Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: be397440 by security tracker role at 2023-07-12T08:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,129 @@ +CVE-2023-3525 (The Getnet Argentina para Woocommerce plugin for WordPress is vulnerab ...) + TODO: check +CVE-2023-3369 (The About Me 3000 widget plugin for WordPress is vulnerable to Stored ...) + TODO: check +CVE-2023-3202 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) + TODO: check +CVE-2023-3199 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) + TODO: check +CVE-2023-3168 (The WP Reroute Email plugin for WordPress is vulnerable to Stored Cros ...) + TODO: check +CVE-2023-3167 (The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-3166 (The Lana Email Logger plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2023-3158 (The Mail Control plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2023-3135 (The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cro ...) + TODO: check +CVE-2023-3127 (An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iS ...) + TODO: check +CVE-2023-3122 (The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-S ...) + TODO: check +CVE-2023-3105 (The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direc ...) + TODO: check +CVE-2023-3093 (The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + TODO: check +CVE-2023-3092 (The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-3088 (The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Sit ...) + TODO: check +CVE-2023-3087 (The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-3082 (The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check +CVE-2023-3081 (The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based SQL I ...) + TODO: check +CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) + TODO: check +CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) + TODO: check +CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) + TODO: check +CVE-2023-37200 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...) + TODO: check +CVE-2023-37199 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) + TODO: check +CVE-2023-37198 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) + TODO: check +CVE-2023-37197 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...) + TODO: check +CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...) + TODO: check +CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) + TODO: check +CVE-2023-32200 (There is insufficient restrictions of called script functions in Apach ...) + TODO: check +CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to unauth ...) + TODO: check +CVE-2023-2763 (Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vul ...) + TODO: check +CVE-2023-2762 (A Use-After-Free vulnerability in SLDPRT file reading procedure exists ...) + TODO: check +CVE-2023-2562 (The Gallery Metabox for WordPress is vulnerable to unauthorized access ...) + TODO: check +CVE-2023-2561 (The Gallery Metabox for WordPress is vulnerable to unauthorized modifi ...) + TODO: check +CVE-2023-2517 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + TODO: check +CVE-2021-4427 (The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPres ...) + TODO: check +CVE-2021-4426 (The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2021-4425 (The Defender Security plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2021-4424 (The Slider Hero plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2021-4423 (The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2021-4422 (The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2021-4421 (The Advanced Popups plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2021-4420 (The Sell Media plugin for WordPress is vulnerable to Cross-Site Reques ...) + TODO: check +CVE-2021-4419 (The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Si ...) + TODO: check +CVE-2021-4417 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) + TODO: check +CVE-2021-4416 (The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request F ...) + TODO: check +CVE-2021-4415 (The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Si ...) + TODO: check +CVE-2021-4414 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...) + TODO: check +CVE-2021-4413 (The Process Steps Template Designer plugin for WordPress is vulnerable ...) + TODO: check +CVE-2021-4412 (The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2021-4411 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vul ...) + TODO: check +CVE-2021-4410 (The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site R ...) + TODO: check +CVE-2021-4409 (The WooCommerce Etsy Integration plugin for WordPress is vulnerable to ...) + TODO: check +CVE-2021-4408 (The DW Question & Answer plugin for WordPress is vulnerable to Cross-S ...) + TODO: check +CVE-2021-4407 (The Custom Banners plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2020-36761 (The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Fo ...) + TODO: check +CVE-2020-36760 (The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2020-36757 (The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site ...) + TODO: check +CVE-2020-36756 (The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Re ...) + TODO: check +CVE-2020-36752 (The Coming Soon & Maintenance Mode Page plugin for WordPress is vulner ...) + TODO: check +CVE-2020-36750 (The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-S ...) + TODO: check CVE-2023-37579 NOT-FOR-US: Apache Pulsar CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/su ...) @@ -9812,7 +9938,7 @@ CVE-2023-1999 (There exists a use after free/double free in libwebp. An attacker NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f (backport; v0.4.2-rc2) CVE-2023-1997 RESERVED -CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R ...) +CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPE ...) NOT-FOR-US: 3ds CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 and earli ...) NOT-FOR-US: Jenkins plugin @@ -10571,8 +10697,8 @@ CVE-2023-30228 RESERVED CVE-2023-30227 RESERVED -CVE-2023-30226 - RESERVED +CVE-2023-30226 (An issue was discovered in function get_gnu_verneed in rizinorg Rizin ...) + TODO: check CVE-2023-30225 RESERVED CVE-2023-30224 @@ -28004,10 +28130,10 @@ CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tena NOT-FOR-US: Tenable CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to improper ...) NOT-FOR-US: Tenable -CVE-2023-24492 - RESERVED -CVE-2023-24491 - RESERVED +CVE-2023-24492 (A vulnerability has been discovered in the Citrix Secure Access client ...) + TODO: check +CVE-2023-24491 (A vulnerability has been discovered in the Citrix Secure Access client ...) + TODO: check CVE-2023-24490 (Users with only access to launch VDA applications can launch an unauth ...) TODO: check CVE-2023-24489 (A vulnerability has been discovered in the customer-managed ShareFile ...) @@ -105394,11 +105520,13 @@ CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developments a ...) NOT-FOR-US: Tuleap CVE-2022-24895 (Symfony is a PHP framework for web and console applications and a set ...) + {DLA-3493-1} - symfony 5.4.20+dfsg-1 [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m NOTE: https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4 CVE-2022-24894 (Symfony is a PHP framework for web and console applications and a set ...) + {DLA-3493-1} - symfony 5.4.20+dfsg-1 [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv @@ -184679,6 +184807,7 @@ CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Commun CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...) NOT-FOR-US: Grav Admin Plugin CVE-2021-21424 (Symfony is a PHP framework for web and console applications and a set ...) + {DLA-3493-1} - symfony 4.4.19+dfsg-2 [stretch] - symfony <postponed> (Minor issue) NOTE: https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be3974407f49f4d4f20580bfcc7c2c74f7c03e7b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be3974407f49f4d4f20580bfcc7c2c74f7c03e7b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits