[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 16 Sep 2023 01:11:57 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f7b14a75 by security tracker role at 2023-09-16T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-5001 (The Horizontal scrolling announcement for WordPress plugin for 
WordPre ...)
+       TODO: check
+CVE-2023-4994 (The Allow PHP in Posts and Pages plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2023-42442 (JumpServer is an open source bastion host and a professional 
operation ...)
+       TODO: check
+CVE-2023-42439 (GeoNode is an open source platform that facilitates the 
creation, shar ...)
+       TODO: check
+CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a 
remote attack ...)
+       TODO: check
+CVE-2023-41901
+       REJECTED
+CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 
9.4.21 t ...)
+       TODO: check
+CVE-2023-41626 (Gradio v3.27.0 was discovered to contain an arbitrary file 
upload vuln ...)
+       TODO: check
+CVE-2023-41436 (Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a 
local at ...)
+       TODO: check
+CVE-2023-41157 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
Usermin  ...)
+       TODO: check
+CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin 
Control Panel  ...)
+       TODO: check
+CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser 
before v2.23 ...)
+       TODO: check
+CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
+       TODO: check
+CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
+CVE-2023-36562 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
+       TODO: check
+CVE-2023-36160 (An issue was discovered in Qubo Smart Plug10A version 
HSP02_01_01_14_S ...)
+       TODO: check
 CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been 
rated  ...)
        NOT-FOR-US: NextBX QWAlerter
 CVE-2023-4988 (A vulnerability, which was classified as problematic, was found 
in Bet ...)
@@ -4237,7 +4269,8 @@ CVE-2023-4332 (Broadcom RAID Controller web interface is 
vulnerable due to Impro
        NOT-FOR-US: Broadcom RAID Controller web interface
 CVE-2023-4331 (Broadcom RAID Controller web interface is vulnerable has an 
insecure d ...)
        NOT-FOR-US: Broadcom RAID Controller web interface
-CVE-2023-4330 (Broadcom RAID Controller web interface is vulnerable Denial of 
Service ...)
+CVE-2023-4330
+       REJECTED
        NOT-FOR-US: Broadcom RAID Controller web interface
 CVE-2023-4329 (Broadcom RAID Controller web interface is vulnerable due to 
insecure d ...)
        NOT-FOR-US: Broadcom RAID Controller web interface
@@ -24260,7 +24293,8 @@ CVE-2023-1578 (SQL Injection in GitHub repository 
pimcore/pimcore prior to 10.5.
        NOT-FOR-US: pimcore
 CVE-2023-1577
        RESERVED
-CVE-2023-1576 (A Heap buffer overflow in CPP/7zip/Archive/Zip/ZipIn.cpp:1116 
in NArch ...)
+CVE-2023-1576
+       REJECTED
        TODO: check
 CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored 
Cross- ...)
        NOT-FOR-US: Mega Main Menu plugin for WordPress
@@ -32193,8 +32227,7 @@ CVE-2023-0925 (Version 10.11 of webMethods OneData runs 
an embedded instance of
        NOT-FOR-US: webMethods OneData
 CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate 
the typ ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-0923
-       RESERVED
+CVE-2023-0923 (A flaw was found in the Kubernetes service for notebooks in 
RHODS, whe ...)
        NOT-FOR-US: Red Hat OpenShift Data Science
 CVE-2023-0922 (The Samba AD DC administration tool, when operating against a 
remote L ...)
        - samba 2:4.17.7+dfsg-1
@@ -33407,8 +33440,7 @@ CVE-2023-0815 (Potential Insertion of Sensitive 
Information into Jetty Log Files
        NOT-FOR-US: OpenNMS
 CVE-2023-0814 (The Profile Builder \u2013 User Profile & User Registration 
Forms plug ...)
        NOT-FOR-US: Profile Builder – User Profile & User Registration 
Forms plugin for WordPress
-CVE-2023-0813
-       RESERVED
+CVE-2023-0813 (A flaw was found in the Network Observability plugin for 
OpenShift con ...)
        NOT-FOR-US: Network Observability plugin for OpenShift console
 CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress 
plugin b ...)
        NOT-FOR-US: WordPress plugin
@@ -69022,8 +69054,8 @@ CVE-2022-3263 (The security descriptor of Measuresoft 
ScadaPro Server version 6.
        NOT-FOR-US: Measuresoft ScadaPro Server
 CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of 
"ClusterFirst ...)
        NOT-FOR-US: OpenShift
-CVE-2022-3261
-       RESERVED
+CVE-2022-3261 (A flaw was found in OpenStack. Multiple components show 
plain-text pas ...)
+       TODO: check
 CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which 
helps preve ...)
        NOT-FOR-US: Openshift
 CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security 
(HSTS) which ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b14a75d3909772f68e3e30cc6b7f203e0f97d0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b14a75d3909772f68e3e30cc6b7f203e0f97d0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to