[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 07 Jun 2023 01:12:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
40215bdc by security tracker role at 2023-06-07T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,209 @@
+CVE-2023-3126 (The B2BKing plugin for WordPress is vulnerable to unauthorized 
access  ...)
+       TODO: check
+CVE-2023-3125 (The B2BKing plugin for WordPress is vulnerable to unauthorized 
modific ...)
+       TODO: check
+CVE-2023-3124 (The Elementor Pro plugin for WordPress is vulnerable to 
unauthorized d ...)
+       TODO: check
+CVE-2023-33782 (D-Link DIR-842V2 v1.0.3 was discovered to contain a command 
injection  ...)
+       TODO: check
+CVE-2023-33781 (An issue in D-Link DIR-842V2 v1.0.3 allows attackers to 
execute arbitr ...)
+       TODO: check
+CVE-2023-33604 (Imperial CMS v7.5 was discovered to contain an arbitrary file 
deletion ...)
+       TODO: check
+CVE-2023-33601 (An arbitrary file upload vulnerability in /admin.php?c=upload 
of phpok ...)
+       TODO: check
+CVE-2023-33538 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 
was dis ...)
+       TODO: check
+CVE-2023-33537 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 
was dis ...)
+       TODO: check
+CVE-2023-33536 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 
was dis ...)
+       TODO: check
+CVE-2023-2541 (The Web Frontend of KNIME Business Hub before 1.4.0 allows an 
unauthen ...)
+       TODO: check
+CVE-2022-4950 (Several WordPress plugins developed by Cool Plugins are 
vulnerable to  ...)
+       TODO: check
+CVE-2022-4949 (The AdSanity plugin for WordPress is vulnerable to arbitrary 
file uplo ...)
+       TODO: check
+CVE-2022-4948 (The FlyingPress plugin for WordPress is vulnerable to 
authorization by ...)
+       TODO: check
+CVE-2021-4383 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable 
to pag ...)
+       TODO: check
+CVE-2021-4382 (The Recently plugin for WordPress is vulnerable to arbitrary 
file uplo ...)
+       TODO: check
+CVE-2021-4381 (The uListing plugin for WordPress is vulnerable to 
authorization bypas ...)
+       TODO: check
+CVE-2021-4378 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable 
to Sto ...)
+       TODO: check
+CVE-2021-4377 (The Doneren met Mollie plugin for WordPress is vulnerable to 
Sensitive ...)
+       TODO: check
+CVE-2021-4376 (The WooCommerce Multi Currency plugin for WordPress is 
vulnerable to M ...)
+       TODO: check
+CVE-2021-4375 (The Welcart e-Commerce plugin for WordPress is vulnerable to 
authoriza ...)
+       TODO: check
+CVE-2021-4374 (The WordPress Automatic Plugin for WordPress is vulnerable to 
arbitrar ...)
+       TODO: check
+CVE-2021-4373 (The Better Search plugin for WordPress is vulnerable to 
Cross-Site Req ...)
+       TODO: check
+CVE-2021-4372 (The WooCommerce Dynamic Pricing and Discounts plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2021-4371 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable 
to Set ...)
+       TODO: check
+CVE-2021-4370 (The uListing plugin for WordPress is vulnerable to 
authorization bypas ...)
+       TODO: check
+CVE-2021-4369 (The Frontend File Manager plugin for WordPress is vulnerable to 
Unauth ...)
+       TODO: check
+CVE-2021-4368 (The Frontend File Manager plugin for WordPress is vulnerable to 
Authen ...)
+       TODO: check
+CVE-2021-4367 (The Flo Forms \u2013 Easy Drag & Drop Form Builder plugin for 
WordPres ...)
+       TODO: check
+CVE-2021-4366 (The PWA for WP & AMP plugin for WordPress is vulnerable to 
authorizati ...)
+       TODO: check
+CVE-2021-4365 (The Frontend File Manager plugin for WordPress is vulnerable to 
Unauth ...)
+       TODO: check
+CVE-2021-4364 (The JobSearch WP Job Board plugin for WordPress is vulnerable 
to autho ...)
+       TODO: check
+CVE-2021-4363 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable 
to Ref ...)
+       TODO: check
+CVE-2021-4362 (The Kiwi Social Share plugin for WordPress is vulnerable to 
authorizat ...)
+       TODO: check
+CVE-2021-4361 (The JobSearch WP Job Board plugin for WordPress is vulnerable 
to autho ...)
+       TODO: check
+CVE-2021-4360 (The Controlled Admin Access plugin for WordPress is vulnerable 
to Priv ...)
+       TODO: check
+CVE-2021-4359 (The Frontend File Manager plugin for WordPress is vulnerable to 
Unauth ...)
+       TODO: check
+CVE-2021-4358 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to 
Stored ...)
+       TODO: check
+CVE-2021-4357 (The uListing plugin for WordPress is vulnerable to 
authorization bypas ...)
+       TODO: check
+CVE-2021-4356 (The Frontend File Manager plugin for WordPress is vulnerable to 
Unauth ...)
+       TODO: check
+CVE-2021-4355 (The Welcart e-Commerce plugin for WordPress is vulnerable to 
authoriza ...)
+       TODO: check
+CVE-2021-4354 (The PWA for WP & AMP for WordPress is vulnerable to arbitrary 
file upl ...)
+       TODO: check
+CVE-2021-4352 (The JobSearch WP Job Board plugin for WordPress is vulnerable 
to autho ...)
+       TODO: check
+CVE-2021-4351 (The Frontend File Manager plugin for WordPress is vulnerable to 
Unauth ...)
+       TODO: check
+CVE-2021-4350 (The Frontend File Manager plugin for WordPress is vulnerable to 
Unauth ...)
+       TODO: check
+CVE-2021-4349 (The Process Steps Template Designer plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2021-4348 (The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to 
unauthe ...)
+       TODO: check
+CVE-2021-4347 (The function update_shipment_status_email_status_fun in the 
plugin Adv ...)
+       TODO: check
+CVE-2021-4346 (The uListing plugin for WordPress is vulnerable to 
Unauthenticated Arb ...)
+       TODO: check
+CVE-2021-4345 (The uListing plugin for WordPress is vulnerable to 
authorization bypas ...)
+       TODO: check
+CVE-2021-4344 (The Frontend File Manager plugin for WordPress is vulnerable to 
Privil ...)
+       TODO: check
+CVE-2021-4343 (The Unauthenticated Account Creation plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2021-4342 (Over 70 plugins and themes were vulnerable to Cross-Site 
Request Forge ...)
+       TODO: check
+CVE-2021-4341 (The uListing plugin for WordPress is vulnerable to 
authorization bypas ...)
+       TODO: check
+CVE-2021-4340 (The uListing plugin for WordPress is vulnerable to generic SQL 
Injecti ...)
+       TODO: check
+CVE-2021-4339 (The uListing plugin for WordPress is vulnerable to 
authorization bypas ...)
+       TODO: check
+CVE-2021-4338 (The 404 to 301 plugin for WordPress is vulnerable to 
authorization byp ...)
+       TODO: check
+CVE-2020-36731 (The Flexible Checkout Fields for WooCommerce  plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2020-36730 (The CMP for WordPress is vulnerable to authorization bypass 
due to a m ...)
+       TODO: check
+CVE-2020-36729 (The 2J-SlideShow Plugin for WordPress is vulnerable to 
authorization b ...)
+       TODO: check
+CVE-2020-36727 (The Newsletter Manager plugin for WordPress is vulnerable to 
insecure  ...)
+       TODO: check
+CVE-2020-36726 (The Ultimate Reviews plugin for WordPress is vulnerable to PHP 
Object  ...)
+       TODO: check
+CVE-2020-36725 (The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro 
plugins fo ...)
+       TODO: check
+CVE-2020-36724 (The Wordable plugin for WordPress is vulnerable to 
authentication bypa ...)
+       TODO: check
+CVE-2020-36723 (The ListingPro - WordPress Directory & Listing Theme for 
WordPress is  ...)
+       TODO: check
+CVE-2020-36722 (The Visual Composer plugin for WordPress is vulnerable to 
Cross-Site S ...)
+       TODO: check
+CVE-2020-36721 (The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X 
<= 1.3.1  ...)
+       TODO: check
+CVE-2020-36720 (The Kali Forms plugin for WordPress is vulnerable to 
Authenticated Opt ...)
+       TODO: check
+CVE-2020-36719 (The ListingPro - WordPress Directory & Listing Theme for 
WordPress is  ...)
+       TODO: check
+CVE-2020-36718 (The GDPR CCPA Compliance Support plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2020-36717 (The Kali Forms plugin for WordPress is vulnerable to 
Cross-Site Reques ...)
+       TODO: check
+CVE-2020-36716 (The WP Activity Log plugin for WordPress is vulnerable to 
authorizatio ...)
+       TODO: check
+CVE-2020-36715 (The Login/Signup Popup plugin for WordPress is vulnerable to 
authoriza ...)
+       TODO: check
+CVE-2020-36713 (The MStore API plugin for WordPress is vulnerable to 
authentication by ...)
+       TODO: check
+CVE-2020-36712 (The Kali Forms plugin for WordPress is vulnerable to 
Unauthenticated A ...)
+       TODO: check
+CVE-2020-36711 (The Avada theme for WordPress is vulnerable to Stored 
Cross-Site Scrip ...)
+       TODO: check
+CVE-2020-36710 (The WPS Hide Login plugin for WordPress is vulnerable to login 
page di ...)
+       TODO: check
+CVE-2020-36709 (The Page Builder: KingComposer plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2020-36708 (The following themes for WordPress are vulnerable to Function 
Injectio ...)
+       TODO: check
+CVE-2020-36707 (The Coming Soon & Maintenance Mode Page plugin for WordPress 
is vulner ...)
+       TODO: check
+CVE-2020-36704 (The Fruitful Theme for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
+       TODO: check
+CVE-2020-36703 (The Elementor Website Builder plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2020-36702 (The Ultimate Addons for Gutenberg plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2020-36701 (The Page Builder: KingComposer plugin for WordPress is 
vulnerable to A ...)
+       TODO: check
+CVE-2020-36700 (The Page Builder: KingComposer plugin for WordPress is 
vulnerable to a ...)
+       TODO: check
+CVE-2020-36699 (The Quick Page/Post Redirect Plugin for WordPress is 
vulnerable to aut ...)
+       TODO: check
+CVE-2020-36697 (The WP GDPR plugin for WordPress is vulnerable to 
authorization bypass ...)
+       TODO: check
+CVE-2020-36696 (The Product Input Fields for WooCommerce plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2019-25151 (The Funnel Builder plugin for WordPress is vulnerable to 
authorization ...)
+       TODO: check
+CVE-2019-25150 (The Email Templates plugin for WordPress is vulnerable to HTML 
Injecti ...)
+       TODO: check
+CVE-2019-25149 (The Gallery Images Ape plugin for WordPress is vulnerable to 
Arbitrary ...)
+       TODO: check
+CVE-2019-25148 (The WP HTML Mail plugin for WordPress is vulnerable to HTML 
injection  ...)
+       TODO: check
+CVE-2019-25147 (The Pretty Links plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2019-25146 (The DELUCKS SEO plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2019-25145 (The Contact Form & SMTP Plugin by PirateForms plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2019-25144 (The WP HTML Mail plugin for WordPress is vulnerable to HTML 
injection  ...)
+       TODO: check
+CVE-2019-25143 (The GDPR Cookie Compliance plugin for WordPress is vulnerable 
to autho ...)
+       TODO: check
+CVE-2019-25142 (The Mesmerize & Materialis themes for WordPress are vulnerable 
to auth ...)
+       TODO: check
+CVE-2019-25141 (The Easy WP SMTP plugin for WordPress is vulnerable to 
authorization b ...)
+       TODO: check
+CVE-2019-25140 (The WordPress Coming Soon Page & Maintenance Mode plugin for 
WordPress ...)
+       TODO: check
+CVE-2019-25139 (The Coming Soon Page & Maintenance Mode plugin for WordPress 
is vulner ...)
+       TODO: check
+CVE-2019-25138 (The User Submitted Posts plugin for WordPress is vulnerable to 
arbitra ...)
+       TODO: check
+CVE-2016-15033 (The Delete All Comments plugin for WordPress is vulnerable to 
arbitrar ...)
+       TODO: check
 CVE-2023-3123
        REJECTED
 CVE-2023-3121 (A vulnerability has been found in Dahua Smart Parking 
Management up to ...)
@@ -1506,6 +1712,7 @@ CVE-2023-2587 (Teltonika\u2019s Remote Management System 
versions prior to 4.10.
 CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is 
vulnerabl ...)
        NOT-FOR-US: Teltonika
 CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is 
vulnerable to de ...)
+       {DSA-5419-1}
        [experimental] - c-ares 1.19.1-1
        - c-ares 1.18.1-3
        NOTE: 
https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
@@ -3461,6 +3668,7 @@ CVE-2023-31132
 CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse 
based on Po ...)
        NOT-FOR-US: Greenplum Database
 CVE-2023-31130 (c-ares is an asynchronous resolver library. 
ares_inet_net_pton() is vu ...)
+       {DSA-5419-1}
        [experimental] - c-ares 1.19.1-1
        - c-ares 1.18.1-3
        NOTE: 
https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
@@ -4250,10 +4458,10 @@ CVE-2023-30863 (In Connectivity Service, there is a 
possible missing permission
        TODO: check
 CVE-2023-30862
        RESERVED
-CVE-2023-2187
-       RESERVED
-CVE-2023-2186
-       RESERVED
+CVE-2023-2187 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, 
an una ...)
+       TODO: check
+CVE-2023-2186 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, 
an una ...)
+       TODO: check
 CVE-2023-2185
        REJECTED
 CVE-2023-2184
@@ -5147,10 +5355,10 @@ CVE-2023-30578
        RESERVED
 CVE-2023-30577
        RESERVED
-CVE-2023-30576
-       RESERVED
-CVE-2023-30575
-       RESERVED
+CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to 
reference a free ...)
+       TODO: check
+CVE-2023-30575 (Apache Guacamole 1.5.1 and older may incorrectly calculate the 
lengths ...)
+       TODO: check
 CVE-2023-30574
        RESERVED
 CVE-2023-30573
@@ -5940,8 +6148,8 @@ CVE-2023-30402 (YASM v1.3.0 was discovered to contain a 
heap overflow via the fu
        NOTE: Crash in CLI tool, no security impact
 CVE-2023-30401
        RESERVED
-CVE-2023-30400
-       RESERVED
+CVE-2023-30400 (An issue was discovered in Anyka Microelectronics AK3918EV300 
MCU v18. ...)
+       TODO: check
 CVE-2023-30399 (Insecure permissions in the settings page of GARO Wallbox 
GLB/GTB/GTC  ...)
        NOT-FOR-US: GARO Wallbox GLB/GTB/GTC
 CVE-2023-30398
@@ -6182,7 +6390,7 @@ CVE-2023-30283
        RESERVED
 CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to 
Incorrect Acces ...)
        NOT-FOR-US: PrestaShop scexportcustomers
-CVE-2023-30281 (Insecure permissions in the ps_customer table of Prestashop 
scquickacc ...)
+CVE-2023-30281 (Insecure permissions vulnerability was discovered, due to a 
lack of pe ...)
        NOT-FOR-US: Prestashop
 CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 
v.1.0.2.26, R6700 ...)
        NOT-FOR-US: Netgear
@@ -10518,7 +10726,7 @@ CVE-2023-28758 (An issue was discovered in Veritas 
NetBackup before 8.3.0.2. BPC
 CVE-2023-28757
        RESERVED
 CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 
0.2.1 in Ru ...)
-       {DLA-3408-1}
+       {DLA-3447-1 DLA-3408-1}
        - ruby3.1 <unfixed>
        - ruby2.7 <removed>
        - ruby2.5 <removed>
@@ -10529,7 +10737,7 @@ CVE-2023-28756 (A ReDoS issue was discovered in the 
Time component through 0.2.1
        NOTE: Fixed by: 
https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 
(v0.2.2)
        NOTE: 
https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
 CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 
0.12.0 in Ru ...)
-       {DLA-3408-1}
+       {DLA-3447-1 DLA-3408-1}
        - rubygems <unfixed>
        - ruby3.1 <unfixed>
        - ruby2.7 <removed>
@@ -12117,8 +12325,8 @@ CVE-2023-1390 (A remote denial of service vulnerability 
was found in the Linux k
        NOTE: 
https://git.kernel.org/linus/b77413446408fdd256599daf00d5be72b5f3e7c6 (5.11-rc4)
 CVE-2023-1389 (TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 
Build 2023 ...)
        NOT-FOR-US: TP-Link
-CVE-2023-1388
-       RESERVED
+CVE-2023-1388 (A heap-based overflow vulnerability in TA prior to version 
5.7.9 allow ...)
+       TODO: check
 CVE-2023-1387 (Grafana is an open-source platform for monitoring and 
observability.   ...)
        - grafana <removed>
 CVE-2023-1386
@@ -17791,8 +17999,8 @@ CVE-2023-0978 (A command injection vulnerability in 
Trellix Intelligent Sandbox
        NOT-FOR-US: Trellix
 CVE-2023-0977 (A heap-based overflow vulnerability in Trellix Agent (Windows 
and Linu ...)
        NOT-FOR-US: Trellix
-CVE-2023-0976
-       RESERVED
+CVE-2023-0976 (A heap-based overflow vulnerability in TA prior to version 
5.7.9 allow ...)
+       TODO: check
 CVE-2023-0975 (A vulnerability exists in Trellix Agent for Windows version 
5.7.8 and  ...)
        NOT-FOR-US: Trellix
 CVE-2023-0974
@@ -21323,8 +21531,7 @@ CVE-2023-0670 (Ulearn version 
a5a7ca20de859051ea0470542844980a66dfc05d allows an
        NOT-FOR-US: ULearn
 CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a 
pre-authe ...)
        NOT-FOR-US: Fortra GoAnywhere MFT
-CVE-2023-0668
-       RESERVED
+CVE-2023-0668 (Due to failure in validating the length provided by an 
attacker-crafte ...)
        [experimental] - wireshark 4.0.6-1~exp1
        - wireshark <unfixed>
        [bookworm] - wireshark <no-dsa> (Minor issue)
@@ -21333,10 +21540,9 @@ CVE-2023-0668
        NOTE: https://www.wireshark.org/security/wnpa-sec-2023-19.html
        NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19087
        NOTE: Introduced by: 
https://gitlab.com/wireshark/wireshark/-/commit/254502d765d11f1d97b15bc1c3ff06d38e049ef2
 (v3.1.1)
-CVE-2023-0667
-       RESERVED
-CVE-2023-0666
-       RESERVED
+CVE-2023-0667 (Due to failure in validating the length provided by an 
attacker-crafte ...)
+       TODO: check
+CVE-2023-0666 (Due to failure in validating the length provided by an 
attacker-crafte ...)
        [experimental] - wireshark 4.0.6-1~exp1
        - wireshark <unfixed>
        [bookworm] - wireshark <no-dsa> (Minor issue)
@@ -98002,8 +98208,8 @@ CVE-2022-25836 (Bluetooth\xae Low Energy Pairing in 
Bluetooth Core Specification
        NOT-FOR-US: Bluetooth protocol issue
 CVE-2022-25835
        RESERVED
-CVE-2022-25834
-       RESERVED
+CVE-2022-25834 (In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 
8.0.27-19,  ...)
+       TODO: check
 CVE-2022-25833 (Improper authentication in ImsService prior to SMR Apr-2022 
Release 1  ...)
        NOT-FOR-US: Samsung
 CVE-2022-25832 (Improper authentication vulnerability in S Secure prior to SMR 
Apr-202 ...)
@@ -148789,8 +148995,8 @@ CVE-2021-33225
        RESERVED
 CVE-2021-33224 (File upload vulnerability in Umbraco Forms v.8.7.0 allows 
unauthentica ...)
        NOT-FOR-US: Umbraco Forms
-CVE-2021-33223
-       RESERVED
+CVE-2021-33223 (An issue discovered in SeedDMS 6.0.15 allows an attacker to 
escalate p ...)
+       TODO: check
 CVE-2021-33222
        RESERVED
 CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 
1.7.1.0 and ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40215bdc54d867e19cf2fde6f9ba4ea148445d50

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40215bdc54d867e19cf2fde6f9ba4ea148445d50
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to