Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b42a762a by security tracker role at 2023-10-18T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2023-5642 (Advantech R-SeeNet v2.4.23 allows an unauthenticated remote
attacker t ...)
+ TODO: check
+CVE-2023-5632 (In Eclipse Mosquito before and including 2.0.5, establishing a
connect ...)
+ TODO: check
+CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before
1.6.4 al ...)
+ TODO: check
+CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System
Config ...)
+ TODO: check
+CVE-2023-46009 (gifsicle-1.94 was found to have a floating point exception
(FPE) vulne ...)
+ TODO: check
+CVE-2023-46007 (Sourcecodester Best Courier Management System 1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2023-46006 (Sourcecodester Best Courier Management System 1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2023-46005 (Sourcecodester Best Courier Management System 1.0 is
vulnerable to SQL ...)
+ TODO: check
+CVE-2023-46004 (Sourcecodester Best Courier Management System 1.0 is
vulnerable to Arb ...)
+ TODO: check
+CVE-2023-45912 (WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to
validate ...)
+ TODO: check
+CVE-2023-45911 (An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and
v4.4.12.723 allows ...)
+ TODO: check
+CVE-2023-45727 (Proself Enterprise/Standard Edition Ver5.62 and earlier,
Proself Gatew ...)
+ TODO: check
+CVE-2023-45632 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WebDorad ...)
+ TODO: check
+CVE-2023-45630 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
wpdevart Ga ...)
+ TODO: check
+CVE-2023-45628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-45608 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-45607 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-45604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Scot ...)
+ TODO: check
+CVE-2023-45602 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Shopfile ...)
+ TODO: check
+CVE-2023-45383 (In the module "SoNice etiquetage" (sonice_etiquetage) up to
version 2. ...)
+ TODO: check
+CVE-2023-45073 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mich ...)
+ TODO: check
+CVE-2023-45072 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kard ...)
+ TODO: check
+CVE-2023-45071 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
10Web Form ...)
+ TODO: check
+CVE-2023-45070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
10Web Fo ...)
+ TODO: check
+CVE-2023-45067 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Mad Fish ...)
+ TODO: check
+CVE-2023-45064 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Daisuke ...)
+ TODO: check
+CVE-2023-45062 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Thomas S ...)
+ TODO: check
+CVE-2023-45059 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-45057 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Hits ...)
+ TODO: check
+CVE-2023-45056 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in 100p ...)
+ TODO: check
+CVE-2023-45054 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
AWESOME ...)
+ TODO: check
+CVE-2023-43250 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There
is a Use ...)
+ TODO: check
+CVE-2023-35663 (In Init of protocolnetadapter.cpp, there is a possible out of
bounds r ...)
+ TODO: check
+CVE-2023-35656 (In multiple functions of protocolembmsadapter.cpp, there is a
possible ...)
+ TODO: check
+CVE-2023-32089 (Pega Platform versions 8.1 to 8.8.2 are affected by an XSS
issue with ...)
+ TODO: check
+CVE-2023-32088 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by
an XSS i ...)
+ TODO: check
+CVE-2023-32087 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by
an XSS i ...)
+ TODO: check
CVE-2023-5568 [Heap buffer overflow with freshness tokens in the Heimdal KDC
in Samba 4.19]
- samba 2:4.19.2+dfsg-1
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15491
@@ -462,21 +538,21 @@ CVE-2023-45757 (Security vulnerability in Apache bRPC
<=1.6.0 on all platforms a
NOT-FOR-US: Apache bRPC
CVE-2023-45580 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1
and before ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45579 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1
and before ...)
+CVE-2023-45579 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1
v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45578 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1
and before ...)
+CVE-2023-45578 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1
v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45577 (An issue in DI-7003GV2.D1 v.23.08.25D1 and before,
DI-7100G+V2.D1 v.23 ...)
+CVE-2023-45577 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1
v.23.08.25 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45576 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1
and before ...)
+CVE-2023-45576 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1
v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45575 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1
and before ...)
+CVE-2023-45575 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1
v.23.08.25 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45574 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1
and before ...)
+CVE-2023-45574 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1
v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45573 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1
and before ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45572 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1
and before ...)
+CVE-2023-45572 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1
v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45158 (An OS command injection vulnerability exists in web2py 2.24.1
and earl ...)
- web2py <removed>
@@ -4110,7 +4186,7 @@ CVE-2023-4521 (The Import XML and RSS Feeds WordPress
plugin before 2.1.5 contai
NOT-FOR-US: WordPress plugin
CVE-2023-4502 (The Translate WordPress with GTranslate WordPress plugin before
3.0.4 ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4490 (The WP Job Portal WordPress plugin through 2.0.3 does not
sanitise and ...)
+CVE-2023-4490 (The WP Job Portal WordPress plugin before 2.0.6 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4476 (The Locatoraid Store Locator WordPress plugin before 3.9.24
does not s ...)
NOT-FOR-US: WordPress plugin
@@ -21765,8 +21841,8 @@ CVE-2023-31219
RESERVED
CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site
Scripti ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31217
- RESERVED
+CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate
Member plu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31215
@@ -22629,8 +22705,8 @@ CVE-2023-2198 (An issue has been discovered in GitLab
CE/EE affecting all versio
- gitlab 15.10.8+ds1-2
CVE-2023-30912
RESERVED
-CVE-2023-30911
- RESERVED
+CVE-2023-30911 (HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using
iLOrest ...)
+ TODO: check
CVE-2023-30910 (HPE MSA Controller prior to versionIN210R004 could be remotely
exploit ...)
NOT-FOR-US: HPE
CVE-2023-30909 (A remote authentication bypass issue exists in some OneView
APIs.)
@@ -23106,8 +23182,8 @@ CVE-2023-30783
RESERVED
CVE-2023-30782 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Andy Moy ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30781
- RESERVED
+CVE-2023-30781 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Theme Bl ...)
+ TODO: check
CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Jonathan ...)
@@ -36783,8 +36859,8 @@ CVE-2023-26302 (Denial of service could be caused to
the command line interface
NOTE:
https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c
(v2.2.0)
CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially
vulnerable to a ...)
NOT-FOR-US: HP
-CVE-2023-26300
- RESERVED
+CVE-2023-26300 (A potential security vulnerability has been identified in the
system B ...)
+ TODO: check
CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU)
vulnerability has be ...)
NOT-FOR-US: HP
CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
@@ -65859,8 +65935,8 @@ CVE-2023-20263 (A vulnerability in the web-based
management interface of Cisco H
NOT-FOR-US: Cisco
CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN
Manager co ...)
NOT-FOR-US: Cisco
-CVE-2023-20261
- RESERVED
+CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager
could a ...)
+ TODO: check
CVE-2023-20260
RESERVED
CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified
Communica ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b42a762a88b306a3d13059dee6aca6e3c97ac221
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b42a762a88b306a3d13059dee6aca6e3c97ac221
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
