1
NOTE:
https://git.kernel.org/linus/3037933448f60f9acb705997eae62013ecb81e0d (6.3)
@@ -3842,8 +3900,8 @@ CVE-2023-2226 (Due to insufficient validation in the PE
and OLE parsers in Rapid
NOT-FOR-US: Rapid7
CVE-2023-2225
RESERVED
-CVE-2023-2224
- RESERVED
+CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not
sanitise and e ...)
+ TODO: check
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2222
@@ -8307,8 +8365,8 @@ CVE-2023-29346
RESERVED
CVE-2023-29345
RESERVED
-CVE-2023-29344
- RESERVED
+CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29342
@@ -13004,8 +13062,8 @@ CVE-2023-27991 (The post-authentication command
injection vulnerability in the C
NOT-FOR-US: Zyxel
CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions
4.32 throu ...)
NOT-FOR-US: Zyxel
-CVE-2023-27989
- RESERVED
+CVE-2023-27989 (A buffer overflow vulnerability in the CGI program of the
Zyxel NR7101 ...)
+ TODO: check
CVE-2023-27988 (The post-authentication command injection vulnerability in the
Zyxel N ...)
NOT-FOR-US: Zyxel
CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by
Linkis ...)
@@ -18485,8 +18543,8 @@ CVE-2023-26031
RESERVED
CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: pixelfed
-CVE-2023-0900
- RESERVED
+CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does
not prop ...)
+ TODO: check
CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0898
@@ -22769,8 +22827,8 @@ CVE-2023-0547 (OCSP revocation status of recipient
certificates was not checked
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547
CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not
proper ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0545
- RESERVED
+CVE-2023-0545 (The Hostel WordPress plugin before 1.1.5.2 does not sanitise
and escap ...)
+ TODO: check
CVE-2023-0544 (The WP Login Box WordPress plugin through 2.0.2 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin
before 2.1.7 ...)
@@ -25118,7 +25176,7 @@ CVE-2023-0388 (The Random Text WordPress plugin through
0.3.0 does not properly
CVE-2023-0387
REJECTED
CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access
to the ...)
- {DSA-5402-1}
+ {DSA-5402-1 DLA-3446-1}
- linux 6.1.11-1
NOTE:
https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 (6.2-rc6)
CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to
Cross-Site Re ...)
@@ -27990,8 +28048,8 @@ CVE-2023-0154 (The GamiPress WordPress plugin before
1.0.9 does not validate and
NOT-FOR-US: WordPress plugin
CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0
does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0152
- RESERVED
+CVE-2023-0152 (The WP Multi Store Locator WordPress plugin through 2.4 does
not valid ...)
+ TODO: check
CVE-2023-0151 (The uTubeVideo Gallery WordPress plugin before 2.0.8 does not
validate ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0150 (The Cloak Front End Email WordPress plugin before 1.9.2 does
not valid ...)
@@ -38651,8 +38709,8 @@ CVE-2022-45855
RESERVED
CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX
firmware ve ...)
NOT-FOR-US: Zyxel
-CVE-2022-45853
- REJECTED
+CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8HP
firmwar ...)
+ TODO: check
CVE-2022-45852
RESERVED
CVE-2022-45851
@@ -85114,7 +85172,7 @@ CVE-2022-30132 (Windows Container Manager Service
Elevation of Privilege Vulnera
NOT-FOR-US: Microsoft
CVE-2022-30131 (Windows Container Isolation FS Filter Driver Elevation of
Privilege Vu ...)
NOT-FOR-US: Microsoft
-CVE-2022-30130 (.NET Framework Denial of Service Vulnerability.)
+CVE-2022-30130 (.NET Framework Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-30129 (Visual Studio Code Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80dfd9bf7cdc028706d5492c64298637ace807ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80dfd9bf7cdc028706d5492c64298637ace807ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
