[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 12 Jul 2023 01:12:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
be397440 by security tracker role at 2023-07-12T08:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2023-3525 (The Getnet Argentina para Woocommerce plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2023-3369 (The About Me 3000 widget plugin for WordPress is vulnerable to 
Stored  ...)
+       TODO: check
+CVE-2023-3202 (The MStore API plugin for WordPress is vulnerable to Cross-Site 
Reques ...)
+       TODO: check
+CVE-2023-3199 (The MStore API plugin for WordPress is vulnerable to Cross-Site 
Reques ...)
+       TODO: check
+CVE-2023-3168 (The WP Reroute Email plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2023-3167 (The Mail Queue plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2023-3166 (The Lana Email Logger plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2023-3158 (The Mail Control plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2023-3135 (The Mailtree Log Mail plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2023-3127 (An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra 
LT, iS ...)
+       TODO: check
+CVE-2023-3122 (The GD Mail Queue plugin for WordPress is vulnerable to Stored 
Cross-S ...)
+       TODO: check
+CVE-2023-3105 (The LearnDash LMS plugin for WordPress is vulnerable to 
Insecure Direc ...)
+       TODO: check
+CVE-2023-3093 (The YaySMTP plugin for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
+       TODO: check
+CVE-2023-3092 (The SMTP Mail plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2023-3088 (The WP Mail Log plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2023-3087 (The FluentSMTP plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2023-3082 (The Post SMTP plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2023-3081 (The WP Mail Logging plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to 
time-based SQL I ...)
+       TODO: check
+CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site 
Request  ...)
+       TODO: check
+CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
+       TODO: check
+CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
+       TODO: check
+CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
+       TODO: check
+CVE-2023-37200 (A CWE-611: Improper Restriction of XML External Entity 
Reference vulne ...)
+       TODO: check
+CVE-2023-37199 (A CWE-94: Improper Control of Generation of Code ('Code 
Injection') vu ...)
+       TODO: check
+CVE-2023-37198 (A CWE-94: Improper Control of Generation of Code ('Code 
Injection') vu ...)
+       TODO: check
+CVE-2023-37197 (A CWE-89: Improper Neutralization of Special Elements 
vulnerability us ...)
+       TODO: check
+CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements 
vulnerability us ...)
+       TODO: check
+CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to 
contain a seg ...)
+       TODO: check
+CVE-2023-32200 (There is insufficient restrictions of called script functions 
in Apach ...)
+       TODO: check
+CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to 
unauth ...)
+       TODO: check
+CVE-2023-2763 (Use-After-Free, Out-of-bounds Write and Heap-based Buffer 
Overflow vul ...)
+       TODO: check
+CVE-2023-2762 (A Use-After-Free vulnerability in SLDPRT file reading procedure 
exists ...)
+       TODO: check
+CVE-2023-2562 (The Gallery Metabox for WordPress is vulnerable to unauthorized 
access ...)
+       TODO: check
+CVE-2023-2561 (The Gallery Metabox for WordPress is vulnerable to unauthorized 
modifi ...)
+       TODO: check
+CVE-2023-2517 (The Metform Elementor Contact Form Builder plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2021-4427 (The Vuukle Comments, Reactions, Share Bar, Revenue plugin for 
WordPres ...)
+       TODO: check
+CVE-2021-4426 (The Absolute Reviews plugin for WordPress is vulnerable to 
Cross-Site  ...)
+       TODO: check
+CVE-2021-4425 (The Defender Security plugin for WordPress is vulnerable to 
Cross-Site ...)
+       TODO: check
+CVE-2021-4424 (The Slider Hero plugin for WordPress is vulnerable to 
Cross-Site Reque ...)
+       TODO: check
+CVE-2021-4423 (The RAYS Grid plugin for WordPress is vulnerable to Cross-Site 
Request ...)
+       TODO: check
+CVE-2021-4422 (The POST SMTP Mailer plugin for WordPress is vulnerable to 
Cross-Site  ...)
+       TODO: check
+CVE-2021-4421 (The Advanced Popups plugin for WordPress is vulnerable to 
Cross-Site R ...)
+       TODO: check
+CVE-2021-4420 (The Sell Media plugin for WordPress is vulnerable to Cross-Site 
Reques ...)
+       TODO: check
+CVE-2021-4419 (The WP-Backgrounds Lite plugin for WordPress is vulnerable to 
Cross-Si ...)
+       TODO: check
+CVE-2021-4417 (The Forminator \u2013 Contact Form, Payment Form & Custom Form 
Builder ...)
+       TODO: check
+CVE-2021-4416 (The wp-mpdf plugin for WordPress is vulnerable to Cross-Site 
Request F ...)
+       TODO: check
+CVE-2021-4415 (The Sunshine Photo Cart plugin for WordPress is vulnerable to 
Cross-Si ...)
+       TODO: check
+CVE-2021-4414 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is 
vulner ...)
+       TODO: check
+CVE-2021-4413 (The Process Steps Template Designer plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2021-4412 (The WP Prayer plugin for WordPress is vulnerable to Cross-Site 
Request ...)
+       TODO: check
+CVE-2021-4411 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2021-4410 (The Qtranslate Slug plugin for WordPress is vulnerable to 
Cross-Site R ...)
+       TODO: check
+CVE-2021-4409 (The WooCommerce Etsy Integration plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2021-4408 (The DW Question & Answer plugin for WordPress is vulnerable to 
Cross-S ...)
+       TODO: check
+CVE-2021-4407 (The Custom Banners plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2020-36761 (The Top 10 plugin for WordPress is vulnerable to Cross-Site 
Request Fo ...)
+       TODO: check
+CVE-2020-36760 (The Ocean Extra plugin for WordPress is vulnerable to 
Cross-Site Reque ...)
+       TODO: check
+CVE-2020-36757 (The WP Hotel Booking plugin for WordPress is vulnerable to 
Cross-Site  ...)
+       TODO: check
+CVE-2020-36756 (The 10WebAnalytics plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2020-36752 (The Coming Soon & Maintenance Mode Page plugin for WordPress 
is vulner ...)
+       TODO: check
+CVE-2020-36750 (The EWWW Image Optimizer plugin for WordPress is vulnerable to 
Cross-S ...)
+       TODO: check
 CVE-2023-37579
        NOT-FOR-US: Apache Pulsar
 CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository 
salesagility/su ...)
@@ -9812,7 +9938,7 @@ CVE-2023-1999 (There exists a use after free/double free 
in libwebp. An attacker
        NOTE: Introduced by: 
https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f
 (backport; v0.4.2-rc2)
 CVE-2023-1997
        RESERVED
-CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in 
3DEXPERIENCE R ...)
+CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release 
3DEXPE ...)
        NOT-FOR-US: 3ds
 CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 
and earli ...)
        NOT-FOR-US: Jenkins plugin
@@ -10571,8 +10697,8 @@ CVE-2023-30228
        RESERVED
 CVE-2023-30227
        RESERVED
-CVE-2023-30226
-       RESERVED
+CVE-2023-30226 (An issue was discovered in function get_gnu_verneed in 
rizinorg Rizin  ...)
+       TODO: check
 CVE-2023-30225
        RESERVED
 CVE-2023-30224
@@ -28004,10 +28130,10 @@ CVE-2023-24494 (A stored cross-site scripting (XSS) 
vulnerability exists in Tena
        NOT-FOR-US: Tenable
 CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to 
improper ...)
        NOT-FOR-US: Tenable
-CVE-2023-24492
-       RESERVED
-CVE-2023-24491
-       RESERVED
+CVE-2023-24492 (A vulnerability has been discovered in the Citrix Secure 
Access client ...)
+       TODO: check
+CVE-2023-24491 (A vulnerability has been discovered in the Citrix Secure 
Access client ...)
+       TODO: check
 CVE-2023-24490 (Users with only access to launch VDA applications can launch 
an unauth ...)
        TODO: check
 CVE-2023-24489 (A vulnerability has been discovered in the customer-managed 
ShareFile  ...)
@@ -105394,11 +105520,13 @@ CVE-2022-24897 (APIs to evaluate content with 
Velocity is a package for APIs to
 CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software 
developments a ...)
        NOT-FOR-US: Tuleap
 CVE-2022-24895 (Symfony is a PHP framework for web and console applications 
and a set  ...)
+       {DLA-3493-1}
        - symfony 5.4.20+dfsg-1
        [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
        NOTE: 
https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
        NOTE: 
https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
 CVE-2022-24894 (Symfony is a PHP framework for web and console applications 
and a set  ...)
+       {DLA-3493-1}
        - symfony 5.4.20+dfsg-1
        [bullseye] - symfony 4.4.19+dfsg-2+deb11u2
        NOTE: 
https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
@@ -184679,6 +184807,7 @@ CVE-2021-21426 (Magento-lts is a long-term support 
alternative to Magento Commun
 CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a 
way to con ...)
        NOT-FOR-US: Grav Admin Plugin
 CVE-2021-21424 (Symfony is a PHP framework for web and console applications 
and a set  ...)
+       {DLA-3493-1}
        - symfony 4.4.19+dfsg-2
        [stretch] - symfony <postponed> (Minor issue)
        NOTE: 
https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be3974407f49f4d4f20580bfcc7c2c74f7c03e7b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be3974407f49f4d4f20580bfcc7c2c74f7c03e7b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to