[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 30 Jun 2023 01:12:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
22fcf1d4 by security tracker role at 2023-06-30T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has 
been de ...)
+       TODO: check
+CVE-2023-3476 (A vulnerability was found in SimplePHPscripts GuestBook Script 
2.2. It ...)
+       TODO: check
+CVE-2023-3475 (A vulnerability was found in SimplePHPscripts Event Script 2.1 
and cla ...)
+       TODO: check
+CVE-2023-3474 (A vulnerability has been found in SimplePHPscripts Simple Blog 
3.2 and ...)
+       TODO: check
+CVE-2023-3473 (A vulnerability, which was classified as critical, was found in 
Campco ...)
+       TODO: check
+CVE-2023-3469 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
thorsten/p ...)
+       TODO: check
+CVE-2023-3465 (A vulnerability was found in SimplePHPscripts Classified Ads 
Script 1. ...)
+       TODO: check
+CVE-2023-3464 (A vulnerability was found in SimplePHPscripts Classified Ads 
Script 1. ...)
+       TODO: check
+CVE-2023-3249 (The Web3 \u2013 Crypto wallet Login & NFT token gating plugin 
for Word ...)
+       TODO: check
+CVE-2023-3063 (The SP Project & Document Manager plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2023-36607 (The affected TBox RTUs are missing authorization for running 
some API  ...)
+       TODO: check
+CVE-2023-36539 (Exposure of information intended to be encrypted by some Zoom 
clients  ...)
+       TODO: check
+CVE-2023-36470 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
+CVE-2023-36469 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
+CVE-2023-36468 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
+CVE-2023-36347 (A broken authentication mechanism in the endpoint excel.php of 
POS Cod ...)
+       TODO: check
+CVE-2023-36146 (A Stored Cross-Site Scripting (XSS) vulnerability was found in 
Multila ...)
+       TODO: check
+CVE-2023-36143 (Maxprint Maxlink 1200G v3.4.11E has an OS command injection 
vulnerabil ...)
+       TODO: check
+CVE-2023-33336 (Reflected cross site scripting (XSS) vulnerability was 
discovered in S ...)
+       TODO: check
+CVE-2023-32622 (Improper neutralization of special elements in WL-WN531AX2 
firmware ve ...)
+       TODO: check
+CVE-2023-32621 (WL-WN531AX2 firmware versions prior to 2023526 allows an 
attacker with ...)
+       TODO: check
+CVE-2023-32620 (Improper authentication vulnerability in WL-WN531AX2 firmware 
versions ...)
+       TODO: check
+CVE-2023-32613 (Exposure of resource to wrong sphere issue exists in 
WL-WN531AX2 firmw ...)
+       TODO: check
+CVE-2023-32612 (Client-side enforcement of server-side security issue exists 
in WL-WN5 ...)
+       TODO: check
+CVE-2023-32608 (Directory traversal vulnerability in Pleasanter (Community 
Edition and ...)
+       TODO: check
+CVE-2023-32607 (Stored cross-site scripting vulnerability in Pleasanter 
(Community Edi ...)
+       TODO: check
+CVE-2023-2846 (Authentication Bypass by Capture-replay vulnerability in 
Mitsubishi El ...)
+       TODO: check
+CVE-2023-2834 (The BookIt plugin for WordPress is vulnerable to authentication 
bypass ...)
+       TODO: check
 CVE-2023-2974
        NOT-FOR-US: Quarkus
 CVE-2023-3458 (A vulnerability was found in SourceCodester Shopping Website 
1.0. It h ...)
@@ -424,7 +480,8 @@ CVE-2023-35933 (OPenFGA is an open source 
authorization/permission engine built
        NOT-FOR-US: OPenFGA
 CVE-2023-35930 (SpiceDB is an open source, Google Zanzibar-inspired, database 
system f ...)
        NOT-FOR-US: SpiceDB
-CVE-2023-35170 (Sliver is an open source cross-platform adversary 
emulation/red team f ...)
+CVE-2023-35170
+       REJECTED
        NOT-FOR-US: Sliver
 CVE-2023-34422 (A valid, authenticated LXCA user with elevated privileges may 
be able  ...)
        NOT-FOR-US: Lenovo
@@ -1650,7 +1707,7 @@ CVE-2023-34149 (Allocation of Resources Without Limits or 
Throttling vulnerabili
 CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure 
inWooCommerce Str ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       {DSA-5435-1}
+       {DSA-5435-1 DLA-3475-1}
        - trafficserver 9.2.1+ds-1 (bug #1038248)
        NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
        NOTE: 
https://github.com/apache/trafficserver/commit/867c48c1adf9e795c8d85c48d2d0f07f08aa87ec
 (master)
@@ -7650,7 +7707,7 @@ CVE-2023-30633
 CVE-2023-30632
        RESERVED
 CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software 
Foundation  ...)
-       {DSA-5435-1}
+       {DSA-5435-1 DLA-3475-1}
        - trafficserver 9.2.1+ds-1 (bug #1038248)
        NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
        NOTE: 
https://github.com/apache/trafficserver/commit/8d1ad1dfe4d0ee179029f37c7e8d4caab601cb7b
 (master)
@@ -14525,8 +14582,8 @@ CVE-2023-28392 (Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and 
earlier, AC-PD-WAPUM v1.0
        NOT-FOR-US: AC-WAPU-300
 CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware 
Ver.1.38(N) a ...)
        NOT-FOR-US: SR-7100V
-CVE-2023-28387
-       RESERVED
+CVE-2023-28387 ("NewsPicks" App for Android versions 10.4.5 and earlier and 
"NewsPicks ...)
+       TODO: check
 CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server 
Edition seri ...)
        NOT-FOR-US: ESS REC Agent Server Edition
 CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper 
access co ...)
@@ -21117,8 +21174,8 @@ CVE-2023-26137
        RESERVED
 CVE-2023-26136
        RESERVED
-CVE-2023-26135
-       RESERVED
+CVE-2023-26135 (All versions of the package flatnest are vulnerable to 
Prototype Pollu ...)
+       TODO: check
 CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are 
vulnerable to ...)
        TODO: check
 CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to 
Prototype ...)
@@ -37775,7 +37832,7 @@ CVE-2022-47186
 CVE-2022-47185
        RESERVED
 CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       {DSA-5435-1}
+       {DSA-5435-1 DLA-3475-1}
        - trafficserver 9.2.1+ds-1 (bug #1038248)
        NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
        NOTE: 
https://github.com/apache/trafficserver/commit/105af3ca30e59fbb89013e83a484a04559b4cf25
 (master)
@@ -46516,6 +46573,7 @@ CVE-2022-3823 (The Beautiful Cookie Consent Banner 
WordPress plugin before 2.9.1
 CVE-2022-3822 (The Donations via PayPal WordPress plugin before 1.9.9 does not 
saniti ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in 
format_timespan ...)
+       {DLA-3474-1}
        - systemd 251.3-1
        [bullseye] - systemd 247.3-7+deb11u2
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139327
@@ -200678,12 +200736,12 @@ CVE-2020-26712 (REDCap 10.3.4 contains a SQL 
injection vulnerability in the ToDo
        NOT-FOR-US: REDCap
 CVE-2020-26711
        RESERVED
-CVE-2020-26710
-       RESERVED
-CVE-2020-26709
-       RESERVED
-CVE-2020-26708
-       RESERVED
+CVE-2020-26710 (easy-parse v0.1.1 was discovered to contain a XML External 
Entity Inje ...)
+       TODO: check
+CVE-2020-26709 (py-xml v1.0 was discovered to contain an XML External Entity 
Injection ...)
+       TODO: check
+CVE-2020-26708 (requests-xml v0.2.3 was discovered to contain an XML External 
Entity I ...)
+       TODO: check
 CVE-2020-26707 (An issue was discovered in the add function in Shenzhim AAPTJS 
1.3.1 w ...)
        NOT-FOR-US: aaptjs
 CVE-2020-26706
@@ -219184,8 +219242,8 @@ CVE-2020-18434
        RESERVED
 CVE-2020-18433
        RESERVED
-CVE-2020-18432
-       RESERVED
+CVE-2020-18432 (File Upload vulnerability in SEMCMS PHP 3.7 allows remote 
attackers to ...)
+       TODO: check
 CVE-2020-18431
        RESERVED
 CVE-2020-18430 (tinyexr 0.9.5 was discovered to contain an array index error 
in the ti ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22fcf1d4b47f8073f7126f4a045c667c6005fe86

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22fcf1d4b47f8073f7126f4a045c667c6005fe86
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to