[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 19 08:12:25 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3a12766e by security tracker role at 2023-12-19T08:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,82 @@
-CVE-2023-6927
+CVE-2023-6940 (with only one user interaction(download a malicious config), attackers ...)
+ TODO: check
+CVE-2023-6488 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+ TODO: check
+CVE-2023-6355 (Incorrect selection of fuse values in the Controller 7000 platform all ...)
+ TODO: check
+CVE-2023-6315 (Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all p ...)
+ TODO: check
+CVE-2023-6314 (Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previ ...)
+ TODO: check
+CVE-2023-5432 (The Jquery news ticker plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2023-5413 (The Image horizontal reel scroll slideshow plugin for WordPress is vul ...)
+ TODO: check
+CVE-2023-49821 (Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat \ ...)
+ TODO: check
+CVE-2023-49819 (Deserialization of Untrusted Data vulnerability in Gordon B\xf6hme, An ...)
+ TODO: check
+CVE-2023-49763 (Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSp ...)
+ TODO: check
+CVE-2023-49761 (Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Prod ...)
+ TODO: check
+CVE-2023-49760 (Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas ...)
+ TODO: check
+CVE-2023-49759 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDi ...)
+ TODO: check
+CVE-2023-49163 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...)
+ TODO: check
+CVE-2023-49155 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button ...)
+ TODO: check
+CVE-2023-49153 (Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to ...)
+ TODO: check
+CVE-2023-49148 (Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affili ...)
+ TODO: check
+CVE-2023-48781 (Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkR ...)
+ TODO: check
+CVE-2023-48778 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product ...)
+ TODO: check
+CVE-2023-48773 (Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommer ...)
+ TODO: check
+CVE-2023-48772 (Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Preve ...)
+ TODO: check
+CVE-2023-48769 (Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bub ...)
+ TODO: check
+CVE-2023-48768 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team ...)
+ TODO: check
+CVE-2023-48751 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2023-47754 (Missing Authorization vulnerability in Clever plugins Delete Duplicate ...)
+ TODO: check
+CVE-2023-47558 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-47530 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-47506 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-46686 (A reliance on untrusted inputs in a security decision could be exploit ...)
+ TODO: check
+CVE-2023-46212 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2023-46154 (Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf \u2 ...)
+ TODO: check
+CVE-2023-44982 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-42015 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, ...)
+ TODO: check
+CVE-2023-41967 (Sensitive information uncleared after debug/power state transition in ...)
+ TODO: check
+CVE-2023-40691 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...)
+ TODO: check
+CVE-2023-34168 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-33331 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2019-25157 (A vulnerability was found in Ethex Contracts. It has been classified a ...)
+ TODO: check
+CVE-2014-125107 (A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified a ...)
+ TODO: check
+CVE-2023-6927 (A flaw was found in Keycloak. This issue may allow an attacker to stea ...)
NOT-FOR-US: Keycloak
CVE-2023-6920
REJECTED
@@ -2639,6 +2717,7 @@ CVE-2023-34439 (Pleasanter 1.3.47.0 and earlier contains a stored cross-site scr
CVE-2023-32268 (Exposure of Proxy Administrator Credentials An authenticated administ ...)
NOT-FOR-US: Microfocus
CVE-2023-46218 (This flaw allows a malicious HTTP server to set "super cookies" in cur ...)
+ {DLA-3692-1}
- curl 8.5.0-1 (bug #1057646)
NOTE: Introduced by: https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465 (curl-7_46_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb (curl-8_5_0)
@@ -4719,7 +4798,7 @@ CVE-2023-6008 (The UserPro plugin for WordPress is vulnerable to Cross-Site Requ
NOT-FOR-US: WordPress plugin
CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-6918
+CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for message d ...)
- libssh <unfixed>
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd (libssh-0.10.6)
NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/63ff242131c8e6d98917456f71f6d33b9ef3a763 (libssh-0.10.6)
@@ -42185,6 +42264,7 @@ CVE-2023-28324 (A improper input validation vulnerability exists in Ivanti Endpo
CVE-2023-28323 (A deserialization of untrusted data exists in EPM 2022 Su3 and all pri ...)
NOT-FOR-US: Ivanti
CVE-2023-28322 (An information disclosure vulnerability exists in curl <v8.1.0 when do ...)
+ {DLA-3692-1}
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl 7.74.0-1.3+deb11u9
NOTE: https://curl.se/docs/CVE-2023-28322.html
@@ -51594,20 +51674,20 @@ CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devic
NOT-FOR-US: NOKIA
CVE-2023-25074 (Improper privilege validation in Command Centre Server allows authenti ...)
NOT-FOR-US: Gallagher
-CVE-2023-24590
- RESERVED
+CVE-2023-24590 (A format string issue in the Controller 6000's optional diagnostic web ...)
+ TODO: check
CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller ...)
NOT-FOR-US: Gallagher
-CVE-2023-23584
- RESERVED
-CVE-2023-23576
- RESERVED
-CVE-2023-23570
- RESERVED
+CVE-2023-23584 (An observable response discrepancy in the Gallagher Command Centre RES ...)
+ TODO: check
+CVE-2023-23576 (Incorrect behavior order in the Command Centre Server could allow priv ...)
+ TODO: check
+CVE-2023-23570 (Client-Side enforcement of Server-Side security for the Command Centre ...)
+ TODO: check
CVE-2023-23568 (Improper privilege validation in Command Centre Server allows authenti ...)
NOT-FOR-US: Gallagher
-CVE-2023-22439
- RESERVED
+CVE-2023-22439 (Improper input validation of a large HTTP request in the Controller 60 ...)
+ TODO: check
CVE-2023-22428 (Improper privilege validation in Command Centre Server allows authenti ...)
NOT-FOR-US: Gallagher
CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server allows an a ...)
@@ -69538,8 +69618,8 @@ CVE-2022-45811
RESERVED
CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45809
- RESERVED
+CVE-2022-45809 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ric ...)
+ TODO: check
CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS Plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45807 (Cross-Site Request Forgery (CSRF) inWPVibes WP Mail Log plugin <= 1.0. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a12766e5176b5ecb4daedaf297c16f2ddb96d90
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a12766e5176b5ecb4daedaf297c16f2ddb96d90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/06dc62fa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list