Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1762860f by security tracker role at 2023-08-04T08:11:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
+ TODO: check
+CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
+ TODO: check
+CVE-2023-4140 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to pri ...)
+ TODO: check
+CVE-2023-4139 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Sen ...)
+ TODO: check
+CVE-2023-3373 (Predictable Exact Value from Previous Values vulnerability in
Mitsubis ...)
+ TODO: check
+CVE-2023-39343 (Sulu is an open-source PHP content management system based on
the Symf ...)
+ TODO: check
+CVE-2023-38991 (An issue in the delete function in the ActModelController
class of jee ...)
+ TODO: check
+CVE-2023-38952 (Insecure access control in ZKTeco BioTime v8.5.5 allows
unauthenticate ...)
+ TODO: check
+CVE-2023-38951 (A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows
attacke ...)
+ TODO: check
+CVE-2023-38950 (A path traversal vulnerability in the iclock API of ZKTeco
BioTime v8. ...)
+ TODO: check
+CVE-2023-38949 (An issue in a hidden API in ZKTeco BioTime v8.5.5 allows
unauthenticat ...)
+ TODO: check
+CVE-2023-38941 (django-sspanel v2022.2.2 was discovered to contain a remote
command ex ...)
+ TODO: check
+CVE-2023-38708 (Pimcore is an Open Source Data & Experience Management
Platform: PIM, ...)
+ TODO: check
+CVE-2023-37501 (A Persistent XSS vulnerability can be carried out in a certain
field o ...)
+ TODO: check
+CVE-2023-37500 (A Persistent Cross-site Scripting (XSS) vulnerability can be
carried o ...)
+ TODO: check
+CVE-2023-37499 (A Persistent Cross-site Scripting (XSS) vulnerability can be
carried o ...)
+ TODO: check
+CVE-2023-37498 (A user is capable of assigning him/herself to arbitrary groups
by reus ...)
+ TODO: check
+CVE-2023-37497 (The Unica application exposes an API which accepts arbitrary
XML input ...)
+ TODO: check
+CVE-2023-36159 (Cross Site Scripting (XSS) vulnerability in sourcecodester
Lost and Fo ...)
+ TODO: check
+CVE-2023-36158 (Cross Site Scripting (XSS) vulnerability in sourcecodester
Toll Tax Ma ...)
+ TODO: check
+CVE-2023-36141 (User enumeration is found in in PHPJabbers Cleaning Business
Software ...)
+ TODO: check
+CVE-2023-36139 (In PHPJabbers Cleaning Business Software 1.0, lack of
verification whe ...)
+ TODO: check
+CVE-2023-36138 (PHPJabbers Cleaning Business Software 1.0 is vulnerable to
Cross Site ...)
+ TODO: check
+CVE-2023-36137 (There is a Cross Site Scripting (XSS) vulnerability in the
"theme" par ...)
+ TODO: check
+CVE-2023-36135 (User enumeration is found in in PHPJabbers Class Scheduling
System v1. ...)
+ TODO: check
+CVE-2023-36134 (In PHP Jabbers Class Scheduling System 1.0, lack of
verification when ...)
+ TODO: check
+CVE-2023-36133 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to
User Acc ...)
+ TODO: check
+CVE-2023-36132 (PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to
Incorre ...)
+ TODO: check
+CVE-2023-36131 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to
Incorrec ...)
+ TODO: check
+CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL
injection ...)
+ TODO: check
CVE-2023-38497 [Cargo does not respect umask when extracting packages]
- rustc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
@@ -331,7 +391,7 @@ CVE-2023-4008 (An issue has been discovered in GitLab CE/EE
affecting all versio
- gitlab <unfixed>
CVE-2023-4011 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2023-4002
+CVE-2023-4002 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-3993 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
@@ -665,6 +725,7 @@ CVE-2023-32226 (Sysaid - CWE-552: Files or Directories
Accessible to External P
CVE-2023-32225 (Sysaid - CWE-434: Unrestricted Upload of File with Dangerous
Type - A ...)
NOT-FOR-US: SysAid
CVE-2023-4012 [crash on NTS requests]
+ {DSA-5466-1}
- ntpsec 1.2.2+dfsg1-2 (bug #1038422)
[bullseye] - ntpsec <not-affected> (Vulnerable code introduced later)
[buster] - ntpsec <not-affected> (Vulnerable code introduced later)
@@ -4147,7 +4208,7 @@ CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant
(BFT) middleware that tak
CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that
takes a s ...)
NOT-FOR-US: CometBFT
CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before
4.2.3, Em ...)
- {DLA-3500-1}
+ {DSA-5465-1 DLA-3500-1}
- python-django 3:3.2.20-1 (bug #1040225)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1
NOTE:
https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
@@ -11113,8 +11174,8 @@ CVE-2023-30960 (A security defect was discovered in
Foundry job-tracker that ena
NOT-FOR-US: Palantir
CVE-2023-30959
RESERVED
-CVE-2023-30958
- RESERVED
+CVE-2023-30958 (A security defect was identified in Foundry Frontend that
enabled user ...)
+ TODO: check
CVE-2023-30957
RESERVED
CVE-2023-30956 (A security defect was identified in Foundry Comments that
enabled a us ...)
@@ -11125,12 +11186,12 @@ CVE-2023-30954
RESERVED
CVE-2023-30953
RESERVED
-CVE-2023-30952
- RESERVED
-CVE-2023-30951
- RESERVED
-CVE-2023-30950
- RESERVED
+CVE-2023-30952 (A security defect was discovered in Foundry Issues that
enabled users ...)
+ TODO: check
+CVE-2023-30951 (The Foundry Magritte plugin rest-source was found to be
vulnerable to ...)
+ TODO: check
+CVE-2023-30950 (The foundry campaigns service was found to be vulnerable to an
unauthe ...)
+ TODO: check
CVE-2023-30949 (A missing origin validation in Slate sandbox could be
exploited by a m ...)
NOT-FOR-US: Palantir
CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted
in the ...)
@@ -13377,8 +13438,8 @@ CVE-2023-30299
RESERVED
CVE-2023-30298
RESERVED
-CVE-2023-30297
- RESERVED
+CVE-2023-30297 (An issue found in N-able Technologies N-central Server before
2023.4 a ...)
+ TODO: check
CVE-2023-30296
RESERVED
CVE-2023-30295
@@ -13686,8 +13747,8 @@ CVE-2023-30148
RESERVED
CVE-2023-30147
RESERVED
-CVE-2023-30146
- RESERVED
+CVE-2023-30146 (Assmann Digitus Plug&View IP Camera family allows
unauthenticated atta ...)
+ TODO: check
CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side
Template I ...)
NOT-FOR-US: Camaleon CMS
CVE-2023-30144
@@ -30665,8 +30726,8 @@ CVE-2023-22431
RESERVED
CVE-2023-22311
RESERVED
-CVE-2023-0525
- RESERVED
+CVE-2023-0525 (Weak Encoding for Password vulnerability in Mitsubishi Electric
Corpor ...)
+ TODO: check
CVE-2023-0524 (As part of our Security Development Lifecycle, a potential
privilege e ...)
NOT-FOR-US: Tenable
CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions
starting ...)
@@ -54240,16 +54301,16 @@ CVE-2023-20220
RESERVED
CVE-2023-20219
RESERVED
-CVE-2023-20218
- RESERVED
+CVE-2023-20218 (A vulnerability in web-based management interface of Cisco
SPA500 Seri ...)
+ TODO: check
CVE-2023-20217
RESERVED
-CVE-2023-20216
- RESERVED
-CVE-2023-20215
- RESERVED
-CVE-2023-20214
- RESERVED
+CVE-2023-20216 (A vulnerability in the privilege management functionality of
all Cisco ...)
+ TODO: check
+CVE-2023-20215 (A vulnerability in the scanning engines of Cisco AsyncOS
Software for ...)
+ TODO: check
+CVE-2023-20214 (A vulnerability in the request authentication validation for
the REST ...)
+ TODO: check
CVE-2023-20213
RESERVED
CVE-2023-20212
@@ -54268,8 +54329,8 @@ CVE-2023-20206
RESERVED
CVE-2023-20205
RESERVED
-CVE-2023-20204
- RESERVED
+CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
+ TODO: check
CVE-2023-20203
RESERVED
CVE-2023-20202
@@ -54314,8 +54375,8 @@ CVE-2023-20183 (Multiple vulnerabilities in the API of
Cisco DNA Center Software
NOT-FOR-US: Cisco
CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center
Software could ...)
NOT-FOR-US: Cisco
-CVE-2023-20181
- RESERVED
+CVE-2023-20181 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings
could all ...)
NOT-FOR-US: Cisco
CVE-2023-20179
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1762860fe93332556d9fdc2a40e914b5a1d252bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1762860fe93332556d9fdc2a40e914b5a1d252bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
