Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d202fab9 by security tracker role at 2023-06-27T20:12:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,84 @@
-CVE-2023-35798
+CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository
plantuml/plant ...)
+ TODO: check
+CVE-2023-3431 (Improper Access Control in GitHub repository plantuml/plantuml
prior t ...)
+ TODO: check
+CVE-2023-3405 (Unchecked parameter value in M-Files Server in versions before
23.6.12 ...)
+ TODO: check
+CVE-2023-36463 (Meldekarten generator is an open source project to create a
program, r ...)
+ TODO: check
+CVE-2023-36002 (A missing authorization check in multiple URL validation
endpoints of ...)
+ TODO: check
+CVE-2023-36000 (A missing authorization check in the MacOS agent configuration
endpoin ...)
+ TODO: check
+CVE-2023-35998 (A missing authorization check in multiple SOAP endpoints of
the Inside ...)
+ TODO: check
+CVE-2023-35800 (Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2
has Insecu ...)
+ TODO: check
+CVE-2023-35799 (Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2
has Insecu ...)
+ TODO: check
+CVE-2023-34839 (A Cross Site Request Forgery (CSRF) vulnerability in Issabel
issabel-p ...)
+ TODO: check
+CVE-2023-34838 (A Cross Site Scripting vulnerability in Microworld
Technologies eScan ...)
+ TODO: check
+CVE-2023-34837 (A Cross Site Scripting vulnerability in Microworld
Technologies eScan ...)
+ TODO: check
+CVE-2023-34836 (A Cross Site Scripting vulnerability in Microworld
Technologies eScan ...)
+ TODO: check
+CVE-2023-34835 (A Cross Site Scripting vulnerability in Microworld
Technologies eScan ...)
+ TODO: check
+CVE-2023-34830 (i-doit Open v24 was discovered to contain a reflected
cross-site scrip ...)
+ TODO: check
+CVE-2023-34240 (Cloudexplorer-lite is an open source cloud software stack.
Weak passwo ...)
+ TODO: check
+CVE-2023-34099 (Shopware is an open source e-commerce software. The mail
validation in ...)
+ TODO: check
+CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an
incorrect co ...)
+ TODO: check
+CVE-2023-33567 (An unauthorized access vulnerability has been discovered in
ROS2 Foxy ...)
+ TODO: check
+CVE-2023-33566 (An unauthorized node injection vulnerability has been
identified in RO ...)
+ TODO: check
+CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site
scripting ...)
+ TODO: check
+CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate
uploaded ...)
+ TODO: check
+CVE-2023-2877 (The Formidable Forms WordPress plugin before 6.3.1 does not
adequately ...)
+ TODO: check
+CVE-2023-2842 (The WP Inventory Manager WordPress plugin before 2.1.0.14 does
not hav ...)
+ TODO: check
+CVE-2023-2818 (An insecure filesystem permission in the Insider Threat
Management Age ...)
+ TODO: check
+CVE-2023-2795 (The CodeColorer WordPress plugin before 0.10.1 does not
sanitise and e ...)
+ TODO: check
+CVE-2023-2744 (The ERP WordPress plugin before 1.12.4 does not properly
sanitise and ...)
+ TODO: check
+CVE-2023-2743 (The ERP WordPress plugin before 1.12.4 does not sanitise and
escape th ...)
+ TODO: check
+CVE-2023-2711 (The Ultimate Product Catalog WordPress plugin before 5.2.6 does
not sa ...)
+ TODO: check
+CVE-2023-2628 (The KiviCare WordPress plugin before 3.2.1 does not have CSRF
checks ( ...)
+ TODO: check
+CVE-2023-2627 (The KiviCare WordPress plugin before 3.2.1 does not have proper
CSRF a ...)
+ TODO: check
+CVE-2023-2624 (The KiviCare WordPress plugin before 3.2.1 does not sanitise
and escap ...)
+ TODO: check
+CVE-2023-2623 (The KiviCare WordPress plugin before 3.2.1 does not restrict
the infor ...)
+ TODO: check
+CVE-2023-2605 (The wpbrutalai WordPress plugin before 2.0.1 does not sanitise
and esc ...)
+ TODO: check
+CVE-2023-2601 (The wpbrutalai WordPress plugin before 2.0.0 does not properly
sanitis ...)
+ TODO: check
+CVE-2023-2592 (The FormCraft WordPress plugin before 3.9.7 does not properly
sanitise ...)
+ TODO: check
+CVE-2023-2580 (The AI Engine WordPress plugin before 1.6.83 does not sanitize
and esc ...)
+ TODO: check
+CVE-2023-2482 (The Responsive CSS EDITOR WordPress plugin through 1.0 does not
proper ...)
+ TODO: check
+CVE-2023-2326 (The Gravity Forms Google Sheet Connector WordPress plugin
before 1.3.5 ...)
+ TODO: check
+CVE-2023-35798 (Input Validation vulnerability in Apache Software Foundation
Apache Ai ...)
NOT-FOR-US: Apache Airflow ODBC/MSSQL Provider
-CVE-2023-34395
+CVE-2023-34395 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
NOT-FOR-US: Apache Airflow ODBC Provider
CVE-2023-3423 (Weak Password Requirements in GitHub repository
cloudexplorer-dev/clou ...)
NOT-FOR-US: CloudExplorer Lite
@@ -6139,8 +6217,8 @@ CVE-2023-30995
RESERVED
CVE-2023-30994
RESERVED
-CVE-2023-30993
- RESERVED
+CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0
could allow ...)
+ TODO: check
CVE-2023-30992
RESERVED
CVE-2023-30991
@@ -6539,8 +6617,8 @@ CVE-2023-2180 (The KIWIZ Invoices Certification & PDF
System WordPress plugin th
NOT-FOR-US: WordPress plugin
CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin
through ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2178
- RESERVED
+CVE-2023-2178 (The Aajoda Testimonials WordPress plugin before 2.2.2 does not
sanitis ...)
+ TODO: check
CVE-2023-2177 (A null pointer dereference issue was found in the sctp network
protoco ...)
- linux 5.18.16-1
[bullseye] - linux 5.10.136-1
@@ -7502,8 +7580,8 @@ CVE-2023-2070
RESERVED
CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions
starting ...)
- gitlab 15.10.8+ds1-2
-CVE-2023-2068
- RESERVED
+CVE-2023-2068 (The File Manager Advanced Shortcode WordPress plugin through
2.3.2 doe ...)
+ TODO: check
CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin
for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin
for Word ...)
@@ -7576,8 +7654,8 @@ CVE-2023-2033 (Type confusion in V8 in Google Chrome
prior to 112.0.5615.121 all
{DSA-5390-1}
- chromium 112.0.5615.121-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2032
- RESERVED
+CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not
properly san ...)
+ TODO: check
CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable
to Sto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2030
@@ -10733,8 +10811,8 @@ CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected
in GitHub repository sidek
NOTE: https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777
NOTE: Introduced by:
https://github.com/sidekiq/sidekiq/commit/f68560742bcfd2e30b87c1bc2b65d834a1a05c73
(v7.0.4)
NOTE: Fixed by:
https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214
(v7.0.8)
-CVE-2023-1891
- RESERVED
+CVE-2023-1891 (The Accordion & FAQ WordPress plugin before 1.9.9 does not
escape vari ...)
+ TODO: check
CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape
various ge ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an
Insecure Dire ...)
@@ -11710,8 +11788,8 @@ CVE-2023-29070
RESERVED
CVE-2023-29069
RESERVED
-CVE-2023-29068
- RESERVED
+CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file
could le ...)
+ TODO: check
CVE-2023-29067 (A maliciously crafted X_B file when parsed through
Autodesk\xae AutoCA ...)
NOT-FOR-US: Autodesk
CVE-2023-29066
@@ -12566,8 +12644,8 @@ CVE-2023-1627 (A vulnerability was found in Jianming
Antivirus 16.2.2022.418. It
NOT-FOR-US: Jianming Antivirus
CVE-2023-1626 (A vulnerability was found in Jianming Antivirus 16.2.2022.418.
It has ...)
NOT-FOR-US: Jianming Antivirus
-CVE-2023-28857
- RESERVED
+CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on
solution for ...)
+ TODO: check
CVE-2023-28856 (Redis is an open source, in-memory database that persists on
disk. Aut ...)
{DLA-3396-1}
- redis 5:7.0.11-1 (bug #1034613)
@@ -16988,8 +17066,8 @@ CVE-2023-1168 (An authenticated remote code execution
vulnerability exists i
NOT-FOR-US: HPE
CVE-2023-1167 (Improper authorization in Gitlab EE affecting all versions from
12.3.0 ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2023-1166
- RESERVED
+CVE-2023-1166 (The USM-Premium WordPress plugin before 16.3 does not sanitize
and esc ...)
+ TODO: check
CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been
rated a ...)
NOT-FOR-US: icplayer
CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been
declare ...)
@@ -20378,14 +20456,14 @@ CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0
through 10.1.3 could allow a lo
NOT-FOR-US: IBM
CVE-2023-26277 (IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a
local use ...)
NOT-FOR-US: IBM
-CVE-2023-26276
- RESERVED
+CVE-2023-26276 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic
algorith ...)
+ TODO: check
CVE-2023-26275
RESERVED
-CVE-2023-26274
- RESERVED
-CVE-2023-26273
- RESERVED
+CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting.
This vuln ...)
+ TODO: check
+CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to
perform una ...)
+ TODO: check
CVE-2023-26272
RESERVED
CVE-2023-26271
@@ -21387,8 +21465,8 @@ CVE-2023-0875 (The WP Meta SEO WordPress plugin before
4.5.3 does not properly s
NOT-FOR-US: WordPress plugin
CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize
and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0873
- RESERVED
+CVE-2023-0873 (The Kanban Boards for WordPress plugin before 2.5.21 does not
sanitise ...)
+ TODO: check
CVE-2023-25932
RESERVED
CVE-2023-25931 (Medtronic identified that the Pelvic Health clinician apps,
which are ...)
@@ -24241,8 +24319,8 @@ CVE-2023-25006 (A malicious actor may convince a user
to open a malicious USD fi
NOT-FOR-US: Autodesk
CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond
allocated ...)
NOT-FOR-US: Autodesk
-CVE-2023-25004
- RESERVED
+CVE-2023-25004 (A maliciously crafted pskernel.dll file in Autodesk products
is used t ...)
+ TODO: check
CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD
2023 and M ...)
TODO: check
CVE-2023-25002
@@ -24716,8 +24794,8 @@ CVE-2023-0590 (A use-after-free flaw was found in
qdisc_graft in net/sched/sch_a
NOTE:
https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2)
CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0588
- RESERVED
+CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin
before 2. ...)
+ TODO: check
CVE-2022-4900
RESERVED
CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker
can suppl ...)
@@ -28942,8 +29020,8 @@ CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could
allow an authenticated privil
NOT-FOR-US: IBM
CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1,
18.0.2, 19.0. ...)
NOT-FOR-US: IBM
-CVE-2023-23468
- RESERVED
+CVE-2023-23468 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through
21.0.7.3 a ...)
+ TODO: check
CVE-2023-23467 (Media CP Media Control Panel latest version. Reflected XSS
possible th ...)
NOT-FOR-US: Media CP Media Control Panel
CVE-2023-23466 (Media CP Media Control Panel latest version. Insufficiently
protected ...)
@@ -31989,8 +32067,8 @@ CVE-2023-22595
RESERVED
CVE-2023-22594 (IBM Robotic Process Automation for Cloud Pak 20.12.0 through
21.0.4 is ...)
NOT-FOR-US: IBM
-CVE-2023-22593
- RESERVED
+CVE-2023-22593 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through
21.0.7.3 a ...)
+ TODO: check
CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through
21.0.4 cou ...)
NOT-FOR-US: IBM
CVE-2023-22591 (IBM Robotic Process Automation 21.0.1 through 21.0.7 and
23.0.0 throug ...)
@@ -41584,8 +41662,8 @@ CVE-2022-4117 (The IWS WordPress plugin through 1.0
does not properly escape a p
NOT-FOR-US: WordPress plugin
CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw
happens in De ...)
NOT-FOR-US: Quarkus
-CVE-2022-4115
- RESERVED
+CVE-2022-4115 (The Editorial Calendar WordPress plugin through 3.7.12 does not
saniti ...)
+ TODO: check
CVE-2022-XXXX [rust-atty: Potential unaligned read]
- rust-atty <not-affected> (Windows-specific)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html
@@ -68950,7 +69028,7 @@ CVE-2022-2553 (The authfile directive in the booth
config file is ignored, preve
{DSA-5194-1}
- booth 1.0-268-gdce51f9-1
NOTE: https://github.com/ClusterLabs/booth/issues/114
-CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7.1 does not
authenticate o ...)
+CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7 does not
authenticate or ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url
of the ...)
NOT-FOR-US: WordPress plugin
@@ -76028,8 +76106,8 @@ CVE-2022-34354 (IBM Sterling Partner Engagement Manager
2.0 allows encrypted sto
NOT-FOR-US: IBM
CVE-2022-34353
RESERVED
-CVE-2022-34352
- RESERVED
+CVE-2022-34352 (IBM QRadar SIEM 7.5.0 is vulnerable to information exposure
allowing a ...)
+ TODO: check
CVE-2022-34351 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information
exposure allo ...)
NOT-FOR-US: IBM
CVE-2022-34350 (IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through
10.0.1.7, ...)
@@ -159538,12 +159616,12 @@ CVE-2021-30207
RESERVED
CVE-2021-30206
RESERVED
-CVE-2021-30205
- RESERVED
+CVE-2021-30205 (Incorrect access control in the component
/index.php?mod=system&op=org ...)
+ TODO: check
CVE-2021-30204
RESERVED
-CVE-2021-30203
- RESERVED
+CVE-2021-30203 (A reflected cross-site scripting (XSS) vulnerability in the
zero param ...)
+ TODO: check
CVE-2021-30202
RESERVED
CVE-2021-30201 (The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the
system. ...)
@@ -208909,7 +208987,7 @@ CVE-2020-23066 (Cross Site Scripting vulnerability in
TinyMCE v.4.9.6 and before
TODO: check
CVE-2020-23065 (Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish
Platform ...)
TODO: check
-CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery v.2.2.0 thru
v.3.5.0 allo ...)
+CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x
before ...)
TODO: check
CVE-2020-23063
RESERVED
@@ -215659,8 +215737,8 @@ CVE-2020-19904
RESERVED
CVE-2020-19903
RESERVED
-CVE-2020-19902
- RESERVED
+CVE-2020-19902 (Directory Traversal vulnerability found in Cryptoprof WCMS
v.0.3.2 all ...)
+ TODO: check
CVE-2020-19901
RESERVED
CVE-2020-19900
@@ -218800,32 +218878,32 @@ CVE-2020-18420
RESERVED
CVE-2020-18419
RESERVED
-CVE-2020-18418
- RESERVED
+CVE-2020-18418 (A Cross site request forgery (CSRF) vulnerability was
discovered in Fe ...)
+ TODO: check
CVE-2020-18417
RESERVED
-CVE-2020-18416
- RESERVED
+CVE-2020-18416 (An cross site request forgery (CSRF) vulnerability discovered
in Jymus ...)
+ TODO: check
CVE-2020-18415
RESERVED
CVE-2020-18414
RESERVED
-CVE-2020-18413
- RESERVED
+CVE-2020-18413 (Stored cross site scripting (XSS) vulnerability in
/index.php?admin-ma ...)
+ TODO: check
CVE-2020-18412
RESERVED
CVE-2020-18411
RESERVED
-CVE-2020-18410
- RESERVED
-CVE-2020-18409
- RESERVED
+CVE-2020-18410 (A stored cross site scripting (XSS) vulnerability in
/index.php?admin- ...)
+ TODO: check
+CVE-2020-18409 (Cross Site Request Forgery (CSRF) vulnerability was discovered
in Catf ...)
+ TODO: check
CVE-2020-18408
RESERVED
CVE-2020-18407
RESERVED
-CVE-2020-18406
- RESERVED
+CVE-2020-18406 (An issue was discovered in cmseasy v7.0.0 that allows user
credentials ...)
+ TODO: check
CVE-2020-18405
RESERVED
CVE-2020-18404
@@ -417714,7 +417792,7 @@ CVE-2017-4949 (VMware Workstation and Fusion contain
a use-after-free vulnerabil
NOT-FOR-US: VMware
CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon
View Clie ...)
NOT-FOR-US: VMware
-CVE-2017-4947 (VMware Realize Automation (7.3 and 7.2) and vSphere Integrated
Contain ...)
+CVE-2017-4947 (VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated
Contai ...)
NOT-FOR-US: VMware Realize Automation
CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1)
contain a pr ...)
NOT-FOR-US: VMware
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d202fab99fe9541b0dfae4218df6d739903f6c12
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d202fab99fe9541b0dfae4218df6d739903f6c12
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
