Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f4831df by security tracker role at 2023-10-16T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,212 @@
-CVE-2023-43668
+CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to
2.3.0-DEV.)
+ TODO: check
+CVE-2023-5575 (Improper access control in the permission inheritance in
Devolutions S ...)
+ TODO: check
+CVE-2023-5561 (The Popup Builder WordPress plugin through 4.1.15 does not
sanitise an ...)
+ TODO: check
+CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as
sending e-ma ...)
+ TODO: check
+CVE-2023-5421 (An attacker who is logged into OTRS as an user with privileges
to crea ...)
+ TODO: check
+CVE-2023-5177 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1
exposes the ...)
+ TODO: check
+CVE-2023-5167 (The User Activity Log Pro WordPress plugin before 2.3.4 does
not prope ...)
+ TODO: check
+CVE-2023-5133 (This user-activity-log-pro WordPress plugin before 2.3.4
retrieves cli ...)
+ TODO: check
+CVE-2023-5089 (The Defender Security WordPress plugin before 4.1.0 does not
prevent r ...)
+ TODO: check
+CVE-2023-5087 (The Page Builder: Pagelayer WordPress plugin before 1.7.8
doesn't prev ...)
+ TODO: check
+CVE-2023-5057 (The ActivityPub WordPress plugin before 1.0.0 does not escape
user met ...)
+ TODO: check
+CVE-2023-5003 (The Active Directory Integration / LDAP Integration WordPress
plugin b ...)
+ TODO: check
+CVE-2023-4971 (The Weaver Xtreme Theme Support WordPress plugin before 6.3.1
unserial ...)
+ TODO: check
+CVE-2023-4950 (The Interactive Contact Form and Multi Step Form Builder
WordPress plu ...)
+ TODO: check
+CVE-2023-4933 (The WP Job Openings WordPress plugin before 3.4.3 does not
block listi ...)
+ TODO: check
+CVE-2023-4862 (The File Manager Pro WordPress plugin before 1.8.1 does not
adequately ...)
+ TODO: check
+CVE-2023-4861 (The File Manager Pro WordPress plugin before 1.8.1 allows admin
users ...)
+ TODO: check
+CVE-2023-4834 (In Red Lion EuropembCONNECT24 and mymbCONNECT24 and Helmholz
myREX24 a ...)
+ TODO: check
+CVE-2023-4827 (The File Manager Pro WordPress plugin before 1.8 does not
properly che ...)
+ TODO: check
+CVE-2023-4822 (The vulnerability impacts instances with several organizations,
and al ...)
+ TODO: check
+CVE-2023-4821 (The Drag and Drop Multiple File Upload for WooCommerce
WordPress plugi ...)
+ TODO: check
+CVE-2023-4820 (The PowerPress Podcasting plugin by Blubrry WordPress plugin
before 11 ...)
+ TODO: check
+CVE-2023-4819 (The Shared Files WordPress plugin before 1.7.6 does not return
the rig ...)
+ TODO: check
+CVE-2023-4811 (The WordPress File Upload WordPress plugin before 4.23.3 does
not sani ...)
+ TODO: check
+CVE-2023-4805 (The Tutor LMS WordPress plugin before 2.3.0 does not sanitise
and esca ...)
+ TODO: check
+CVE-2023-4800 (The DoLogin Security WordPress plugin before 3.7.1 does not
restrict t ...)
+ TODO: check
+CVE-2023-4798 (The User Avatar WordPress plugin before 1.2.2 does not properly
saniti ...)
+ TODO: check
+CVE-2023-4795 (The Testimonial Slider Shortcode WordPress plugin before 1.1.9
does no ...)
+ TODO: check
+CVE-2023-4783 (The Magee Shortcodes WordPress plugin through 2.1.1 does not
validate ...)
+ TODO: check
+CVE-2023-4776 (The School Management System WordPress plugin before 2.2.5 uses
the Wo ...)
+ TODO: check
+CVE-2023-4725 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not
sanitis ...)
+ TODO: check
+CVE-2023-4691 (The WordPress Online Booking and Scheduling Plugin WordPress
plugin be ...)
+ TODO: check
+CVE-2023-4687 (The Page Builder: Pagelayer WordPress plugin before 1.7.7
doesn't prev ...)
+ TODO: check
+CVE-2023-4666 (The Form Maker by 10Web WordPress plugin before 1.15.20 does
not valid ...)
+ TODO: check
+CVE-2023-4646 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not
validat ...)
+ TODO: check
+CVE-2023-4643 (The Enable Media Replace WordPress plugin before 4.1.3
unserializes us ...)
+ TODO: check
+CVE-2023-4620 (The Booking Calendar WordPress plugin before 9.7.3.1 does not
sanitize ...)
+ TODO: check
+CVE-2023-4457 (Grafana is an open-source platform for monitoring and
observability. ...)
+ TODO: check
+CVE-2023-4388 (The EventON WordPress plugin before 2.2 does not sanitise and
escape s ...)
+ TODO: check
+CVE-2023-4290 (The WP Matterport Shortcode WordPress plugin before 2.1.7 does
not esc ...)
+ TODO: check
+CVE-2023-4289 (The WP Matterport Shortcode WordPress plugin before 2.1.8 does
not val ...)
+ TODO: check
+CVE-2023-46087 (Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa
Who Hit T ...)
+ TODO: check
+CVE-2023-46066 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Cod ...)
+ TODO: check
+CVE-2023-45985 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R
V9.1.0u.611 ...)
+ TODO: check
+CVE-2023-45984 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R
V9.1.0u.611 ...)
+ TODO: check
+CVE-2023-45836 (Cross-Site Request Forgery (CSRF) vulnerability in XYDAC
Ultimate Taxo ...)
+ TODO: check
+CVE-2023-45831 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelative,
Mohsin ...)
+ TODO: check
+CVE-2023-45763 (Cross-Site Request Forgery (CSRF) vulnerability in Taggbox
plugin <=2. ...)
+ TODO: check
+CVE-2023-45753 (Cross-Site Request Forgery (CSRF) vulnerability in Gilles
Dumas which ...)
+ TODO: check
+CVE-2023-45752 (Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality
Post Gal ...)
+ TODO: check
+CVE-2023-45749 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey
Golubnichenk ...)
+ TODO: check
+CVE-2023-45748 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch
MailChimp ...)
+ TODO: check
+CVE-2023-45690 (Default file permissions on South River Technologies' Titan
MFT and Ti ...)
+ TODO: check
+CVE-2023-45689 (Lack of sufficient path validation in South River
Technologies' Titan ...)
+ TODO: check
+CVE-2023-45688 (Lack of sufficient path validation in South River
Technologies' Titan ...)
+ TODO: check
+CVE-2023-45687 (A session fixation vulnerability in South River Technologies'
Titan MF ...)
+ TODO: check
+CVE-2023-45686 (Insufficient path validation when writing a file via WebDAV in
South R ...)
+ TODO: check
+CVE-2023-45685 (Insufficient path validation when extracting a zip archive in
South Ri ...)
+ TODO: check
+CVE-2023-45683 (github.com/crewjam/saml is a saml library for the go language.
In affe ...)
+ TODO: check
+CVE-2023-45669 (WebAuthn4J Spring Security provides Web Authentication
specification s ...)
+ TODO: check
+CVE-2023-45660 (Nextcloud mail is an email app for the Nextcloud home server
platform. ...)
+ TODO: check
+CVE-2023-45656 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber
Lazy Lo ...)
+ TODO: check
+CVE-2023-45655 (Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade
PixField ...)
+ TODO: check
+CVE-2023-45654 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade
Comments ...)
+ TODO: check
+CVE-2023-45653 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy
Weblinks Vid ...)
+ TODO: check
+CVE-2023-45651 (Cross-Site Request Forgery (CSRF) vulnerability in Marco
Milesi WP Att ...)
+ TODO: check
+CVE-2023-45650 (Cross-Site Request Forgery (CSRF) vulnerability in
Fla-shop.Com HTML5 ...)
+ TODO: check
+CVE-2023-45647 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch
Constant ...)
+ TODO: check
+CVE-2023-45645 (Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP
Open Str ...)
+ TODO: check
+CVE-2023-45643 (Cross-Site Request Forgery (CSRF) vulnerability in Anurag
Deshmukh CPT ...)
+ TODO: check
+CVE-2023-45642 (Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali
Snap Pix ...)
+ TODO: check
+CVE-2023-45641 (Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc.
Caret Co ...)
+ TODO: check
+CVE-2023-45639 (Cross-Site Request Forgery (CSRF) vulnerability in Codex-m
Sort Search ...)
+ TODO: check
+CVE-2023-45638 (Cross-Site Request Forgery (CSRF) vulnerability in euPago
Eupago Gatew ...)
+ TODO: check
+CVE-2023-45629 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart
Gallery \u ...)
+ TODO: check
+CVE-2023-45606 (Cross-Site Request Forgery (CSRF) vulnerability in Lasso
Simple URLs p ...)
+ TODO: check
+CVE-2023-45605 (Cross-Site Request Forgery (CSRF) vulnerability in Christopher
Finke F ...)
+ TODO: check
+CVE-2023-45274 (Cross-Site Request Forgery (CSRF) vulnerability in SendPulse
SendPulse ...)
+ TODO: check
+CVE-2023-45273 (Cross-Site Request Forgery (CSRF) vulnerability in Matt
McKenny Stout ...)
+ TODO: check
+CVE-2023-45151 (Nextcloud server is an open source home cloud platform.
Affected versi ...)
+ TODO: check
+CVE-2023-45150 (Nextcloud calendar is a calendar app for the Nextcloud server
platform ...)
+ TODO: check
+CVE-2023-45149 (Nextcloud talk is a chat module for the Nextcloud server
platform. In ...)
+ TODO: check
+CVE-2023-45148 (Nextcloud is an open source home cloud server. When Memcached
is used ...)
+ TODO: check
+CVE-2023-44987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Time ...)
+ TODO: check
+CVE-2023-44986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tych ...)
+ TODO: check
+CVE-2023-44985 (Auth. (contributo+) Stored Cross-Site Scripting (XSS)
vulnerability in ...)
+ TODO: check
+CVE-2023-44984 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-44229 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
+ TODO: check
+CVE-2023-43121 (A Directory Traversal vulnerability discovered in Chalet
application i ...)
+ TODO: check
+CVE-2023-43120 (An issue discovered in Extreme Networks Switch Engine (EXOS)
before 32 ...)
+ TODO: check
+CVE-2023-43119 (An Access Control issue discovered in Extreme Networks Switch
Engine ( ...)
+ TODO: check
+CVE-2023-43118 (Cross Site Request Forgery (CSRF) vulnerability in Chalet
application ...)
+ TODO: check
+CVE-2023-40180 (silverstripe-graphql is a package which serves Silverstripe
data in Gr ...)
+ TODO: check
+CVE-2023-3991 (An OS command injection vulnerability exists in the httpd
iperfrun.cgi ...)
+ TODO: check
+CVE-2023-3746 (The ActivityPub WordPress plugin before 1.0.0 does not sanitize
and es ...)
+ TODO: check
+CVE-2023-3707 (The ActivityPub WordPress plugin before 1.0.0 does not ensure
that pos ...)
+ TODO: check
+CVE-2023-3706 (The ActivityPub WordPress plugin before 1.0.0 does not ensure
that pos ...)
+ TODO: check
+CVE-2023-3392 (The Read More & Accordion WordPress plugin before 3.2.7
unserializes u ...)
+ TODO: check
+CVE-2023-3279 (The WordPress Gallery Plugin WordPress plugin before 3.39 does
not val ...)
+ TODO: check
+CVE-2023-3155 (The WordPress Gallery Plugin WordPress plugin before 3.39 is
vulnerabl ...)
+ TODO: check
+CVE-2023-3154 (The WordPress Gallery Plugin WordPress plugin before 3.39 is
vulnerabl ...)
+ TODO: check
+CVE-2023-38059 (The loading of external images is not blocked, even if
configured, if ...)
+ TODO: check
+CVE-2023-43668 (Authorization Bypass Through User-Controlled Key vulnerability
in Apac ...)
NOT-FOR-US: Apache InLong
-CVE-2023-43667
+CVE-2023-43667 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Apache InLong
-CVE-2023-43666
+CVE-2023-43666 (Insufficient Verification of Data Authenticity vulnerability
in Apache ...)
NOT-FOR-US: Apache InLong
CVE-2023-5591 (SQL Injection in GitHub repository librenms/librenms prior to
23.10.0.)
TODO: check
@@ -306,7 +510,7 @@ CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of
third-party packages
CVE-2023-45138 (Change Request is an pplication allowing users to request
changes on a ...)
NOT-FOR-US: XWiki addon
CVE-2023-45133 (Babel is a compiler for writingJavaScript. In
`@babel/traverse` prior ...)
- {DLA-3618-1}
+ {DSA-5528-1 DLA-3618-1}
- node-babel <removed>
- node-babel7 7.20.15+ds1+~cs214.269.168-5 (bug #1053880)
NOTE: github.com:
https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
@@ -1155,7 +1359,7 @@ CVE-2023-3961 [smbd allows client access to unix domain
sockets on the file syst
NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
NOTE: In scope for continued Samba support
CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server
resource consum ...)
- {DSA-5522-1 DSA-5521-1 DLA-3617-1}
+ {DSA-5522-1 DSA-5521-1 DLA-3621-1 DLA-3617-1}
- tomcat9 9.0.70-2
- tomcat10 10.1.14-1
- trafficserver <unfixed> (bug #1053801)
@@ -26134,8 +26338,8 @@ CVE-2023-29486
RESERVED
CVE-2023-29485
RESERVED
-CVE-2023-29484
- RESERVED
+CVE-2023-29484 (In Terminalfour before 8.3.16, misconfigured LDAP users are
able to lo ...)
+ TODO: check
CVE-2023-29483
RESERVED
CVE-2023-29482
@@ -30446,7 +30650,7 @@ CVE-2023-1402 (The course participation report required
additional checks to pre
- moodle <removed>
CVE-2023-1401 (An issue has been discovered in GitLab DAST scanner affecting
all vers ...)
NOT-FOR-US: GitLab DAST scanner
-CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin through 5.16.2
does n ...)
+CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin before 6.5.2
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to
untrusted d ...)
NOT-FOR-US: N6854A Geolocation Server
@@ -65523,8 +65727,8 @@ CVE-2023-20200 (A vulnerability in the Simple Network
Management Protocol (SNMP)
NOT-FOR-US: Cisco
CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for
macOS could ...)
NOT-FOR-US: Cisco
-CVE-2023-20198
- RESERVED
+CVE-2023-20198 (Cisco is aware of active exploitation of a previously unknown
vulnerab ...)
+ TODO: check
CVE-2023-20197 (A vulnerability in the filesystem image parser for
Hierarchical File S ...)
{DLA-3544-1}
- clamav 1.0.2+dfsg-1 (bug #1050057)
@@ -84995,11 +85199,13 @@ CVE-2022-37052 (A reachable Object::getString
assertion in Poppler 22.07.0 allow
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278
NOTE: Fixed by:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c
(poppler-22.08.0)
CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a
reachable abort ...)
+ {DLA-3620-1}
- poppler 22.08.0-2
[bullseye] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276
NOTE: Fixed by:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b
(poppler-22.08.0)
CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows
attackers t ...)
+ {DLA-3620-1}
- poppler 22.08.0-2
[bullseye] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274
@@ -224252,6 +224458,7 @@ CVE-2020-23806
CVE-2020-23805
RESERVED
CVE-2020-23804 (Uncontrolled Recursion in pdfinfo, and pdftops in poppler
0.89.0 allow ...)
+ {DLA-3620-1}
- poppler 20.09.0-1
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/936
NOTE: Fixed by:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ec8a43c8df29fdd6f1228276160898ccd9401c92
(poppler-20.08.0)
@@ -255644,7 +255851,7 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a
vulnerability that would al
CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation
vulnerabil ...)
- osquery <itp> (bug #803502)
CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2
SETTINGS fra ...)
- {DSA-4696-1 DLA-2786-1}
+ {DSA-4696-1 DLA-3621-1 DLA-2786-1}
- nghttp2 1.41.0-1
- nodejs 10.21.0~dfsg-1 (bug #962145)
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security
support)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4831df97c063995e7f6c36d4c93df823957f03
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4831df97c063995e7f6c36d4c93df823957f03
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
