Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 52089e14 by security tracker role at 2023-06-09T08:12:05+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,75 @@ +CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) + TODO: check +CVE-2023-3176 (A vulnerability, which was classified as critical, was found in Source ...) + TODO: check +CVE-2023-3173 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + TODO: check +CVE-2023-3172 (Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.) + TODO: check +CVE-2023-34364 (A buffer overflow was discovered in Progress DataDirect Connect for OD ...) + TODO: check +CVE-2023-34363 (An issue was discovered in Progress DataDirect Connect for ODBC before ...) + TODO: check +CVE-2023-34243 (TGstation is a toolset to manage production BYOND servers. In affected ...) + TODO: check +CVE-2023-34233 (The Snowflake Connector for Python provides an interface for developin ...) + TODO: check +CVE-2023-34232 (snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerab ...) + TODO: check +CVE-2023-34230 (snowflake-connector-net, the Snowflake Connector for .NET, is vulnerab ...) + TODO: check +CVE-2023-34112 (JavaCPP Presets is a project providing Java distributions of native C+ ...) + TODO: check +CVE-2023-32751 (Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the downl ...) + TODO: check +CVE-2023-2897 (The Brizy Page Builder plugin for WordPress is vulnerable to IP Addres ...) + TODO: check +CVE-2023-2896 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-2895 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-2894 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-2893 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-2892 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-2891 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2023-2767 (The WordPress File Upload and WordPress File Upload Pro plugins for Wo ...) + TODO: check +CVE-2023-2764 (The Draw Attention plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2023-2688 (The WordPress File Upload and WordPress File Upload Pro plugins for Wo ...) + TODO: check +CVE-2023-2607 (The Multiple Page Generator Plugin for WordPress is vulnerable to time ...) + TODO: check +CVE-2023-2604 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) + TODO: check +CVE-2023-2599 (The Active Directory Integration plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-2584 (The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2023-2558 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) + TODO: check +CVE-2023-2557 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) + TODO: check +CVE-2023-2556 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) + TODO: check +CVE-2023-2555 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) + TODO: check +CVE-2023-2526 (The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2023-2484 (The Active Directory Integration plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-2452 (The Advanced Woo Search plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-2450 (The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is v ...) + TODO: check +CVE-2023-2414 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + TODO: check +CVE-2023-2402 (The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPre ...) + TODO: check CVE-2023-3164 - tiff <unfixed> (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/issues/542 @@ -3588,8 +3660,8 @@ CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository builderio/ NOT-FOR-US: builderio/qwik CVE-2023-2306 RESERVED -CVE-2023-2305 - RESERVED +CVE-2023-2305 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) NOT-FOR-US: Favorites plugin for WordPress CVE-2023-2303 (The Contact Form and Calls To Action by vcita plugin for WordPress is ...) @@ -3646,8 +3718,8 @@ CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in ManageEng NOT-FOR-US: Zoho CVE-2023-2290 RESERVED -CVE-2023-2289 - RESERVED +CVE-2023-2289 (The wordpress vertical image slider plugin for WordPress is vulnerable ...) + TODO: check CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...) NOT-FOR-US: WordPress plugin CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...) @@ -3702,8 +3774,8 @@ CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions NOT-FOR-US: Devolutions CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...) - mattermost-server <itp> (bug #823556) -CVE-2023-2280 - RESERVED +CVE-2023-2280 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...) + TODO: check CVE-2023-2279 RESERVED CVE-2023-2278 @@ -3712,8 +3784,8 @@ CVE-2023-2277 RESERVED CVE-2023-2276 (The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Mar ...) NOT-FOR-US: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress -CVE-2023-2275 - RESERVED +CVE-2023-2275 (The WooCommerce Multivendor Marketplace \u2013 REST API plugin for Wor ...) + TODO: check CVE-2023-2274 RESERVED CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer fr ...) @@ -3996,8 +4068,8 @@ CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0. NOTE: Fixed by: https://www.github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba (v2.2.2) CVE-2023-2250 (A flaw was found in the Open Cluster Management (OCM) when a user have ...) NOT-FOR-US: Open Cluster Management (OCM) -CVE-2023-2249 - RESERVED +CVE-2023-2249 (The wpForo Forum plugin for WordPress is vulnerable to Local File Incl ...) + TODO: check CVE-2023-2248 REJECTED CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module in ...) @@ -4429,8 +4501,8 @@ CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor NOT-FOR-US: microweber CVE-2023-2238 RESERVED -CVE-2023-2237 - RESERVED +CVE-2023-2237 (The WP Replicate Post plugin for WordPress is vulnerable to SQL Inject ...) + TODO: check CVE-2023-2236 (A use-after-free vulnerability in the Linux Kernel io_uring subsystem ...) - linux 6.0.12-1 [bullseye] - linux <not-affected> (Vulnerable code not present) @@ -4569,8 +4641,8 @@ CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracas NOT-FOR-US: azuracast CVE-2023-2190 RESERVED -CVE-2023-2189 - RESERVED +CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) + TODO: check CVE-2023-2188 RESERVED CVE-2023-30896 @@ -4649,8 +4721,8 @@ CVE-2023-2186 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, a NOT-FOR-US: Triangle MicroWorks' SCADA Data Gateway CVE-2023-2185 REJECTED -CVE-2023-2184 - RESERVED +CVE-2023-2184 (The WP Responsive Tabs horizontal vertical and accordion Tabs plugin f ...) + TODO: check CVE-2023-2183 (Grafana is an open-source platform for monitoring and observability. ...) - grafana <removed> CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...) @@ -4864,8 +4936,8 @@ CVE-2023-2161 (A CWE-611: Improper Restriction of XML External Entity Reference NOT-FOR-US: Schneider CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa prior ...) NOT-FOR-US: modoboa -CVE-2023-2159 - RESERVED +CVE-2023-2159 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulne ...) + TODO: check CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user impersonatio ...) NOT-FOR-US: Code Dx CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...) @@ -5131,16 +5203,16 @@ CVE-2023-2088 (A flaw was found in OpenStack due to an inconsistency between Cin - python-os-brick 4.1.0-3 (bug #1035932) NOTE: https://www.openwall.com/lists/oss-security/2023/05/10/5 NOTE: https://bugs.launchpad.net/nova/+bug/2004555 -CVE-2023-2087 - RESERVED -CVE-2023-2086 - RESERVED -CVE-2023-2085 - RESERVED -CVE-2023-2084 - RESERVED -CVE-2023-2083 - RESERVED +CVE-2023-2087 (The Essential Blocks plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2023-2086 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2023-2085 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2023-2084 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) + TODO: check CVE-2023-2082 RESERVED CVE-2023-2081 @@ -5598,10 +5670,10 @@ CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions sta - gitlab <unfixed> CVE-2023-2068 RESERVED -CVE-2023-2067 - RESERVED -CVE-2023-2066 - RESERVED +CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) + TODO: check +CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) + TODO: check CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in Armo ...) NOT-FOR-US: Armoli Technology Cargo Tracking System CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) @@ -5672,8 +5744,8 @@ CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121 all [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2032 RESERVED -CVE-2023-2031 - RESERVED +CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Sto ...) + TODO: check CVE-2023-2030 RESERVED CVE-2023-2029 @@ -6128,8 +6200,8 @@ CVE-2023-1980 (Two factor authentication bypass on login in Devolutions Remot NOT-FOR-US: Devolutions CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built-in f ...) NOT-FOR-US: WordPress plugin -CVE-2023-1978 - RESERVED +CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for WordPress is ...) + TODO: check CVE-2023-1977 RESERVED CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository answerdev/ans ...) @@ -8497,8 +8569,8 @@ CVE-2023-1919 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross- NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2023-1918 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress -CVE-2023-1917 - RESERVED +CVE-2023-1917 (The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check CVE-2022-48436 RESERVED CVE-2023-29464 @@ -8602,8 +8674,8 @@ CVE-2023-1912 (The Limit Login Attempts plugin for WordPress is vulnerable to St NOT-FOR-US: Limit Login Attempts plugin for WordPress CVE-2023-1911 (The Blocksy Companion WordPress plugin before 1.8.82 does not ensure t ...) NOT-FOR-US: WordPress plugin -CVE-2023-1910 - RESERVED +CVE-2023-1910 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) + TODO: check CVE-2023-1909 (A vulnerability, which was classified as critical, was found in PHPGur ...) NOT-FOR-US: PHPGurukul BP Monitoring Management System CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...) @@ -8678,8 +8750,7 @@ CVE-2023-29407 RESERVED CVE-2023-29406 RESERVED -CVE-2023-29405 [cmd/go: improper sanitization of LDFLAGS] - RESERVED +CVE-2023-29405 (The go command may execute arbitrary code at build time when using cgo ...) - golang-1.20 1.20.5-1 [experimental] - golang-1.19 1.19.10-1 - golang-1.19 <unfixed> @@ -8691,8 +8762,7 @@ CVE-2023-29405 [cmd/go: improper sanitization of LDFLAGS] NOTE: https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637 (go1.20.5) NOTE: https://github.com/golang/go/commit/44e0fb13e783a44463e95926a674fd580daa3a55 (go1.19.10) NOTE: https://github.com/golang/go/commit/3ba9c890b86dc8c3a54c98d32497b7a8012704f9 (go1.19.10) -CVE-2023-29404 [cmd/go: improper sanitization of LDFLAGS] - RESERVED +CVE-2023-29404 (The go command may execute arbitrary code at build time when using cgo ...) - golang-1.20 1.20.5-1 [experimental] - golang-1.19 1.19.10-1 - golang-1.19 <unfixed> @@ -8702,8 +8772,7 @@ CVE-2023-29404 [cmd/go: improper sanitization of LDFLAGS] NOTE: https://github.com/golang/go/issues/60305 NOTE: https://github.com/golang/go/commit/356a419e2f811b65d227abcea1a346f8dcb154e0 (go1.20.5) NOTE: https://github.com/golang/go/commit/bf3c8ce03e175e870763901a3850bca01381a828 (go1.19.10) -CVE-2023-29403 [runtime: unexpected behavior of setuid/setgid binaries] - RESERVED +CVE-2023-29403 (On Unix platforms, the Go runtime does not behave differently when a b ...) - golang-1.20 1.20.5-1 [experimental] - golang-1.19 1.19.10-1 - golang-1.19 <unfixed> @@ -8713,8 +8782,7 @@ CVE-2023-29403 [runtime: unexpected behavior of setuid/setgid binaries] NOTE: https://github.com/golang/go/issues/60272 NOTE: https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5) NOTE: https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10) -CVE-2023-29402 [cmd/go: cgo code injection] - RESERVED +CVE-2023-29402 (The go command may generate unexpected code at build time when using c ...) - golang-1.20 1.20.5-1 [experimental] - golang-1.19 1.19.10-1 - golang-1.19 <unfixed> @@ -8724,8 +8792,8 @@ CVE-2023-29402 [cmd/go: cgo code injection] NOTE: https://github.com/golang/go/issues/60167 NOTE: https://github.com/golang/go/commit/c0ed873cd8259f16d0da67eee783fda49f45ef61 (go1.20.5) NOTE: https://github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f (go.1.19.10) -CVE-2023-29401 - RESERVED +CVE-2023-29401 (The filename parameter of the Context.FileAttachment function is not p ...) + TODO: check CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "attr={ ...) - golang-1.20 1.20.4-1 [experimental] - golang-1.19 1.19.9-1 @@ -8756,8 +8824,8 @@ CVE-2023-1897 RESERVED CVE-2023-1896 RESERVED -CVE-2023-1895 - RESERVED +CVE-2023-1895 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) + TODO: check CVE-2023-1894 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...) - puppet <not-affected> (Limit to Puppet Server 7) - puppetserver 7.9.5-2 (bug #1035541) @@ -8808,10 +8876,10 @@ CVE-2023-1891 RESERVED CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape various ge ...) NOT-FOR-US: WordPress plugin -CVE-2023-1889 - RESERVED -CVE-2023-1888 - RESERVED +CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an Insecure Dire ...) + TODO: check +CVE-2023-1888 (The Directorist plugin for WordPress is vulnerable to an arbitrary use ...) + TODO: check CVE-2023-1887 (Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to ...) NOT-FOR-US: phpmyfaq CVE-2023-1886 (Authentication Bypass by Capture-replay in GitHub repository thorsten/ ...) @@ -9164,8 +9232,8 @@ CVE-2023-1845 (A vulnerability, which was classified as critical, was found in S NOT-FOR-US: SourceCodester Online Payroll System CVE-2023-1844 RESERVED -CVE-2023-1843 - RESERVED +CVE-2023-1843 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + TODO: check CVE-2023-1842 REJECTED CVE-2023-1841 @@ -9487,8 +9555,8 @@ CVE-2023-29171 (Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Ma NOT-FOR-US: WordPress plugin CVE-2023-29170 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin -CVE-2023-1807 - RESERVED +CVE-2023-1807 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) + TODO: check CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does not san ...) NOT-FOR-US: WordPress plugin CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...) @@ -10778,8 +10846,8 @@ CVE-2023-28809 RESERVED CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...) NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products -CVE-2023-1615 - RESERVED +CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnera ...) + TODO: check CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not saniti ...) NOT-FOR-US: WordPress plugin CVE-2023-28807 @@ -11955,8 +12023,8 @@ CVE-2023-1432 (A vulnerability was found in SourceCodester Online Food Ordering NOT-FOR-US: SourceCodester Online Food Ordering System CVE-2023-1431 (The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sens ...) NOT-FOR-US: WP Simple Shopping Cart plugin for WordPress -CVE-2023-1430 - RESERVED +CVE-2023-1430 (The FluentCRM - Marketing Automation For WordPress plugin for WordPre ...) + TODO: check CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore CVE-2023-1428 @@ -12206,7 +12274,7 @@ CVE-2023-28408 (Directory traversal vulnerability in MW WP Form versions v4.4.2 NOT-FOR-US: WordPress plugin CVE-2023-28394 (Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated ...) NOT-FOR-US: Beekeeper Studio -CVE-2023-28392 (Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B ...) +CVE-2023-28392 (Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 ...) NOT-FOR-US: AC-WAPU-300 CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) a ...) NOT-FOR-US: SR-7100V @@ -12524,10 +12592,10 @@ CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected: Apach NOT-FOR-US: Apache OpenMeetings CVE-2023-1405 RESERVED -CVE-2023-1404 - RESERVED -CVE-2023-1403 - RESERVED +CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cro ...) + TODO: check +CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Si ...) + TODO: check CVE-2023-1402 (The course participation report required additional checks to prevent ...) - moodle <removed> CVE-2023-1401 @@ -13068,8 +13136,8 @@ CVE-2023-1377 (The Solidres WordPress plugin through 0.9.4 does not sanitise and NOT-FOR-US: WordPress plugin CVE-2023-1376 RESERVED -CVE-2023-1375 - RESERVED +CVE-2023-1375 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) + TODO: check CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...) NOT-FOR-US: Solidres plugin for WordPress CVE-2023-1373 (The W4 Post List WordPress plugin before 2.4.6 does not escape some UR ...) @@ -15004,8 +15072,8 @@ CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to NOTE: https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 NOTE: https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c (v9.0.1376) NOTE: Crash in CLI tool, no security impact -CVE-2023-1169 - RESERVED +CVE-2023-1169 (The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable ...) + TODO: check CVE-2015-10089 (A vulnerability classified as problematic has been found in flame.js. ...) NOT-FOR-US: flame.js CVE-2023-1168 (An authenticated remote code execution vulnerability exists in the ...) @@ -17700,8 +17768,8 @@ CVE-2023-1017 (An out-of-bounds write vulnerability exists in TPM2.0's Module Li NOTE: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4 NOTE: https://kb.cert.org/vuls/id/782720 NOTE: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf -CVE-2023-1016 - RESERVED +CVE-2023-1016 (The Intuitive Custom Post Order plugin for WordPress is vulnerable to ...) + TODO: check CVE-2023-1015 REJECTED CVE-2023-1014 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) @@ -17881,10 +17949,10 @@ CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogie NOT-FOR-US: Bumsys CVE-2023-0994 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) NOT-FOR-US: RosarioSIS -CVE-2023-0993 - RESERVED -CVE-2023-0992 - RESERVED +CVE-2023-0993 (The Shield Security plugin for WordPress is vulnerable to Missing Auth ...) + TODO: check +CVE-2023-0992 (The Shield Security plugin for WordPress is vulnerable to stored Cross ...) + TODO: check CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via ...) - node-mermaid <unfixed> (bug #1032313) [bullseye] - node-mermaid <no-dsa> (Minor issue) @@ -19874,10 +19942,10 @@ CVE-2023-25181 RESERVED CVE-2023-0833 RESERVED -CVE-2023-0832 - RESERVED -CVE-2023-0831 - RESERVED +CVE-2023-0832 (The Under Construction plugin for WordPress is vulnerable to Cross-Sit ...) + TODO: check +CVE-2023-0831 (The Under Construction plugin for WordPress is vulnerable to Cross-Sit ...) + TODO: check CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS 1.1.0 ...) NOT-FOR-US: EasyNAS CVE-2023-0829 @@ -20821,8 +20889,8 @@ CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to St NOT-FOR-US: Interactive Geo Maps plugin for WordPress CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress -CVE-2023-0729 - RESERVED +CVE-2023-0729 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) @@ -20837,8 +20905,8 @@ CVE-2023-0723 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Si NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) NOT-FOR-US: Wicked Folders plugin for WordPress -CVE-2023-0721 - RESERVED +CVE-2023-0721 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + TODO: check CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) @@ -20859,12 +20927,12 @@ CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authoriz NOT-FOR-US: Wicked Folders plugin for WordPress CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) NOT-FOR-US: Wicked Folders plugin for WordPress -CVE-2023-0710 - RESERVED -CVE-2023-0709 - RESERVED -CVE-2023-0708 - RESERVED +CVE-2023-0710 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check +CVE-2023-0709 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check +CVE-2023-0708 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) NOT-FOR-US: SourceCodester CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...) @@ -21003,22 +21071,22 @@ CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allo {DSA-5345-1} - chromium 110.0.5481.77-1 [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-0695 - RESERVED -CVE-2023-0694 - RESERVED -CVE-2023-0693 - RESERVED -CVE-2023-0692 - RESERVED -CVE-2023-0691 - RESERVED +CVE-2023-0695 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check +CVE-2023-0694 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check +CVE-2023-0693 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check +CVE-2023-0692 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check +CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...) NOT-FOR-US: HashiCorp Boundary CVE-2023-0689 RESERVED -CVE-2023-0688 - RESERVED +CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + TODO: check CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...) NOT-FOR-US: XpressEngine CVE-2023-25498 @@ -23672,8 +23740,8 @@ CVE-2023-24536 (Multipart form parsing can consume large amounts of CPU and memo NOTE: https://go.dev/issue/59153 NOTE: https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3) NOTE: https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go1.19.8) -CVE-2023-24535 - RESERVED +CVE-2023-24535 (Parsing invalid messages can panic. Parsing a text-format message whic ...) + TODO: check CVE-2023-24534 (HTTP and MIME header parsing can allocate large amounts of memory, eve ...) - golang-1.20 1.20.3-1 [experimental] - golang-1.19 1.19.8-1 @@ -26577,10 +26645,10 @@ CVE-2023-23586 (Due to a vulnerability in the io_uring subsystem, it is possible NOTE: Unclear if this is just a duplicate of CVE-2023-0240. Track it NOTE: as different for now. The only CVE record references available NOTE: are identical, but with different description of the issue. -CVE-2023-0292 - RESERVED -CVE-2023-0291 - RESERVED +CVE-2023-0292 (The Quiz And Survey Master plugin for WordPress is vulnerable to Cross ...) + TODO: check +CVE-2023-0291 (The Quiz And Survey Master for WordPress is vulnerable to authorizatio ...) + TODO: check CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID parameter ...) NOT-FOR-US: Rapid7 CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...) @@ -59920,7 +59988,7 @@ CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. A CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...) NOT-FOR-US: tiny-csrf Nodejs module CVE-2022-39286 (Jupyter Core is a package for the core common functionality of Jupyter ...) - {DLA-3195-1} + {DSA-5422-1 DLA-3195-1} - jupyter-core 4.11.2-1 (bug #1023361) NOTE: https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp NOTE: https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 (4.11.2) @@ -66535,7 +66603,7 @@ CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/ [buster] - golang-github-gin-gonic-gin <postponed> (Limited support, minor issue) NOTE: https://github.com/gin-gonic/gin/pull/2237 NOTE: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d (v1.6.0) -CVE-2020-36566 (Due to improper path santization, archives containing relative file pa ...) +CVE-2020-36566 (Due to improper path sanitization, archives containing relative file p ...) NOT-FOR-US: Go whyrusleeping/tar-utils CVE-2020-36565 (Due to improper sanitization of user input on Windows, the static file ...) - golang-github-labstack-echo <not-affected> (Windows-specific) @@ -66552,7 +66620,7 @@ CVE-2019-25075 (HTML injection combined with path traversal in the Email service NOT-FOR-US: Gravitee API Management CVE-2019-25074 RESERVED -CVE-2019-25073 (Improper path santiziation in github.com/goadesign/goa before v3.0.9, ...) +CVE-2019-25073 (Improper path sanitization in github.com/goadesign/goa before v3.0.9, ...) NOT-FOR-US: github.com/goadesign/goa CVE-2016-15005 (CSRF tokens are generated using math/rand, which is not a cryptographi ...) NOT-FOR-US: github.com/dinever/golf @@ -66588,16 +66656,16 @@ CVE-2022-2573 RESERVED CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages can cau ...) NOT-FOR-US: shiyanhui/dht -CVE-2020-36561 (Due to improper path santization, archives containing relative file pa ...) +CVE-2020-36561 (Due to improper path sanitization, archives containing relative file p ...) NOT-FOR-US: github.com/yi-ge/unzip -CVE-2020-36560 (Due to improper path santization, archives containing relative file pa ...) +CVE-2020-36560 (Due to improper path sanitization, archives containing relative file p ...) NOT-FOR-US: github.com/artdarek/unzip -CVE-2020-36559 (Due to improper santization of user input, HTTPEngine.Handle allows fo ...) +CVE-2020-36559 (Due to improper sanitization of user input, HTTPEngine.Handle allows f ...) NOT-FOR-US: aah framework CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as a lac ...) - tendermint-go-common <removed> [buster] - tendermint-go-common <postponed> (Limited support, minor issue, DoS) -CVE-2018-25046 (Due to improper path santization, archives containing relative file pa ...) +CVE-2018-25046 (Due to improper path sanitization, archives containing relative file p ...) NOT-FOR-US: GO code.cloudfoundry.org/archiver CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, allowing th ...) - golang-github-gorilla-handlers 1.3.0-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52089e14f433f5b9d56b0e84582b5b824a1cdff6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52089e14f433f5b9d56b0e84582b5b824a1cdff6 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits