Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
80ada004 by security tracker role at 2023-11-22T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,190 @@
-CVE-2023-37924
+CVE-2023-6265 (Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to
directory tr ...)
+ TODO: check
+CVE-2023-6264 (Information leak in Content-Security-Policy header in
Devolutions Serv ...)
+ TODO: check
+CVE-2023-6263 (An issue was discovered in Network Optix NxCloud before
23.1.0.40440.I ...)
+ TODO: check
+CVE-2023-6253 (A saved encryption key in the Uninstaller in Digital Guardian's
Agent ...)
+ TODO: check
+CVE-2023-6252 (Path traversal vulnerability in Chalemelon Power framework,
affecting ...)
+ TODO: check
+CVE-2023-6189 (Missing access permissions checks inthe M-Files serverbefore
23.11.1 ...)
+ TODO: check
+CVE-2023-6164 (The MainWP Dashboard \u2013 WordPress Manager for Multiple
Websites M ...)
+ TODO: check
+CVE-2023-6160 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin
for Wor ...)
+ TODO: check
+CVE-2023-6157 (Improper neutralization of livestatus command delimiters in
ajax_searc ...)
+ TODO: check
+CVE-2023-6156 (Improper neutralization of livestatus command delimiters in the
availa ...)
+ TODO: check
+CVE-2023-6117 (A possibility of unwanted server memory consumption was
detected throu ...)
+ TODO: check
+CVE-2023-6011 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-6009 (The UserPro plugin for WordPress is vulnerable to privilege
escalation ...)
+ TODO: check
+CVE-2023-6008 (The UserPro plugin for WordPress is vulnerable to Cross-Site
Request F ...)
+ TODO: check
+CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized
access ...)
+ TODO: check
+CVE-2023-5983 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-5921 (Improper Enforcement of Behavioral Workflow vulnerability in
DECE Soft ...)
+ TODO: check
+CVE-2023-5822 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin
for Wor ...)
+ TODO: check
+CVE-2023-5815 (The News & Blog Designer Pack \u2013 WordPress Blog Plugin
\u2014 (Blo ...)
+ TODO: check
+CVE-2023-5742 (The EasyRotator for WordPress plugin for WordPress is
vulnerable to St ...)
+ TODO: check
+CVE-2023-5715 (The Website Optimization \u2013 Plerdy plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2023-5708 (The WP Post Columns plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2023-5706 (The VK Blocks plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2023-5704 (The CPO Shortcodes plugin for WordPress is vulnerable to Stored
Cross- ...)
+ TODO: check
+CVE-2023-5667 (The Tab Ultimate plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2023-5664 (The Garden Gnome Package plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2023-5662 (The Sponsors plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2023-5537 (The Delete Usermeta plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2023-5469 (The Drop Shadow Boxes plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2023-5466 (The Wp anything slider plugin for WordPress is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2023-5465 (The Popup with fancybox plugin for WordPress is vulnerable to
SQL Inje ...)
+ TODO: check
+CVE-2023-5419 (The Funnelforms Free plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5417 (The Funnelforms Free plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5416 (The Funnelforms Free plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5415 (The Funnelforms Free plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5411 (The Funnelforms Free plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5387 (The Funnelforms Free plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5386 (The Funnelforms Free plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5385 (The Funnelforms Free plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5383 (The Funnelforms Free plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2023-5382 (The Funnelforms Free plugin for WordPress is vulnerable to
Cross-Site ...)
+ TODO: check
+CVE-2023-5338 (The Theme Blvd Shortcodes plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2023-5314 (The WP EXtra plugin for WordPress is vulnerable to unauthorized
access ...)
+ TODO: check
+CVE-2023-5234 (The Related Products for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2023-5163 (The Weather Atlas Widget plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2023-5128 (The TCD Google Maps plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2023-5096 (The HTML filter and csv-file search plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-5048 (The WDContactFormBuilder plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2023-5047 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4726 (The Ultimate Dashboard plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2023-4686 (The WP Customer Reviews plugin for WordPress is vulnerable to
Sensitiv ...)
+ TODO: check
+CVE-2023-48705 (Nautobot is a Network Source of Truth and Network Automation
Platform ...)
+ TODO: check
+CVE-2023-48646 (Zoho ManageEngine RecoveryManager Plus before 6070 allows
admin users ...)
+ TODO: check
+CVE-2023-48106 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2
allows an ...)
+ TODO: check
+CVE-2023-47825 (Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP
EXtra pl ...)
+ TODO: check
+CVE-2023-47824 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal
Pages \ ...)
+ TODO: check
+CVE-2023-47819 (Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc
Binh Easy ...)
+ TODO: check
+CVE-2023-47792 (Cross-Site Request Forgery (CSRF) vulnerability in Infinite
Uploads Bi ...)
+ TODO: check
+CVE-2023-47791 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster
plugin <=1 ...)
+ TODO: check
+CVE-2023-47785 (Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider
plugin ...)
+ TODO: check
+CVE-2023-47781 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive
Themes Thriv ...)
+ TODO: check
+CVE-2023-47775 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors
Team Comme ...)
+ TODO: check
+CVE-2023-47765 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard
CodeBard's ...)
+ TODO: check
+CVE-2023-47759 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47758 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula
GmbH Multi ...)
+ TODO: check
+CVE-2023-47755 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47467 (Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows
a remot ...)
+ TODO: check
+CVE-2023-47380 (Admidio v4.2.12 and below is vulnerable to Cross Site
Scripting (XSS).)
+ TODO: check
+CVE-2023-47350 (SwiftyEdit Content Management System prior to v1.2.0 is
vulnerable to ...)
+ TODO: check
+CVE-2023-47316 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect
Access Contro ...)
+ TODO: check
+CVE-2023-47315 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect
Access Contro ...)
+ TODO: check
+CVE-2023-47314 (Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site
Scripting (X ...)
+ TODO: check
+CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable to Directory
Traversal.)
+ TODO: check
+CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect
Access Contro ...)
+ TODO: check
+CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro
Server, a ...)
+ TODO: check
+CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro
Server, b ...)
+ TODO: check
+CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in
Sourcecodester St ...)
+ TODO: check
+CVE-2023-46673 (It was identified that malformed scripts used in the script
processor ...)
+ TODO: check
+CVE-2023-46357 (In the module "Cross Selling in Modal Cart" (motivationsale) <
3.5.0 f ...)
+ TODO: check
+CVE-2023-45377 (In the module "Chronopost Official" (chronopost) for
PrestaShop, a gue ...)
+ TODO: check
+CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in the middle'
vulnerability i ...)
+ TODO: check
+CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior,
contains a ...)
+ TODO: check
+CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local
user is ...)
+ TODO: check
+CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which
could a ...)
+ TODO: check
+CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo
Download Com ...)
+ TODO: check
+CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-2841 (The Advanced Local Pickup for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2023-2497 (The UserPro plugin for WordPress is vulnerable to Cross-Site
Request F ...)
+ TODO: check
+CVE-2023-2449 (The UserPro plugin for WordPress is vulnerable to unauthorized
passwor ...)
+ TODO: check
+CVE-2023-2448 (The UserPro plugin for WordPress is vulnerable to unauthorized
access ...)
+ TODO: check
+CVE-2023-2440 (The UserPro plugin for WordPress is vulnerable to Cross-Site
Request F ...)
+ TODO: check
+CVE-2023-2438 (The UserPro plugin for WordPress is vulnerable to Cross-Site
Request F ...)
+ TODO: check
+CVE-2023-2437 (The UserPro plugin for WordPress is vulnerable to
authentication bypas ...)
+ TODO: check
+CVE-2023-37924 (Apache Software Foundation Apache Submarine has an SQL
injection vulne ...)
NOT-FOR-US: Apache Submarine
CVE-2023-6248 (The Syrus4 IoT gateway utilizes an unsecured MQTT server to
download a ...)
NOT-FOR-US: Syrus4 IoT gateway
@@ -87,7 +273,8 @@ CVE-2023-6228 [heap-based buffer overflow in cpStripToTile()
in tools/tiffcp.c]
CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs
showed e ...)
- firefox 120.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213
-CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox 115.4, and
Thunderb ...)
+CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox ESR 115.4,
and Thun ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- tunderbird <unfixed>
@@ -101,6 +288,7 @@ CVE-2023-6210 (When an https: web page created a pop-up
from a "javascript:" URL
- firefox 120.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6210
CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly
parsed, and ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -108,6 +296,7 @@ CVE-2023-6209 (Relative URLs starting with three slashes
were incorrectly parsed
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6209
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6209
CVE-2023-6208 (When using X11, text selected by the page using the Selection
API was ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -115,6 +304,7 @@ CVE-2023-6208 (When using X11, text selected by the page
using the Selection API
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6208
CVE-2023-6207 (Ownership mismanagement led to a use-after-free in
ReadableByteStreams ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -122,6 +312,7 @@ CVE-2023-6207 (Ownership mismanagement led to a
use-after-free in ReadableByteSt
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6207
CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the
length ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -129,6 +320,7 @@ CVE-2023-6206 (The black fade animation when exiting
fullscreen is roughly the l
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206
CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had
already ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -136,6 +328,7 @@ CVE-2023-6205 (It was possible to cause the use of a
MessagePort after it had al
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205
CVE-2023-6204 (On some systems\u2014depending on the graphics settings and
drivers\u2 ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -824,7 +1017,7 @@ CVE-2023-47674 (Missing authentication for critical
function vulnerability in Fi
NOT-FOR-US: First Corporation
CVE-2023-47638
REJECTED
-CVE-2023-43887
+CVE-2023-43887 (Libde265 v1.0.12 was discovered to contain multiple buffer
overflows v ...)
- libde265 1.0.13-1
NOTE: https://github.com/strukturag/libde265/issues/418
NOTE:
https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133
(v1.0.13)
@@ -924,6 +1117,7 @@ CVE-2023-5985 (A CWE-79 Improper Neutralization of Input
During Web Page Generat
CVE-2023-5984 (A CWE-494 Download of Code Without Integrity Check
vulnerability exist ...)
NOT-FOR-US: Schneider Electric
CVE-2023-5981 [ttiming side-channel inside RSA-PSK key exchange]
+ {DLA-3660-1}
- gnutls28 <unfixed> (bug #1056188)
[bookworm] - gnutls28 <no-dsa> (Minor issue; can be fixed via point
release)
[bullseye] - gnutls28 <no-dsa> (Minor issue; can be fixed via point
release)
@@ -4731,7 +4925,8 @@ CVE-2023-46068 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute
arbitrary comm ...)
NOT-FOR-US: SeaCMS
-CVE-2023-45960 (An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before
allows a r ...)
+CVE-2023-45960
+ REJECTED
- dom4j <unfixed> (unimportant)
NOTE: https://github.com/dom4j/dom4j/issues/171
NOTE: Not considered as a vulnerability by upstream:
@@ -8092,7 +8287,7 @@ CVE-2023-43983 (Presto Changeo attributegrid up to 2.0.3
was discovered to conta
NOT-FOR-US: Presto Changeo attributegrid
CVE-2023-43981 (Presto Changeo testsitecreator up to 1.1.1 was discovered to
contain a ...)
NOT-FOR-US: Presto Changeo testsitecreator
-CVE-2023-43284 (An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router
DIR-846 firm ...)
+CVE-2023-43284 (D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846
100A53DBR-Retail ...)
NOT-FOR-US: D-Link
CVE-2023-43260 (Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was
discovere ...)
NOT-FOR-US: Milesight
@@ -30345,8 +30540,8 @@ CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Co
NOT-FOR-US: WordPress Plugin
CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Simon Ch ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30496
- RESERVED
+CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
CVE-2023-30495
RESERVED
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ImageRec ...)
@@ -35495,12 +35690,12 @@ CVE-2023-28751 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ignazio ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28749
- RESERVED
+CVE-2023-28749 (Cross-Site Request Forgery (CSRF) vulnerability in
CreativeMindsSoluti ...)
+ TODO: check
CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28747
- RESERVED
+CVE-2023-28747 (Cross-Site Request Forgery (CSRF) vulnerability in codeboxr
CBX Curren ...)
+ TODO: check
CVE-2023-28735
RESERVED
CVE-2023-28734
@@ -39338,8 +39533,8 @@ CVE-2008-10004 (A vulnerability was found in Email
Registration 5.x-2.1 on Drupa
NOT-FOR-US: Email Registration
CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows
arbitrary file ...)
NOT-FOR-US: Shingo Intrepidity
-CVE-2023-27633
- RESERVED
+CVE-2023-27633 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade
Customif ...)
+ TODO: check
CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151
Daily Praye ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -39913,28 +40108,28 @@ CVE-2023-27463 (A vulnerability has been identified
in RUGGEDCOM CROSSBOW (All v
NOT-FOR-US: RUGGEDCOM CROSSBOW
CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All
version ...)
NOT-FOR-US: RUGGEDCOM CROSSBOW
-CVE-2023-27461
- RESERVED
+CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo
Plugins When ...)
+ TODO: check
CVE-2023-27460
RESERVED
CVE-2023-27459
RESERVED
-CVE-2023-27458
- RESERVED
-CVE-2023-27457
- RESERVED
+CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream
WpStream p ...)
+ TODO: check
+CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate
Brains A ...)
+ TODO: check
CVE-2023-27456
RESERVED
CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Maui Mar ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27454
RESERVED
-CVE-2023-27453
- RESERVED
+CVE-2023-27453 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS
Tools plugi ...)
+ TODO: check
CVE-2023-27452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Wow- ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27451
- RESERVED
+CVE-2023-27451 (Server-Side Request Forgery (SSRF) vulnerability in Darren
Cooney Inst ...)
+ TODO: check
CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Teplitsa of ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27449
@@ -39943,16 +40138,16 @@ CVE-2023-27448 (Cross-Site Request Forgery (CSRF)
vulnerability in MakeStories T
NOT-FOR-US: WordPress plugin
CVE-2023-27447
RESERVED
-CVE-2023-27446
- RESERVED
+CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx
DeepL API tr ...)
+ TODO: check
CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc.
Blog Flo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27444
- RESERVED
+CVE-2023-27444 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre
Lannoy / Per ...)
+ TODO: check
CVE-2023-27443 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27442
- RESERVED
+CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of
social ...)
+ TODO: check
CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE
New Adman ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27440
@@ -42195,8 +42390,8 @@ CVE-2019-25105 (A vulnerability, which was classified
as problematic, was found
NOT-FOR-US: dro.pm
CVE-2023-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr
Guidrevit ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26542
- RESERVED
+CVE-2023-26542 (Cross-Site Request Forgery (CSRF) vulnerability in Exeebit
phpinfo() W ...)
+ TODO: check
CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26540
@@ -42209,14 +42404,14 @@ CVE-2023-26537 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Jonk ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26535
- RESERVED
+CVE-2023-26535 (Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL
Sheets To WP ...)
+ TODO: check
CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in OneW ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26533
RESERVED
-CVE-2023-26532
- RESERVED
+CVE-2023-26532 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress
Themes ...)
+ TODO: check
CVE-2023-26531 (Cross-Site Request Forgery (CSRF) vulnerability in
\u95ea\u7535\u535a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26530 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Paul Keh ...)
@@ -43859,10 +44054,10 @@ CVE-2023-25989 (Cross-Site Request Forgery (CSRF)
vulnerability in Meks Video Im
NOT-FOR-US: WordPress plugin
CVE-2023-25988
RESERVED
-CVE-2023-25987
- RESERVED
-CVE-2023-25986
- RESERVED
+CVE-2023-25987 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar
Uro\u016 ...)
+ TODO: check
+CVE-2023-25986 (Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt
PayGreen \ ...)
+ TODO: check
CVE-2023-25985 (Cross-Site Request Forgery (CSRF) vulnerability in Tomas |
Docs | FAQ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Rigo ...)
@@ -45043,8 +45238,8 @@ CVE-2023-25684 (IBM Security Guardium Key Lifecycle
Manager 3.0, 3.0.1, 4.0, 4.1
NOT-FOR-US: IBM
CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00
through FW ...)
NOT-FOR-US: IBM
-CVE-2023-25682
- RESERVED
+CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.0.3.8 a ...)
+ TODO: check
CVE-2023-25681
RESERVED
CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is
vulnerable to ...)
@@ -49438,7 +49633,7 @@ CVE-2023-24231 (A stored cross-site scripting (XSS)
vulnerability in the compone
NOT-FOR-US: Inventory Management System
CVE-2023-24230 (A stored cross-site scripting (XSS) vulnerability in the
component /fo ...)
NOT-FOR-US: Formwork
-CVE-2023-24229 (DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command
injecti ...)
+CVE-2023-24229 (DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker
with netwo ...)
NOT-FOR-US: DrayTek Vigor2960
CVE-2023-24228
RESERVED
@@ -72064,10 +72259,10 @@ CVE-2023-20243 (A vulnerability in the RADIUS message
processing feature of Cisc
NOT-FOR-US: Cisco
CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
-CVE-2023-20241
- RESERVED
-CVE-2023-20240
- RESERVED
+CVE-2023-20241 (Multiple vulnerabilities in Cisco Secure Client Software,
formerly Any ...)
+ TODO: check
+CVE-2023-20240 (Multiple vulnerabilities in Cisco Secure Client Software,
formerly Any ...)
+ TODO: check
CVE-2023-20239
RESERVED
CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of
Cisco Br ...)
@@ -72386,8 +72581,8 @@ CVE-2023-20086 (A vulnerability in ICMPv6 processing of
Cisco Adaptive Security
NOT-FOR-US: Cisco
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
-CVE-2023-20084
- RESERVED
+CVE-2023-20084 (A vulnerability in the endpoint software of Cisco Secure
Endpoint for ...)
+ TODO: check
CVE-2023-20083 (A vulnerability in ICMPv6 inspection when configured with the
Snort 2 ...)
NOT-FOR-US: Cisco
CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst
9300 Serie ...)
@@ -92434,8 +92629,8 @@ CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd -
G/5G Industrial Cellular Rou
NOT-FOR-US: PROSCEND
CVE-2022-36778 (insert HTML / js code inside input how to get to the
vulnerable input ...)
NOT-FOR-US: Synel - eHarmony
-CVE-2022-36777
- RESERVED
+CVE-2022-36777 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0
and IBM Q ...)
+ TODO: check
CVE-2022-36776 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is
vulnerabl ...)
NOT-FOR-US: IBM
CVE-2022-36775 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0,
10.0.3.0, and ...)
@@ -248309,7 +248504,7 @@ CVE-2020-15818 (In JetBrains YouTrack before
2020.2.8527, the subtasks workflow
NOT-FOR-US: JetBrains YouTrack
CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user
could execu ...)
NOT-FOR-US: JetBrains YouTrack
-CVE-2020-15862 (Net-SNMP through 5.7.3 has Improper Privilege Management
because SNMP ...)
+CVE-2020-15862 (Net-SNMP through 5.8 has Improper Privilege Management because
SNMP WR ...)
{DSA-4746-1 DLA-2299-1}
- net-snmp 5.8+dfsg-4 (bug #965166)
NOTE: The commit
https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ada004be8f50ebd628d42d7f59e3089e2ef264
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ada004be8f50ebd628d42d7f59e3089e2ef264
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
