[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 14 21:13:12 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b5c8e75 by security tracker role at 2023-08-14T20:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
+ TODO: check
+CVE-2023-4321 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...)
+ TODO: check
+CVE-2023-40360 (QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive i ...)
+ TODO: check
+CVE-2023-40359 (xterm before 380 supports ReGIS reporting for character-set names even ...)
+ TODO: check
+CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A user ent ...)
+ TODO: check
+CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with unsaniti ...)
+ TODO: check
+CVE-2023-40311 (Multiple stored XSS were found on different JSP files with unsanitized ...)
+ TODO: check
+CVE-2023-40024 (ScanCode.io is a server to script and automate software composition an ...)
+ TODO: check
+CVE-2023-40023 (yaklang is a programming language designed for cybersecurity. The Yak ...)
+ TODO: check
+CVE-2023-40020 (PrivateUploader is an open source image hosting server written in Vue ...)
+ TODO: check
+CVE-2023-3721 (The WP-EMail WordPress plugin before 2.69.1 does not sanitise and esca ...)
+ TODO: check
+CVE-2023-3645 (The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 doe ...)
+ TODO: check
+CVE-2023-3601 (The Simple Author Box WordPress plugin before 2.52 does not verify a u ...)
+ TODO: check
+CVE-2023-3435 (The User Activity Log WordPress plugin before 1.6.5 does not correctly ...)
+ TODO: check
+CVE-2023-3328 (The Custom Field For WP Job Manager WordPress plugin before 1.2 does n ...)
+ TODO: check
+CVE-2023-3160 (The vulnerability potentially allows an attacker to misuse ESET\u2019s ...)
+ TODO: check
+CVE-2023-39908 (The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not proper ...)
+ TODO: check
+CVE-2023-39293 (A Command Injection vulnerability has been identified in the MiVoice O ...)
+ TODO: check
+CVE-2023-39292 (A SQL Injection vulnerability has been identified in the MiVoice Offic ...)
+ TODO: check
+CVE-2023-38741 (IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a d ...)
+ TODO: check
+CVE-2023-38721 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...)
+ TODO: check
+CVE-2023-37847 (novel-plus v3.6.2 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2023-37070 (Code Projects Hospital Information System 1.0 is vulnerable to Cross S ...)
+ TODO: check
+CVE-2023-33013 (A post-authentication command injection vulnerability in the NTP featu ...)
+ TODO: check
+CVE-2023-32748 (The Linux DVS server component of Mitel MiVoice Connect through 19.3 S ...)
+ TODO: check
+CVE-2023-2803 (The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 ...)
+ TODO: check
+CVE-2023-2802 (The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 ...)
+ TODO: check
+CVE-2023-2606 (The WP Brutal AI WordPress plugin before 2.06 does not sanitise and es ...)
+ TODO: check
+CVE-2022-4953 (The Elementor Website Builder WordPress plugin before 3.5.5 does not f ...)
+ TODO: check
CVE-2023-39950
- efibootguard <unfixed>
NOTE: https://github.com/siemens/efibootguard/commit/965d65c5751898c4bb094ef191b7387819423414 (v0.15)
@@ -3052,7 +3110,7 @@ CVE-2023-38334 (Omnis Studio 10.22.00 has incorrect access control. It advertise
NOT-FOR-US: Omnis Studio
CVE-2023-38203 (Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) ...)
NOT-FOR-US: Adobe
-CVE-2023-37728 (Icewarp Icearp v10.2.1 was discovered to contain a cross-site scriptin ...)
+CVE-2023-37728 (IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) v ...)
NOT-FOR-US: Icewarp Icearp
CVE-2023-37650 (A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS ...)
NOT-FOR-US: Cockpit CMS
@@ -3233,17 +3291,21 @@ CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus
CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
NOT-FOR-US: Foxit
CVE-2023-3347 (A vulnerability was found in Samba's SMB2 packet signing mechanism. Th ...)
+ {DSA-5477-1}
- samba 2:4.18.5+dfsg-1
[bullseye] - samba <not-affected> (Vulnerable code not present)
[buster] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2023-3347.html
CVE-2023-34968 (A path disclosure vulnerability was found in Samba. As part of the Spo ...)
+ {DSA-5477-1}
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html
CVE-2023-34967 (A Type Confusion vulnerability was found in Samba's mdssvc RPC service ...)
+ {DSA-5477-1}
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34967.html
CVE-2023-34966 (An infinite loop vulnerability was found in Samba's mdssvc RPC service ...)
+ {DSA-5477-1}
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html
CVE-2023-3750 (A flaw was found in libvirt. The virStoragePoolObjListSearch function ...)
@@ -12520,8 +12582,8 @@ CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask v
NOT-FOR-US: Octopus Deploy
CVE-2023-31042
RESERVED
-CVE-2023-31041
- RESERVED
+CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with ker ...)
+ TODO: check
CVE-2023-31040
RESERVED
CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
@@ -13558,18 +13620,18 @@ CVE-2023-30756
RESERVED
CVE-2023-30755
RESERVED
-CVE-2023-30754
- RESERVED
+CVE-2023-30754 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly ...)
+ TODO: check
CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30752
- RESERVED
-CVE-2023-30751
- RESERVED
+CVE-2023-30752 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silv ...)
+ TODO: check
+CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iCon ...)
+ TODO: check
CVE-2023-30750
RESERVED
-CVE-2023-30749
- RESERVED
+CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihom ...)
+ TODO: check
CVE-2023-30748
RESERVED
CVE-2023-30747
@@ -14486,8 +14548,8 @@ CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
NOT-FOR-US: WordPress plugin
CVE-2023-30490
RESERVED
-CVE-2023-30489
- RESERVED
+CVE-2023-30489 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
+ TODO: check
CVE-2023-30488
RESERVED
CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPres ...)
@@ -14498,8 +14560,8 @@ CVE-2023-30485
RESERVED
CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30483
- RESERVED
+CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko L ...)
+ TODO: check
CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey G ...)
@@ -14510,12 +14572,12 @@ CVE-2023-30479
RESERVED
CVE-2023-30478
RESERVED
-CVE-2023-30477
- RESERVED
+CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essi ...)
+ TODO: check
CVE-2023-30476
RESERVED
-CVE-2023-30475
- RESERVED
+CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...)
+ TODO: check
CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultima ...)
NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow
CVE-2023-30473
@@ -15203,12 +15265,12 @@ CVE-2023-30190
RESERVED
CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via ...)
NOT-FOR-US: Prestashop
-CVE-2023-30188
- RESERVED
-CVE-2023-30187
- RESERVED
-CVE-2023-30186
- RESERVED
+CVE-2023-30188 (Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 th ...)
+ TODO: check
+CVE-2023-30187 (An out of bounds memory access vulnerability in ONLYOFFICE DocumentSer ...)
+ TODO: check
+CVE-2023-30186 (A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 t ...)
+ TODO: check
CVE-2023-30185 (CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload ...)
NOT-FOR-US: CRMEB
CVE-2023-30184 (A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 al ...)
@@ -16892,8 +16954,8 @@ CVE-2023-29469 (An issue was discovered in libxml2 before 2.10.4. When hashing e
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 (v2.10.4)
-CVE-2023-29468
- RESERVED
+CVE-2023-29468 (The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the ...)
+ TODO: check
CVE-2023-29467
RESERVED
CVE-2023-29466
@@ -18209,8 +18271,8 @@ CVE-2023-29099 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress theme
CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29097
- RESERVED
+CVE-2023-29097 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3r ...)
+ TODO: check
CVE-2023-29096
RESERVED
CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSV ...)
@@ -19407,8 +19469,8 @@ CVE-2023-28770 (The sensitive information exposure vulnerability in the CGI \u20
NOT-FOR-US: Zyxel
CVE-2023-28769 (The buffer overflow vulnerability in the library \u201clibclinkc.so\u2 ...)
NOT-FOR-US: Zyxel
-CVE-2023-28768
- RESERVED
+CVE-2023-28768 (Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80 ...)
+ TODO: check
CVE-2023-28767 (The configuration parser fails to sanitize user-controlled input in th ...)
NOT-FOR-US: Zyxel
CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All v ...)
@@ -20278,8 +20340,8 @@ CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module i
NOT-FOR-US: Qualcomm
CVE-2023-28536
RESERVED
-CVE-2023-28535
- RESERVED
+CVE-2023-28535 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Pa ...)
+ TODO: check
CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28533
@@ -20535,14 +20597,14 @@ CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994
NOTE: Related (but not strictly part of the CVE): https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f (v2.10.4)
-CVE-2023-28483
- RESERVED
-CVE-2023-28482
- RESERVED
-CVE-2023-28481
- RESERVED
-CVE-2023-28480
- RESERVED
+CVE-2023-28483 (An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query ...)
+ TODO: check
+CVE-2023-28482 (An issue was discovered in Tigergraph Enterprise 3.7.0. A single Tiger ...)
+ TODO: check
+CVE-2023-28481 (An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsec ...)
+ TODO: check
+CVE-2023-28480 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...)
+ TODO: check
CVE-2023-28479
RESERVED
CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Bu ...)
@@ -28059,8 +28121,8 @@ CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injec
NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...)
NOT-FOR-US: Siemens
-CVE-2023-0872
- RESERVED
+CVE-2023-0872 (The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0 ...)
+ TODO: check
CVE-2023-0871 (XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and ver ...)
NOT-FOR-US: OpenMNS
CVE-2023-0870 (A form can be manipulated with cross-site request forgery in multiple ...)
@@ -48443,7 +48505,7 @@ CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a p
NOT-FOR-US: WordPress plugin
CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw happens in De ...)
NOT-FOR-US: Quarkus
-CVE-2022-4115 (The Editorial Calendar WordPress plugin through 3.7.12 does not saniti ...)
+CVE-2022-4115 (The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-XXXX [rust-atty: Potential unaligned read]
- rust-atty <not-affected> (Windows-specific)
@@ -84011,6 +84073,7 @@ CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
CVE-2022-2128 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
NOT-FOR-US: Trudesk
CVE-2022-2127 (An out-of-bounds read vulnerability was found in Samba due to insuffic ...)
+ {DSA-5477-1}
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2022-2127.html
CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
@@ -188450,11 +188513,13 @@ CVE-2020-36026
CVE-2020-36025
RESERVED
CVE-2020-36024 (An issue was discovered in freedesktop poppler version 20.12.1, allows ...)
+ {DLA-3528-1}
- poppler 22.08.0-2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/748
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/3cc28b66132e66ed2dfe13a9a285ac41ac7267d5 (poppler-21.01.0)
CVE-2020-36023 (An issue was discovered in freedesktop poppler version 20.12.1, allows ...)
+ {DLA-3528-1}
- poppler 22.08.0-2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/744
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b5c8e7516d1232c7d0d10a3884823b44ac1b6fd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b5c8e7516d1232c7d0d10a3884823b44ac1b6fd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230814/d589ee7c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list