Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7b14a75 by security tracker role at 2023-09-16T08:11:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-5001 (The Horizontal scrolling announcement for WordPress plugin for
WordPre ...)
+ TODO: check
+CVE-2023-4994 (The Allow PHP in Posts and Pages plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-42442 (JumpServer is an open source bastion host and a professional
operation ...)
+ TODO: check
+CVE-2023-42439 (GeoNode is an open source platform that facilitates the
creation, shar ...)
+ TODO: check
+CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a
remote attack ...)
+ TODO: check
+CVE-2023-41901
+ REJECTED
+CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions
9.4.21 t ...)
+ TODO: check
+CVE-2023-41626 (Gradio v3.27.0 was discovered to contain an arbitrary file
upload vuln ...)
+ TODO: check
+CVE-2023-41436 (Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a
local at ...)
+ TODO: check
+CVE-2023-41157 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Usermin ...)
+ TODO: check
+CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin
Control Panel ...)
+ TODO: check
+CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser
before v2.23 ...)
+ TODO: check
+CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36562 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-36160 (An issue was discovered in Qubo Smart Plug10A version
HSP02_01_01_14_S ...)
+ TODO: check
CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been
rated ...)
NOT-FOR-US: NextBX QWAlerter
CVE-2023-4988 (A vulnerability, which was classified as problematic, was found
in Bet ...)
@@ -4237,7 +4269,8 @@ CVE-2023-4332 (Broadcom RAID Controller web interface is
vulnerable due to Impro
NOT-FOR-US: Broadcom RAID Controller web interface
CVE-2023-4331 (Broadcom RAID Controller web interface is vulnerable has an
insecure d ...)
NOT-FOR-US: Broadcom RAID Controller web interface
-CVE-2023-4330 (Broadcom RAID Controller web interface is vulnerable Denial of
Service ...)
+CVE-2023-4330
+ REJECTED
NOT-FOR-US: Broadcom RAID Controller web interface
CVE-2023-4329 (Broadcom RAID Controller web interface is vulnerable due to
insecure d ...)
NOT-FOR-US: Broadcom RAID Controller web interface
@@ -24260,7 +24293,8 @@ CVE-2023-1578 (SQL Injection in GitHub repository
pimcore/pimcore prior to 10.5.
NOT-FOR-US: pimcore
CVE-2023-1577
RESERVED
-CVE-2023-1576 (A Heap buffer overflow in CPP/7zip/Archive/Zip/ZipIn.cpp:1116
in NArch ...)
+CVE-2023-1576
+ REJECTED
TODO: check
CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored
Cross- ...)
NOT-FOR-US: Mega Main Menu plugin for WordPress
@@ -32193,8 +32227,7 @@ CVE-2023-0925 (Version 10.11 of webMethods OneData runs
an embedded instance of
NOT-FOR-US: webMethods OneData
CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate
the typ ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0923
- RESERVED
+CVE-2023-0923 (A flaw was found in the Kubernetes service for notebooks in
RHODS, whe ...)
NOT-FOR-US: Red Hat OpenShift Data Science
CVE-2023-0922 (The Samba AD DC administration tool, when operating against a
remote L ...)
- samba 2:4.17.7+dfsg-1
@@ -33407,8 +33440,7 @@ CVE-2023-0815 (Potential Insertion of Sensitive
Information into Jetty Log Files
NOT-FOR-US: OpenNMS
CVE-2023-0814 (The Profile Builder \u2013 User Profile & User Registration
Forms plug ...)
NOT-FOR-US: Profile Builder – User Profile & User Registration
Forms plugin for WordPress
-CVE-2023-0813
- RESERVED
+CVE-2023-0813 (A flaw was found in the Network Observability plugin for
OpenShift con ...)
NOT-FOR-US: Network Observability plugin for OpenShift console
CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress
plugin b ...)
NOT-FOR-US: WordPress plugin
@@ -69022,8 +69054,8 @@ CVE-2022-3263 (The security descriptor of Measuresoft
ScadaPro Server version 6.
NOT-FOR-US: Measuresoft ScadaPro Server
CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of
"ClusterFirst ...)
NOT-FOR-US: OpenShift
-CVE-2022-3261
- RESERVED
+CVE-2022-3261 (A flaw was found in OpenStack. Multiple components show
plain-text pas ...)
+ TODO: check
CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which
helps preve ...)
NOT-FOR-US: Openshift
CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security
(HSTS) which ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b14a75d3909772f68e3e30cc6b7f203e0f97d0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b14a75d3909772f68e3e30cc6b7f203e0f97d0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
