Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c526f772 by security tracker role at 2023-07-10T20:12:45+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,137 @@ +CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...) + TODO: check +CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...) + TODO: check +CVE-2023-3580 (Improper Handling of Additional Special Element in GitHub repository s ...) + TODO: check +CVE-2023-3579 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-3578 (A vulnerability classified as critical was found in DedeCMS 5.7.109. A ...) + TODO: check +CVE-2023-3574 (Improper Authorization in GitHub repository pimcore/customer-data-fram ...) + TODO: check +CVE-2023-3273 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...) + TODO: check +CVE-2023-3272 (Cleartext Transmission of Sensitive Information in the SICK ICR890-4 c ...) + TODO: check +CVE-2023-3271 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...) + TODO: check +CVE-2023-3270 (Exposure of Sensitive Information to an Unauthorized Actor in the SICK ...) + TODO: check +CVE-2023-3225 (The Float menu WordPress plugin before 5.0.3 does not sanitise and esc ...) + TODO: check +CVE-2023-3219 (The EventON WordPress plugin before 2.1.2 does not validate that the e ...) + TODO: check +CVE-2023-3209 (The MStore API WordPress plugin before 3.9.7 does not secure most of i ...) + TODO: check +CVE-2023-3175 (The AI ChatBot WordPress plugin before 4.6.1 does not adequately escap ...) + TODO: check +CVE-2023-3131 (The MStore API WordPress plugin before 3.9.7 does not secure most of i ...) + TODO: check +CVE-2023-3129 (The URL Shortify WordPress plugin before 1.7.0 does not sanitise and e ...) + TODO: check +CVE-2023-3118 (The Export All URLs WordPress plugin before 4.6 does not sanitise and ...) + TODO: check +CVE-2023-3077 (The MStore API WordPress plugin before 3.9.8 does not sanitise and esc ...) + TODO: check +CVE-2023-3076 (The MStore API WordPress plugin before 3.9.9 does not prevent visitors ...) + TODO: check +CVE-2023-37712 (Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20( ...) + TODO: check +CVE-2023-37711 (Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to con ...) + TODO: check +CVE-2023-37710 (Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to con ...) + TODO: check +CVE-2023-37707 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-37706 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-37705 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-37704 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-37703 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-37702 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-37701 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-37700 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + TODO: check +CVE-2023-37392 (Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dum ...) + TODO: check +CVE-2023-37277 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows unauthenticated us ...) + TODO: check +CVE-2023-37151 (Sourcecodester Online Pizza Ordering System v1.0 allows the upload of ...) + TODO: check +CVE-2023-37150 (Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scri ...) + TODO: check +CVE-2023-36940 (Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Rep ...) + TODO: check +CVE-2023-36939 (Cross-Site Scripting (XSS) vulnerability in Hostel Management System v ...) + TODO: check +CVE-2023-36936 (Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security ...) + TODO: check +CVE-2023-36691 (Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar Webw ...) + TODO: check +CVE-2023-36376 (Cross-Site Scripting (XSS) vulnerability in Hostel Management System v ...) + TODO: check +CVE-2023-36375 (Cross Site Scripting vulnerability in Hostel Management System v2.1 al ...) + TODO: check +CVE-2023-35912 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Dona ...) + TODO: check +CVE-2023-35699 (Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthen ...) + TODO: check +CVE-2023-35698 (Observable Response Discrepancy in the SICK ICR890-4 could allow a rem ...) + TODO: check +CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the SICK ...) + TODO: check +CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...) + TODO: check +CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) + TODO: check +CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) + TODO: check +CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) + TODO: check +CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...) + TODO: check +CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...) + TODO: check +CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) + TODO: check +CVE-2023-2967 (The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanit ...) + TODO: check +CVE-2023-2964 (The Simple Iframe WordPress plugin before 1.2.0 does not properly vali ...) + TODO: check +CVE-2023-2796 (The EventON WordPress plugin before 2.1.2 lacks authentication and aut ...) + TODO: check +CVE-2023-2709 (The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and ...) + TODO: check +CVE-2023-2635 (The Call Now Accessibility Button WordPress plugin before 1.1 does not ...) + TODO: check +CVE-2023-2578 (The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and ...) + TODO: check +CVE-2023-2529 (The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitis ...) + TODO: check +CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not implemen ...) + TODO: check +CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...) + TODO: check +CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...) + TODO: check +CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...) + TODO: check +CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...) + TODO: check +CVE-2015-10120 (A vulnerability, which was classified as problematic, was found in WDS ...) + TODO: check +CVE-2015-10119 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check CVE-2023-XXXX [spip: Use a dedicated function to clean author data when preparing a session] - spip 4.1.11+dfsg-1 [bookworm] - spip <no-dsa> (Minor issue) @@ -151,9 +285,9 @@ CVE-2023-33664 (ai-dev aicombinationsonfly before v0.3.1 was discovered to conta NOT-FOR-US: ai-dev aicombinationsonfly CVE-2023-32183 (Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed ...) NOT-FOR-US: hawk2 as packaged by SuSE -CVE-2023-34442 +CVE-2023-34442 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache Camel JIRA -CVE-2023-35887 +CVE-2023-35887 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) NOT-FOR-US: Apache Mina SSHD CVE-2023-33008 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache Johnzon @@ -5849,14 +5983,14 @@ CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS pr NOT-FOR-US: Google Chrome on ChromeOS CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome on Chrom ...) NOT-FOR-US: Google Chrome on ChromeOS -CVE-2023-32254 +CVE-2023-32254 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) {DSA-5448-1} - linux 6.3.7-1 [bullseye] - linux <not-affected> (Vulnerable code not present) [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/ -CVE-2023-32250 +CVE-2023-32250 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) {DSA-5448-1} - linux 6.3.7-1 [bullseye] - linux <not-affected> (Vulnerable code not present) @@ -8931,14 +9065,14 @@ CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable t NOT-FOR-US: WordPress plugin CVE-2023-2030 RESERVED -CVE-2023-2029 - RESERVED -CVE-2023-2028 - RESERVED +CVE-2023-2029 (The PrePost SEO WordPress plugin through 3.0 does not properly sanitiz ...) + TODO: check +CVE-2023-2028 (The Call Now Accessibility Button WordPress plugin before 1.1 does not ...) + TODO: check CVE-2023-2027 (The ZM Ajax Login & Register plugin for WordPress is vulnerable to aut ...) NOT-FOR-US: ZM Ajax Login & Register plugin for WordPress -CVE-2023-2026 - RESERVED +CVE-2023-2026 (The Image Protector WordPress plugin through 1.1 does not properly san ...) + TODO: check CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 ...) NOT-FOR-US: OpenBlue Enterprise Manager Data Collector CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector ...) @@ -12979,8 +13113,8 @@ CVE-2023-29097 RESERVED CVE-2023-29096 RESERVED -CVE-2023-29095 - RESERVED +CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSV ...) + TODO: check CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) @@ -12992,8 +13126,8 @@ CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 a NOTE: https://discuss.hashicorp.com/t/hcsec-2023-13-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375 CVE-2023-1781 RESERVED -CVE-2023-1780 - RESERVED +CVE-2023-1780 (The Companion Sitemap Generator WordPress plugin before 4.5.3 does not ...) + TODO: check CVE-2023-1779 (Exposure of Sensitive Information to an unauthorized actor vulnerabili ...) NOT-FOR-US: MB Connect Lines CVE-2023-1778 (This vulnerability exists in GajShield Data Security Firewall firmware ...) @@ -13359,8 +13493,8 @@ CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files from NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc CVE-2023-28996 RESERVED -CVE-2023-28995 - RESERVED +CVE-2023-28995 (Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Confi ...) + TODO: check CVE-2023-28994 RESERVED CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) @@ -13371,14 +13505,14 @@ CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-28990 RESERVED -CVE-2023-28989 - RESERVED +CVE-2023-28989 (Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons ...) + TODO: check CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin CVE-2023-28987 RESERVED -CVE-2023-28986 - RESERVED +CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...) + TODO: check CVE-2023-28985 RESERVED CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning Manager ...) @@ -14233,8 +14367,8 @@ CVE-2023-1599 RESERVED CVE-2023-1598 REJECTED -CVE-2023-1597 - RESERVED +CVE-2023-1597 (The tagDiv Cloud Library WordPress plugin before 2.7 does not have aut ...) + TODO: check CVE-2023-1596 (The tagDiv Composer WordPress plugin before 4.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2023-1595 (A vulnerability has been found in novel-plus 3.6.2 and classified as c ...) @@ -17568,8 +17702,8 @@ CVE-2023-1210 RESERVED CVE-2023-1209 (Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records ...) NOT-FOR-US: ServiceNow -CVE-2023-1208 - RESERVED +CVE-2023-1208 (This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary dat ...) + TODO: check CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...) NOT-FOR-US: WordPress plugin CVE-2023-1206 (A hash collision flaw was found in the IPv6 connection lookup table in ...) @@ -18098,8 +18232,7 @@ CVE-2023-27636 RESERVED CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...) NOT-FOR-US: ECshop -CVE-2023-1183 - RESERVED +CVE-2023-1183 (A flaw was found in the Libreoffice package. An attacker can craft an ...) {DSA-5437-1 DSA-5436-1 DLA-3468-1 DLA-3467-1} - hsqldb 2.7.2-1 - hsqldb1.8.0 1.8.0.10+dfsg-12 @@ -18874,8 +19007,8 @@ CVE-2023-1121 (The Simple Giveaways WordPress plugin before 2.45.1 does not sani NOT-FOR-US: WordPress plugin CVE-2023-1120 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) NOT-FOR-US: WordPress plugin -CVE-2023-1119 - RESERVED +CVE-2023-1119 (The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPres ...) + TODO: check CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...) {DLA-3404-1 DLA-3403-1} - linux 6.1.20-1 @@ -24487,8 +24620,8 @@ CVE-2023-25480 RESERVED CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...) NOT-FOR-US: WordPress plugin -CVE-2023-25478 - RESERVED +CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...) + TODO: check CVE-2023-25477 RESERVED CVE-2023-25476 @@ -27639,8 +27772,8 @@ CVE-2023-24407 RESERVED CVE-2023-24406 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) NOT-FOR-US: WordPress plugin -CVE-2023-24405 - RESERVED +CVE-2023-24405 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...) + TODO: check CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketi ...) NOT-FOR-US: WordPress plugin CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP F ...) @@ -27659,8 +27792,8 @@ CVE-2023-24397 RESERVED CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) NOT-FOR-US: WordPress plugin -CVE-2023-24395 - RESERVED +CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...) + TODO: check CVE-2023-24394 RESERVED CVE-2023-24393 @@ -28626,8 +28759,8 @@ CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) NOT-FOR-US: WordPress plugin -CVE-2023-23993 - RESERVED +CVE-2023-23993 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Lio ...) + TODO: check CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...) NOT-FOR-US: WordPress plugin CVE-2023-23991 @@ -28928,8 +29061,8 @@ CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Ext NOT-FOR-US: WordPress plugin CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin -CVE-2023-23897 - RESERVED +CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simp ...) + TODO: check CVE-2023-23896 RESERVED CVE-2023-23895 @@ -28984,8 +29117,8 @@ CVE-2023-23871 RESERVED CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...) NOT-FOR-US: WordPress plugin -CVE-2023-23869 - RESERVED +CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) + TODO: check CVE-2023-23868 RESERVED CVE-2023-23867 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) @@ -29172,8 +29305,8 @@ CVE-2023-23806 (Auth. (admin+) StoredCross-Site Scripting (XSS) vulnerability in NOT-FOR-US: WordPress plugin CVE-2023-23805 RESERVED -CVE-2023-23804 - RESERVED +CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed p ...) + TODO: check CVE-2023-23803 RESERVED CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...) @@ -29206,8 +29339,8 @@ CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-23788 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flor ...) NOT-FOR-US: WordPress plugin -CVE-2023-23787 - RESERVED +CVE-2023-23787 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...) + TODO: check CVE-2023-23786 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Chr ...) NOT-FOR-US: WordPress plugin CVE-2023-23785 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCu ...) @@ -30735,8 +30868,8 @@ CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM NOT-FOR-US: Huawei CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29 2.0.0.49(M0 ...) NOT-FOR-US: Huawei -CVE-2023-23348 - RESERVED +CVE-2023-23348 (HCL Launch could disclose sensitive information if a manual edit of a ...) + TODO: check CVE-2023-23347 RESERVED CVE-2023-23346 @@ -32962,10 +33095,10 @@ CVE-2023-22697 RESERVED CVE-2023-22696 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin -CVE-2023-22695 - RESERVED -CVE-2023-22694 - RESERVED +CVE-2023-22695 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita C ...) + TODO: check +CVE-2023-22694 (Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Nor ...) + TODO: check CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Goog ...) NOT-FOR-US: WordPress plugin CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name ...) @@ -33006,8 +33139,8 @@ CVE-2023-22675 RESERVED CVE-2023-22674 RESERVED -CVE-2023-22673 - RESERVED +CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Mon ...) + TODO: check CVE-2023-22672 RESERVED CVE-2023-0104 (The listed versions for Weintek EasyBuilder Pro are vulnerable to a Zi ...) @@ -41421,7 +41554,7 @@ CVE-2022-4245 RESERVED CVE-2022-4244 RESERVED -CVE-2022-4243 (The ImageInject WordPress plugin through TODO does not sanitise and es ...) +CVE-2022-4243 (The ImageInject WordPress plugin through 1.17 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-4242 (The WP Google Review Slider WordPress plugin before 11.6 does not sani ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c526f772f4aa01aa581b029585ff3dc349713968 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c526f772f4aa01aa581b029585ff3dc349713968 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits