Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 018babcf by security tracker role at 2023-07-11T08:12:16+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,57 @@ +CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated ...) + TODO: check +CVE-2023-3607 (A vulnerability was found in kodbox 1.26. It has been declared as crit ...) + TODO: check +CVE-2023-3606 (A vulnerability was found in TamronOS up to 20230703. It has been clas ...) + TODO: check +CVE-2023-37191 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...) + TODO: check +CVE-2023-37190 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...) + TODO: check +CVE-2023-37189 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...) + TODO: check +CVE-2023-36925 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an una ...) + TODO: check +CVE-2023-36924 (While using a specific function, SAP ERP Defense Forces and Public Sec ...) + TODO: check +CVE-2023-36922 (Due to programming error in function module or report, SAP NetWeaver A ...) + TODO: check +CVE-2023-36921 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an att ...) + TODO: check +CVE-2023-36919 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) + TODO: check +CVE-2023-36918 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) + TODO: check +CVE-2023-36917 (SAP BusinessObjects Business Intelligence Platform - version 420, 430, ...) + TODO: check +CVE-2023-36517 (Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abs ...) + TODO: check +CVE-2023-35874 (SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL ...) + TODO: check +CVE-2023-35873 (TheRuntime Workbench (RWB) of SAP NetWeaver Process Integration- versi ...) + TODO: check +CVE-2023-35872 (TheMessage Display Tool (MDT) of SAP NetWeaver Process Integration- ve ...) + TODO: check +CVE-2023-35871 (The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP ...) + TODO: check +CVE-2023-35870 (When creating a journal entry template in SAP S/4HANA (Manage Journal ...) + TODO: check +CVE-2023-35781 (Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin ...) + TODO: check +CVE-2023-35774 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...) + TODO: check +CVE-2023-33992 (The SAP BW BICS communication layer in SAP Business Warehouse and SAP ...) + TODO: check +CVE-2023-33990 (SAP SQL Anywhere- version 17.0, allows an attacker to prevent legitima ...) + TODO: check +CVE-2023-33989 (An attacker with non-administrative authorizations in SAP NetWeaver (B ...) + TODO: check +CVE-2023-33988 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) + TODO: check +CVE-2023-33987 (An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7 ...) + TODO: check +CVE-2023-31405 (SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, ...) + TODO: check CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...) NOT-FOR-US: PHPGurukul Online Shopping Portal CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...) @@ -631,7 +685,7 @@ CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs sh - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212 CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ...) - {DSA-5451-1 DSA-5450-1 DLA-3484-1} + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 @@ -645,7 +699,7 @@ CVE-2023-37209 (A use-after-free condition existed in `NotifyOnHistoryReload` wh - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209 CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that these f ...) - {DSA-5451-1 DSA-5450-1 DLA-3484-1} + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 @@ -653,7 +707,7 @@ CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that t NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208 CVE-2023-37207 (A website could have obscured the fullscreen notification by using a U ...) - {DSA-5451-1 DSA-5450-1 DLA-3484-1} + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 @@ -673,7 +727,7 @@ CVE-2023-37203 (Insufficient validation in the Drag and Drop API in conjunction - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203 CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have caused ...) - {DSA-5451-1 DSA-5450-1 DLA-3484-1} + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 @@ -681,7 +735,7 @@ CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202 CVE-2023-37201 (An attacker could have triggered a use-after-free condition when creat ...) - {DSA-5451-1 DSA-5450-1 DLA-3484-1} + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird 1:102.13.0-1 @@ -7681,22 +7735,22 @@ CVE-2023-30965 RESERVED CVE-2023-30964 RESERVED -CVE-2023-30963 - RESERVED +CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabled use ...) + TODO: check CVE-2023-30962 RESERVED CVE-2023-30961 RESERVED -CVE-2023-30960 - RESERVED +CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...) + TODO: check CVE-2023-30959 RESERVED CVE-2023-30958 RESERVED CVE-2023-30957 RESERVED -CVE-2023-30956 - RESERVED +CVE-2023-30956 (A security defect was identified in Foundry Comments that enabled a us ...) + TODO: check CVE-2023-30955 (A security defect was identified in Foundry workspace-server that enab ...) NOT-FOR-US: Palantir CVE-2023-30954 @@ -8516,10 +8570,10 @@ CVE-2023-2081 RESERVED CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Forcepoint -CVE-2023-2079 - RESERVED -CVE-2023-2078 - RESERVED +CVE-2023-2079 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...) + TODO: check +CVE-2023-2078 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...) + TODO: check CVE-2021-46880 (x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 er ...) - libressl <itp> (bug #754513) CVE-2023-30772 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...) @@ -11873,8 +11927,8 @@ CVE-2023-22313 RESERVED CVE-2023-22310 RESERVED -CVE-2023-1936 - RESERVED +CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check CVE-2023-1935 RESERVED CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is afflicted by ...) @@ -22270,6 +22324,7 @@ CVE-2023-26138 (All versions of the package drogonframework/drogon are vulnerabl CVE-2023-26137 (All versions of the package drogonframework/drogon are vulnerable to H ...) NOT-FOR-US: Drogon CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...) + {DLA-3488-1} - node-tough-cookie 4.1.3+~4.0.2-1 [bookworm] - node-tough-cookie <no-dsa> (Minor issue) [bullseye] - node-tough-cookie <no-dsa> (Minor issue) @@ -24606,8 +24661,8 @@ CVE-2023-25489 RESERVED CVE-2023-25488 RESERVED -CVE-2023-25487 - RESERVED +CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...) + TODO: check CVE-2023-25486 RESERVED CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...) @@ -24644,8 +24699,8 @@ CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobo NOT-FOR-US: WordPress plugin CVE-2023-25469 RESERVED -CVE-2023-25468 - RESERVED +CVE-2023-25468 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio ...) + TODO: check CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...) NOT-FOR-US: WordPress plugin CVE-2023-25466 @@ -25672,8 +25727,8 @@ CVE-2023-25053 RESERVED CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tepl ...) NOT-FOR-US: WordPress plugin -CVE-2023-25051 - RESERVED +CVE-2023-25051 (Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Re ...) + TODO: check CVE-2023-25050 RESERVED CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impl ...) @@ -27510,16 +27565,16 @@ CVE-2023-24492 RESERVED CVE-2023-24491 RESERVED -CVE-2023-24490 - RESERVED -CVE-2023-24489 - RESERVED -CVE-2023-24488 - RESERVED -CVE-2023-24487 - RESERVED -CVE-2023-24486 - RESERVED +CVE-2023-24490 (Users with only access to launch VDA applications can launch an unauth ...) + TODO: check +CVE-2023-24489 (A vulnerability has been discovered in the customer-managed ShareFile ...) + TODO: check +CVE-2023-24488 (Cross site scripting vulnerabilityin Citrix ADC and Citrix Gatewayin a ...) + TODO: check +CVE-2023-24487 (Arbitrary file readin Citrix ADC and Citrix Gateway) + TODO: check +CVE-2023-24486 (A vulnerability has been identified in Citrix Workspace app for Linux ...) + TODO: check CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow a stand ...) NOT-FOR-US: Citrix CVE-2023-24484 (A malicious user can cause log files to be written to a directory that ...) @@ -27744,8 +27799,8 @@ CVE-2023-24423 (A cross-site request forgery (CSRF) vulnerability in Jenkins Ger NOT-FOR-US: Jenkins plugin CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jenkins S ...) NOT-FOR-US: Jenkins plugin -CVE-2023-24421 - RESERVED +CVE-2023-24421 (Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compa ...) + TODO: check CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard ...) NOT-FOR-US: WordPress plugin CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...) @@ -28755,8 +28810,8 @@ CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi NOT-FOR-US: WordPress plugin CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) NOT-FOR-US: WordPress plugin -CVE-2023-23997 - RESERVED +CVE-2023-23997 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database ...) + TODO: check CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prof ...) NOT-FOR-US: WordPress plugin CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...) @@ -29311,8 +29366,8 @@ CVE-2023-23805 RESERVED CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed p ...) NOT-FOR-US: WordPress plugin -CVE-2023-23803 - RESERVED +CVE-2023-23803 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTable ...) + TODO: check CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...) NOT-FOR-US: WordPress plugin CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Si ...) @@ -29333,10 +29388,10 @@ CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...) NOT-FOR-US: WordPress plugin -CVE-2023-23792 - RESERVED -CVE-2023-23791 - RESERVED +CVE-2023-23792 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly ...) + TODO: check +CVE-2023-23791 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu p ...) + TODO: check CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team ...) NOT-FOR-US: WordPress plugin CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prem ...) @@ -29611,8 +29666,8 @@ CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...) NOT-FOR-US: WordPress plugin -CVE-2023-23731 - RESERVED +CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite ...) + TODO: check CVE-2023-23730 RESERVED CVE-2023-23729 @@ -29665,8 +29720,8 @@ CVE-2023-23706 (Cross-Site Request Forgery (CSRF) vulnerability in miniOrange Wo NOT-FOR-US: WordPress plugin CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress ...) NOT-FOR-US: WordPress plugin -CVE-2023-23704 - RESERVED +CVE-2023-23704 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...) + TODO: check CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin CVE-2023-23702 @@ -32732,8 +32787,8 @@ CVE-2023-22837 RESERVED CVE-2023-22836 RESERVED -CVE-2023-22835 - RESERVED +CVE-2023-22835 (A security defect was identified that enabled a user of Foundry Issues ...) + TODO: check CVE-2023-22834 (The Contour Service was not checking that users had permission to crea ...) NOT-FOR-US: Palantir CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...) @@ -35388,6 +35443,7 @@ CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...) NOT-FOR-US: MISP CVE-2022-47927 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) + {DLA-3489-1} - mediawiki 1:1.39.1-1 [bullseye] - mediawiki 1:1.35.11-1~deb11u1 NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitec...@lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ @@ -38136,7 +38192,7 @@ CVE-2022-4507 (The Real Cookie Banner WordPress plugin before 3.4.10 does not va NOT-FOR-US: WordPress plugin CVE-2022-4506 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...) NOT-FOR-US: OpenEMR -CVE-2022-4505 (Improper Access Control in GitHub repository openemr/openemr prior to ...) +CVE-2022-4505 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: OpenEMR CVE-2022-4504 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) NOT-FOR-US: OpenEMR @@ -43044,8 +43100,8 @@ CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iT NOT-FOR-US: WordPress plugin CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability inAdvanced Booking Cal ...) NOT-FOR-US: WordPress plugin -CVE-2022-45823 - RESERVED +CVE-2022-45823 (Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Vide ...) + TODO: check CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calenda ...) NOT-FOR-US: WordPress plugin CVE-2022-45821 @@ -69510,7 +69566,7 @@ CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not s NOT-FOR-US: WordPress plugin CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) NOT-FOR-US: WordPress plugin -CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...) +CVE-2022-2598 (Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0 ...) {DLA-3182-1} - vim 2:9.0.0135-1 (unimportant) NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/ @@ -69518,7 +69574,7 @@ CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim NOTE: Crash in CLI tool, no security impact CVE-2022-2597 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin befor ...) NOT-FOR-US: WordPress plugin -CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prior to ...) +CVE-2022-2596 (Inefficient Regular Expression Complexity in GitHub repository node-fe ...) - node-fetch <not-affected> (Vulnerable code not present) NOTE: https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7/ NOTE: Introduced in: https://github.com/node-fetch/node-fetch/commit/2d80b0bb3fb746ff77cfe604f21ef9e47352ece0 (v3.1.0) @@ -103826,7 +103882,7 @@ CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named [buster] - bind9 <not-affected> (Vulnerable code introduced later) [stretch] - bind9 <not-affected> (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2022-0635 -CVE-2022-0634 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3 ...) +CVE-2022-0634 (The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorizati ...) NOT-FOR-US: WordPress plugin CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...) NOT-FOR-US: WordPress plugin View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/018babcf96b89a0fc5de5462f9c2c714deb3cd23 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/018babcf96b89a0fc5de5462f9c2c714deb3cd23 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits