[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 27 21:15:06 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d202fab9 by security tracker role at 2023-06-27T20:12:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,84 @@
-CVE-2023-35798
+CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plant ...)
+ TODO: check
+CVE-2023-3431 (Improper Access Control in GitHub repository plantuml/plantuml prior t ...)
+ TODO: check
+CVE-2023-3405 (Unchecked parameter value in M-Files Server in versions before 23.6.12 ...)
+ TODO: check
+CVE-2023-36463 (Meldekarten generator is an open source project to create a program, r ...)
+ TODO: check
+CVE-2023-36002 (A missing authorization check in multiple URL validation endpoints of ...)
+ TODO: check
+CVE-2023-36000 (A missing authorization check in the MacOS agent configuration endpoin ...)
+ TODO: check
+CVE-2023-35998 (A missing authorization check in multiple SOAP endpoints of the Inside ...)
+ TODO: check
+CVE-2023-35800 (Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecu ...)
+ TODO: check
+CVE-2023-35799 (Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecu ...)
+ TODO: check
+CVE-2023-34839 (A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-p ...)
+ TODO: check
+CVE-2023-34838 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...)
+ TODO: check
+CVE-2023-34837 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...)
+ TODO: check
+CVE-2023-34836 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...)
+ TODO: check
+CVE-2023-34835 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...)
+ TODO: check
+CVE-2023-34830 (i-doit Open v24 was discovered to contain a reflected cross-site scrip ...)
+ TODO: check
+CVE-2023-34240 (Cloudexplorer-lite is an open source cloud software stack. Weak passwo ...)
+ TODO: check
+CVE-2023-34099 (Shopware is an open source e-commerce software. The mail validation in ...)
+ TODO: check
+CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorrect co ...)
+ TODO: check
+CVE-2023-33567 (An unauthorized access vulnerability has been discovered in ROS2 Foxy ...)
+ TODO: check
+CVE-2023-33566 (An unauthorized node injection vulnerability has been identified in RO ...)
+ TODO: check
+CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...)
+ TODO: check
+CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...)
+ TODO: check
+CVE-2023-2877 (The Formidable Forms WordPress plugin before 6.3.1 does not adequately ...)
+ TODO: check
+CVE-2023-2842 (The WP Inventory Manager WordPress plugin before 2.1.0.14 does not hav ...)
+ TODO: check
+CVE-2023-2818 (An insecure filesystem permission in the Insider Threat Management Age ...)
+ TODO: check
+CVE-2023-2795 (The CodeColorer WordPress plugin before 0.10.1 does not sanitise and e ...)
+ TODO: check
+CVE-2023-2744 (The ERP WordPress plugin before 1.12.4 does not properly sanitise and ...)
+ TODO: check
+CVE-2023-2743 (The ERP WordPress plugin before 1.12.4 does not sanitise and escape th ...)
+ TODO: check
+CVE-2023-2711 (The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sa ...)
+ TODO: check
+CVE-2023-2628 (The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks ( ...)
+ TODO: check
+CVE-2023-2627 (The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF a ...)
+ TODO: check
+CVE-2023-2624 (The KiviCare WordPress plugin before 3.2.1 does not sanitise and escap ...)
+ TODO: check
+CVE-2023-2623 (The KiviCare WordPress plugin before 3.2.1 does not restrict the infor ...)
+ TODO: check
+CVE-2023-2605 (The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and esc ...)
+ TODO: check
+CVE-2023-2601 (The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitis ...)
+ TODO: check
+CVE-2023-2592 (The FormCraft WordPress plugin before 3.9.7 does not properly sanitise ...)
+ TODO: check
+CVE-2023-2580 (The AI Engine WordPress plugin before 1.6.83 does not sanitize and esc ...)
+ TODO: check
+CVE-2023-2482 (The Responsive CSS EDITOR WordPress plugin through 1.0 does not proper ...)
+ TODO: check
+CVE-2023-2326 (The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5 ...)
+ TODO: check
+CVE-2023-35798 (Input Validation vulnerability in Apache Software Foundation Apache Ai ...)
NOT-FOR-US: Apache Airflow ODBC/MSSQL Provider
-CVE-2023-34395
+CVE-2023-34395 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
NOT-FOR-US: Apache Airflow ODBC Provider
CVE-2023-3423 (Weak Password Requirements in GitHub repository cloudexplorer-dev/clou ...)
NOT-FOR-US: CloudExplorer Lite
@@ -6139,8 +6217,8 @@ CVE-2023-30995
RESERVED
CVE-2023-30994
RESERVED
-CVE-2023-30993
- RESERVED
+CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow ...)
+ TODO: check
CVE-2023-30992
RESERVED
CVE-2023-30991
@@ -6539,8 +6617,8 @@ CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin th
NOT-FOR-US: WordPress plugin
CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2178
- RESERVED
+CVE-2023-2178 (The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitis ...)
+ TODO: check
CVE-2023-2177 (A null pointer dereference issue was found in the sctp network protoco ...)
- linux 5.18.16-1
[bullseye] - linux 5.10.136-1
@@ -7502,8 +7580,8 @@ CVE-2023-2070
RESERVED
CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
-CVE-2023-2068
- RESERVED
+CVE-2023-2068 (The File Manager Advanced Shortcode WordPress plugin through 2.3.2 doe ...)
+ TODO: check
CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...)
@@ -7576,8 +7654,8 @@ CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121 all
{DSA-5390-1}
- chromium 112.0.5615.121-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2032
- RESERVED
+CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not properly san ...)
+ TODO: check
CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Sto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2030
@@ -10733,8 +10811,8 @@ CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidek
NOTE: https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777
NOTE: Introduced by: https://github.com/sidekiq/sidekiq/commit/f68560742bcfd2e30b87c1bc2b65d834a1a05c73 (v7.0.4)
NOTE: Fixed by: https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214 (v7.0.8)
-CVE-2023-1891
- RESERVED
+CVE-2023-1891 (The Accordion & FAQ WordPress plugin before 1.9.9 does not escape vari ...)
+ TODO: check
CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape various ge ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an Insecure Dire ...)
@@ -11710,8 +11788,8 @@ CVE-2023-29070
RESERVED
CVE-2023-29069
RESERVED
-CVE-2023-29068
- RESERVED
+CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file could le ...)
+ TODO: check
CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...)
NOT-FOR-US: Autodesk
CVE-2023-29066
@@ -12566,8 +12644,8 @@ CVE-2023-1627 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It
NOT-FOR-US: Jianming Antivirus
CVE-2023-1626 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has ...)
NOT-FOR-US: Jianming Antivirus
-CVE-2023-28857
- RESERVED
+CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on solution for ...)
+ TODO: check
CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...)
{DLA-3396-1}
- redis 5:7.0.11-1 (bug #1034613)
@@ -16988,8 +17066,8 @@ CVE-2023-1168 (An authenticated remote code execution vulnerability exists i
NOT-FOR-US: HPE
CVE-2023-1167 (Improper authorization in Gitlab EE affecting all versions from 12.3.0 ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2023-1166
- RESERVED
+CVE-2023-1166 (The USM-Premium WordPress plugin before 16.3 does not sanitize and esc ...)
+ TODO: check
CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...)
NOT-FOR-US: icplayer
CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been declare ...)
@@ -20378,14 +20456,14 @@ CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a lo
NOT-FOR-US: IBM
CVE-2023-26277 (IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local use ...)
NOT-FOR-US: IBM
-CVE-2023-26276
- RESERVED
+CVE-2023-26276 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...)
+ TODO: check
CVE-2023-26275
RESERVED
-CVE-2023-26274
- RESERVED
-CVE-2023-26273
- RESERVED
+CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...)
+ TODO: check
+CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform una ...)
+ TODO: check
CVE-2023-26272
RESERVED
CVE-2023-26271
@@ -21387,8 +21465,8 @@ CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly s
NOT-FOR-US: WordPress plugin
CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escap ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0873
- RESERVED
+CVE-2023-0873 (The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise ...)
+ TODO: check
CVE-2023-25932
RESERVED
CVE-2023-25931 (Medtronic identified that the Pelvic Health clinician apps, which are ...)
@@ -24241,8 +24319,8 @@ CVE-2023-25006 (A malicious actor may convince a user to open a malicious USD fi
NOT-FOR-US: Autodesk
CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond allocated ...)
NOT-FOR-US: Autodesk
-CVE-2023-25004
- RESERVED
+CVE-2023-25004 (A maliciously crafted pskernel.dll file in Autodesk products is used t ...)
+ TODO: check
CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and M ...)
TODO: check
CVE-2023-25002
@@ -24716,8 +24794,8 @@ CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_a
NOTE: https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2)
CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0588
- RESERVED
+CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2. ...)
+ TODO: check
CVE-2022-4900
RESERVED
CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker can suppl ...)
@@ -28942,8 +29020,8 @@ CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privil
NOT-FOR-US: IBM
CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0. ...)
NOT-FOR-US: IBM
-CVE-2023-23468
- RESERVED
+CVE-2023-23468 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...)
+ TODO: check
CVE-2023-23467 (Media CP Media Control Panel latest version. Reflected XSS possible th ...)
NOT-FOR-US: Media CP Media Control Panel
CVE-2023-23466 (Media CP Media Control Panel latest version. Insufficiently protected ...)
@@ -31989,8 +32067,8 @@ CVE-2023-22595
RESERVED
CVE-2023-22594 (IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is ...)
NOT-FOR-US: IBM
-CVE-2023-22593
- RESERVED
+CVE-2023-22593 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...)
+ TODO: check
CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 cou ...)
NOT-FOR-US: IBM
CVE-2023-22591 (IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 throug ...)
@@ -41584,8 +41662,8 @@ CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a p
NOT-FOR-US: WordPress plugin
CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw happens in De ...)
NOT-FOR-US: Quarkus
-CVE-2022-4115
- RESERVED
+CVE-2022-4115 (The Editorial Calendar WordPress plugin through 3.7.12 does not saniti ...)
+ TODO: check
CVE-2022-XXXX [rust-atty: Potential unaligned read]
- rust-atty <not-affected> (Windows-specific)
NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html
@@ -68950,7 +69028,7 @@ CVE-2022-2553 (The authfile directive in the booth config file is ignored, preve
{DSA-5194-1}
- booth 1.0-268-gdce51f9-1
NOTE: https://github.com/ClusterLabs/booth/issues/114
-CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7.1 does not authenticate o ...)
+CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7 does not authenticate or ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url of the ...)
NOT-FOR-US: WordPress plugin
@@ -76028,8 +76106,8 @@ CVE-2022-34354 (IBM Sterling Partner Engagement Manager 2.0 allows encrypted sto
NOT-FOR-US: IBM
CVE-2022-34353
RESERVED
-CVE-2022-34352
- RESERVED
+CVE-2022-34352 (IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a ...)
+ TODO: check
CVE-2022-34351 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allo ...)
NOT-FOR-US: IBM
CVE-2022-34350 (IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, ...)
@@ -159538,12 +159616,12 @@ CVE-2021-30207
RESERVED
CVE-2021-30206
RESERVED
-CVE-2021-30205
- RESERVED
+CVE-2021-30205 (Incorrect access control in the component /index.php?mod=system&op=org ...)
+ TODO: check
CVE-2021-30204
RESERVED
-CVE-2021-30203
- RESERVED
+CVE-2021-30203 (A reflected cross-site scripting (XSS) vulnerability in the zero param ...)
+ TODO: check
CVE-2021-30202
RESERVED
CVE-2021-30201 (The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. ...)
@@ -208909,7 +208987,7 @@ CVE-2020-23066 (Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before
TODO: check
CVE-2020-23065 (Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform ...)
TODO: check
-CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allo ...)
+CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before ...)
TODO: check
CVE-2020-23063
RESERVED
@@ -215659,8 +215737,8 @@ CVE-2020-19904
RESERVED
CVE-2020-19903
RESERVED
-CVE-2020-19902
- RESERVED
+CVE-2020-19902 (Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 all ...)
+ TODO: check
CVE-2020-19901
RESERVED
CVE-2020-19900
@@ -218800,32 +218878,32 @@ CVE-2020-18420
RESERVED
CVE-2020-18419
RESERVED
-CVE-2020-18418
- RESERVED
+CVE-2020-18418 (A Cross site request forgery (CSRF) vulnerability was discovered in Fe ...)
+ TODO: check
CVE-2020-18417
RESERVED
-CVE-2020-18416
- RESERVED
+CVE-2020-18416 (An cross site request forgery (CSRF) vulnerability discovered in Jymus ...)
+ TODO: check
CVE-2020-18415
RESERVED
CVE-2020-18414
RESERVED
-CVE-2020-18413
- RESERVED
+CVE-2020-18413 (Stored cross site scripting (XSS) vulnerability in /index.php?admin-ma ...)
+ TODO: check
CVE-2020-18412
RESERVED
CVE-2020-18411
RESERVED
-CVE-2020-18410
- RESERVED
-CVE-2020-18409
- RESERVED
+CVE-2020-18410 (A stored cross site scripting (XSS) vulnerability in /index.php?admin- ...)
+ TODO: check
+CVE-2020-18409 (Cross Site Request Forgery (CSRF) vulnerability was discovered in Catf ...)
+ TODO: check
CVE-2020-18408
RESERVED
CVE-2020-18407
RESERVED
-CVE-2020-18406
- RESERVED
+CVE-2020-18406 (An issue was discovered in cmseasy v7.0.0 that allows user credentials ...)
+ TODO: check
CVE-2020-18405
RESERVED
CVE-2020-18404
@@ -417714,7 +417792,7 @@ CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerabil
NOT-FOR-US: VMware
CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Clie ...)
NOT-FOR-US: VMware
-CVE-2017-4947 (VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Contain ...)
+CVE-2017-4947 (VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Contai ...)
NOT-FOR-US: VMware Realize Automation
CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a pr ...)
NOT-FOR-US: VMware
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d202fab99fe9541b0dfae4218df6d739903f6c12
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d202fab99fe9541b0dfae4218df6d739903f6c12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230627/8d0b1e46/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list