[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 20 21:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f7669f08 by security tracker role at 2023-06-20T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees System ...)
+ TODO: check
+CVE-2023-3337 (A vulnerability was found in PuneethReddyHC Online Shopping System Adv ...)
+ TODO: check
+CVE-2023-3220 (An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_ ...)
+ TODO: check
+CVE-2023-35885 (CloudPanel 2 before 2.3.1 has insecure file-manager cookie authenticat ...)
+ TODO: check
+CVE-2023-35854 (Zoho ManageEngine ADSelfService Plus through 6113 has an authenticatio ...)
+ TODO: check
+CVE-2023-35166 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-35098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Bri ...)
+ TODO: check
+CVE-2023-35097 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet ...)
+ TODO: check
+CVE-2023-35095 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flot ...)
+ TODO: check
+CVE-2023-34600 (Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.)
+ TODO: check
+CVE-2023-34597 (A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers ...)
+ TODO: check
+CVE-2023-34596 (A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attacke ...)
+ TODO: check
+CVE-2023-34563 (netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overfl ...)
+ TODO: check
+CVE-2023-34541 (Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_pr ...)
+ TODO: check
+CVE-2023-33869 (Enphase Envoy versions D7.0.88 is vulnerable to a command injection ex ...)
+ TODO: check
+CVE-2023-33495 (Craft CMS through 4.4.9 is vulnerable to HTML Injection.)
+ TODO: check
+CVE-2023-32274 (Enphase Installer Toolkit versions 3.27.0 has hard coded credentials e ...)
+ TODO: check
+CVE-2023-2533 (A Cross-Site Request Forgery (CSRF) vulnerability has been identified ...)
+ TODO: check
+CVE-2023-2400 (Improper deletion of resource in the user management feature in Devolu ...)
+ TODO: check
CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to authorization ...)
NOT-FOR-US: CMS Commander plugin for WordPress
CVE-2023-3320 (The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site ...)
@@ -7071,8 +7109,7 @@ CVE-2023-2001 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab 15.10.8+ds1-2
CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redirecti ...)
NOT-FOR-US: Mattermost Desktop App
-CVE-2023-1999
- RESERVED
+CVE-2023-1999 (There exists a use after free/double free in libwebp. An attacker can ...)
{DSA-5408-1 DSA-5392-1 DSA-5385-1 DLA-3439-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
@@ -10046,8 +10083,8 @@ CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulner
NOT-FOR-US: FANUC
CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Eskom Computer Water Metering Software
-CVE-2023-1862
- RESERVED
+CVE-2023-1862 (Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a mal ...)
+ TODO: check
CVE-2023-1861 (The Limit Login Attempts WordPress plugin through 1.7.2 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...)
@@ -25503,9 +25540,9 @@ CVE-2023-22321 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past
NOT-FOR-US: Datakit CrossCadWare_x64.dll
CVE-2023-22295 (Datakit CrossCadWare_x64.dll contains an out of bounds read past the e ...)
NOT-FOR-US: Datakit CrossCadWare_x64.dll
-CVE-2023-0452 (All versions of Econolite EOS traffic control software are vulnerable ...)
+CVE-2023-0452 (Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for e ...)
NOT-FOR-US: Econolite EOS traffic control software
-CVE-2023-0451 (All versions of Econolite EOS traffic control software are vulnerable ...)
+CVE-2023-0451 (Econolite EOS versions prior to 3.2.23 lack a password requirement for ...)
NOT-FOR-US: Econolite EOS traffic control software
CVE-2023-0450 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
@@ -151597,6 +151634,7 @@ CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sq
CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...)
NOT-FOR-US: Flask restx
CVE-2021-32837 (mechanize, a library for automatically interacting with HTTP web serve ...)
+ {DLA-3460-1}
- python-mechanize 1:0.4.7-1
[bullseye] - python-mechanize <no-dsa> (Minor issue)
NOTE: https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize/
@@ -211639,16 +211677,16 @@ CVE-2020-21491
RESERVED
CVE-2020-21490
RESERVED
-CVE-2020-21489
- RESERVED
+CVE-2020-21489 (File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker ...)
+ TODO: check
CVE-2020-21488
RESERVED
CVE-2020-21487 (Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ...)
NOT-FOR-US: pfSense
-CVE-2020-21486
- RESERVED
-CVE-2020-21485
- RESERVED
+CVE-2020-21486 (SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker t ...)
+ TODO: check
+CVE-2020-21485 (Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote ...)
+ TODO: check
CVE-2020-21484
RESERVED
CVE-2020-21483 (An arbitrary file upload vulnerability in Jizhicms v1.5 allows attacke ...)
@@ -211669,8 +211707,8 @@ CVE-2020-21476
RESERVED
CVE-2020-21475
RESERVED
-CVE-2020-21474
- RESERVED
+CVE-2020-21474 (File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacke ...)
+ TODO: check
CVE-2020-21473
RESERVED
CVE-2020-21472
@@ -211819,8 +211857,8 @@ CVE-2020-21402
RESERVED
CVE-2020-21401
RESERVED
-CVE-2020-21400
- RESERVED
+CVE-2020-21400 (SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a rem ...)
+ TODO: check
CVE-2020-21399
RESERVED
CVE-2020-21398
@@ -211887,8 +211925,8 @@ CVE-2020-21368
RESERVED
CVE-2020-21367
RESERVED
-CVE-2020-21366
- RESERVED
+CVE-2020-21366 (Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an a ...)
+ TODO: check
CVE-2020-21365 (Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows ...)
{DLA-3158-1}
- wkhtmltopdf 0.12.6-1
@@ -211972,8 +212010,8 @@ CVE-2020-21327
RESERVED
CVE-2020-21326
RESERVED
-CVE-2020-21325
- RESERVED
+CVE-2020-21325 (An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbi ...)
+ TODO: check
CVE-2020-21324
RESERVED
CVE-2020-21323
@@ -212086,8 +212124,8 @@ CVE-2020-21270
RESERVED
CVE-2020-21269
RESERVED
-CVE-2020-21268
- RESERVED
+CVE-2020-21268 (Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows ...)
+ TODO: check
CVE-2020-21267
RESERVED
CVE-2020-21266 (Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) ...)
@@ -212118,8 +212156,8 @@ CVE-2020-21254
RESERVED
CVE-2020-21253
RESERVED
-CVE-2020-21252
- RESERVED
+CVE-2020-21252 (Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows ...)
+ TODO: check
CVE-2020-21251
RESERVED
CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vuln ...)
@@ -212130,8 +212168,8 @@ CVE-2020-21248
RESERVED
CVE-2020-21247
RESERVED
-CVE-2020-21246
- RESERVED
+CVE-2020-21246 (Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote att ...)
+ TODO: check
CVE-2020-21245
RESERVED
CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a Directory ...)
@@ -212274,8 +212312,8 @@ CVE-2020-21176 (SQL injection vulnerability in the model.increment and model.dec
NOT-FOR-US: ThinkJS
CVE-2020-21175
RESERVED
-CVE-2020-21174
- RESERVED
+CVE-2020-21174 (File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote atta ...)
+ TODO: check
CVE-2020-21173
RESERVED
CVE-2020-21172
@@ -212506,8 +212544,8 @@ CVE-2020-21060 (SQL injection vulnerability found in PHPMyWind v.5.6 allows a re
NOT-FOR-US: PHPMyWind
CVE-2020-21059
RESERVED
-CVE-2020-21058
- RESERVED
+CVE-2020-21058 (Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote ...)
+ TODO: check
CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a r ...)
NOT-FOR-US: FusionPBX
CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7, which all ...)
@@ -212518,8 +212556,8 @@ CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allo
NOT-FOR-US: FusionPBX
CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 al ...)
NOT-FOR-US: FusionPBX
-CVE-2020-21052
- RESERVED
+CVE-2020-21052 (Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a rem ...)
+ TODO: check
CVE-2020-21051
RESERVED
CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in the funct ...)
@@ -212702,8 +212740,8 @@ CVE-2020-20971 (Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0
NOT-FOR-US: PbootCMS
CVE-2020-20970
RESERVED
-CVE-2020-20969
- RESERVED
+CVE-2020-20969 (File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacke ...)
+ TODO: check
CVE-2020-20968
RESERVED
CVE-2020-20967
@@ -212802,10 +212840,10 @@ CVE-2020-20921
RESERVED
CVE-2020-20920
RESERVED
-CVE-2020-20919
- RESERVED
-CVE-2020-20918
- RESERVED
+CVE-2020-20919 (File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote a ...)
+ TODO: check
+CVE-2020-20918 (An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacke ...)
+ TODO: check
CVE-2020-20917
RESERVED
CVE-2020-20916
@@ -213207,8 +213245,8 @@ CVE-2020-20737
RESERVED
CVE-2020-20736
RESERVED
-CVE-2020-20735
- RESERVED
+CVE-2020-20735 (File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attack ...)
+ TODO: check
CVE-2020-20734
RESERVED
CVE-2020-20733
@@ -213225,10 +213263,10 @@ CVE-2020-20728
RESERVED
CVE-2020-20727
RESERVED
-CVE-2020-20726
- RESERVED
-CVE-2020-20725
- RESERVED
+CVE-2020-20726 (Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allo ...)
+ TODO: check
+CVE-2020-20725 (Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 all ...)
+ TODO: check
CVE-2020-20724
RESERVED
CVE-2020-20723
@@ -213241,8 +213279,8 @@ CVE-2020-20720
RESERVED
CVE-2020-20719
RESERVED
-CVE-2020-20718
- RESERVED
+CVE-2020-20718 (File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a r ...)
+ TODO: check
CVE-2020-20717
RESERVED
CVE-2020-20716
@@ -213271,8 +213309,8 @@ CVE-2020-20705
RESERVED
CVE-2020-20704
RESERVED
-CVE-2020-20703
- RESERVED
+CVE-2020-20703 (Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attack ...)
+ TODO: check
CVE-2020-20702
RESERVED
CVE-2020-20701 (A stored cross site scripting (XSS) vulnerability in /app/config/of S- ...)
@@ -213283,8 +213321,8 @@ CVE-2020-20699 (A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 all
NOT-FOR-US: S-CMS PHP
CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP ...)
NOT-FOR-US: S-CMS PHP
-CVE-2020-20697
- RESERVED
+CVE-2020-20697 (Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a ...)
+ TODO: check
CVE-2020-20696 (A cross-site scripting (XSS) vulnerability in /admin/content/post of G ...)
NOT-FOR-US: GilaCMS
CVE-2020-20695 (A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 a ...)
@@ -213405,8 +213443,8 @@ CVE-2020-20638
RESERVED
CVE-2020-20637
RESERVED
-CVE-2020-20636
- RESERVED
+CVE-2020-20636 (SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remo ...)
+ TODO: check
CVE-2020-20635
RESERVED
CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...)
@@ -213674,8 +213712,8 @@ CVE-2020-20504
RESERVED
CVE-2020-20503
RESERVED
-CVE-2020-20502
- RESERVED
+CVE-2020-20502 (Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attack ...)
+ TODO: check
CVE-2020-20501
RESERVED
CVE-2020-20500
@@ -213697,8 +213735,8 @@ CVE-2020-20493
RESERVED
CVE-2020-20492
RESERVED
-CVE-2020-20491
- RESERVED
+CVE-2020-20491 (SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a ...)
+ TODO: check
CVE-2020-20490 (A heap buffer-overflow in the client_example1.c component of libiec_ic ...)
NOT-FOR-US: libiec_iccp_mod
NOTE: https://github.com/fcovatti/libiec_iccp_mod
@@ -213885,8 +213923,8 @@ CVE-2020-20415
RESERVED
CVE-2020-20414
RESERVED
-CVE-2020-20413
- RESERVED
+CVE-2020-20413 (SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote ...)
+ TODO: check
CVE-2020-20412 (lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 ...)
NOT-FOR-US: StepMania integration of libvorbis
CVE-2020-20411
@@ -214041,8 +214079,8 @@ CVE-2020-20337
RESERVED
CVE-2020-20336
RESERVED
-CVE-2020-20335
- RESERVED
+CVE-2020-20335 (Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8 ...)
+ TODO: check
CVE-2020-20334
RESERVED
CVE-2020-20333
@@ -214571,14 +214609,14 @@ CVE-2020-20072
RESERVED
CVE-2020-20071
RESERVED
-CVE-2020-20070
- RESERVED
+CVE-2020-20070 (Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allow ...)
+ TODO: check
CVE-2020-20069
RESERVED
CVE-2020-20068
RESERVED
-CVE-2020-20067
- RESERVED
+CVE-2020-20067 (File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to ...)
+ TODO: check
CVE-2020-20066
RESERVED
CVE-2020-20065
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7669f0823be4fb1f194ff319a16feb713fcfbe0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7669f0823be4fb1f194ff319a16feb713fcfbe0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230620/8138b8b6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list