Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52089e14 by security tracker role at 2023-06-09T08:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found
Inform ...)
+ TODO: check
+CVE-2023-3176 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-3173 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
+ TODO: check
+CVE-2023-3172 (Path Traversal in GitHub repository froxlor/froxlor prior to
2.0.20.)
+ TODO: check
+CVE-2023-34364 (A buffer overflow was discovered in Progress DataDirect
Connect for OD ...)
+ TODO: check
+CVE-2023-34363 (An issue was discovered in Progress DataDirect Connect for
ODBC before ...)
+ TODO: check
+CVE-2023-34243 (TGstation is a toolset to manage production BYOND servers. In
affected ...)
+ TODO: check
+CVE-2023-34233 (The Snowflake Connector for Python provides an interface for
developin ...)
+ TODO: check
+CVE-2023-34232 (snowflake-connector-nodejs, a NodeJS driver for Snowflake, is
vulnerab ...)
+ TODO: check
+CVE-2023-34230 (snowflake-connector-net, the Snowflake Connector for .NET, is
vulnerab ...)
+ TODO: check
+CVE-2023-34112 (JavaCPP Presets is a project providing Java distributions of
native C+ ...)
+ TODO: check
+CVE-2023-32751 (Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements
the downl ...)
+ TODO: check
+CVE-2023-2897 (The Brizy Page Builder plugin for WordPress is vulnerable to IP
Addres ...)
+ TODO: check
+CVE-2023-2896 (The WP EasyCart plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2023-2895 (The WP EasyCart plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2023-2894 (The WP EasyCart plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2023-2893 (The WP EasyCart plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2023-2892 (The WP EasyCart plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2023-2891 (The WP EasyCart plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2023-2767 (The WordPress File Upload and WordPress File Upload Pro plugins
for Wo ...)
+ TODO: check
+CVE-2023-2764 (The Draw Attention plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2023-2688 (The WordPress File Upload and WordPress File Upload Pro plugins
for Wo ...)
+ TODO: check
+CVE-2023-2607 (The Multiple Page Generator Plugin for WordPress is vulnerable
to time ...)
+ TODO: check
+CVE-2023-2604 (The Team Circle Image Slider With Lightbox plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2023-2599 (The Active Directory Integration plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-2584 (The PixelYourSite plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2023-2558 (The WPCS \u2013 WordPress Currency Switcher Professional plugin
for Wo ...)
+ TODO: check
+CVE-2023-2557 (The WPCS \u2013 WordPress Currency Switcher Professional plugin
for Wo ...)
+ TODO: check
+CVE-2023-2556 (The WPCS \u2013 WordPress Currency Switcher Professional plugin
for Wo ...)
+ TODO: check
+CVE-2023-2555 (The WPCS \u2013 WordPress Currency Switcher Professional plugin
for Wo ...)
+ TODO: check
+CVE-2023-2526 (The Easy Google Maps plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2023-2484 (The Active Directory Integration plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-2452 (The Advanced Woo Search plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2023-2450 (The FiboSearch - AJAX Search for WooCommerce plugin for
WordPress is v ...)
+ TODO: check
+CVE-2023-2414 (The Online Booking & Scheduling Calendar for WordPress by vcita
plugin ...)
+ TODO: check
+CVE-2023-2402 (The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for
WordPre ...)
+ TODO: check
CVE-2023-3164
- tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/542
@@ -3588,8 +3660,8 @@ CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in
GitHub repository builderio/
NOT-FOR-US: builderio/qwik
CVE-2023-2306
RESERVED
-CVE-2023-2305
- RESERVED
+CVE-2023-2305 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: Favorites plugin for WordPress
CVE-2023-2303 (The Contact Form and Calls To Action by vcita plugin for
WordPress is ...)
@@ -3646,8 +3718,8 @@ CVE-2023-2291 (Static credentials exist in the PostgreSQL
data used in ManageEng
NOT-FOR-US: Zoho
CVE-2023-2290
RESERVED
-CVE-2023-2289
- RESERVED
+CVE-2023-2289 (The wordpress vertical image slider plugin for WordPress is
vulnerable ...)
+ TODO: check
CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some
user-co ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does
not li ...)
@@ -3702,8 +3774,8 @@ CVE-2023-2282 (Improper access control in the Web Login
listener in Devolutions
NOT-FOR-US: Devolutions
CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related
Websoc ...)
- mattermost-server <itp> (bug #823556)
-CVE-2023-2280
- RESERVED
+CVE-2023-2280 (The WP Directory Kit plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
CVE-2023-2279
RESERVED
CVE-2023-2278
@@ -3712,8 +3784,8 @@ CVE-2023-2277
RESERVED
CVE-2023-2276 (The WCFM Membership \u2013 WooCommerce Memberships for
Multivendor Mar ...)
NOT-FOR-US: WCFM Membership – WooCommerce Memberships for
Multivendor Marketplace plugin for WordPress
-CVE-2023-2275
- RESERVED
+CVE-2023-2275 (The WooCommerce Multivendor Marketplace \u2013 REST API plugin
for Wor ...)
+ TODO: check
CVE-2023-2274
RESERVED
CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below,
suffer fr ...)
@@ -3996,8 +4068,8 @@ CVE-2023-2251 (Uncaught Exception in GitHub repository
eemeli/yaml prior to 2.0.
NOTE: Fixed by:
https://www.github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba
(v2.2.2)
CVE-2023-2250 (A flaw was found in the Open Cluster Management (OCM) when a
user have ...)
NOT-FOR-US: Open Cluster Management (OCM)
-CVE-2023-2249
- RESERVED
+CVE-2023-2249 (The wpForo Forum plugin for WordPress is vulnerable to Local
File Incl ...)
+ TODO: check
CVE-2023-2248
REJECTED
CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth
Module in ...)
@@ -4429,8 +4501,8 @@ CVE-2023-2239 (Exposure of Private Personal Information
to an Unauthorized Actor
NOT-FOR-US: microweber
CVE-2023-2238
RESERVED
-CVE-2023-2237
- RESERVED
+CVE-2023-2237 (The WP Replicate Post plugin for WordPress is vulnerable to SQL
Inject ...)
+ TODO: check
CVE-2023-2236 (A use-after-free vulnerability in the Linux Kernel io_uring
subsystem ...)
- linux 6.0.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -4569,8 +4641,8 @@ CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in
GitHub repository azuracas
NOT-FOR-US: azuracast
CVE-2023-2190
RESERVED
-CVE-2023-2189
- RESERVED
+CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax
plugin for ...)
+ TODO: check
CVE-2023-2188
RESERVED
CVE-2023-30896
@@ -4649,8 +4721,8 @@ CVE-2023-2186 (On Triangle MicroWorks' SCADA Data Gateway
version <= v5.01.03, a
NOT-FOR-US: Triangle MicroWorks' SCADA Data Gateway
CVE-2023-2185
REJECTED
-CVE-2023-2184
- RESERVED
+CVE-2023-2184 (The WP Responsive Tabs horizontal vertical and accordion Tabs
plugin f ...)
+ TODO: check
CVE-2023-2183 (Grafana is an open-source platform for monitoring and
observability. ...)
- grafana <removed>
CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all
versions start ...)
@@ -4864,8 +4936,8 @@ CVE-2023-2161 (A CWE-611: Improper Restriction of XML
External Entity Reference
NOT-FOR-US: Schneider
CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa
prior ...)
NOT-FOR-US: modoboa
-CVE-2023-2159
- RESERVED
+CVE-2023-2159 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress
is vulne ...)
+ TODO: check
CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user
impersonatio ...)
NOT-FOR-US: Code Dx
CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the
ImageMagic ...)
@@ -5131,16 +5203,16 @@ CVE-2023-2088 (A flaw was found in OpenStack due to an
inconsistency between Cin
- python-os-brick 4.1.0-3 (bug #1035932)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/10/5
NOTE: https://bugs.launchpad.net/nova/+bug/2004555
-CVE-2023-2087
- RESERVED
-CVE-2023-2086
- RESERVED
-CVE-2023-2085
- RESERVED
-CVE-2023-2084
- RESERVED
-CVE-2023-2083
- RESERVED
+CVE-2023-2087 (The Essential Blocks plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2023-2086 (The Essential Blocks plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-2085 (The Essential Blocks plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-2084 (The Essential Blocks plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
CVE-2023-2082
RESERVED
CVE-2023-2081
@@ -5598,10 +5670,10 @@ CVE-2023-2069 (An issue has been discovered in GitLab
affecting all versions sta
- gitlab <unfixed>
CVE-2023-2068
RESERVED
-CVE-2023-2067
- RESERVED
-CVE-2023-2066
- RESERVED
+CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin
for Word ...)
+ TODO: check
+CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin
for Word ...)
+ TODO: check
CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability
in Armo ...)
NOT-FOR-US: Armoli Technology Cargo Tracking System
CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -5672,8 +5744,8 @@ CVE-2023-2033 (Type confusion in V8 in Google Chrome
prior to 112.0.5615.121 all
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2032
RESERVED
-CVE-2023-2031
- RESERVED
+CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable
to Sto ...)
+ TODO: check
CVE-2023-2030
RESERVED
CVE-2023-2029
@@ -6128,8 +6200,8 @@ CVE-2023-1980 (Two factor authentication bypass on
login in Devolutions Remot
NOT-FOR-US: Devolutions
CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress
built-in f ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1978
- RESERVED
+CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for
WordPress is ...)
+ TODO: check
CVE-2023-1977
RESERVED
CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository
answerdev/ans ...)
@@ -8497,8 +8569,8 @@ CVE-2023-1919 (The WP Fastest Cache plugin for WordPress
is vulnerable to Cross-
NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2023-1918 (The WP Fastest Cache plugin for WordPress is vulnerable to
Cross-Site ...)
NOT-FOR-US: WP Fastest Cache plugin for WordPress
-CVE-2023-1917
- RESERVED
+CVE-2023-1917 (The PowerPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
CVE-2022-48436
RESERVED
CVE-2023-29464
@@ -8602,8 +8674,8 @@ CVE-2023-1912 (The Limit Login Attempts plugin for
WordPress is vulnerable to St
NOT-FOR-US: Limit Login Attempts plugin for WordPress
CVE-2023-1911 (The Blocksy Companion WordPress plugin before 1.8.82 does not
ensure t ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1910
- RESERVED
+CVE-2023-1910 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is
vulnerable ...)
+ TODO: check
CVE-2023-1909 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
NOT-FOR-US: PHPGurukul BP Monitoring Management System
CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile
Comparison W ...)
@@ -8678,8 +8750,7 @@ CVE-2023-29407
RESERVED
CVE-2023-29406
RESERVED
-CVE-2023-29405 [cmd/go: improper sanitization of LDFLAGS]
- RESERVED
+CVE-2023-29405 (The go command may execute arbitrary code at build time when
using cgo ...)
- golang-1.20 1.20.5-1
[experimental] - golang-1.19 1.19.10-1
- golang-1.19 <unfixed>
@@ -8691,8 +8762,7 @@ CVE-2023-29405 [cmd/go: improper sanitization of LDFLAGS]
NOTE:
https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637
(go1.20.5)
NOTE:
https://github.com/golang/go/commit/44e0fb13e783a44463e95926a674fd580daa3a55
(go1.19.10)
NOTE:
https://github.com/golang/go/commit/3ba9c890b86dc8c3a54c98d32497b7a8012704f9
(go1.19.10)
-CVE-2023-29404 [cmd/go: improper sanitization of LDFLAGS]
- RESERVED
+CVE-2023-29404 (The go command may execute arbitrary code at build time when
using cgo ...)
- golang-1.20 1.20.5-1
[experimental] - golang-1.19 1.19.10-1
- golang-1.19 <unfixed>
@@ -8702,8 +8772,7 @@ CVE-2023-29404 [cmd/go: improper sanitization of LDFLAGS]
NOTE: https://github.com/golang/go/issues/60305
NOTE:
https://github.com/golang/go/commit/356a419e2f811b65d227abcea1a346f8dcb154e0
(go1.20.5)
NOTE:
https://github.com/golang/go/commit/bf3c8ce03e175e870763901a3850bca01381a828
(go1.19.10)
-CVE-2023-29403 [runtime: unexpected behavior of setuid/setgid binaries]
- RESERVED
+CVE-2023-29403 (On Unix platforms, the Go runtime does not behave differently
when a b ...)
- golang-1.20 1.20.5-1
[experimental] - golang-1.19 1.19.10-1
- golang-1.19 <unfixed>
@@ -8713,8 +8782,7 @@ CVE-2023-29403 [runtime: unexpected behavior of
setuid/setgid binaries]
NOTE: https://github.com/golang/go/issues/60272
NOTE:
https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420
(go1.20.5)
NOTE:
https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb
(go1.19.10)
-CVE-2023-29402 [cmd/go: cgo code injection]
- RESERVED
+CVE-2023-29402 (The go command may generate unexpected code at build time when
using c ...)
- golang-1.20 1.20.5-1
[experimental] - golang-1.19 1.19.10-1
- golang-1.19 <unfixed>
@@ -8724,8 +8792,8 @@ CVE-2023-29402 [cmd/go: cgo code injection]
NOTE: https://github.com/golang/go/issues/60167
NOTE:
https://github.com/golang/go/commit/c0ed873cd8259f16d0da67eee783fda49f45ef61
(go1.20.5)
NOTE:
https://github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f
(go.1.19.10)
-CVE-2023-29401
- RESERVED
+CVE-2023-29401 (The filename parameter of the Context.FileAttachment function
is not p ...)
+ TODO: check
CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g.
"attr={ ...)
- golang-1.20 1.20.4-1
[experimental] - golang-1.19 1.19.9-1
@@ -8756,8 +8824,8 @@ CVE-2023-1897
RESERVED
CVE-2023-1896
RESERVED
-CVE-2023-1895
- RESERVED
+CVE-2023-1895 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is
vulnerable ...)
+ TODO: check
CVE-2023-1894 (A Regular Expression Denial of Service (ReDoS) issue was
discovered in ...)
- puppet <not-affected> (Limit to Puppet Server 7)
- puppetserver 7.9.5-2 (bug #1035541)
@@ -8808,10 +8876,10 @@ CVE-2023-1891
RESERVED
CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape
various ge ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1889
- RESERVED
-CVE-2023-1888
- RESERVED
+CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an
Insecure Dire ...)
+ TODO: check
+CVE-2023-1888 (The Directorist plugin for WordPress is vulnerable to an
arbitrary use ...)
+ TODO: check
CVE-2023-1887 (Business Logic Errors in GitHub repository thorsten/phpmyfaq
prior to ...)
NOT-FOR-US: phpmyfaq
CVE-2023-1886 (Authentication Bypass by Capture-replay in GitHub repository
thorsten/ ...)
@@ -9164,8 +9232,8 @@ CVE-2023-1845 (A vulnerability, which was classified as
critical, was found in S
NOT-FOR-US: SourceCodester Online Payroll System
CVE-2023-1844
RESERVED
-CVE-2023-1843
- RESERVED
+CVE-2023-1843 (The Metform Elementor Contact Form Builder plugin for WordPress
is vul ...)
+ TODO: check
CVE-2023-1842
REJECTED
CVE-2023-1841
@@ -9487,8 +9555,8 @@ CVE-2023-29171 (Unauth. Reflected Cross-site Scripting
(XSS) vulnerability in Ma
NOT-FOR-US: WordPress plugin
CVE-2023-29170 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in PI W ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1807
- RESERVED
+CVE-2023-1807 (The Elementor Addons, Widgets and Enhancements \u2013 Stax
plugin for ...)
+ TODO: check
CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does
not san ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin
before 2.1. ...)
@@ -10778,8 +10846,8 @@ CVE-2023-28809
RESERVED
CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an
access cont ...)
NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products
-CVE-2023-1615
- RESERVED
+CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is
vulnera ...)
+ TODO: check
CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not
saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28807
@@ -11955,8 +12023,8 @@ CVE-2023-1432 (A vulnerability was found in
SourceCodester Online Food Ordering
NOT-FOR-US: SourceCodester Online Food Ordering System
CVE-2023-1431 (The WP Simple Shopping Cart plugin for WordPress is vulnerable
to Sens ...)
NOT-FOR-US: WP Simple Shopping Cart plugin for WordPress
-CVE-2023-1430
- RESERVED
+CVE-2023-1430 (The FluentCRM - Marketing Automation For WordPress plugin for
WordPre ...)
+ TODO: check
CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
NOT-FOR-US: pimcore
CVE-2023-1428
@@ -12206,7 +12274,7 @@ CVE-2023-28408 (Directory traversal vulnerability in MW
WP Form versions v4.4.2
NOT-FOR-US: WordPress plugin
CVE-2023-28394 (Beekeeper Studio versions prior to 3.9.9 allows a remote
authenticated ...)
NOT-FOR-US: Beekeeper Studio
-CVE-2023-28392 (Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P
v1.00_B ...)
+CVE-2023-28392 (Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM
v1.05_B04 ...)
NOT-FOR-US: AC-WAPU-300
CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware
Ver.1.38(N) a ...)
NOT-FOR-US: SR-7100V
@@ -12524,10 +12592,10 @@ CVE-2023-28326 (Vendor: The Apache Software
Foundation Versions Affected: Apach
NOT-FOR-US: Apache OpenMeetings
CVE-2023-1405
RESERVED
-CVE-2023-1404
- RESERVED
-CVE-2023-1403
- RESERVED
+CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to
stored Cro ...)
+ TODO: check
+CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored
Cross-Si ...)
+ TODO: check
CVE-2023-1402 (The course participation report required additional checks to
prevent ...)
- moodle <removed>
CVE-2023-1401
@@ -13068,8 +13136,8 @@ CVE-2023-1377 (The Solidres WordPress plugin through
0.9.4 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2023-1376
RESERVED
-CVE-2023-1375
- RESERVED
+CVE-2023-1375 (The WP Fastest Cache plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
NOT-FOR-US: Solidres plugin for WordPress
CVE-2023-1373 (The W4 Post List WordPress plugin before 2.4.6 does not escape
some UR ...)
@@ -15004,8 +15072,8 @@ CVE-2023-1170 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
NOTE: https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4
NOTE:
https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c
(v9.0.1376)
NOTE: Crash in CLI tool, no security impact
-CVE-2023-1169
- RESERVED
+CVE-2023-1169 (The OoohBoi Steroids for Elementor plugin for WordPress is
vulnerable ...)
+ TODO: check
CVE-2015-10089 (A vulnerability classified as problematic has been found in
flame.js. ...)
NOT-FOR-US: flame.js
CVE-2023-1168 (An authenticated remote code execution vulnerability exists
in the ...)
@@ -17700,8 +17768,8 @@ CVE-2023-1017 (An out-of-bounds write vulnerability
exists in TPM2.0's Module Li
NOTE:
https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4
NOTE: https://kb.cert.org/vuls/id/782720
NOTE:
https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf
-CVE-2023-1016
- RESERVED
+CVE-2023-1016 (The Intuitive Custom Post Order plugin for WordPress is
vulnerable to ...)
+ TODO: check
CVE-2023-1015
REJECTED
CVE-2023-1014 (Improper Protection for Outbound Error Messages and Alert
Signals vuln ...)
@@ -17881,10 +17949,10 @@ CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in
GitHub repository unilogie
NOT-FOR-US: Bumsys
CVE-2023-0994 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: RosarioSIS
-CVE-2023-0993
- RESERVED
-CVE-2023-0992
- RESERVED
+CVE-2023-0993 (The Shield Security plugin for WordPress is vulnerable to
Missing Auth ...)
+ TODO: check
+CVE-2023-0992 (The Shield Security plugin for WordPress is vulnerable to
stored Cross ...)
+ TODO: check
CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows
XSS via ...)
- node-mermaid <unfixed> (bug #1032313)
[bullseye] - node-mermaid <no-dsa> (Minor issue)
@@ -19874,10 +19942,10 @@ CVE-2023-25181
RESERVED
CVE-2023-0833
RESERVED
-CVE-2023-0832
- RESERVED
-CVE-2023-0831
- RESERVED
+CVE-2023-0832 (The Under Construction plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2023-0831 (The Under Construction plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
CVE-2023-0830 (A vulnerability classified as critical has been found in
EasyNAS 1.1.0 ...)
NOT-FOR-US: EasyNAS
CVE-2023-0829
@@ -20821,8 +20889,8 @@ CVE-2023-0731 (The Interactive Geo Maps plugin for
WordPress is vulnerable to St
NOT-FOR-US: Interactive Geo Maps plugin for WordPress
CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to
Cross-Site Re ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
-CVE-2023-0729
- RESERVED
+CVE-2023-0729 (The Wicked Folders plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to
Cross-Site Re ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to
Cross-Site Re ...)
@@ -20837,8 +20905,8 @@ CVE-2023-0723 (The Wicked Folders plugin for WordPress
is vulnerable to Cross-Si
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to
Cross-Site Re ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
-CVE-2023-0721
- RESERVED
+CVE-2023-0721 (The Metform Elementor Contact Form Builder plugin for WordPress
is vul ...)
+ TODO: check
CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to
authorization ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to
authorization ...)
@@ -20859,12 +20927,12 @@ CVE-2023-0712 (The Wicked Folders plugin for
WordPress is vulnerable to authoriz
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to
authorization ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
-CVE-2023-0710
- RESERVED
-CVE-2023-0709
- RESERVED
-CVE-2023-0708
- RESERVED
+CVE-2023-0710 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-0709 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-0708 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate
Genera ...)
NOT-FOR-US: SourceCodester
CVE-2023-0706 (A vulnerability, which was classified as critical, has been
found in S ...)
@@ -21003,22 +21071,22 @@ CVE-2023-0696 (Type confusion in V8 in Google Chrome
prior to 110.0.5481.77 allo
{DSA-5345-1}
- chromium 110.0.5481.77-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-0695
- RESERVED
-CVE-2023-0694
- RESERVED
-CVE-2023-0693
- RESERVED
-CVE-2023-0692
- RESERVED
-CVE-2023-0691
- RESERVED
+CVE-2023-0695 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-0694 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-0693 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-0692 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue
where w ...)
NOT-FOR-US: HashiCorp Boundary
CVE-2023-0689
RESERVED
-CVE-2023-0688
- RESERVED
+CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is
vulnerable ...)
+ TODO: check
CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has
been rat ...)
NOT-FOR-US: XpressEngine
CVE-2023-25498
@@ -23672,8 +23740,8 @@ CVE-2023-24536 (Multipart form parsing can consume
large amounts of CPU and memo
NOTE: https://go.dev/issue/59153
NOTE:
https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0
(go1.20.3)
NOTE:
https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538
(go1.19.8)
-CVE-2023-24535
- RESERVED
+CVE-2023-24535 (Parsing invalid messages can panic. Parsing a text-format
message whic ...)
+ TODO: check
CVE-2023-24534 (HTTP and MIME header parsing can allocate large amounts of
memory, eve ...)
- golang-1.20 1.20.3-1
[experimental] - golang-1.19 1.19.8-1
@@ -26577,10 +26645,10 @@ CVE-2023-23586 (Due to a vulnerability in the
io_uring subsystem, it is possible
NOTE: Unclear if this is just a duplicate of CVE-2023-0240. Track it
NOTE: as different for now. The only CVE record references available
NOTE: are identical, but with different description of the issue.
-CVE-2023-0292
- RESERVED
-CVE-2023-0291
- RESERVED
+CVE-2023-0292 (The Quiz And Survey Master plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2023-0291 (The Quiz And Survey Master for WordPress is vulnerable to
authorizatio ...)
+ TODO: check
CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID
parameter ...)
NOT-FOR-US: Rapid7
CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository
craigk5n/webc ...)
@@ -59920,7 +59988,7 @@ CVE-2022-39288 (fastify is a fast and low overhead web
framework, for Node.js. A
CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF)
protection mi ...)
NOT-FOR-US: tiny-csrf Nodejs module
CVE-2022-39286 (Jupyter Core is a package for the core common functionality of
Jupyter ...)
- {DLA-3195-1}
+ {DSA-5422-1 DLA-3195-1}
- jupyter-core 4.11.2-1 (bug #1023361)
NOTE:
https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp
NOTE:
https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283
(4.11.2)
@@ -66535,7 +66603,7 @@ CVE-2020-36567 (Unsanitized input in the default logger
in github.com/gin-gonic/
[buster] - golang-github-gin-gonic-gin <postponed> (Limited support,
minor issue)
NOTE: https://github.com/gin-gonic/gin/pull/2237
NOTE:
https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
(v1.6.0)
-CVE-2020-36566 (Due to improper path santization, archives containing relative
file pa ...)
+CVE-2020-36566 (Due to improper path sanitization, archives containing
relative file p ...)
NOT-FOR-US: Go whyrusleeping/tar-utils
CVE-2020-36565 (Due to improper sanitization of user input on Windows, the
static file ...)
- golang-github-labstack-echo <not-affected> (Windows-specific)
@@ -66552,7 +66620,7 @@ CVE-2019-25075 (HTML injection combined with path
traversal in the Email service
NOT-FOR-US: Gravitee API Management
CVE-2019-25074
RESERVED
-CVE-2019-25073 (Improper path santiziation in github.com/goadesign/goa before
v3.0.9, ...)
+CVE-2019-25073 (Improper path sanitization in github.com/goadesign/goa before
v3.0.9, ...)
NOT-FOR-US: github.com/goadesign/goa
CVE-2016-15005 (CSRF tokens are generated using math/rand, which is not a
cryptographi ...)
NOT-FOR-US: github.com/dinever/golf
@@ -66588,16 +66656,16 @@ CVE-2022-2573
RESERVED
CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages
can cau ...)
NOT-FOR-US: shiyanhui/dht
-CVE-2020-36561 (Due to improper path santization, archives containing relative
file pa ...)
+CVE-2020-36561 (Due to improper path sanitization, archives containing
relative file p ...)
NOT-FOR-US: github.com/yi-ge/unzip
-CVE-2020-36560 (Due to improper path santization, archives containing relative
file pa ...)
+CVE-2020-36560 (Due to improper path sanitization, archives containing
relative file p ...)
NOT-FOR-US: github.com/artdarek/unzip
-CVE-2020-36559 (Due to improper santization of user input, HTTPEngine.Handle
allows fo ...)
+CVE-2020-36559 (Due to improper sanitization of user input, HTTPEngine.Handle
allows f ...)
NOT-FOR-US: aah framework
CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well
as a lac ...)
- tendermint-go-common <removed>
[buster] - tendermint-go-common <postponed> (Limited support, minor
issue, DoS)
-CVE-2018-25046 (Due to improper path santization, archives containing relative
file pa ...)
+CVE-2018-25046 (Due to improper path sanitization, archives containing
relative file p ...)
NOT-FOR-US: GO code.cloudfoundry.org/archiver
CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers,
allowing th ...)
- golang-github-gorilla-handlers 1.3.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52089e14f433f5b9d56b0e84582b5b824a1cdff6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52089e14f433f5b9d56b0e84582b5b824a1cdff6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
