Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1f85b1a by security tracker role at 2023-11-03T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-5946 (The Digirisk plugin for WordPress is vulnerable to Reflected
Cross-Sit ...)
+ TODO: check
+CVE-2023-5945 (The video carousel slider with lightbox plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2023-5707 (The SEO Slider plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2023-5088 (A bug in QEMU could cause a guest I/O operation otherwise
addressed to ...)
+ TODO: check
+CVE-2023-4769 (A SSRF vulnerability has been found in ManageEngine Desktop
Central af ...)
+ TODO: check
+CVE-2023-4768 (A CRLF injection vulnerability has been found in ManageEngine
Desktop ...)
+ TODO: check
+CVE-2023-4767 (A CRLF injection vulnerability has been found in ManageEngine
Desktop ...)
+ TODO: check
+CVE-2023-4592 (A Cross-Site Scripting vulnerability has been detected in
WPN-XM Serve ...)
+ TODO: check
+CVE-2023-4591 (A local file inclusion vulnerability has been found in WPN-XM
Serverst ...)
+ TODO: check
+CVE-2023-4043 (In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing
JSON from ...)
+ TODO: check
+CVE-2023-46980 (An issue in Best Courier Management System v.1.0 allows a
remote attac ...)
+ TODO: check
+CVE-2023-46947 (Subrion 4.2.1 has a remote command execution vulnerability in
the back ...)
+ TODO: check
+CVE-2023-46404 (PCRS <= 3.11 (d0de1e) \u201cQuestions\u201d page and
\u201cCode editor ...)
+ TODO: check
+CVE-2023-41726 (Ivanti Avalanche Incorrect Default Permissions allows Local
Privilege ...)
+ TODO: check
+CVE-2023-41725 (Ivanti Avalanche EnterpriseServer Service Unrestricted File
Upload Loc ...)
+ TODO: check
+CVE-2023-41652 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3277 (The MStore API plugin for WordPress is vulnerable to
Unauthorized Acco ...)
+ TODO: check
+CVE-2023-39301 (A server-side request forgery (SSRF) vulnerability has been
reported t ...)
+ TODO: check
+CVE-2023-39299 (A path traversal vulnerability has been reported to affect
Music Stati ...)
+ TODO: check
+CVE-2023-36529 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-34383 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-34179 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-32508 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-32121 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-5948 (Improper Authorization in GitHub repository
teamamaze/amazefileutiliti ...)
NOT-FOR-US: amazefileutilities
CVE-2023-5763 (In Eclipse Glassfish 5 or 6, running with old versions of JDK
(lower t ...)
@@ -1586,6 +1634,7 @@ CVE-2023-34447 (iTop is an open source, web-based IT
service management platform
CVE-2023-34446 (iTop is an open source, web-based IT service management
platform. Prio ...)
NOT-FOR-US: iTop
CVE-2023-32359 (This issue was addressed with improved redaction of sensitive
informat ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
@@ -4550,7 +4599,7 @@ CVE-2023-4154 [Samba AD DC password exposure to
privileged users and RODCs]
[bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
[buster] - samba <ignored> (Domain controller functionality is EOLed,
see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2023-4154.html
-CVE-2023-3961 [smbd allows client access to unix domain sockets on the file
system]
+CVE-2023-3961 (A path traversal vulnerability was identified in Samba when
processing ...)
{DSA-5525-1}
- samba 2:4.19.1+dfsg-1
[bullseye] - samba <not-affected> (Vulnerable code not present)
@@ -11491,7 +11540,7 @@ CVE-2023-32202 (Walchem Intuition 9 firmware versions
prior to v4.21 are vulnera
NOT-FOR-US: Walchem Intuition 9 firmware
CVE-2023-32119 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPO365 | ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-3893
+CVE-2023-3893 (A security issue was discovered in Kubernetes where a user that
can c ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
@@ -40735,8 +40784,8 @@ CVE-2023-26017 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26016 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tauh ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26015
- RESERVED
+CVE-2023-26015 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel
Minify HT ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -40785,8 +40834,8 @@ CVE-2023-25992 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in
RegistrationMagic p ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25990
- RESERVED
+CVE-2023-25990 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video
Importer ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25988
@@ -40845,8 +40894,8 @@ CVE-2023-25962 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Catch Th ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25960
- RESERVED
+CVE-2023-25960 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-25959
RESERVED
CVE-2023-25958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Just ...)
@@ -41298,8 +41347,8 @@ CVE-2023-25802 (Roxy-WI is a Web interface for managing
Haproxy, Nginx, Apache,
NOT-FOR-US: Roxy-WI
CVE-2023-25801 (TensorFlow is an open source machine learning platform. Prior
to versi ...)
- tensorflow <itp> (bug #804612)
-CVE-2023-25800
- RESERVED
+CVE-2023-25800 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-25799
RESERVED
CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -41717,8 +41766,8 @@ CVE-2023-25702 (Auth. (admin+) Stored Cross-site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25701
RESERVED
-CVE-2023-25700
- RESERVED
+CVE-2023-25700 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-25699
RESERVED
CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio
Wombat Shopp ...)
@@ -48961,10 +49010,10 @@ CVE-2023-23371 (A cleartext transmission of sensitive
information vulnerability
NOT-FOR-US: QNAP
CVE-2023-23370 (An insufficiently protected credentials vulnerability has been
reporte ...)
NOT-FOR-US: QNAP
-CVE-2023-23369
- RESERVED
-CVE-2023-23368
- RESERVED
+CVE-2023-23369 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
+CVE-2023-23368 (An OS command injection vulnerability has been reported to
affect seve ...)
+ TODO: check
CVE-2023-23367
RESERVED
CVE-2023-23366 (A path traversal vulnerability has been reported to affect
Music Stati ...)
@@ -54527,8 +54576,8 @@ CVE-2022-47590 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Fu
NOT-FOR-US: WordPress plugin
CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in this ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47588
- RESERVED
+CVE-2022-47588 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Corn ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47586 (Unauth. SQL Injection (SQLi) vulnerability in Themefic
Ultimate Addons ...)
@@ -56251,8 +56300,8 @@ CVE-2022-47447 (Cross-Site Request Forgery (CSRF)
vulnerability in Mathieu Chart
NOT-FOR-US: WordPress plugin
CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat
Creations St ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47445
- RESERVED
+CVE-2022-47445 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ProfileP ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel
Powney Multi ...)
@@ -56289,8 +56338,8 @@ CVE-2022-47428
RESERVED
CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C
Dolson My ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47426
- RESERVED
+CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-47425
RESERVED
CVE-2022-47424
@@ -58078,8 +58127,8 @@ CVE-2022-46861 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-46860
RESERVED
-CVE-2022-46859
- RESERVED
+CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Amin A.R ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46857 (Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert
plugin <= ...)
@@ -58223,8 +58272,8 @@ CVE-2022-46820 (Cross-Site Request Forgery (CSRF)
vulnerability in WPJoli Joli T
NOT-FOR-US: WordPress plugin
CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46818
- RESERVED
+CVE-2022-46818 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Flyz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking
Ultra Pro A ...)
@@ -58243,8 +58292,8 @@ CVE-2022-46810 (Cross-Site Request Forgery (CSRF)
vulnerability in VillaTheme Th
NOT-FOR-US: WordPress plugin
CVE-2022-46809
RESERVED
-CVE-2022-46808
- RESERVED
+CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-46807
RESERVED
CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme
Cart All ...)
@@ -58594,6 +58643,7 @@ CVE-2022-46727
CVE-2022-46726
RESERVED
CVE-2022-46725 (A spoofing issue existed in the handling of URLs. This issue
was addre ...)
+ {DSA-5341-1 DSA-5340-1}
- webkit2gtk 2.38.4-1
- wpewebkit 2.38.4-1
CVE-2022-46724 (This issue was addressed by restricting options offered on a
locked de ...)
@@ -58635,6 +58685,7 @@ CVE-2022-46707
CVE-2022-46706 (A type confusion issue was addressed with improved state
handling. Thi ...)
NOT-FOR-US: Apple
CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue
was addre ...)
+ {DSA-5341-1 DSA-5340-1}
- webkit2gtk 2.38.4-1
- wpewebkit 2.38.4-1
CVE-2022-46704 (A logic issue was addressed with improved state management.
This issue ...)
@@ -61391,8 +61442,8 @@ CVE-2022-45807 (Cross-Site Request Forgery (CSRF)
inWPVibes WP Mail Log plugin <
NOT-FOR-US: WordPress plugin
CVE-2022-45806
RESERVED
-CVE-2022-45805
- RESERVED
+CVE-2022-45805 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft
Photo Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45803
@@ -66270,8 +66321,8 @@ CVE-2022-44570 (A denial of service vulnerability in
the Range header parsing co
NOTE:
https://github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359
(v2.0.9.2)
NOTE:
https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437
(v2.1.4.2)
NOTE:
https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1
(v2.2.6.2)
-CVE-2022-44569
- RESERVED
+CVE-2022-44569 (A locally authenticated attacker with low privileges can
bypass authen ...)
+ TODO: check
CVE-2022-44568
RESERVED
CVE-2022-44567 (A command injection vulnerability exists in
Rocket.Chat-Desktop <3.8.1 ...)
@@ -70632,10 +70683,10 @@ CVE-2022-43557 (The BD BodyGuard\u2122 infusion pumps
specified allow for access
NOT-FOR-US: BD BodyGuard
CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between
9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
-CVE-2022-43555
- RESERVED
-CVE-2022-43554
- RESERVED
+CVE-2022-43555 (Ivanti Avalanche Printer Device Service Missing Authentication
Local P ...)
+ TODO: check
+CVE-2022-43554 (Ivanti Avalanche Smart Device Service Missing Authentication
Local Pri ...)
+ TODO: check
CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version
2.0.9-ho ...)
NOT-FOR-US: EdgeRouters
CVE-2022-43552 (A use after free vulnerability exists in curl <7.87.0. Curl
can be ask ...)
@@ -79555,8 +79606,7 @@ CVE-2022-38975 (DOM-based cross-site scripting
vulnerability in EC-CUBE 4 series
NOT-FOR-US: EC-CUBE
CVE-2022-37346 (EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and
4.1.0 cont ...)
NOT-FOR-US: EC-CUBE
-CVE-2022-3172
- RESERVED
+CVE-2022-3172 (A security issue was discovered in kube-apiserver that allows
an aggr ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1,
marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom
rebuilds are not really a usecase here
@@ -99778,6 +99828,7 @@ CVE-2022-32935 (A lock screen issue was addressed with
improved state management
CVE-2022-32934 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32933 [A website may be able to track the websites a user visited in
Safari private browsing mode]
+ {DSA-5241-1 DSA-5240-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
CVE-2022-32932 (The issue was addressed with improved memory handling. This
issue is f ...)
@@ -99810,6 +99861,7 @@ CVE-2022-32921
CVE-2022-32920 (The issue was addressed with improved checks. This issue is
fixed in X ...)
NOT-FOR-US: Apple Xcode
CVE-2022-32919 [Visiting a website that frames malicious content may lead to
UI spoofing]
+ {DSA-5341-1 DSA-5340-1}
- webkit2gtk 2.38.4-1
- wpewebkit 2.38.4-1
CVE-2022-32918 (This issue was addressed with improved data protection. This
issue is ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1f85b1ad77a6d7f6861fd07ff632e1492678ec4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1f85b1ad77a6d7f6861fd07ff632e1492678ec4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
