[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 3 20:12:33 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d1f85b1a by security tracker role at 2023-11-03T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-5946 (The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2023-5945 (The video carousel slider with lightbox plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2023-5707 (The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-5088 (A bug in QEMU could cause a guest I/O operation otherwise addressed to ...)
+ TODO: check
+CVE-2023-4769 (A SSRF vulnerability has been found in ManageEngine Desktop Central af ...)
+ TODO: check
+CVE-2023-4768 (A CRLF injection vulnerability has been found in ManageEngine Desktop ...)
+ TODO: check
+CVE-2023-4767 (A CRLF injection vulnerability has been found in ManageEngine Desktop ...)
+ TODO: check
+CVE-2023-4592 (A Cross-Site Scripting vulnerability has been detected in WPN-XM Serve ...)
+ TODO: check
+CVE-2023-4591 (A local file inclusion vulnerability has been found in WPN-XM Serverst ...)
+ TODO: check
+CVE-2023-4043 (In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from ...)
+ TODO: check
+CVE-2023-46980 (An issue in Best Courier Management System v.1.0 allows a remote attac ...)
+ TODO: check
+CVE-2023-46947 (Subrion 4.2.1 has a remote command execution vulnerability in the back ...)
+ TODO: check
+CVE-2023-46404 (PCRS <= 3.11 (d0de1e) \u201cQuestions\u201d page and \u201cCode editor ...)
+ TODO: check
+CVE-2023-41726 (Ivanti Avalanche Incorrect Default Permissions allows Local Privilege ...)
+ TODO: check
+CVE-2023-41725 (Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Loc ...)
+ TODO: check
+CVE-2023-41652 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-3277 (The MStore API plugin for WordPress is vulnerable to Unauthorized Acco ...)
+ TODO: check
+CVE-2023-39301 (A server-side request forgery (SSRF) vulnerability has been reported t ...)
+ TODO: check
+CVE-2023-39299 (A path traversal vulnerability has been reported to affect Music Stati ...)
+ TODO: check
+CVE-2023-36529 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-34383 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-34179 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-32508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-32121 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-5948 (Improper Authorization in GitHub repository teamamaze/amazefileutiliti ...)
NOT-FOR-US: amazefileutilities
CVE-2023-5763 (In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower t ...)
@@ -1586,6 +1634,7 @@ CVE-2023-34447 (iTop is an open source, web-based IT service management platform
CVE-2023-34446 (iTop is an open source, web-based IT service management platform. Prio ...)
NOT-FOR-US: iTop
CVE-2023-32359 (This issue was addressed with improved redaction of sensitive informat ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
@@ -4550,7 +4599,7 @@ CVE-2023-4154 [Samba AD DC password exposure to privileged users and RODCs]
[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
[buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2023-4154.html
-CVE-2023-3961 [smbd allows client access to unix domain sockets on the file system]
+CVE-2023-3961 (A path traversal vulnerability was identified in Samba when processing ...)
{DSA-5525-1}
- samba 2:4.19.1+dfsg-1
[bullseye] - samba <not-affected> (Vulnerable code not present)
@@ -11491,7 +11540,7 @@ CVE-2023-32202 (Walchem Intuition 9 firmware versions prior to v4.21 are vulnera
NOT-FOR-US: Walchem Intuition 9 firmware
CVE-2023-32119 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-3893
+CVE-2023-3893 (A security issue was discovered in Kubernetes where a user that can c ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
@@ -40735,8 +40784,8 @@ CVE-2023-26017 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26016 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauh ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26015
- RESERVED
+CVE-2023-26015 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HT ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -40785,8 +40834,8 @@ CVE-2023-25992 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic p ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25990
- RESERVED
+CVE-2023-25990 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25988
@@ -40845,8 +40894,8 @@ CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Th ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25960
- RESERVED
+CVE-2023-25960 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-25959
RESERVED
CVE-2023-25958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Just ...)
@@ -41298,8 +41347,8 @@ CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache,
NOT-FOR-US: Roxy-WI
CVE-2023-25801 (TensorFlow is an open source machine learning platform. Prior to versi ...)
- tensorflow <itp> (bug #804612)
-CVE-2023-25800
- RESERVED
+CVE-2023-25800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-25799
RESERVED
CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -41717,8 +41766,8 @@ CVE-2023-25702 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25701
RESERVED
-CVE-2023-25700
- RESERVED
+CVE-2023-25700 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-25699
RESERVED
CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shopp ...)
@@ -48961,10 +49010,10 @@ CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability
NOT-FOR-US: QNAP
CVE-2023-23370 (An insufficiently protected credentials vulnerability has been reporte ...)
NOT-FOR-US: QNAP
-CVE-2023-23369
- RESERVED
-CVE-2023-23368
- RESERVED
+CVE-2023-23369 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
+CVE-2023-23368 (An OS command injection vulnerability has been reported to affect seve ...)
+ TODO: check
CVE-2023-23367
RESERVED
CVE-2023-23366 (A path traversal vulnerability has been reported to affect Music Stati ...)
@@ -54527,8 +54576,8 @@ CVE-2022-47590 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fu
NOT-FOR-US: WordPress plugin
CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47588
- RESERVED
+CVE-2022-47588 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Corn ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47586 (Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons ...)
@@ -56251,8 +56300,8 @@ CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chart
NOT-FOR-US: WordPress plugin
CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations St ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47445
- RESERVED
+CVE-2022-47445 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...)
@@ -56289,8 +56338,8 @@ CVE-2022-47428
RESERVED
CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47426
- RESERVED
+CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-47425
RESERVED
CVE-2022-47424
@@ -58078,8 +58127,8 @@ CVE-2022-46861 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-46860
RESERVED
-CVE-2022-46859
- RESERVED
+CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.R ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46857 (Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= ...)
@@ -58223,8 +58272,8 @@ CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli T
NOT-FOR-US: WordPress plugin
CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46818
- RESERVED
+CVE-2022-46818 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro A ...)
@@ -58243,8 +58292,8 @@ CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Th
NOT-FOR-US: WordPress plugin
CVE-2022-46809
RESERVED
-CVE-2022-46808
- RESERVED
+CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-46807
RESERVED
CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All ...)
@@ -58594,6 +58643,7 @@ CVE-2022-46727
CVE-2022-46726
RESERVED
CVE-2022-46725 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
+ {DSA-5341-1 DSA-5340-1}
- webkit2gtk 2.38.4-1
- wpewebkit 2.38.4-1
CVE-2022-46724 (This issue was addressed by restricting options offered on a locked de ...)
@@ -58635,6 +58685,7 @@ CVE-2022-46707
CVE-2022-46706 (A type confusion issue was addressed with improved state handling. Thi ...)
NOT-FOR-US: Apple
CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
+ {DSA-5341-1 DSA-5340-1}
- webkit2gtk 2.38.4-1
- wpewebkit 2.38.4-1
CVE-2022-46704 (A logic issue was addressed with improved state management. This issue ...)
@@ -61391,8 +61442,8 @@ CVE-2022-45807 (Cross-Site Request Forgery (CSRF) inWPVibes WP Mail Log plugin <
NOT-FOR-US: WordPress plugin
CVE-2022-45806
RESERVED
-CVE-2022-45805
- RESERVED
+CVE-2022-45805 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45803
@@ -66270,8 +66321,8 @@ CVE-2022-44570 (A denial of service vulnerability in the Range header parsing co
NOTE: https://github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (v2.0.9.2)
NOTE: https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437 (v2.1.4.2)
NOTE: https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1 (v2.2.6.2)
-CVE-2022-44569
- RESERVED
+CVE-2022-44569 (A locally authenticated attacker with low privileges can bypass authen ...)
+ TODO: check
CVE-2022-44568
RESERVED
CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.1 ...)
@@ -70632,10 +70683,10 @@ CVE-2022-43557 (The BD BodyGuard\u2122 infusion pumps specified allow for access
NOT-FOR-US: BD BodyGuard
CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
NOT-FOR-US: Concrete CMS
-CVE-2022-43555
- RESERVED
-CVE-2022-43554
- RESERVED
+CVE-2022-43555 (Ivanti Avalanche Printer Device Service Missing Authentication Local P ...)
+ TODO: check
+CVE-2022-43554 (Ivanti Avalanche Smart Device Service Missing Authentication Local Pri ...)
+ TODO: check
CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2.0.9-ho ...)
NOT-FOR-US: EdgeRouters
CVE-2022-43552 (A use after free vulnerability exists in curl <7.87.0. Curl can be ask ...)
@@ -79555,8 +79606,7 @@ CVE-2022-38975 (DOM-based cross-site scripting vulnerability in EC-CUBE 4 series
NOT-FOR-US: EC-CUBE
CVE-2022-37346 (EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 cont ...)
NOT-FOR-US: EC-CUBE
-CVE-2022-3172
- RESERVED
+CVE-2022-3172 (A security issue was discovered in kube-apiserver that allows an aggr ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
@@ -99778,6 +99828,7 @@ CVE-2022-32935 (A lock screen issue was addressed with improved state management
CVE-2022-32934 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2022-32933 [A website may be able to track the websites a user visited in Safari private browsing mode]
+ {DSA-5241-1 DSA-5240-1}
- webkit2gtk 2.38.0-1
- wpewebkit 2.38.0-1
CVE-2022-32932 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -99810,6 +99861,7 @@ CVE-2022-32921
CVE-2022-32920 (The issue was addressed with improved checks. This issue is fixed in X ...)
NOT-FOR-US: Apple Xcode
CVE-2022-32919 [Visiting a website that frames malicious content may lead to UI spoofing]
+ {DSA-5341-1 DSA-5340-1}
- webkit2gtk 2.38.4-1
- wpewebkit 2.38.4-1
CVE-2022-32918 (This issue was addressed with improved data protection. This issue is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1f85b1ad77a6d7f6861fd07ff632e1492678ec4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1f85b1ad77a6d7f6861fd07ff632e1492678ec4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231103/9601eb6e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list