Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
49480703 by security tracker role at 2024-01-17T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2024-22715 (Stupid Simple CMS <=1.2.4 was discovered to contain a
Cross-Site Reque ...)
+ TODO: check
+CVE-2024-22714 (Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2024-20287 (A vulnerability in the web-based management interface of the
Cisco WAP ...)
+ TODO: check
+CVE-2024-20277 (A vulnerability in the web-based management interface of Cisco
Thousan ...)
+ TODO: check
+CVE-2024-20272 (A vulnerability in the web-based management interface of Cisco
Unity C ...)
+ TODO: check
+CVE-2024-20270 (A vulnerability in the web-based management interface of Cisco
BroadWo ...)
+ TODO: check
+CVE-2024-20251 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2024-0647 (A vulnerability, which was classified as problematic, was found
in Spa ...)
+ TODO: check
+CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux
kernel\u2019 ...)
+ TODO: check
+CVE-2024-0645 (Buffer overflow vulnerability in Explorer++ affecting version
1.3.5.53 ...)
+ TODO: check
+CVE-2024-0643 (Unrestricted upload of dangerous file types in the C21 Live
Encoder an ...)
+ TODO: check
+CVE-2024-0642 (Inadequate access control in the C21 Live Encoder and Live
Mosaic prod ...)
+ TODO: check
+CVE-2024-0641 (A denial of service vulnerability was found in
tipc_crypto_key_revoke ...)
+ TODO: check
+CVE-2024-0639 (A denial of service vulnerability due to a deadlock was found
in sctp_ ...)
+ TODO: check
+CVE-2024-0396 (In Progress MOVEit Transfer versions released before 2022.0.10
(14.0.1 ...)
+ TODO: check
+CVE-2023-7031 (Insecure Direct Object Reference vulnerabilities were
discovered in th ...)
+ TODO: check
+CVE-2023-5041 (The Track The Click WordPress plugin before 0.3.12 does not
properly s ...)
+ TODO: check
+CVE-2023-5006 (The WP Discord Invite WordPress plugin before 2.5.1 does not
protect s ...)
+ TODO: check
+CVE-2023-50950 (IBM QRadar SIEM 7.5 could disclose sensitive email information
in resp ...)
+ TODO: check
+CVE-2023-44077 (Studio Network Solutions ShareBrowser before 7.0 on macOS
mishandles s ...)
+ TODO: check
+CVE-2023-34379 (Missing Authorization vulnerability in MagneticOne Cart2Cart:
Magento ...)
+ TODO: check
+CVE-2021-4434 (The Social Warfare plugin for WordPress is vulnerable to Remote
Code E ...)
+ TODO: check
CVE-2024-20968
- mysql-8.0 8.0.35-1
CVE-2024-20984
@@ -560,7 +604,7 @@ CVE-2023-49107 (Generation of Error Message Containing
Sensitive Information vul
NOT-FOR-US: Hitachi
CVE-2023-49106 (Missing Password Field Masking vulnerability in Hitachi Device
Manager ...)
NOT-FOR-US: Hitachi
-CVE-2023-48104 (Alinto SOGo 5.8.0 is vulnerable to HTML Injection.)
+CVE-2023-48104 (Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.)
- sogo <unfixed> (bug #1060925)
NOTE: Fixed by:
https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098
(SOGo-5.9.1)
CVE-2023-47460 (SQL injection vulnerability in Knovos Discovery v.22.67.0
allows a rem ...)
@@ -41804,6 +41848,7 @@ CVE-2023-30209
CVE-2023-30208
RESERVED
CVE-2023-30207 (A divide by zero issue discovered in Kodi Home Theater
Software 19.5 a ...)
+ {DLA-3712-1}
- kodi 2:20.0~rc2+dfsg-2 (bug #1040593)
[bullseye] - kodi <no-dsa> (Minor issue)
NOTE: https://github.com/xbmc/xbmc/issues/22378
@@ -61071,8 +61116,8 @@ CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette
Plugins Simp ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23896
- RESERVED
+CVE-2023-23896 (Missing Authorization vulnerability in MyThemeShop URL
Shortener by My ...)
+ TODO: check
CVE-2023-23895
RESERVED
CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -61099,8 +61144,8 @@ CVE-2023-23884 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilityin David ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23882
- RESERVED
+CVE-2023-23882 (Missing Authorization vulnerability in Brainstorm Force
Ultimate Addon ...)
+ TODO: check
CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gree ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -63496,6 +63541,7 @@ CVE-2023-23084
CVE-2023-23083
RESERVED
CVE-2023-23082 (A heap buffer overflow vulnerability in Kodi Home Theater
Software up ...)
+ {DLA-3712-1}
- kodi 2:20.0+dfsg-2 (bug #1031048)
[bullseye] - kodi <no-dsa> (Minor issue)
NOTE: https://github.com/xbmc/xbmc/issues/22377
@@ -82831,8 +82877,8 @@ CVE-2023-20273 (A vulnerability in the web UI feature
of Cisco IOS XE Software c
NOT-FOR-US: Cisco
CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco
Identit ...)
NOT-FOR-US: Cisco
-CVE-2023-20271
- RESERVED
+CVE-2023-20271 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
CVE-2023-20270 (A vulnerability in the interaction between the Server Message
Block (S ...)
NOT-FOR-US: Cisco
CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco
Adaptive Sec ...)
@@ -82853,14 +82899,14 @@ CVE-2023-20262 (A vulnerability in the SSH service of
Cisco Catalyst SD-WAN Mana
NOT-FOR-US: Cisco
CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager
could a ...)
NOT-FOR-US: Cisco
-CVE-2023-20260
- RESERVED
+CVE-2023-20260 (A vulnerability in the application CLI of Cisco Prime
Infrastructure a ...)
+ TODO: check
CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified
Communica ...)
NOT-FOR-US: Cisco
-CVE-2023-20258
- RESERVED
-CVE-2023-20257
- RESERVED
+CVE-2023-20258 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
+CVE-2023-20257 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
+ TODO: check
CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of
Cisco Ada ...)
NOT-FOR-US: Cisco
CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco
Meeting S ...)
@@ -84707,8 +84753,8 @@ CVE-2022-43436 (The File Upload function of EasyTest
has insufficient filtering
NOT-FOR-US: EasyTest
CVE-2022-42888 (Unauth. Privilege Escalation vulnerability inARMember premium
plugin < ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-42884
- RESERVED
+CVE-2022-42884 (Missing Authorization vulnerability in ThemeinProgress WIP
Custom Logi ...)
+ TODO: check
CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by
Quiz And ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File
vulnerabilit ...)
@@ -84741,8 +84787,8 @@ CVE-2022-41995
RESERVED
CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File
Format parsin ...)
NOT-FOR-US: PowerISO
-CVE-2022-41990
- RESERVED
+CVE-2022-41990 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj
Cardoza 3D Ta ...)
+ TODO: check
CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in
LearningTimes Badge ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Mantenimien ...)
@@ -84759,28 +84805,28 @@ CVE-2022-41805 (Cross-Site Request Forgery (CSRF)
vulnerability in Booster for W
NOT-FOR-US: WordPress plugin
CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41790
- RESERVED
+CVE-2022-41790 (Missing Authorization vulnerability in CodePeople WP Time
Slots Bookin ...)
+ TODO: check
CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability
in Soleda ...)
NOT-FOR-US: WordPress theme
-CVE-2022-41786
- RESERVED
+CVE-2022-41786 (Missing Authorization vulnerability in WP Job Portal WP Job
Portal \u2 ...)
+ TODO: check
CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability
in Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite
plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41698
RESERVED
-CVE-2022-41695
- RESERVED
+CVE-2022-41695 (Missing Authorization vulnerability in SedLex Traffic
Manager.This iss ...)
+ TODO: check
CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour
Booking plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in
Viszt P\ ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <=
7.3.10 on Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41619
- RESERVED
+CVE-2022-41619 (Missing Authorization vulnerability in SedLex Image Zoom.This
issue af ...)
+ TODO: check
CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West
Slideshow ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb
Amazon Affil ...)
@@ -90164,8 +90210,8 @@ CVE-2022-40975
RESERVED
CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo
network device ...)
NOT-FOR-US: Buffalo
-CVE-2022-40702
- RESERVED
+CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local
Pickup for ...)
+ TODO: check
CVE-2022-40700
RESERVED
CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr
\u2013 ...)
@@ -90182,8 +90228,8 @@ CVE-2022-40216 (Auth. (subscriber+) Messaging Block
Bypass vulnerability in Bett
NOT-FOR-US: WordPress plugin
CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability
inXylus The ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40203
- RESERVED
+CVE-2022-40203 (Missing Authorization vulnerability in AlgolPlus Advanced
Dynamic Pric ...)
+ TODO: check
CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo
Forum plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls
plugin <= ...)
@@ -90196,16 +90242,16 @@ CVE-2022-38467 (Reflected Cross-Site Scripting (XSS)
vulnerability inCRM Perks F
NOT-FOR-US: CRM Perks
CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38141
- RESERVED
+CVE-2022-38141 (Missing Authorization vulnerability in Zorem Sales Report
Email for Wo ...)
+ TODO: check
CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social
Login WP plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38057
RESERVED
CVE-2022-38055
RESERVED
-CVE-2022-36418
- RESERVED
+CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG
Tags Li ...)
+ TODO: check
CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability inOceanwp
sticky heade ...)
@@ -159826,6 +159872,7 @@ CVE-2021-42919
CVE-2021-42918
RESERVED
CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows
attacker ...)
+ {DLA-3712-1}
- kodi 2:19.3+dfsg1-1 (bug #998419)
[bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
[stretch] - kodi <postponed> (no point in fixing this when the more
severe CVE-2017-5982 is ignored)
@@ -448281,6 +448328,7 @@ CVE-2017-5984 (In libavcodec in Libav 9.21,
ff_h264_execute_ref_pic_marking() ha
CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server
before 6.3. ...)
NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on
for Kodi ...)
+ {DLA-3712-1}
- kodi 2:18.6+dfsg1-1 (bug #855225)
[stretch] - kodi <ignored> (Minor issue)
[jessie] - kodi <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49480703c4a22ec5d7b114e6e285da1793b82d96
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49480703c4a22ec5d7b114e6e285da1793b82d96
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
