[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 11 09:12:26 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
018babcf by security tracker role at 2023-07-11T08:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated ...)
+ TODO: check
+CVE-2023-3607 (A vulnerability was found in kodbox 1.26. It has been declared as crit ...)
+ TODO: check
+CVE-2023-3606 (A vulnerability was found in TamronOS up to 20230703. It has been clas ...)
+ TODO: check
+CVE-2023-37191 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...)
+ TODO: check
+CVE-2023-37190 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...)
+ TODO: check
+CVE-2023-37189 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...)
+ TODO: check
+CVE-2023-36925 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an una ...)
+ TODO: check
+CVE-2023-36924 (While using a specific function, SAP ERP Defense Forces and Public Sec ...)
+ TODO: check
+CVE-2023-36922 (Due to programming error in function module or report, SAP NetWeaver A ...)
+ TODO: check
+CVE-2023-36921 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an att ...)
+ TODO: check
+CVE-2023-36919 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
+ TODO: check
+CVE-2023-36918 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
+ TODO: check
+CVE-2023-36917 (SAP BusinessObjects Business Intelligence Platform - version 420, 430, ...)
+ TODO: check
+CVE-2023-36517 (Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abs ...)
+ TODO: check
+CVE-2023-35874 (SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL ...)
+ TODO: check
+CVE-2023-35873 (TheRuntime Workbench (RWB) of SAP NetWeaver Process Integration- versi ...)
+ TODO: check
+CVE-2023-35872 (TheMessage Display Tool (MDT) of SAP NetWeaver Process Integration- ve ...)
+ TODO: check
+CVE-2023-35871 (The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP ...)
+ TODO: check
+CVE-2023-35870 (When creating a journal entry template in SAP S/4HANA (Manage Journal ...)
+ TODO: check
+CVE-2023-35781 (Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin ...)
+ TODO: check
+CVE-2023-35774 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...)
+ TODO: check
+CVE-2023-33992 (The SAP BW BICS communication layer in SAP Business Warehouse and SAP ...)
+ TODO: check
+CVE-2023-33990 (SAP SQL Anywhere- version 17.0, allows an attacker to prevent legitima ...)
+ TODO: check
+CVE-2023-33989 (An attacker with non-administrative authorizations in SAP NetWeaver (B ...)
+ TODO: check
+CVE-2023-33988 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
+ TODO: check
+CVE-2023-33987 (An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7 ...)
+ TODO: check
+CVE-2023-31405 (SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, ...)
+ TODO: check
CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...)
NOT-FOR-US: PHPGurukul Online Shopping Portal
CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...)
@@ -631,7 +685,7 @@ CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs sh
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212
CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ...)
- {DSA-5451-1 DSA-5450-1 DLA-3484-1}
+ {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird 1:102.13.0-1
@@ -645,7 +699,7 @@ CVE-2023-37209 (A use-after-free condition existed in `NotifyOnHistoryReload` wh
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209
CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that these f ...)
- {DSA-5451-1 DSA-5450-1 DLA-3484-1}
+ {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird 1:102.13.0-1
@@ -653,7 +707,7 @@ CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that t
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208
CVE-2023-37207 (A website could have obscured the fullscreen notification by using a U ...)
- {DSA-5451-1 DSA-5450-1 DLA-3484-1}
+ {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird 1:102.13.0-1
@@ -673,7 +727,7 @@ CVE-2023-37203 (Insufficient validation in the Drag and Drop API in conjunction
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203
CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have caused ...)
- {DSA-5451-1 DSA-5450-1 DLA-3484-1}
+ {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird 1:102.13.0-1
@@ -681,7 +735,7 @@ CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202
CVE-2023-37201 (An attacker could have triggered a use-after-free condition when creat ...)
- {DSA-5451-1 DSA-5450-1 DLA-3484-1}
+ {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird 1:102.13.0-1
@@ -7681,22 +7735,22 @@ CVE-2023-30965
RESERVED
CVE-2023-30964
RESERVED
-CVE-2023-30963
- RESERVED
+CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabled use ...)
+ TODO: check
CVE-2023-30962
RESERVED
CVE-2023-30961
RESERVED
-CVE-2023-30960
- RESERVED
+CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...)
+ TODO: check
CVE-2023-30959
RESERVED
CVE-2023-30958
RESERVED
CVE-2023-30957
RESERVED
-CVE-2023-30956
- RESERVED
+CVE-2023-30956 (A security defect was identified in Foundry Comments that enabled a us ...)
+ TODO: check
CVE-2023-30955 (A security defect was identified in Foundry workspace-server that enab ...)
NOT-FOR-US: Palantir
CVE-2023-30954
@@ -8516,10 +8570,10 @@ CVE-2023-2081
RESERVED
CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Forcepoint
-CVE-2023-2079
- RESERVED
-CVE-2023-2078
- RESERVED
+CVE-2023-2079 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...)
+ TODO: check
+CVE-2023-2078 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...)
+ TODO: check
CVE-2021-46880 (x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 er ...)
- libressl <itp> (bug #754513)
CVE-2023-30772 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...)
@@ -11873,8 +11927,8 @@ CVE-2023-22313
RESERVED
CVE-2023-22310
RESERVED
-CVE-2023-1936
- RESERVED
+CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2023-1935
RESERVED
CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is afflicted by ...)
@@ -22270,6 +22324,7 @@ CVE-2023-26138 (All versions of the package drogonframework/drogon are vulnerabl
CVE-2023-26137 (All versions of the package drogonframework/drogon are vulnerable to H ...)
NOT-FOR-US: Drogon
CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...)
+ {DLA-3488-1}
- node-tough-cookie 4.1.3+~4.0.2-1
[bookworm] - node-tough-cookie <no-dsa> (Minor issue)
[bullseye] - node-tough-cookie <no-dsa> (Minor issue)
@@ -24606,8 +24661,8 @@ CVE-2023-25489
RESERVED
CVE-2023-25488
RESERVED
-CVE-2023-25487
- RESERVED
+CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
+ TODO: check
CVE-2023-25486
RESERVED
CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...)
@@ -24644,8 +24699,8 @@ CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobo
NOT-FOR-US: WordPress plugin
CVE-2023-25469
RESERVED
-CVE-2023-25468
- RESERVED
+CVE-2023-25468 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio ...)
+ TODO: check
CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25466
@@ -25672,8 +25727,8 @@ CVE-2023-25053
RESERVED
CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tepl ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25051
- RESERVED
+CVE-2023-25051 (Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Re ...)
+ TODO: check
CVE-2023-25050
RESERVED
CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impl ...)
@@ -27510,16 +27565,16 @@ CVE-2023-24492
RESERVED
CVE-2023-24491
RESERVED
-CVE-2023-24490
- RESERVED
-CVE-2023-24489
- RESERVED
-CVE-2023-24488
- RESERVED
-CVE-2023-24487
- RESERVED
-CVE-2023-24486
- RESERVED
+CVE-2023-24490 (Users with only access to launch VDA applications can launch an unauth ...)
+ TODO: check
+CVE-2023-24489 (A vulnerability has been discovered in the customer-managed ShareFile ...)
+ TODO: check
+CVE-2023-24488 (Cross site scripting vulnerabilityin Citrix ADC and Citrix Gatewayin a ...)
+ TODO: check
+CVE-2023-24487 (Arbitrary file readin Citrix ADC and Citrix Gateway)
+ TODO: check
+CVE-2023-24486 (A vulnerability has been identified in Citrix Workspace app for Linux ...)
+ TODO: check
CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow a stand ...)
NOT-FOR-US: Citrix
CVE-2023-24484 (A malicious user can cause log files to be written to a directory that ...)
@@ -27744,8 +27799,8 @@ CVE-2023-24423 (A cross-site request forgery (CSRF) vulnerability in Jenkins Ger
NOT-FOR-US: Jenkins plugin
CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jenkins S ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-24421
- RESERVED
+CVE-2023-24421 (Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compa ...)
+ TODO: check
CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...)
@@ -28755,8 +28810,8 @@ CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23997
- RESERVED
+CVE-2023-23997 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database ...)
+ TODO: check
CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prof ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...)
@@ -29311,8 +29366,8 @@ CVE-2023-23805
RESERVED
CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed p ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23803
- RESERVED
+CVE-2023-23803 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTable ...)
+ TODO: check
CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Si ...)
@@ -29333,10 +29388,10 @@ CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23792
- RESERVED
-CVE-2023-23791
- RESERVED
+CVE-2023-23792 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly ...)
+ TODO: check
+CVE-2023-23791 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu p ...)
+ TODO: check
CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prem ...)
@@ -29611,8 +29666,8 @@ CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23731
- RESERVED
+CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite ...)
+ TODO: check
CVE-2023-23730
RESERVED
CVE-2023-23729
@@ -29665,8 +29720,8 @@ CVE-2023-23706 (Cross-Site Request Forgery (CSRF) vulnerability in miniOrange Wo
NOT-FOR-US: WordPress plugin
CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23704
- RESERVED
+CVE-2023-23704 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...)
+ TODO: check
CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23702
@@ -32732,8 +32787,8 @@ CVE-2023-22837
RESERVED
CVE-2023-22836
RESERVED
-CVE-2023-22835
- RESERVED
+CVE-2023-22835 (A security defect was identified that enabled a user of Foundry Issues ...)
+ TODO: check
CVE-2023-22834 (The Contour Service was not checking that users had permission to crea ...)
NOT-FOR-US: Palantir
CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...)
@@ -35388,6 +35443,7 @@ CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug
CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...)
NOT-FOR-US: MISP
CVE-2022-47927 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
+ {DLA-3489-1}
- mediawiki 1:1.39.1-1
[bullseye] - mediawiki 1:1.35.11-1~deb11u1
NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/
@@ -38136,7 +38192,7 @@ CVE-2022-4507 (The Real Cookie Banner WordPress plugin before 3.4.10 does not va
NOT-FOR-US: WordPress plugin
CVE-2022-4506 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...)
NOT-FOR-US: OpenEMR
-CVE-2022-4505 (Improper Access Control in GitHub repository openemr/openemr prior to ...)
+CVE-2022-4505 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: OpenEMR
CVE-2022-4504 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
NOT-FOR-US: OpenEMR
@@ -43044,8 +43100,8 @@ CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iT
NOT-FOR-US: WordPress plugin
CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability inAdvanced Booking Cal ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45823
- RESERVED
+CVE-2022-45823 (Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Vide ...)
+ TODO: check
CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calenda ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45821
@@ -69510,7 +69566,7 @@ CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not s
NOT-FOR-US: WordPress plugin
CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...)
+CVE-2022-2598 (Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0 ...)
{DLA-3182-1}
- vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
@@ -69518,7 +69574,7 @@ CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim
NOTE: Crash in CLI tool, no security impact
CVE-2022-2597 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin befor ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prior to ...)
+CVE-2022-2596 (Inefficient Regular Expression Complexity in GitHub repository node-fe ...)
- node-fetch <not-affected> (Vulnerable code not present)
NOTE: https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7/
NOTE: Introduced in: https://github.com/node-fetch/node-fetch/commit/2d80b0bb3fb746ff77cfe604f21ef9e47352ece0 (v3.1.0)
@@ -103826,7 +103882,7 @@ CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
NOTE: https://kb.isc.org/docs/cve-2022-0635
-CVE-2022-0634 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3 ...)
+CVE-2022-0634 (The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorizati ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/018babcf96b89a0fc5de5462f9c2c714deb3cd23
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/018babcf96b89a0fc5de5462f9c2c714deb3cd23
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230711/06111f6b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list