[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 6 21:12:53 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c34e6f90 by security tracker role at 2023-07-06T20:12:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2023-3531 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
+ TODO: check
+CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem Dyna ...)
+ TODO: check
+CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated ...)
+ TODO: check
+CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.)
+ TODO: check
+CVE-2023-3456 (Vulnerability of kernel raw address leakage in the hang detector modu ...)
+ TODO: check
+CVE-2023-37454 (An issue was discovered in the Linux kernel through 6.4.2. A crafted U ...)
+ TODO: check
+CVE-2023-37453 (An issue was discovered in the USB subsystem in the Linux kernel throu ...)
+ TODO: check
+CVE-2023-37260 (league/oauth2-server is an implementation of an OAuth 2.0 authorizatio ...)
+ TODO: check
+CVE-2023-37245 (Buffer overflow vulnerability in the modem pinctrl module. Successful ...)
+ TODO: check
+CVE-2023-37242 (Vulnerability of commands from the modem being intercepted in the atcm ...)
+ TODO: check
+CVE-2023-37241 (Input verification vulnerability in the WMS API. Successful exploitati ...)
+ TODO: check
+CVE-2023-37240 (Vulnerability of missing input length verification in the distributed ...)
+ TODO: check
+CVE-2023-37239 (Format string vulnerability in the distributed file system. Attackers ...)
+ TODO: check
+CVE-2023-37238 (Vulnerability of apps' permission to access a certain API being incomp ...)
+ TODO: check
+CVE-2023-37136 (A stored cross-site scripting (XSS) vulnerability in the Basic Website ...)
+ TODO: check
+CVE-2023-37135 (A stored cross-site scripting (XSS) vulnerability in the Image Upload ...)
+ TODO: check
+CVE-2023-37134 (A stored cross-site scripting (XSS) vulnerability in the Basic Informa ...)
+ TODO: check
+CVE-2023-37133 (A stored cross-site scripting (XSS) vulnerability in the Column manage ...)
+ TODO: check
+CVE-2023-37132 (A stored cross-site scripting (XSS) vulnerability in the custom variab ...)
+ TODO: check
+CVE-2023-37131 (A Cross-Site Request Forgery (CSRF) in the component /public/admin/pro ...)
+ TODO: check
+CVE-2023-37125 (A stored cross-site scripting (XSS) vulnerability in the Management Cu ...)
+ TODO: check
+CVE-2023-37124 (A stored cross-site scripting (XSS) vulnerability in the Site Setup mo ...)
+ TODO: check
+CVE-2023-37122 (A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 al ...)
+ TODO: check
+CVE-2023-36995 (TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the stati ...)
+ TODO: check
+CVE-2023-36970 (A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 ...)
+ TODO: check
+CVE-2023-36969 (CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via ...)
+ TODO: check
+CVE-2023-36968 (A SQL Injection vulnerability detected in Food Ordering System v1.0 al ...)
+ TODO: check
+CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environments wher ...)
+ TODO: check
+CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...)
+ TODO: check
+CVE-2023-36462 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2023-36461 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2023-36460 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2023-36459 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2023-36456 (authentik is an open-source Identity Provider. Prior to versions 2023. ...)
+ TODO: check
+CVE-2023-36189 (SQL injection vulnerability in langchain v.0.0.64 allows a remote atta ...)
+ TODO: check
+CVE-2023-36188 (An issue in langchain v.0.0.64 allows a remote attacker to execute arb ...)
+ TODO: check
+CVE-2023-35948 (Novu provides an API for sending notifications through multiple channe ...)
+ TODO: check
+CVE-2023-35937 (Metersphere is an open source continuous testing platform. In versions ...)
+ TODO: check
+CVE-2023-35934 (yt-dlp is a command-line program to download videos from video sites. ...)
+ TODO: check
+CVE-2023-34193 (File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated ...)
+ TODO: check
+CVE-2023-34192 (Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a rem ...)
+ TODO: check
+CVE-2023-34164 (Vulnerability of incomplete input parameter verification in the commun ...)
+ TODO: check
+CVE-2022-48520 (Unauthorized access vulnerability in the SystemUI module. Successful e ...)
+ TODO: check
+CVE-2022-48519 (Unauthorized access vulnerability in the SystemUI module. Successful e ...)
+ TODO: check
+CVE-2022-48518 (Vulnerability of signature verification in the iaware system being ini ...)
+ TODO: check
+CVE-2022-48517 (Unauthorized service access vulnerability in the DSoftBus module. Succ ...)
+ TODO: check
+CVE-2022-48516 (Vulnerability that a unique value can be obtained by a third-party app ...)
+ TODO: check
+CVE-2022-48515 (Vulnerability of inappropriate permission control in Nearby. Successfu ...)
+ TODO: check
+CVE-2022-48514 (The Sepolicy module has inappropriate permission control on the use of ...)
+ TODO: check
+CVE-2022-48513 (Vulnerability of identity verification being bypassed in the Gallery m ...)
+ TODO: check
+CVE-2022-48512 (Use After Free (UAF) vulnerability in the Vdecoderservice service. Suc ...)
+ TODO: check
+CVE-2022-48511 (Use After Free (UAF) vulnerability in the audio PCM driver module unde ...)
+ TODO: check
+CVE-2022-48510 (Input verification vulnerability in the AMS module. Successful exploit ...)
+ TODO: check
+CVE-2022-48509 (Race condition vulnerability due to multi-thread access to mutually ex ...)
+ TODO: check
+CVE-2022-48508 (Inappropriate authorization vulnerability in the system apps. Successf ...)
+ TODO: check
+CVE-2022-48507 (Vulnerability of identity verification being bypassed in the storage m ...)
+ TODO: check
+CVE-2021-46896 (Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cau ...)
+ TODO: check
+CVE-2021-46894 (Use After Free (UAF) vulnerability in the uinput module.Successful exp ...)
+ TODO: check
+CVE-2021-46892 (Encryption bypass vulnerability in Maintenance mode. Successful exploi ...)
+ TODO: check
CVE-2023-32258
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
@@ -9395,22 +9513,22 @@ CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN Client
NOT-FOR-US: Mailbutler GmbH Shimo VPN Client
CVE-2023-30327
RESERVED
-CVE-2023-30326
- RESERVED
-CVE-2023-30325
- RESERVED
+CVE-2023-30326 (Cross Site Scripting (XSS) vulnerability in username field in /WebCont ...)
+ TODO: check
+CVE-2023-30325 (SQL Injection vulnerability in textMessage parameter in /src/chatbotap ...)
+ TODO: check
CVE-2023-30324
RESERVED
-CVE-2023-30323
- RESERVED
-CVE-2023-30322
- RESERVED
-CVE-2023-30321
- RESERVED
-CVE-2023-30320
- RESERVED
-CVE-2023-30319
- RESERVED
+CVE-2023-30323 (SQL Injection vulnerability in username field in /src/chatbotapp/chatW ...)
+ TODO: check
+CVE-2023-30322 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...)
+ TODO: check
+CVE-2023-30321 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...)
+ TODO: check
+CVE-2023-30320 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...)
+ TODO: check
+CVE-2023-30319 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...)
+ TODO: check
CVE-2023-30318
RESERVED
CVE-2023-30317
@@ -9661,8 +9779,8 @@ CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinvento
NOT-FOR-US: Prestashop
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...)
NOT-FOR-US: Prestashop
-CVE-2023-30195
- RESERVED
+CVE-2023-30195 (In the module "Detailed Order" (lgdetailedorder) in version up to 1.1. ...)
+ TODO: check
CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...)
NOT-FOR-US: Prestashop
CVE-2023-30193
@@ -11840,10 +11958,10 @@ CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into
NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
NOTE: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
-CVE-2023-29382
- RESERVED
-CVE-2023-29381
- RESERVED
+CVE-2023-29382 (An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an atta ...)
+ TODO: check
+CVE-2023-29381 (An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a rem ...)
+ TODO: check
CVE-2023-29380 (Warpinator before 1.6.0 allows remote file deletion via directory trav ...)
NOT-FOR-US: Warpinator
CVE-2023-29379
@@ -13107,16 +13225,16 @@ CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the Packe
NOT-FOR-US: Juniper
CVE-2023-1696 (The multimedia video module has a vulnerability in data processing.Suc ...)
NOT-FOR-US: Huawei
-CVE-2023-1695
- RESERVED
+CVE-2023-1695 (Vulnerability of failures to capture exceptions in the communication f ...)
+ TODO: check
CVE-2023-1694 (The Settings module has the file privilege escalation vulnerability.Su ...)
NOT-FOR-US: Huawei
CVE-2023-1693 (The Settings module has the file privilege escalation vulnerability.Su ...)
NOT-FOR-US: Huawei
CVE-2023-1692 (The window management module lacks permission verification.Successful ...)
NOT-FOR-US: Huawei
-CVE-2023-1691
- RESERVED
+CVE-2023-1691 (Vulnerability of failures to capture exceptions in the communication f ...)
+ TODO: check
CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and ...)
- ffmpeg 7:5.1.2-1
[bullseye] - ffmpeg <postponed> (Wait until it lands in 4.3.x)
@@ -16620,8 +16738,8 @@ CVE-2023-1300 (A vulnerability classified as critical was found in SourceCodeste
CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to es ...)
- nomad <not-affected> (Vulnerable code not present; Introduced in 1.5.0)
NOTE: https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389
-CVE-2023-1298
- RESERVED
+CVE-2023-1298 (ServiceNow has released upgrades and patches that address a Reflected ...)
+ TODO: check
CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability exists ...)
NOT-FOR-US: Schneider
CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability exists that c ...)
@@ -23712,10 +23830,10 @@ CVE-2023-25585
RESERVED
CVE-2023-25584
RESERVED
-CVE-2023-25583
- RESERVED
-CVE-2023-25582
- RESERVED
+CVE-2023-25583 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...)
+ TODO: check
+CVE-2023-25582 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...)
+ TODO: check
CVE-2023-25581
RESERVED
CVE-2023-25580
@@ -24021,8 +24139,8 @@ CVE-2023-25500 (Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.
NOT-FOR-US: Vaadin
CVE-2023-25499 (When adding non-visible components to the UI in server side, content i ...)
NOT-FOR-US: Vaadin
-CVE-2023-24019
- RESERVED
+CVE-2023-24019 (A stack-based buffer overflow vulnerability exists in the urvpn_client ...)
+ TODO: check
CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...)
{DSA-5345-1}
- chromium 110.0.5481.77-1
@@ -25007,100 +25125,100 @@ CVE-2023-25126
REJECTED
CVE-2023-25125
REJECTED
-CVE-2023-25124
- RESERVED
-CVE-2023-25123
- RESERVED
-CVE-2023-25122
- RESERVED
-CVE-2023-25121
- RESERVED
-CVE-2023-25120
- RESERVED
-CVE-2023-25119
- RESERVED
-CVE-2023-25118
- RESERVED
-CVE-2023-25117
- RESERVED
-CVE-2023-25116
- RESERVED
-CVE-2023-25115
- RESERVED
-CVE-2023-25114
- RESERVED
-CVE-2023-25113
- RESERVED
-CVE-2023-25112
- RESERVED
-CVE-2023-25111
- RESERVED
-CVE-2023-25110
- RESERVED
-CVE-2023-25109
- RESERVED
-CVE-2023-25108
- RESERVED
-CVE-2023-25107
- RESERVED
-CVE-2023-25106
- RESERVED
-CVE-2023-25105
- RESERVED
-CVE-2023-25104
- RESERVED
-CVE-2023-25103
- RESERVED
-CVE-2023-25102
- RESERVED
-CVE-2023-25101
- RESERVED
-CVE-2023-25100
- RESERVED
-CVE-2023-25099
- RESERVED
-CVE-2023-25098
- RESERVED
-CVE-2023-25097
- RESERVED
-CVE-2023-25096
- RESERVED
-CVE-2023-25095
- RESERVED
-CVE-2023-25094
- RESERVED
-CVE-2023-25093
- RESERVED
-CVE-2023-25092
- RESERVED
-CVE-2023-25091
- RESERVED
-CVE-2023-25090
- RESERVED
-CVE-2023-25089
- RESERVED
-CVE-2023-25088
- RESERVED
-CVE-2023-25087
- RESERVED
-CVE-2023-25086
- RESERVED
-CVE-2023-25085
- RESERVED
-CVE-2023-25084
- RESERVED
-CVE-2023-25083
- RESERVED
-CVE-2023-25082
- RESERVED
-CVE-2023-25081
- RESERVED
+CVE-2023-25124 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25123 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25122 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25121 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25120 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25119 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25118 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25117 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25116 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25115 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25114 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25113 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25112 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25111 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25110 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25109 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25108 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25107 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25106 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25105 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25104 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25103 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25102 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25101 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25100 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25099 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25098 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25097 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25096 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25095 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25094 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25093 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25092 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25091 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25090 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25089 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25088 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25087 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25086 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25085 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25084 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25083 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25082 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
+CVE-2023-25081 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...)
+ TODO: check
CVE-2023-25069 (TXOne StellarOne has an improper access control privilege escalation v ...)
NOT-FOR-US: TXOne StellarOne
-CVE-2023-24018
- RESERVED
-CVE-2023-22653
- RESERVED
+CVE-2023-24018 (A stack-based buffer overflow vulnerability exists in the libzebra.so. ...)
+ TODO: check
+CVE-2023-22653 (An OS command injection vulnerability exists in the vtysh_ubus tcpdump ...)
+ TODO: check
CVE-2023-0658 (A vulnerability, which was classified as critical, was found in Multil ...)
NOT-FOR-US: Multilaser RE057 and RE170
CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnames in ...)
@@ -26501,18 +26619,18 @@ CVE-2022-48283 (A piece of Huawei whole-home intelligence software has an Incorr
NOT-FOR-US: Huawei
CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and class ...)
NOT-FOR-US: NYUCCL psiTurk
-CVE-2023-24595
- RESERVED
-CVE-2023-24583
- RESERVED
-CVE-2023-24582
- RESERVED
+CVE-2023-24595 (An OS command injection vulnerability exists in the ys_thirdparty syst ...)
+ TODO: check
+CVE-2023-24583 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...)
+ TODO: check
+CVE-2023-24582 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...)
+ TODO: check
CVE-2023-24581 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
NOT-FOR-US: Siemens
-CVE-2023-22365
- RESERVED
-CVE-2023-22299
- RESERVED
+CVE-2023-22365 (An OS command injection vulnerability exists in the ys_thirdparty chec ...)
+ TODO: check
+CVE-2023-22299 (An OS command injection vulnerability exists in the vtysh_ubus _get_fw ...)
+ TODO: check
CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: YAFNET
CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and ...)
@@ -26859,10 +26977,10 @@ CVE-2023-24522 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (B
NOT-FOR-US: SAP
CVE-2023-24521 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Fra ...)
NOT-FOR-US: SAP
-CVE-2023-24520
- RESERVED
-CVE-2023-24519
- RESERVED
+CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...)
+ TODO: check
+CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...)
+ TODO: check
CVE-2023-24518
RESERVED
CVE-2023-24517
@@ -26873,8 +26991,8 @@ CVE-2023-24515
RESERVED
CVE-2023-24514
RESERVED
-CVE-2023-23546
- RESERVED
+CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client functional ...)
+ TODO: check
CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
CVE-2023-0506
@@ -26941,10 +27059,10 @@ CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's de
NOT-FOR-US: Butterfly Button plugin
CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...)
NOT-FOR-US: Netgear
-CVE-2023-24497
- RESERVED
-CVE-2023-24496
- RESERVED
+CVE-2023-24497 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...)
+ TODO: check
+CVE-2023-24496 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...)
+ TODO: check
CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...)
@@ -27142,8 +27260,8 @@ CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vu
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-22389 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwo ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
-CVE-2023-22371
- RESERVED
+CVE-2023-22371 (An os command injection vulnerability exists in the liburvpn.so create ...)
+ TODO: check
CVE-2023-22315 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a propri ...)
NOT-FOR-US: Snap One Wattbox WB-300-IP-3
CVE-2023-0456
@@ -28298,22 +28416,22 @@ CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23970
RESERVED
-CVE-2023-23907
- RESERVED
-CVE-2023-23902
- RESERVED
-CVE-2023-23571
- RESERVED
-CVE-2023-23547
- RESERVED
-CVE-2023-22844
- RESERVED
-CVE-2023-22659
- RESERVED
-CVE-2023-22319
- RESERVED
-CVE-2023-22306
- RESERVED
+CVE-2023-23907 (A directory traversal vulnerability exists in the server.js start func ...)
+ TODO: check
+CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login functionali ...)
+ TODO: check
+CVE-2023-23571 (An access violation vulnerability exists in the eventcore functionalit ...)
+ TODO: check
+CVE-2023-23547 (A directory traversal vulnerability exists in the luci2-io file-export ...)
+ TODO: check
+CVE-2023-22844 (An authentication bypass vulnerability exists in the requestHandlers.j ...)
+ TODO: check
+CVE-2023-22659 (An os command injection vulnerability exists in the libzebra.so change ...)
+ TODO: check
+CVE-2023-22319 (A sql injection vulnerability exists in the requestHandlers.js LoginAu ...)
+ TODO: check
+CVE-2023-22306 (An OS command injection vulnerability exists in the libzebra.so bridge ...)
+ TODO: check
CVE-2023-0430 (Certificate OCSP revocation status was not checked when verifying S/Mi ...)
{DSA-5355-1 DLA-3324-1}
- thunderbird 1:102.7.1+1-1
@@ -28626,8 +28744,8 @@ CVE-2023-23862 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23550
- RESERVED
+CVE-2023-23550 (An OS command injection vulnerability exists in the ys_thirdparty user ...)
+ TODO: check
CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-0405 (The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooComm ...)
@@ -211375,7 +211493,7 @@ CVE-2020-22405
RESERVED
CVE-2020-22404
RESERVED
-CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows CSRF.)
+CVE-2020-22403 (Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.1 ...)
NOT-FOR-US: Node express-cart
CVE-2020-22402 (Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 ...)
TODO: check
@@ -211514,8 +211632,8 @@ CVE-2020-22338
RESERVED
CVE-2020-22337
RESERVED
-CVE-2020-22336
- RESERVED
+CVE-2020-22336 (An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers t ...)
+ TODO: check
CVE-2020-22335
RESERVED
CVE-2020-22334 (Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows a ...)
@@ -212607,10 +212725,10 @@ CVE-2020-21864
RESERVED
CVE-2020-21863
RESERVED
-CVE-2020-21862
- RESERVED
-CVE-2020-21861
- RESERVED
+CVE-2020-21862 (Directory traversal vulnerability in DuxCMS 2.1 allows attackers to de ...)
+ TODO: check
+CVE-2020-21861 (File upload vulnerability in DuxCMS 2.1 allows attackers to execute ar ...)
+ TODO: check
CVE-2020-21860
RESERVED
CVE-2020-21859
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c34e6f90b23bb7a5a2637d9263adebd2b643adf1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c34e6f90b23bb7a5a2637d9263adebd2b643adf1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230706/3ec63008/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list