[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 12 09:12:39 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be397440 by security tracker role at 2023-07-12T08:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2023-3525 (The Getnet Argentina para Woocommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2023-3369 (The About Me 3000 widget plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-3202 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2023-3199 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2023-3168 (The WP Reroute Email plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2023-3167 (The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-3166 (The Lana Email Logger plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2023-3158 (The Mail Control plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2023-3135 (The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2023-3127 (An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iS ...)
+ TODO: check
+CVE-2023-3122 (The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2023-3105 (The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direc ...)
+ TODO: check
+CVE-2023-3093 (The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2023-3092 (The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-3088 (The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-3087 (The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-3082 (The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-3081 (The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based SQL I ...)
+ TODO: check
+CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
+ TODO: check
+CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
+ TODO: check
+CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
+ TODO: check
+CVE-2023-37200 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...)
+ TODO: check
+CVE-2023-37199 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
+ TODO: check
+CVE-2023-37198 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
+ TODO: check
+CVE-2023-37197 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...)
+ TODO: check
+CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...)
+ TODO: check
+CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...)
+ TODO: check
+CVE-2023-32200 (There is insufficient restrictions of called script functions in Apach ...)
+ TODO: check
+CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2023-2763 (Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vul ...)
+ TODO: check
+CVE-2023-2762 (A Use-After-Free vulnerability in SLDPRT file reading procedure exists ...)
+ TODO: check
+CVE-2023-2562 (The Gallery Metabox for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2023-2561 (The Gallery Metabox for WordPress is vulnerable to unauthorized modifi ...)
+ TODO: check
+CVE-2023-2517 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
+ TODO: check
+CVE-2021-4427 (The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPres ...)
+ TODO: check
+CVE-2021-4426 (The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2021-4425 (The Defender Security plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2021-4424 (The Slider Hero plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2021-4423 (The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2021-4422 (The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2021-4421 (The Advanced Popups plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2021-4420 (The Sell Media plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2021-4419 (The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2021-4417 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...)
+ TODO: check
+CVE-2021-4416 (The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2021-4415 (The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2021-4414 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2021-4413 (The Process Steps Template Designer plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2021-4412 (The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2021-4411 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vul ...)
+ TODO: check
+CVE-2021-4410 (The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2021-4409 (The WooCommerce Etsy Integration plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2021-4408 (The DW Question & Answer plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2021-4407 (The Custom Banners plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2020-36761 (The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2020-36760 (The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2020-36757 (The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2020-36756 (The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2020-36752 (The Coming Soon & Maintenance Mode Page plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2020-36750 (The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
CVE-2023-37579
NOT-FOR-US: Apache Pulsar
CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/su ...)
@@ -9812,7 +9938,7 @@ CVE-2023-1999 (There exists a use after free/double free in libwebp. An attacker
NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f (backport; v0.4.2-rc2)
CVE-2023-1997
RESERVED
-CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R ...)
+CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPE ...)
NOT-FOR-US: 3ds
CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 and earli ...)
NOT-FOR-US: Jenkins plugin
@@ -10571,8 +10697,8 @@ CVE-2023-30228
RESERVED
CVE-2023-30227
RESERVED
-CVE-2023-30226
- RESERVED
+CVE-2023-30226 (An issue was discovered in function get_gnu_verneed in rizinorg Rizin ...)
+ TODO: check
CVE-2023-30225
RESERVED
CVE-2023-30224
@@ -28004,10 +28130,10 @@ CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tena
NOT-FOR-US: Tenable
CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to improper ...)
NOT-FOR-US: Tenable
-CVE-2023-24492
- RESERVED
-CVE-2023-24491
- RESERVED
+CVE-2023-24492 (A vulnerability has been discovered in the Citrix Secure Access client ...)
+ TODO: check
+CVE-2023-24491 (A vulnerability has been discovered in the Citrix Secure Access client ...)
+ TODO: check
CVE-2023-24490 (Users with only access to launch VDA applications can launch an unauth ...)
TODO: check
CVE-2023-24489 (A vulnerability has been discovered in the customer-managed ShareFile ...)
@@ -105394,11 +105520,13 @@ CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to
CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developments a ...)
NOT-FOR-US: Tuleap
CVE-2022-24895 (Symfony is a PHP framework for web and console applications and a set ...)
+ {DLA-3493-1}
- symfony 5.4.20+dfsg-1
[bullseye] - symfony 4.4.19+dfsg-2+deb11u2
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
NOTE: https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
CVE-2022-24894 (Symfony is a PHP framework for web and console applications and a set ...)
+ {DLA-3493-1}
- symfony 5.4.20+dfsg-1
[bullseye] - symfony 4.4.19+dfsg-2+deb11u2
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
@@ -184679,6 +184807,7 @@ CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Commun
CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...)
NOT-FOR-US: Grav Admin Plugin
CVE-2021-21424 (Symfony is a PHP framework for web and console applications and a set ...)
+ {DLA-3493-1}
- symfony 4.4.19+dfsg-2
[stretch] - symfony <postponed> (Minor issue)
NOTE: https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be3974407f49f4d4f20580bfcc7c2c74f7c03e7b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be3974407f49f4d4f20580bfcc7c2c74f7c03e7b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230712/793b31c2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list