Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f7b14a75 by security tracker role at 2023-09-16T08:11:31+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,35 @@ +CVE-2023-5001 (The Horizontal scrolling announcement for WordPress plugin for WordPre ...) + TODO: check +CVE-2023-4994 (The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2023-42442 (JumpServer is an open source bastion host and a professional operation ...) + TODO: check +CVE-2023-42439 (GeoNode is an open source platform that facilitates the creation, shar ...) + TODO: check +CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attack ...) + TODO: check +CVE-2023-41901 + REJECTED +CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 9.4.21 t ...) + TODO: check +CVE-2023-41626 (Gradio v3.27.0 was discovered to contain an arbitrary file upload vuln ...) + TODO: check +CVE-2023-41436 (Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local at ...) + TODO: check +CVE-2023-41157 (Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin ...) + TODO: check +CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin Control Panel ...) + TODO: check +CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23 ...) + TODO: check +CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + TODO: check +CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + TODO: check +CVE-2023-36562 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + TODO: check +CVE-2023-36160 (An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_S ...) + TODO: check CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been rated ...) NOT-FOR-US: NextBX QWAlerter CVE-2023-4988 (A vulnerability, which was classified as problematic, was found in Bet ...) @@ -4237,7 +4269,8 @@ CVE-2023-4332 (Broadcom RAID Controller web interface is vulnerable due to Impro NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4331 (Broadcom RAID Controller web interface is vulnerable has an insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface -CVE-2023-4330 (Broadcom RAID Controller web interface is vulnerable Denial of Service ...) +CVE-2023-4330 + REJECTED NOT-FOR-US: Broadcom RAID Controller web interface CVE-2023-4329 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) NOT-FOR-US: Broadcom RAID Controller web interface @@ -24260,7 +24293,8 @@ CVE-2023-1578 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5. NOT-FOR-US: pimcore CVE-2023-1577 RESERVED -CVE-2023-1576 (A Heap buffer overflow in CPP/7zip/Archive/Zip/ZipIn.cpp:1116 in NArch ...) +CVE-2023-1576 + REJECTED TODO: check CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross- ...) NOT-FOR-US: Mega Main Menu plugin for WordPress @@ -32193,8 +32227,7 @@ CVE-2023-0925 (Version 10.11 of webMethods OneData runs an embedded instance of NOT-FOR-US: webMethods OneData CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate the typ ...) NOT-FOR-US: WordPress plugin -CVE-2023-0923 - RESERVED +CVE-2023-0923 (A flaw was found in the Kubernetes service for notebooks in RHODS, whe ...) NOT-FOR-US: Red Hat OpenShift Data Science CVE-2023-0922 (The Samba AD DC administration tool, when operating against a remote L ...) - samba 2:4.17.7+dfsg-1 @@ -33407,8 +33440,7 @@ CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files NOT-FOR-US: OpenNMS CVE-2023-0814 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...) NOT-FOR-US: Profile Builder – User Profile & User Registration Forms plugin for WordPress -CVE-2023-0813 - RESERVED +CVE-2023-0813 (A flaw was found in the Network Observability plugin for OpenShift con ...) NOT-FOR-US: Network Observability plugin for OpenShift console CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress plugin b ...) NOT-FOR-US: WordPress plugin @@ -69022,8 +69054,8 @@ CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6. NOT-FOR-US: Measuresoft ScadaPro Server CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst ...) NOT-FOR-US: OpenShift -CVE-2022-3261 - RESERVED +CVE-2022-3261 (A flaw was found in OpenStack. Multiple components show plain-text pas ...) + TODO: check CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which helps preve ...) NOT-FOR-US: Openshift CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b14a75d3909772f68e3e30cc6b7f203e0f97d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b14a75d3909772f68e3e30cc6b7f203e0f97d0 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits