[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 16 21:12:22 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca6da290 by security tracker role at 2023-05-16T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,70 +1,108 @@
-CVE-2023-2633
+CVE-2023-31890 (An XML Deserialization vulnerability in glazedlists v1.11.0 allows an ...)
+ TODO: check
+CVE-2023-31857 (Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricte ...)
+ TODO: check
+CVE-2023-31856 (A command injection vulnerability in the hostTime parameter in the fun ...)
+ TODO: check
+CVE-2023-31587 (Tenda AC5 router V15.03.06.28 was discovered to contain a remote code ...)
+ TODO: check
+CVE-2023-31576 (An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows ...)
+ TODO: check
+CVE-2023-31572 (An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change ...)
+ TODO: check
+CVE-2023-31519 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...)
+ TODO: check
+CVE-2023-2740 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-2739 (A vulnerability classified as problematic was found in Gira HomeServer ...)
+ TODO: check
+CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda OA 11. ...)
+ TODO: check
+CVE-2023-2730 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
+CVE-2023-2726 (Inappropriate implementation in WebApp Installs in Google Chrome prior ...)
+ TODO: check
+CVE-2023-2725 (Use after free in Guest View in Google Chrome prior to 113.0.5672.126 ...)
+ TODO: check
+CVE-2023-2724 (Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed ...)
+ TODO: check
+CVE-2023-2723 (Use after free in DevTools in Google Chrome prior to 113.0.5672.126 al ...)
+ TODO: check
+CVE-2023-2722 (Use after free in Autofill UI in Google Chrome on Android prior to 113 ...)
+ TODO: check
+CVE-2023-2721 (Use after free in Navigation in Google Chrome prior to 113.0.5672.126 ...)
+ TODO: check
+CVE-2023-2548 (The RegistrationMagic plugin for WordPress is vulnerable to Insecure D ...)
+ TODO: check
+CVE-2023-2499 (The RegistrationMagic plugin for WordPress is vulnerable to authentica ...)
+ TODO: check
+CVE-2023-2633 (Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-2632
+CVE-2023-2632 (Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API key ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-2631
+CVE-2023-2631 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33007
+CVE-2023-33007 (Jenkins LoadComplete support Plugin 1.0 and earlier does not escape th ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33006
+CVE-2023-33006 (A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oaut ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33005
+CVE-2023-33005 (Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the prev ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33004
+CVE-2023-33004 (A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33003
+CVE-2023-33003 (A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33002
+CVE-2023-33002 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33001
+CVE-2023-33001 (Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-33000
+CVE-2023-33000 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32999
+CVE-2023-32999 (A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32998
+CVE-2023-32998 (A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32997
+CVE-2023-32997 (Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32996
+CVE-2023-32996 (A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32995
+CVE-2023-32995 (A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Sing ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32994
+CVE-2023-32994 (Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditiona ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32993
+CVE-2023-32993 (Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not per ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32992
+CVE-2023-32992 (Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32991
+CVE-2023-32991 (A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Sing ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32990
+CVE-2023-32990 (A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32989
+CVE-2023-32989 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32988
+CVE-2023-32988 (A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32987
+CVE-2023-32987 (A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32986
+CVE-2023-32986 (Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32985
+CVE-2023-32985 (Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the pa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32984
+CVE-2023-32984 (Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32983
+CVE-2023-32983 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask ex ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32982
+CVE-2023-32982 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra var ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32981
+CVE-2023-32981 (An arbitrary file write vulnerability in Jenkins Pipeline Utility Step ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32980
+CVE-2023-32980 (A cross-site request forgery (CSRF) vulnerability in Jenkins Email Ext ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32979
+CVE-2023-32979 (Jenkins Email Extension Plugin does not perform a permission check in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32978
+CVE-2023-32978 (A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32977
+CVE-2023-32977 (Jenkins Pipeline: Job Plugin does not escape the display name of the b ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-32956 (Improper neutralization of special elements used in an OS command ('OS ...)
NOT-FOR-US: Synology
@@ -2143,11 +2181,9 @@ CVE-2023-30898 (A vulnerability has been identified in Siveillance Video 2020 R2
NOT-FOR-US: Siemens
CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padd ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2023-2196
- RESERVED
+CVE-2023-2196 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-2195
- RESERVED
+CVE-2023-2195 (A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx P ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kernel's S ...)
{DLA-3404-1 DLA-3403-1}
@@ -3057,6 +3093,7 @@ CVE-2023-30609 (matrix-react-sdk is a react-based SDK for inserting a Matrix cha
NOT-FOR-US: Node matrix-react-sdk
NOTE: https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw
CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In affected ...)
+ {DLA-3425-1}
- sqlparse <unfixed> (bug #1034615)
[bullseye] - sqlparse <no-dsa> (Minor issue)
NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2
@@ -3558,26 +3595,26 @@ CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes cluster-level privilege e
NOT-FOR-US: CubeFS
CVE-2023-30511
RESERVED
-CVE-2023-30510
- RESERVED
-CVE-2023-30509
- RESERVED
-CVE-2023-30508
- RESERVED
-CVE-2023-30507
- RESERVED
-CVE-2023-30506
- RESERVED
-CVE-2023-30505
- RESERVED
-CVE-2023-30504
- RESERVED
-CVE-2023-30503
- RESERVED
-CVE-2023-30502
- RESERVED
-CVE-2023-30501
- RESERVED
+CVE-2023-30510 (A vulnerability exists in the Aruba EdgeConnect Enterpriseweb manageme ...)
+ TODO: check
+CVE-2023-30509 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...)
+ TODO: check
+CVE-2023-30508 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...)
+ TODO: check
+CVE-2023-30507 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...)
+ TODO: check
+CVE-2023-30506 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30505 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30504 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30503 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30502 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
+ TODO: check
+CVE-2023-30501 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...)
+ TODO: check
CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations by c ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.20-1
@@ -4155,8 +4192,8 @@ CVE-2023-30283
RESERVED
CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Acces ...)
NOT-FOR-US: PrestaShop scexportcustomers
-CVE-2023-30281
- RESERVED
+CVE-2023-30281 (Insecure permissions in the ps_customer table of Prestashop scquickacc ...)
+ TODO: check
CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700 ...)
NOT-FOR-US: Netgear
CVE-2023-30279
@@ -4339,8 +4376,8 @@ CVE-2023-30191
RESERVED
CVE-2023-30190
RESERVED
-CVE-2023-30189
- RESERVED
+CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via ...)
+ TODO: check
CVE-2023-30188
RESERVED
CVE-2023-30187
@@ -4903,8 +4940,8 @@ CVE-2023-29929
RESERVED
CVE-2023-29928
RESERVED
-CVE-2023-29927
- RESERVED
+CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access controls ...)
+ TODO: check
CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote code exe ...)
NOT-FOR-US: PowerJob
CVE-2023-29925
@@ -6125,8 +6162,8 @@ CVE-2023-29441
RESERVED
CVE-2023-29440
RESERVED
-CVE-2023-29439
- RESERVED
+CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...)
+ TODO: check
CVE-2023-29438
RESERVED
CVE-2023-29437
@@ -10843,8 +10880,8 @@ CVE-2023-28078
RESERVED
CVE-2023-28077
RESERVED
-CVE-2023-28076
- RESERVED
+CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...)
+ TODO: check
CVE-2023-28075
RESERVED
CVE-2023-28074
@@ -11990,8 +12027,8 @@ CVE-2023-27744
RESERVED
CVE-2023-27743
RESERVED
-CVE-2023-27742
- RESERVED
+CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
CVE-2023-27741
RESERVED
CVE-2023-27740
@@ -23386,8 +23423,8 @@ CVE-2023-23729
RESERVED
CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwa ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23727
- RESERVED
+CVE-2023-23727 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Form ...)
+ TODO: check
CVE-2023-23726
RESERVED
CVE-2023-23725
@@ -23400,8 +23437,8 @@ CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...)
NOT-FOR-US: David Gwyer Admin Log
-CVE-2023-23720
- RESERVED
+CVE-2023-23720 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetR ...)
+ TODO: check
CVE-2023-23719
RESERVED
CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Pa ...)
@@ -23422,8 +23459,8 @@ CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2
NOT-FOR-US: A2 Hosting
CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23709
- RESERVED
+CVE-2023-23709 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23708 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -23434,8 +23471,8 @@ CVE-2023-23705
RESERVED
CVE-2023-23704
RESERVED
-CVE-2023-23703
- RESERVED
+CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23702
RESERVED
CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -23535,14 +23572,14 @@ CVE-2023-23678
RESERVED
CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23676
- RESERVED
+CVE-2023-23676 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23674 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOL ...)
TODO: check
-CVE-2023-23673
- RESERVED
+CVE-2023-23673 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hari ...)
+ TODO: check
CVE-2023-23672
RESERVED
CVE-2023-23671
@@ -23573,8 +23610,8 @@ CVE-2023-23659 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo
NOT-FOR-US: MainWP Matomo Extension
CVE-2023-23658
RESERVED
-CVE-2023-23657
- RESERVED
+CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23656
RESERVED
CVE-2023-23655
@@ -23605,8 +23642,8 @@ CVE-2023-23643
RESERVED
CVE-2023-23642
RESERVED
-CVE-2023-23641
- RESERVED
+CVE-2023-23641 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23640
RESERVED
CVE-2023-23639
@@ -162479,8 +162516,8 @@ CVE-2021-27133
RESERVED
CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...)
NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices
-CVE-2021-27131
- RESERVED
+CVE-2021-27131 (Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting ...)
+ TODO: check
CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...)
NOT-FOR-US: Online Reviewer System
CVE-2021-27129 (CASAP Automated Enrollment System version 1.0 contains a cross-site sc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6da2907bdd5069fd2639f69fcd21340cd8a78c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca6da2907bdd5069fd2639f69fcd21340cd8a78c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230516/107a7abf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list