[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 30 09:12:21 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22fcf1d4 by security tracker role at 2023-06-30T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been de ...)
+	TODO: check
+CVE-2023-3476 (A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It ...)
+	TODO: check
+CVE-2023-3475 (A vulnerability was found in SimplePHPscripts Event Script 2.1 and cla ...)
+	TODO: check
+CVE-2023-3474 (A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and ...)
+	TODO: check
+CVE-2023-3473 (A vulnerability, which was classified as critical, was found in Campco ...)
+	TODO: check
+CVE-2023-3469 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
+	TODO: check
+CVE-2023-3465 (A vulnerability was found in SimplePHPscripts Classified Ads Script 1. ...)
+	TODO: check
+CVE-2023-3464 (A vulnerability was found in SimplePHPscripts Classified Ads Script 1. ...)
+	TODO: check
+CVE-2023-3249 (The Web3 \u2013 Crypto wallet Login & NFT token gating plugin for Word ...)
+	TODO: check
+CVE-2023-3063 (The SP Project & Document Manager plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2023-36607 (The affected TBox RTUs are missing authorization for running some API  ...)
+	TODO: check
+CVE-2023-36539 (Exposure of information intended to be encrypted by some Zoom clients  ...)
+	TODO: check
+CVE-2023-36470 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-36469 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-36468 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-36347 (A broken authentication mechanism in the endpoint excel.php of POS Cod ...)
+	TODO: check
+CVE-2023-36146 (A Stored Cross-Site Scripting (XSS) vulnerability was found in Multila ...)
+	TODO: check
+CVE-2023-36143 (Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerabil ...)
+	TODO: check
+CVE-2023-33336 (Reflected cross site scripting (XSS) vulnerability was discovered in S ...)
+	TODO: check
+CVE-2023-32622 (Improper neutralization of special elements in WL-WN531AX2 firmware ve ...)
+	TODO: check
+CVE-2023-32621 (WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with ...)
+	TODO: check
+CVE-2023-32620 (Improper authentication vulnerability in WL-WN531AX2 firmware versions ...)
+	TODO: check
+CVE-2023-32613 (Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmw ...)
+	TODO: check
+CVE-2023-32612 (Client-side enforcement of server-side security issue exists in WL-WN5 ...)
+	TODO: check
+CVE-2023-32608 (Directory traversal vulnerability in Pleasanter (Community Edition and ...)
+	TODO: check
+CVE-2023-32607 (Stored cross-site scripting vulnerability in Pleasanter (Community Edi ...)
+	TODO: check
+CVE-2023-2846 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...)
+	TODO: check
+CVE-2023-2834 (The BookIt plugin for WordPress is vulnerable to authentication bypass ...)
+	TODO: check
 CVE-2023-2974
 	NOT-FOR-US: Quarkus
 CVE-2023-3458 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...)
@@ -424,7 +480,8 @@ CVE-2023-35933 (OPenFGA is an open source authorization/permission engine built
 	NOT-FOR-US: OPenFGA
 CVE-2023-35930 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...)
 	NOT-FOR-US: SpiceDB
-CVE-2023-35170 (Sliver is an open source cross-platform adversary emulation/red team f ...)
+CVE-2023-35170
+	REJECTED
 	NOT-FOR-US: Sliver
 CVE-2023-34422 (A valid, authenticated LXCA user with elevated privileges may be able  ...)
 	NOT-FOR-US: Lenovo
@@ -1650,7 +1707,7 @@ CVE-2023-34149 (Allocation of Resources Without Limits or Throttling vulnerabili
 CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure inWooCommerce Str ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	{DSA-5435-1}
+	{DSA-5435-1 DLA-3475-1}
 	- trafficserver 9.2.1+ds-1 (bug #1038248)
 	NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
 	NOTE: https://github.com/apache/trafficserver/commit/867c48c1adf9e795c8d85c48d2d0f07f08aa87ec (master)
@@ -7650,7 +7707,7 @@ CVE-2023-30633
 CVE-2023-30632
 	RESERVED
 CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software Foundation  ...)
-	{DSA-5435-1}
+	{DSA-5435-1 DLA-3475-1}
 	- trafficserver 9.2.1+ds-1 (bug #1038248)
 	NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
 	NOTE: https://github.com/apache/trafficserver/commit/8d1ad1dfe4d0ee179029f37c7e8d4caab601cb7b (master)
@@ -14525,8 +14582,8 @@ CVE-2023-28392 (Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.0
 	NOT-FOR-US: AC-WAPU-300
 CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) a ...)
 	NOT-FOR-US: SR-7100V
-CVE-2023-28387
-	RESERVED
+CVE-2023-28387 ("NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks ...)
+	TODO: check
 CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...)
 	NOT-FOR-US: ESS REC Agent Server Edition
 CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
@@ -21117,8 +21174,8 @@ CVE-2023-26137
 	RESERVED
 CVE-2023-26136
 	RESERVED
-CVE-2023-26135
-	RESERVED
+CVE-2023-26135 (All versions of the package flatnest are vulnerable to Prototype Pollu ...)
+	TODO: check
 CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are vulnerable to ...)
 	TODO: check
 CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Prototype ...)
@@ -37775,7 +37832,7 @@ CVE-2022-47186
 CVE-2022-47185
 	RESERVED
 CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	{DSA-5435-1}
+	{DSA-5435-1 DLA-3475-1}
 	- trafficserver 9.2.1+ds-1 (bug #1038248)
 	NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
 	NOTE: https://github.com/apache/trafficserver/commit/105af3ca30e59fbb89013e83a484a04559b4cf25 (master)
@@ -46516,6 +46573,7 @@ CVE-2022-3823 (The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1
 CVE-2022-3822 (The Donations via PayPal WordPress plugin before 1.9.9 does not saniti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...)
+	{DLA-3474-1}
 	- systemd 251.3-1
 	[bullseye] - systemd 247.3-7+deb11u2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139327
@@ -200678,12 +200736,12 @@ CVE-2020-26712 (REDCap 10.3.4 contains a SQL injection vulnerability in the ToDo
 	NOT-FOR-US: REDCap
 CVE-2020-26711
 	RESERVED
-CVE-2020-26710
-	RESERVED
-CVE-2020-26709
-	RESERVED
-CVE-2020-26708
-	RESERVED
+CVE-2020-26710 (easy-parse v0.1.1 was discovered to contain a XML External Entity Inje ...)
+	TODO: check
+CVE-2020-26709 (py-xml v1.0 was discovered to contain an XML External Entity Injection ...)
+	TODO: check
+CVE-2020-26708 (requests-xml v0.2.3 was discovered to contain an XML External Entity I ...)
+	TODO: check
 CVE-2020-26707 (An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 w ...)
 	NOT-FOR-US: aaptjs
 CVE-2020-26706
@@ -219184,8 +219242,8 @@ CVE-2020-18434
 	RESERVED
 CVE-2020-18433
 	RESERVED
-CVE-2020-18432
-	RESERVED
+CVE-2020-18432 (File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to ...)
+	TODO: check
 CVE-2020-18431
 	RESERVED
 CVE-2020-18430 (tinyexr 0.9.5 was discovered to contain an array index error in the ti ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22fcf1d4b47f8073f7126f4a045c667c6005fe86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22fcf1d4b47f8073f7126f4a045c667c6005fe86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230630/e98e3bcc/attachment.htm>

More information about the debian-security-tracker-commits mailing list