[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 5 21:12:35 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
80dfd9bf by security tracker role at 2023-06-05T20:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admid ...)
+	TODO: check
+CVE-2023-3066 (Incorrect Authorization vulnerability in Mobatime mobile application A ...)
+	TODO: check
+CVE-2023-3065 (Improper Authentication vulnerability in Mobatime mobile application A ...)
+	TODO: check
+CVE-2023-3064 (Anonymous user may get the list of existing users managed by the appli ...)
+	TODO: check
+CVE-2023-34097 (hoppscotch is an open source API development ecosystem. In versions pr ...)
+	TODO: check
+CVE-2023-33970 (Kanboard is open source project management software that focuses on th ...)
+	TODO: check
+CVE-2023-33969 (Kanboard is open source project management software that focuses on th ...)
+	TODO: check
+CVE-2023-33968 (Kanboard is open source project management software that focuses on th ...)
+	TODO: check
+CVE-2023-33956 (Kanboard is open source project management software that focuses on th ...)
+	TODO: check
+CVE-2023-33733 (Reportlab up to v3.6.12 allows attackers to execute arbitrary code via ...)
+	TODO: check
+CVE-2023-33693 (A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 al ...)
+	TODO: check
+CVE-2023-33690 (SonicJS up to v0.7.0 allows attackers to execute an authenticated path ...)
+	TODO: check
+CVE-2023-33524 (Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal ...)
+	TODO: check
+CVE-2023-33518 (emoncms v11 and later was discovered to contain an information disclos ...)
+	TODO: check
+CVE-2023-33386 (MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interf ...)
+	TODO: check
+CVE-2023-32766 (Gitpod before 2022.11.3 allows XSS because redirection can occur for s ...)
+	TODO: check
+CVE-2023-31893 (Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vul ...)
+	TODO: check
+CVE-2023-2634 (The Get your number WordPress plugin through 1.1.3 does not sanitise a ...)
+	TODO: check
+CVE-2023-2572 (The Survey Maker WordPress plugin before 3.4.7 does not escape some pa ...)
+	TODO: check
+CVE-2023-2571 (The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some pa ...)
+	TODO: check
+CVE-2023-2503 (The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sani ...)
+	TODO: check
+CVE-2023-2489 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...)
+	TODO: check
+CVE-2023-2488 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...)
+	TODO: check
+CVE-2023-2472 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...)
+	TODO: check
+CVE-2023-2337 (The ConvertKit WordPress plugin before 2.2.1 does not escape a paramet ...)
+	TODO: check
+CVE-2022-4946 (The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does ...)
+	TODO: check
+CVE-2015-10115 (A vulnerability, which was classified as problematic, was found in Woo ...)
+	TODO: check
+CVE-2015-10114 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2015-10113 (A vulnerability classified as problematic was found in WooFramework Tw ...)
+	TODO: check
 CVE-2023-3100 (A vulnerability, which was classified as critical, has been found in I ...)
 	TODO: check
 CVE-2023-3099 (A vulnerability classified as critical was found in KylinSoft youker-a ...)
@@ -2516,7 +2574,7 @@ CVE-2023-32269 (An issue was discovered in the Linux kernel before 6.1.11. In ne
 CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary files wi ...)
 	NOT-FOR-US: Ghost CMS
 CVE-2023-32233 (In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_ta ...)
-	{DSA-5402-1}
+	{DSA-5402-1 DLA-3446-1}
 	- linux 6.1.27-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/4
 	NOTE: https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab (6.4-rc1)
@@ -2823,7 +2881,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0035: enumflags2: Adverserial use of make_bitflags!
 	- rust-enumflags2 <not-affected> (Introduced in 0.7.0)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0035.html
 CVE-2023-31436 (qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2 ...)
-	{DSA-5402-1}
+	{DSA-5402-1 DLA-3446-1}
 	- linux 6.1.27-1
 	[buster] - linux 4.19.282-1
 	NOTE: https://git.kernel.org/linus/3037933448f60f9acb705997eae62013ecb81e0d (6.3)
@@ -3842,8 +3900,8 @@ CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in Rapid
 	NOT-FOR-US: Rapid7
 CVE-2023-2225
 	RESERVED
-CVE-2023-2224
-	RESERVED
+CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and e ...)
+	TODO: check
 CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2222
@@ -8307,8 +8365,8 @@ CVE-2023-29346
 	RESERVED
 CVE-2023-29345
 	RESERVED
-CVE-2023-29344
-	RESERVED
+CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
+	TODO: check
 CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29342
@@ -13004,8 +13062,8 @@ CVE-2023-27991 (The post-authentication command injection vulnerability in the C
 	NOT-FOR-US: Zyxel
 CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 throu ...)
 	NOT-FOR-US: Zyxel
-CVE-2023-27989
-	RESERVED
+CVE-2023-27989 (A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 ...)
+	TODO: check
 CVE-2023-27988 (The post-authentication command injection vulnerability in the Zyxel N ...)
 	NOT-FOR-US: Zyxel
 CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by Linkis  ...)
@@ -18485,8 +18543,8 @@ CVE-2023-26031
 	RESERVED
 CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	NOT-FOR-US: pixelfed
-CVE-2023-0900
-	RESERVED
+CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does not prop ...)
+	TODO: check
 CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0898
@@ -22769,8 +22827,8 @@ CVE-2023-0547 (OCSP revocation status of recipient certificates was not checked
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547
 CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not proper ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0545
-	RESERVED
+CVE-2023-0545 (The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escap ...)
+	TODO: check
 CVE-2023-0544 (The WP Login Box WordPress plugin through 2.0.2 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7 ...)
@@ -25118,7 +25176,7 @@ CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly
 CVE-2023-0387
 	REJECTED
 CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...)
-	{DSA-5402-1}
+	{DSA-5402-1 DLA-3446-1}
 	- linux 6.1.11-1
 	NOTE: https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 (6.2-rc6)
 CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Re ...)
@@ -27990,8 +28048,8 @@ CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0152
-	RESERVED
+CVE-2023-0152 (The WP Multi Store Locator WordPress plugin through 2.4 does not valid ...)
+	TODO: check
 CVE-2023-0151 (The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0150 (The Cloak Front End Email WordPress plugin before 1.9.2 does not valid ...)
@@ -38651,8 +38709,8 @@ CVE-2022-45855
 	RESERVED
 CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...)
 	NOT-FOR-US: Zyxel
-CVE-2022-45853
-	REJECTED
+CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8HP firmwar ...)
+	TODO: check
 CVE-2022-45852
 	RESERVED
 CVE-2022-45851
@@ -85114,7 +85172,7 @@ CVE-2022-30132 (Windows Container Manager Service Elevation of Privilege Vulnera
 	NOT-FOR-US: Microsoft
 CVE-2022-30131 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-30130 (.NET Framework Denial of Service Vulnerability.)
+CVE-2022-30130 (.NET Framework Denial of Service Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-30129 (Visual Studio Code Remote Code Execution Vulnerability.)
 	NOT-FOR-US: Microsoft



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80dfd9bf7cdc028706d5492c64298637ace807ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80dfd9bf7cdc028706d5492c64298637ace807ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230605/081b1f0c/attachment.htm>

More information about the debian-security-tracker-commits mailing list