Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c34e6f90 by security tracker role at 2023-07-06T20:12:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,121 @@ +CVE-2023-3531 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + TODO: check +CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem Dyna ...) + TODO: check +CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated ...) + TODO: check +CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) + TODO: check +CVE-2023-3456 (Vulnerability of kernel raw address leakage in the hang detector modu ...) + TODO: check +CVE-2023-37454 (An issue was discovered in the Linux kernel through 6.4.2. A crafted U ...) + TODO: check +CVE-2023-37453 (An issue was discovered in the USB subsystem in the Linux kernel throu ...) + TODO: check +CVE-2023-37260 (league/oauth2-server is an implementation of an OAuth 2.0 authorizatio ...) + TODO: check +CVE-2023-37245 (Buffer overflow vulnerability in the modem pinctrl module. Successful ...) + TODO: check +CVE-2023-37242 (Vulnerability of commands from the modem being intercepted in the atcm ...) + TODO: check +CVE-2023-37241 (Input verification vulnerability in the WMS API. Successful exploitati ...) + TODO: check +CVE-2023-37240 (Vulnerability of missing input length verification in the distributed ...) + TODO: check +CVE-2023-37239 (Format string vulnerability in the distributed file system. Attackers ...) + TODO: check +CVE-2023-37238 (Vulnerability of apps' permission to access a certain API being incomp ...) + TODO: check +CVE-2023-37136 (A stored cross-site scripting (XSS) vulnerability in the Basic Website ...) + TODO: check +CVE-2023-37135 (A stored cross-site scripting (XSS) vulnerability in the Image Upload ...) + TODO: check +CVE-2023-37134 (A stored cross-site scripting (XSS) vulnerability in the Basic Informa ...) + TODO: check +CVE-2023-37133 (A stored cross-site scripting (XSS) vulnerability in the Column manage ...) + TODO: check +CVE-2023-37132 (A stored cross-site scripting (XSS) vulnerability in the custom variab ...) + TODO: check +CVE-2023-37131 (A Cross-Site Request Forgery (CSRF) in the component /public/admin/pro ...) + TODO: check +CVE-2023-37125 (A stored cross-site scripting (XSS) vulnerability in the Management Cu ...) + TODO: check +CVE-2023-37124 (A stored cross-site scripting (XSS) vulnerability in the Site Setup mo ...) + TODO: check +CVE-2023-37122 (A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 al ...) + TODO: check +CVE-2023-36995 (TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the stati ...) + TODO: check +CVE-2023-36970 (A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 ...) + TODO: check +CVE-2023-36969 (CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via ...) + TODO: check +CVE-2023-36968 (A SQL Injection vulnerability detected in Food Ordering System v1.0 al ...) + TODO: check +CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environments wher ...) + TODO: check +CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...) + TODO: check +CVE-2023-36462 (Mastodon is a free, open-source social network server based on Activit ...) + TODO: check +CVE-2023-36461 (Mastodon is a free, open-source social network server based on Activit ...) + TODO: check +CVE-2023-36460 (Mastodon is a free, open-source social network server based on Activit ...) + TODO: check +CVE-2023-36459 (Mastodon is a free, open-source social network server based on Activit ...) + TODO: check +CVE-2023-36456 (authentik is an open-source Identity Provider. Prior to versions 2023. ...) + TODO: check +CVE-2023-36189 (SQL injection vulnerability in langchain v.0.0.64 allows a remote atta ...) + TODO: check +CVE-2023-36188 (An issue in langchain v.0.0.64 allows a remote attacker to execute arb ...) + TODO: check +CVE-2023-35948 (Novu provides an API for sending notifications through multiple channe ...) + TODO: check +CVE-2023-35937 (Metersphere is an open source continuous testing platform. In versions ...) + TODO: check +CVE-2023-35934 (yt-dlp is a command-line program to download videos from video sites. ...) + TODO: check +CVE-2023-34193 (File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated ...) + TODO: check +CVE-2023-34192 (Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a rem ...) + TODO: check +CVE-2023-34164 (Vulnerability of incomplete input parameter verification in the commun ...) + TODO: check +CVE-2022-48520 (Unauthorized access vulnerability in the SystemUI module. Successful e ...) + TODO: check +CVE-2022-48519 (Unauthorized access vulnerability in the SystemUI module. Successful e ...) + TODO: check +CVE-2022-48518 (Vulnerability of signature verification in the iaware system being ini ...) + TODO: check +CVE-2022-48517 (Unauthorized service access vulnerability in the DSoftBus module. Succ ...) + TODO: check +CVE-2022-48516 (Vulnerability that a unique value can be obtained by a third-party app ...) + TODO: check +CVE-2022-48515 (Vulnerability of inappropriate permission control in Nearby. Successfu ...) + TODO: check +CVE-2022-48514 (The Sepolicy module has inappropriate permission control on the use of ...) + TODO: check +CVE-2022-48513 (Vulnerability of identity verification being bypassed in the Gallery m ...) + TODO: check +CVE-2022-48512 (Use After Free (UAF) vulnerability in the Vdecoderservice service. Suc ...) + TODO: check +CVE-2022-48511 (Use After Free (UAF) vulnerability in the audio PCM driver module unde ...) + TODO: check +CVE-2022-48510 (Input verification vulnerability in the AMS module. Successful exploit ...) + TODO: check +CVE-2022-48509 (Race condition vulnerability due to multi-thread access to mutually ex ...) + TODO: check +CVE-2022-48508 (Inappropriate authorization vulnerability in the system apps. Successf ...) + TODO: check +CVE-2022-48507 (Vulnerability of identity verification being bypassed in the storage m ...) + TODO: check +CVE-2021-46896 (Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cau ...) + TODO: check +CVE-2021-46894 (Use After Free (UAF) vulnerability in the uinput module.Successful exp ...) + TODO: check +CVE-2021-46892 (Encryption bypass vulnerability in Maintenance mode. Successful exploi ...) + TODO: check CVE-2023-32258 - linux 6.3.7-1 [bookworm] - linux 6.1.37-1 @@ -9395,22 +9513,22 @@ CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN Client NOT-FOR-US: Mailbutler GmbH Shimo VPN Client CVE-2023-30327 RESERVED -CVE-2023-30326 - RESERVED -CVE-2023-30325 - RESERVED +CVE-2023-30326 (Cross Site Scripting (XSS) vulnerability in username field in /WebCont ...) + TODO: check +CVE-2023-30325 (SQL Injection vulnerability in textMessage parameter in /src/chatbotap ...) + TODO: check CVE-2023-30324 RESERVED -CVE-2023-30323 - RESERVED -CVE-2023-30322 - RESERVED -CVE-2023-30321 - RESERVED -CVE-2023-30320 - RESERVED -CVE-2023-30319 - RESERVED +CVE-2023-30323 (SQL Injection vulnerability in username field in /src/chatbotapp/chatW ...) + TODO: check +CVE-2023-30322 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...) + TODO: check +CVE-2023-30321 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...) + TODO: check +CVE-2023-30320 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...) + TODO: check +CVE-2023-30319 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...) + TODO: check CVE-2023-30318 RESERVED CVE-2023-30317 @@ -9661,8 +9779,8 @@ CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinvento NOT-FOR-US: Prestashop CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...) NOT-FOR-US: Prestashop -CVE-2023-30195 - RESERVED +CVE-2023-30195 (In the module "Detailed Order" (lgdetailedorder) in version up to 1.1. ...) + TODO: check CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...) NOT-FOR-US: Prestashop CVE-2023-30193 @@ -11840,10 +11958,10 @@ CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d NOTE: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797 NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ -CVE-2023-29382 - RESERVED -CVE-2023-29381 - RESERVED +CVE-2023-29382 (An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an atta ...) + TODO: check +CVE-2023-29381 (An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a rem ...) + TODO: check CVE-2023-29380 (Warpinator before 1.6.0 allows remote file deletion via directory trav ...) NOT-FOR-US: Warpinator CVE-2023-29379 @@ -13107,16 +13225,16 @@ CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the Packe NOT-FOR-US: Juniper CVE-2023-1696 (The multimedia video module has a vulnerability in data processing.Suc ...) NOT-FOR-US: Huawei -CVE-2023-1695 - RESERVED +CVE-2023-1695 (Vulnerability of failures to capture exceptions in the communication f ...) + TODO: check CVE-2023-1694 (The Settings module has the file privilege escalation vulnerability.Su ...) NOT-FOR-US: Huawei CVE-2023-1693 (The Settings module has the file privilege escalation vulnerability.Su ...) NOT-FOR-US: Huawei CVE-2023-1692 (The window management module lacks permission verification.Successful ...) NOT-FOR-US: Huawei -CVE-2023-1691 - RESERVED +CVE-2023-1691 (Vulnerability of failures to capture exceptions in the communication f ...) + TODO: check CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and ...) - ffmpeg 7:5.1.2-1 [bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x) @@ -16620,8 +16738,8 @@ CVE-2023-1300 (A vulnerability classified as critical was found in SourceCodeste CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to es ...) - nomad <not-affected> (Vulnerable code not present; Introduced in 1.5.0) NOTE: https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389 -CVE-2023-1298 - RESERVED +CVE-2023-1298 (ServiceNow has released upgrades and patches that address a Reflected ...) + TODO: check CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability exists ...) NOT-FOR-US: Schneider CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability exists that c ...) @@ -23712,10 +23830,10 @@ CVE-2023-25585 RESERVED CVE-2023-25584 RESERVED -CVE-2023-25583 - RESERVED -CVE-2023-25582 - RESERVED +CVE-2023-25583 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...) + TODO: check +CVE-2023-25582 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...) + TODO: check CVE-2023-25581 RESERVED CVE-2023-25580 @@ -24021,8 +24139,8 @@ CVE-2023-25500 (Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11. NOT-FOR-US: Vaadin CVE-2023-25499 (When adding non-visible components to the UI in server side, content i ...) NOT-FOR-US: Vaadin -CVE-2023-24019 - RESERVED +CVE-2023-24019 (A stack-based buffer overflow vulnerability exists in the urvpn_client ...) + TODO: check CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...) {DSA-5345-1} - chromium 110.0.5481.77-1 @@ -25007,100 +25125,100 @@ CVE-2023-25126 REJECTED CVE-2023-25125 REJECTED -CVE-2023-25124 - RESERVED -CVE-2023-25123 - RESERVED -CVE-2023-25122 - RESERVED -CVE-2023-25121 - RESERVED -CVE-2023-25120 - RESERVED -CVE-2023-25119 - RESERVED -CVE-2023-25118 - RESERVED -CVE-2023-25117 - RESERVED -CVE-2023-25116 - RESERVED -CVE-2023-25115 - RESERVED -CVE-2023-25114 - RESERVED -CVE-2023-25113 - RESERVED -CVE-2023-25112 - RESERVED -CVE-2023-25111 - RESERVED -CVE-2023-25110 - RESERVED -CVE-2023-25109 - RESERVED -CVE-2023-25108 - RESERVED -CVE-2023-25107 - RESERVED -CVE-2023-25106 - RESERVED -CVE-2023-25105 - RESERVED -CVE-2023-25104 - RESERVED -CVE-2023-25103 - RESERVED -CVE-2023-25102 - RESERVED -CVE-2023-25101 - RESERVED -CVE-2023-25100 - RESERVED -CVE-2023-25099 - RESERVED -CVE-2023-25098 - RESERVED -CVE-2023-25097 - RESERVED -CVE-2023-25096 - RESERVED -CVE-2023-25095 - RESERVED -CVE-2023-25094 - RESERVED -CVE-2023-25093 - RESERVED -CVE-2023-25092 - RESERVED -CVE-2023-25091 - RESERVED -CVE-2023-25090 - RESERVED -CVE-2023-25089 - RESERVED -CVE-2023-25088 - RESERVED -CVE-2023-25087 - RESERVED -CVE-2023-25086 - RESERVED -CVE-2023-25085 - RESERVED -CVE-2023-25084 - RESERVED -CVE-2023-25083 - RESERVED -CVE-2023-25082 - RESERVED -CVE-2023-25081 - RESERVED +CVE-2023-25124 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25123 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25122 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25121 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25120 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25119 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25118 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25117 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25116 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25115 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25114 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25113 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25112 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25111 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25110 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25109 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25108 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25107 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25106 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25105 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25104 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25103 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25102 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25101 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25100 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25099 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25098 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25097 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25096 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25095 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25094 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25093 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25092 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25091 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25090 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25089 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25088 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25087 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25086 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25085 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25084 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25083 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25082 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check +CVE-2023-25081 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + TODO: check CVE-2023-25069 (TXOne StellarOne has an improper access control privilege escalation v ...) NOT-FOR-US: TXOne StellarOne -CVE-2023-24018 - RESERVED -CVE-2023-22653 - RESERVED +CVE-2023-24018 (A stack-based buffer overflow vulnerability exists in the libzebra.so. ...) + TODO: check +CVE-2023-22653 (An OS command injection vulnerability exists in the vtysh_ubus tcpdump ...) + TODO: check CVE-2023-0658 (A vulnerability, which was classified as critical, was found in Multil ...) NOT-FOR-US: Multilaser RE057 and RE170 CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnames in ...) @@ -26501,18 +26619,18 @@ CVE-2022-48283 (A piece of Huawei whole-home intelligence software has an Incorr NOT-FOR-US: Huawei CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and class ...) NOT-FOR-US: NYUCCL psiTurk -CVE-2023-24595 - RESERVED -CVE-2023-24583 - RESERVED -CVE-2023-24582 - RESERVED +CVE-2023-24595 (An OS command injection vulnerability exists in the ys_thirdparty syst ...) + TODO: check +CVE-2023-24583 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...) + TODO: check +CVE-2023-24582 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...) + TODO: check CVE-2023-24581 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) NOT-FOR-US: Siemens -CVE-2023-22365 - RESERVED -CVE-2023-22299 - RESERVED +CVE-2023-22365 (An OS command injection vulnerability exists in the ys_thirdparty chec ...) + TODO: check +CVE-2023-22299 (An OS command injection vulnerability exists in the vtysh_ubus _get_fw ...) + TODO: check CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: YAFNET CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and ...) @@ -26859,10 +26977,10 @@ CVE-2023-24522 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (B NOT-FOR-US: SAP CVE-2023-24521 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Fra ...) NOT-FOR-US: SAP -CVE-2023-24520 - RESERVED -CVE-2023-24519 - RESERVED +CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...) + TODO: check +CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...) + TODO: check CVE-2023-24518 RESERVED CVE-2023-24517 @@ -26873,8 +26991,8 @@ CVE-2023-24515 RESERVED CVE-2023-24514 RESERVED -CVE-2023-23546 - RESERVED +CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client functional ...) + TODO: check CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability. ...) - grafana <removed> CVE-2023-0506 @@ -26941,10 +27059,10 @@ CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's de NOT-FOR-US: Butterfly Button plugin CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...) NOT-FOR-US: Netgear -CVE-2023-24497 - RESERVED -CVE-2023-24496 - RESERVED +CVE-2023-24497 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...) + TODO: check +CVE-2023-24496 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...) + TODO: check CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...) NOT-FOR-US: btcpayserver CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...) @@ -27142,8 +27260,8 @@ CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vu NOT-FOR-US: Snap One Wattbox WB-300-IP-3 CVE-2023-22389 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwo ...) NOT-FOR-US: Snap One Wattbox WB-300-IP-3 -CVE-2023-22371 - RESERVED +CVE-2023-22371 (An os command injection vulnerability exists in the liburvpn.so create ...) + TODO: check CVE-2023-22315 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a propri ...) NOT-FOR-US: Snap One Wattbox WB-300-IP-3 CVE-2023-0456 @@ -28298,22 +28416,22 @@ CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-23970 RESERVED -CVE-2023-23907 - RESERVED -CVE-2023-23902 - RESERVED -CVE-2023-23571 - RESERVED -CVE-2023-23547 - RESERVED -CVE-2023-22844 - RESERVED -CVE-2023-22659 - RESERVED -CVE-2023-22319 - RESERVED -CVE-2023-22306 - RESERVED +CVE-2023-23907 (A directory traversal vulnerability exists in the server.js start func ...) + TODO: check +CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login functionali ...) + TODO: check +CVE-2023-23571 (An access violation vulnerability exists in the eventcore functionalit ...) + TODO: check +CVE-2023-23547 (A directory traversal vulnerability exists in the luci2-io file-export ...) + TODO: check +CVE-2023-22844 (An authentication bypass vulnerability exists in the requestHandlers.j ...) + TODO: check +CVE-2023-22659 (An os command injection vulnerability exists in the libzebra.so change ...) + TODO: check +CVE-2023-22319 (A sql injection vulnerability exists in the requestHandlers.js LoginAu ...) + TODO: check +CVE-2023-22306 (An OS command injection vulnerability exists in the libzebra.so bridge ...) + TODO: check CVE-2023-0430 (Certificate OCSP revocation status was not checked when verifying S/Mi ...) {DSA-5355-1 DLA-3324-1} - thunderbird 1:102.7.1+1-1 @@ -28626,8 +28744,8 @@ CVE-2023-23862 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi NOT-FOR-US: WordPress plugin CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...) NOT-FOR-US: WordPress plugin -CVE-2023-23550 - RESERVED +CVE-2023-23550 (An OS command injection vulnerability exists in the ys_thirdparty user ...) + TODO: check CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) NOT-FOR-US: Modoboa CVE-2023-0405 (The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooComm ...) @@ -211375,7 +211493,7 @@ CVE-2020-22405 RESERVED CVE-2020-22404 RESERVED -CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows CSRF.) +CVE-2020-22403 (Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.1 ...) NOT-FOR-US: Node express-cart CVE-2020-22402 (Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 ...) TODO: check @@ -211514,8 +211632,8 @@ CVE-2020-22338 RESERVED CVE-2020-22337 RESERVED -CVE-2020-22336 - RESERVED +CVE-2020-22336 (An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers t ...) + TODO: check CVE-2020-22335 RESERVED CVE-2020-22334 (Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows a ...) @@ -212607,10 +212725,10 @@ CVE-2020-21864 RESERVED CVE-2020-21863 RESERVED -CVE-2020-21862 - RESERVED -CVE-2020-21861 - RESERVED +CVE-2020-21862 (Directory traversal vulnerability in DuxCMS 2.1 allows attackers to de ...) + TODO: check +CVE-2020-21861 (File upload vulnerability in DuxCMS 2.1 allows attackers to execute ar ...) + TODO: check CVE-2020-21860 RESERVED CVE-2020-21859 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c34e6f90b23bb7a5a2637d9263adebd2b643adf1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c34e6f90b23bb7a5a2637d9263adebd2b643adf1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits