[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 17 21:10:40 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
813799c0 by security tracker role at 2023-04-17T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2023-30792
+ RESERVED
+CVE-2023-30791
+ RESERVED
+CVE-2023-30790
+ RESERVED
+CVE-2023-30789
+ RESERVED
+CVE-2023-30788
+ RESERVED
+CVE-2023-30787
+ RESERVED
+CVE-2023-30786
+ RESERVED
+CVE-2023-30785
+ RESERVED
+CVE-2023-30784
+ RESERVED
+CVE-2023-30783
+ RESERVED
+CVE-2023-30782
+ RESERVED
+CVE-2023-30781
+ RESERVED
+CVE-2023-30780
+ RESERVED
+CVE-2023-30779
+ RESERVED
+CVE-2023-30778
+ RESERVED
+CVE-2023-30777
+ RESERVED
+CVE-2023-30776
+ RESERVED
+CVE-2023-2129
+ RESERVED
+CVE-2023-2128
+ RESERVED
+CVE-2023-2127
+ RESERVED
+CVE-2023-2126
+ RESERVED
+CVE-2023-2125
+ RESERVED
+CVE-2023-2124
+ RESERVED
+CVE-2023-2123
+ RESERVED
+CVE-2023-2122
+ RESERVED
+CVE-2023-2121
+ RESERVED
+CVE-2023-2120
+ RESERVED
+CVE-2023-2119
+ RESERVED
+CVE-2023-2118
+ RESERVED
+CVE-2023-2117
+ RESERVED
+CVE-2023-2116
+ RESERVED
+CVE-2023-2115
+ RESERVED
+CVE-2023-2114
+ RESERVED
+CVE-2023-2113
+ RESERVED
+CVE-2023-2112
+ RESERVED
+CVE-2023-2111
+ RESERVED
+CVE-2023-2110
+ RESERVED
CVE-2023-30775
RESERVED
CVE-2023-30774
@@ -8,13 +82,12 @@ CVE-2023-2108 (A vulnerability has been found in SourceCodester Judging Manageme
NOT-FOR-US: SourceCodester Judging Management System
CVE-2023-30773
RESERVED
-CVE-2023-30771
- RESERVED
+CVE-2023-30771 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache IoTDB
-CVE-2015-10103
- RESERVED
-CVE-2015-10102
- RESERVED
+CVE-2015-10103 (A vulnerability, which was classified as problematic, was found in Int ...)
+ TODO: check
+CVE-2015-10102 (A vulnerability, which was classified as critical, has been found in F ...)
+ TODO: check
CVE-2015-10101 (A vulnerability classified as problematic was found in Google Analytic ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2107 (A vulnerability, which was classified as critical, was found in IBOS 4 ...)
@@ -631,8 +704,8 @@ CVE-2023-2019
RESERVED
CVE-2023-2018
RESERVED
-CVE-2023-2017
- RESERVED
+CVE-2023-2017 (Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, ...)
+ TODO: check
CVE-2023-2016
RESERVED
CVE-2023-2015
@@ -2662,8 +2735,8 @@ CVE-2023-29667
RESERVED
CVE-2023-29666
RESERVED
-CVE-2023-29665
- RESERVED
+CVE-2023-29665 (D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow vi ...)
+ TODO: check
CVE-2023-29664
RESERVED
CVE-2023-29663
@@ -3568,8 +3641,8 @@ CVE-2023-1875
RESERVED
CVE-2023-1874 (The WP Data Access plugin for WordPress is vulnerable to privilege esc ...)
NOT-FOR-US: WP Data Access plugin for WordPress
-CVE-2023-1873
- RESERVED
+CVE-2023-1873 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-1872 (A use-after-free vulnerability in the Linux Kernel io_uring system can ...)
- linux 5.17.3-1
[buster] - linux <not-affected> (Vulnerable code introduced later)
@@ -3978,8 +4051,8 @@ CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS El
NOT-FOR-US: DTS Electronics Redline Router firmware
CVE-2023-1832
RESERVED
-CVE-2023-1831
- RESERVED
+CVE-2023-1831 (Mattermost fails to redact from audit logs the user password during us ...)
+ TODO: check
CVE-2023-1830
RESERVED
CVE-2023-1829 (A use-after-free vulnerability in the Linux Kernel traffic control ind ...)
@@ -4636,8 +4709,8 @@ CVE-2023-1725 (Server-Side Request Forgery (SSRF) vulnerability in Infoline Proj
NOT-FOR-US: Infoline Project Management System
CVE-2023-1724
RESERVED
-CVE-2023-1723
- RESERVED
+CVE-2023-1723 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-1722
RESERVED
CVE-2023-1721
@@ -4723,8 +4796,8 @@ CVE-2023-29006 (The Order GLPI plugin allows users to manage order management wi
CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...)
- flask-appbuilder <unfixed>
NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv
-CVE-2023-29004
- RESERVED
+CVE-2023-29004 (hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache ...)
+ TODO: check
CVE-2023-29003 (SvelteKit is a web development framework. The SvelteKit framework offe ...)
NOT-FOR-US: SvelteKit
CVE-2023-29002
@@ -6464,8 +6537,8 @@ CVE-2023-1475 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2023-1474 (A vulnerability classified as critical was found in SourceCodester Aut ...)
NOT-FOR-US: SourceCodester Automatic Question Paper Generator System
-CVE-2023-1473
- RESERVED
+CVE-2023-1473 (The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29. ...)
+ TODO: check
CVE-2023-1472 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress
CVE-2023-1471 (The WP Popup Banners plugin for WordPress is vulnerable to SQL Injecti ...)
@@ -6572,8 +6645,8 @@ CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimco
NOT-FOR-US: pimcore
CVE-2023-1428
RESERVED
-CVE-2023-1427
- RESERVED
+CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not en ...)
+ TODO: check
CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Aw ...)
@@ -6916,8 +6989,8 @@ CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been
NOT-FOR-US: Simple Art Gallery
CVE-2023-1414
RESERVED
-CVE-2023-1413
- RESERVED
+CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and escape s ...)
+ TODO: check
CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...)
NOT-FOR-US: Cloudflare WARP
CVE-2023-1411
@@ -7645,12 +7718,12 @@ CVE-2023-1375
RESERVED
CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...)
NOT-FOR-US: Solidres plugin for WordPress
-CVE-2023-1373
- RESERVED
+CVE-2023-1373 (The W4 Post List WordPress plugin before 2.4.6 does not escape some UR ...)
+ TODO: check
CVE-2023-1372 (The WH Testimonials plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WH Testimonials plugin for WordPress
-CVE-2023-1371
- RESERVED
+CVE-2023-1371 (The W4 Post List WordPress plugin before 2.4.6 does not ensure that pa ...)
+ TODO: check
CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...)
{DLA-3373-1}
- json-smart <unfixed> (bug #1033474)
@@ -8097,8 +8170,8 @@ CVE-2023-1333 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vu
NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress
CVE-2023-1332
RESERVED
-CVE-2023-1331
- RESERVED
+CVE-2023-1331 (The Redirection WordPress plugin before 1.1.5 does not have CSRF check ...)
+ TODO: check
CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add nonce verif ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1329
@@ -8109,8 +8182,8 @@ CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected b
NOT-FOR-US: Netgear
CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and earli ...)
NOT-FOR-US: Apport
-CVE-2023-1325
- RESERVED
+CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not va ...)
+ TODO: check
CVE-2023-1324
RESERVED
CVE-2023-1323
@@ -8309,8 +8382,8 @@ CVE-2023-1284
RESERVED
CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.0. ...)
NOT-FOR-US: qwik
-CVE-2023-1282
- RESERVED
+CVE-2023-1282 (The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard W ...)
+ TODO: check
CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control index fil ...)
- linux 6.1.15-1
NOTE: https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2
@@ -8422,8 +8495,8 @@ CVE-2023-1276 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SUL1SS_shop
CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Phone Shop Sales Managements System
-CVE-2023-1274
- RESERVED
+CVE-2023-1274 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
+ TODO: check
CVE-2023-1273
RESERVED
CVE-2023-1272
@@ -8873,8 +8946,8 @@ CVE-2023-27846
RESERVED
CVE-2023-27845
RESERVED
-CVE-2023-27844
- RESERVED
+CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and ...)
+ TODO: check
CVE-2023-27843
RESERVED
CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File manager eXt ...)
@@ -9072,8 +9145,8 @@ CVE-2023-27757 (An arbitrary file upload vulnerability in the /admin/user/upload
NOT-FOR-US: PerfreeBlog
CVE-2023-27756
RESERVED
-CVE-2023-27755
- RESERVED
+CVE-2023-27755 (go-bbs v1 was discovered to contain an arbitrary file download vulnera ...)
+ TODO: check
CVE-2023-27754 (vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow ca ...)
NOT-FOR-US: vox2mesh
CVE-2023-27753
@@ -9116,8 +9189,8 @@ CVE-2023-27735
RESERVED
CVE-2023-27734 (An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker ...)
NOT-FOR-US: Eteran edb-debugger
-CVE-2023-27733
- RESERVED
+CVE-2023-27733 (DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
CVE-2023-27732
RESERVED
CVE-2023-27731
@@ -9172,8 +9245,8 @@ CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a
NOT-FOR-US: DedeCMS
CVE-2023-27706
RESERVED
-CVE-2023-27705
- RESERVED
+CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer overflow via th ...)
+ TODO: check
CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...)
NOT-FOR-US: Void Tools
CVE-2023-27703 (The Android version of pikpak v1.29.2 was discovered to contain an inf ...)
@@ -9663,6 +9736,7 @@ CVE-2020-36663 (A vulnerability, which was classified as problematic, was found
NOT-FOR-US: artesaos SEOTools
CVE-2023-27539
RESERVED
+ {DLA-3392-1}
- ruby-rack 2.2.6.4-1 (bug #1033264)
NOTE: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c (v3.0.6.1)
NOTE: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff (v2.2.6.4)
@@ -9710,6 +9784,7 @@ CVE-2023-27531
NOT-FOR-US: Kredis JSON ruby gem
NOTE: https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467
CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2. ...)
+ {DLA-3392-1}
- ruby-rack 2.2.6.4-1 (bug #1032803)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
NOTE: https://github.com/rack/rack/commit/8e8869d625e73e16b576b6d31b50208e9ec8002f (main)
@@ -9718,8 +9793,8 @@ CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, &
NOTE: https://github.com/rack/rack/commit/5f6e2fcbbdbff2dfaa21baa693e9d23d12ac1459 (v2.0.9.3)
CVE-2023-27526
RESERVED
-CVE-2023-27525
- RESERVED
+CVE-2023-27525 (An authenticated user with Gamma role authorization could have access ...)
+ TODO: check
CVE-2023-27524
RESERVED
CVE-2023-27523
@@ -10144,8 +10219,8 @@ CVE-2023-22658
RESERVED
CVE-2023-22435
RESERVED
-CVE-2023-1109
- RESERVED
+CVE-2023-1109 (In Phoenix Contacts ENERGY AXC PU Web service an authenticated restric ...)
+ TODO: check
CVE-2023-1108
RESERVED
- undertow <unfixed> (bug #1033253)
@@ -13794,8 +13869,8 @@ CVE-2023-0891
RESERVED
CVE-2023-0890 (The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0889
- RESERVED
+CVE-2023-0889 (Themeflection Numbers WordPress plugin before 2.0.1 does not have auth ...)
+ TODO: check
CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...)
NOT-FOR-US: Space Battery Pack SP with Wi-Fi
CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...)
@@ -15017,10 +15092,10 @@ CVE-2023-0767
NOTE: https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad
CVE-2023-0766
RESERVED
-CVE-2023-0765
- RESERVED
-CVE-2023-0764
- RESERVED
+CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not prop ...)
+ TODO: check
+CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perf ...)
+ TODO: check
CVE-2023-0763
RESERVED
CVE-2023-0762
@@ -15404,8 +15479,8 @@ CVE-2023-25506
RESERVED
CVE-2023-25505
RESERVED
-CVE-2023-25504
- RESERVED
+CVE-2023-25504 (A malicious actor who has been authenticated and granted specific perm ...)
+ TODO: check
CVE-2023-25503
RESERVED
CVE-2023-25502
@@ -20156,8 +20231,8 @@ CVE-2023-0376
RESERVED
CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0374
- RESERVED
+CVE-2023-0374 (The W4 Post List WordPress plugin before 2.4.6 does not validate and e ...)
+ TODO: check
CVE-2023-0373 (The Lightweight Accordion WordPress plugin before 1.5.15 does not vali ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0372 (The EmbedStories WordPress plugin before 0.7.5 does not validate and e ...)
@@ -20236,8 +20311,8 @@ CVE-2023-23755
RESERVED
CVE-2023-23754
RESERVED
-CVE-2023-0367
- RESERVED
+CVE-2023-0367 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
+ TODO: check
CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0365 (The React Webcam WordPress plugin through 1.2.0 does not validate and ...)
@@ -20982,8 +21057,8 @@ CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does not
NOT-FOR-US: WordPress plugin
CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly sani ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0277
- RESERVED
+CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not properly ...)
+ TODO: check
CVE-2023-0276
RESERVED
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...)
@@ -22534,8 +22609,7 @@ CVE-2023-22948 (An issue was discovered in TigerGraph Enterprise Free Edition 3.
NOT-FOR-US: TigerGraph Enterprise Free Edition
CVE-2023-22947 (** DISPUTED ** Insecure folder permissions in the Windows installation ...)
- shibboleth-sp <not-affected> (Windows-specific)
-CVE-2023-22946
- RESERVED
+CVE-2023-22946 (In Apache Spark versions prior to 3.4.0, applications using spark-subm ...)
- apache-spark <itp> (bug #802194)
CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, the gro ...)
NOT-FOR-US: GrowthExperiments extension for MediaWiki
@@ -36951,8 +37025,8 @@ CVE-2022-44728
RESERVED
CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for Pres ...)
NOT-FOR-US: PrestaShop module
-CVE-2022-44726
- RESERVED
+CVE-2022-44726 (The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS i ...)
+ TODO: check
CVE-2022-44725 (OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses ...)
NOT-FOR-US: OPC Foundation Local Discovery Server (LDS)
CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Da ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/813799c02be050a739b1a4398f5f15bb1c0a4db5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/813799c02be050a739b1a4398f5f15bb1c0a4db5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230417/c54b1a65/attachment.htm>
More information about the debian-security-tracker-commits
mailing list