[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 4 09:11:49 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1762860f by security tracker role at 2023-08-04T08:11:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...)
+ TODO: check
+CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...)
+ TODO: check
+CVE-2023-4140 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to pri ...)
+ TODO: check
+CVE-2023-4139 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sen ...)
+ TODO: check
+CVE-2023-3373 (Predictable Exact Value from Previous Values vulnerability in Mitsubis ...)
+ TODO: check
+CVE-2023-39343 (Sulu is an open-source PHP content management system based on the Symf ...)
+ TODO: check
+CVE-2023-38991 (An issue in the delete function in the ActModelController class of jee ...)
+ TODO: check
+CVE-2023-38952 (Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticate ...)
+ TODO: check
+CVE-2023-38951 (A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attacke ...)
+ TODO: check
+CVE-2023-38950 (A path traversal vulnerability in the iclock API of ZKTeco BioTime v8. ...)
+ TODO: check
+CVE-2023-38949 (An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticat ...)
+ TODO: check
+CVE-2023-38941 (django-sspanel v2022.2.2 was discovered to contain a remote command ex ...)
+ TODO: check
+CVE-2023-38708 (Pimcore is an Open Source Data & Experience Management Platform: PIM, ...)
+ TODO: check
+CVE-2023-37501 (A Persistent XSS vulnerability can be carried out in a certain field o ...)
+ TODO: check
+CVE-2023-37500 (A Persistent Cross-site Scripting (XSS) vulnerability can be carried o ...)
+ TODO: check
+CVE-2023-37499 (A Persistent Cross-site Scripting (XSS) vulnerability can be carried o ...)
+ TODO: check
+CVE-2023-37498 (A user is capable of assigning him/herself to arbitrary groups by reus ...)
+ TODO: check
+CVE-2023-37497 (The Unica application exposes an API which accepts arbitrary XML input ...)
+ TODO: check
+CVE-2023-36159 (Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Fo ...)
+ TODO: check
+CVE-2023-36158 (Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Ma ...)
+ TODO: check
+CVE-2023-36141 (User enumeration is found in in PHPJabbers Cleaning Business Software ...)
+ TODO: check
+CVE-2023-36139 (In PHPJabbers Cleaning Business Software 1.0, lack of verification whe ...)
+ TODO: check
+CVE-2023-36138 (PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site ...)
+ TODO: check
+CVE-2023-36137 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...)
+ TODO: check
+CVE-2023-36135 (User enumeration is found in in PHPJabbers Class Scheduling System v1. ...)
+ TODO: check
+CVE-2023-36134 (In PHP Jabbers Class Scheduling System 1.0, lack of verification when ...)
+ TODO: check
+CVE-2023-36133 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Acc ...)
+ TODO: check
+CVE-2023-36132 (PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorre ...)
+ TODO: check
+CVE-2023-36131 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrec ...)
+ TODO: check
+CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL injection ...)
+ TODO: check
CVE-2023-38497 [Cargo does not respect umask when extracting packages]
- rustc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
@@ -331,7 +391,7 @@ CVE-2023-4008 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab <unfixed>
CVE-2023-4011 (An issue has been discovered in GitLab EE affecting all versions from ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2023-4002
+CVE-2023-4002 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-3993 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
@@ -665,6 +725,7 @@ CVE-2023-32226 (Sysaid - CWE-552: Files or Directories Accessible to External P
CVE-2023-32225 (Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A ...)
NOT-FOR-US: SysAid
CVE-2023-4012 [crash on NTS requests]
+ {DSA-5466-1}
- ntpsec 1.2.2+dfsg1-2 (bug #1038422)
[bullseye] - ntpsec <not-affected> (Vulnerable code introduced later)
[buster] - ntpsec <not-affected> (Vulnerable code introduced later)
@@ -4147,7 +4208,7 @@ CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that tak
CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...)
NOT-FOR-US: CometBFT
CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...)
- {DLA-3500-1}
+ {DSA-5465-1 DLA-3500-1}
- python-django 3:3.2.20-1 (bug #1040225)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1
NOTE: https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
@@ -11113,8 +11174,8 @@ CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that ena
NOT-FOR-US: Palantir
CVE-2023-30959
RESERVED
-CVE-2023-30958
- RESERVED
+CVE-2023-30958 (A security defect was identified in Foundry Frontend that enabled user ...)
+ TODO: check
CVE-2023-30957
RESERVED
CVE-2023-30956 (A security defect was identified in Foundry Comments that enabled a us ...)
@@ -11125,12 +11186,12 @@ CVE-2023-30954
RESERVED
CVE-2023-30953
RESERVED
-CVE-2023-30952
- RESERVED
-CVE-2023-30951
- RESERVED
-CVE-2023-30950
- RESERVED
+CVE-2023-30952 (A security defect was discovered in Foundry Issues that enabled users ...)
+ TODO: check
+CVE-2023-30951 (The Foundry Magritte plugin rest-source was found to be vulnerable to ...)
+ TODO: check
+CVE-2023-30950 (The foundry campaigns service was found to be vulnerable to an unauthe ...)
+ TODO: check
CVE-2023-30949 (A missing origin validation in Slate sandbox could be exploited by a m ...)
NOT-FOR-US: Palantir
CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...)
@@ -13377,8 +13438,8 @@ CVE-2023-30299
RESERVED
CVE-2023-30298
RESERVED
-CVE-2023-30297
- RESERVED
+CVE-2023-30297 (An issue found in N-able Technologies N-central Server before 2023.4 a ...)
+ TODO: check
CVE-2023-30296
RESERVED
CVE-2023-30295
@@ -13686,8 +13747,8 @@ CVE-2023-30148
RESERVED
CVE-2023-30147
RESERVED
-CVE-2023-30146
- RESERVED
+CVE-2023-30146 (Assmann Digitus Plug&View IP Camera family allows unauthenticated atta ...)
+ TODO: check
CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template I ...)
NOT-FOR-US: Camaleon CMS
CVE-2023-30144
@@ -30665,8 +30726,8 @@ CVE-2023-22431
RESERVED
CVE-2023-22311
RESERVED
-CVE-2023-0525
- RESERVED
+CVE-2023-0525 (Weak Encoding for Password vulnerability in Mitsubishi Electric Corpor ...)
+ TODO: check
CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...)
NOT-FOR-US: Tenable
CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -54240,16 +54301,16 @@ CVE-2023-20220
RESERVED
CVE-2023-20219
RESERVED
-CVE-2023-20218
- RESERVED
+CVE-2023-20218 (A vulnerability in web-based management interface of Cisco SPA500 Seri ...)
+ TODO: check
CVE-2023-20217
RESERVED
-CVE-2023-20216
- RESERVED
-CVE-2023-20215
- RESERVED
-CVE-2023-20214
- RESERVED
+CVE-2023-20216 (A vulnerability in the privilege management functionality of all Cisco ...)
+ TODO: check
+CVE-2023-20215 (A vulnerability in the scanning engines of Cisco AsyncOS Software for ...)
+ TODO: check
+CVE-2023-20214 (A vulnerability in the request authentication validation for the REST ...)
+ TODO: check
CVE-2023-20213
RESERVED
CVE-2023-20212
@@ -54268,8 +54329,8 @@ CVE-2023-20206
RESERVED
CVE-2023-20205
RESERVED
-CVE-2023-20204
- RESERVED
+CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ TODO: check
CVE-2023-20203
RESERVED
CVE-2023-20202
@@ -54314,8 +54375,8 @@ CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software
NOT-FOR-US: Cisco
CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
NOT-FOR-US: Cisco
-CVE-2023-20181
- RESERVED
+CVE-2023-20181 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings could all ...)
NOT-FOR-US: Cisco
CVE-2023-20179
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1762860fe93332556d9fdc2a40e914b5a1d252bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1762860fe93332556d9fdc2a40e914b5a1d252bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230804/60ff1604/attachment.htm>
More information about the debian-security-tracker-commits
mailing list