[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 22 20:12:18 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
80ada004 by security tracker role at 2023-11-22T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,190 @@
-CVE-2023-37924
+CVE-2023-6265 (Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory tr ...)
+ TODO: check
+CVE-2023-6264 (Information leak in Content-Security-Policy header in Devolutions Serv ...)
+ TODO: check
+CVE-2023-6263 (An issue was discovered in Network Optix NxCloud before 23.1.0.40440.I ...)
+ TODO: check
+CVE-2023-6253 (A saved encryption key in the Uninstaller in Digital Guardian's Agent ...)
+ TODO: check
+CVE-2023-6252 (Path traversal vulnerability in Chalemelon Power framework, affecting ...)
+ TODO: check
+CVE-2023-6189 (Missing access permissions checks inthe M-Files serverbefore 23.11.1 ...)
+ TODO: check
+CVE-2023-6164 (The MainWP Dashboard \u2013 WordPress Manager for Multiple Websites M ...)
+ TODO: check
+CVE-2023-6160 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for Wor ...)
+ TODO: check
+CVE-2023-6157 (Improper neutralization of livestatus command delimiters in ajax_searc ...)
+ TODO: check
+CVE-2023-6156 (Improper neutralization of livestatus command delimiters in the availa ...)
+ TODO: check
+CVE-2023-6117 (A possibility of unwanted server memory consumption was detected throu ...)
+ TODO: check
+CVE-2023-6011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-6009 (The UserPro plugin for WordPress is vulnerable to privilege escalation ...)
+ TODO: check
+CVE-2023-6008 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2023-5983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-5921 (Improper Enforcement of Behavioral Workflow vulnerability in DECE Soft ...)
+ TODO: check
+CVE-2023-5822 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin for Wor ...)
+ TODO: check
+CVE-2023-5815 (The News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blo ...)
+ TODO: check
+CVE-2023-5742 (The EasyRotator for WordPress plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2023-5715 (The Website Optimization \u2013 Plerdy plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-5708 (The WP Post Columns plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-5706 (The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-5704 (The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2023-5667 (The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2023-5664 (The Garden Gnome Package plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5662 (The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2023-5537 (The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2023-5469 (The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2023-5466 (The Wp anything slider plugin for WordPress is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2023-5465 (The Popup with fancybox plugin for WordPress is vulnerable to SQL Inje ...)
+ TODO: check
+CVE-2023-5419 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5417 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5416 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5415 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5411 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5387 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5386 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5385 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5383 (The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2023-5382 (The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2023-5338 (The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5314 (The WP EXtra plugin for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2023-5234 (The Related Products for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2023-5163 (The Weather Atlas Widget plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5128 (The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-5096 (The HTML filter and csv-file search plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-5048 (The WDContactFormBuilder plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2023-5047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4726 (The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2023-4686 (The WP Customer Reviews plugin for WordPress is vulnerable to Sensitiv ...)
+ TODO: check
+CVE-2023-48705 (Nautobot is a Network Source of Truth and Network Automation Platform ...)
+ TODO: check
+CVE-2023-48646 (Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users ...)
+ TODO: check
+CVE-2023-48106 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an ...)
+ TODO: check
+CVE-2023-47825 (Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra pl ...)
+ TODO: check
+CVE-2023-47824 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages \ ...)
+ TODO: check
+CVE-2023-47819 (Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy ...)
+ TODO: check
+CVE-2023-47792 (Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Bi ...)
+ TODO: check
+CVE-2023-47791 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=1 ...)
+ TODO: check
+CVE-2023-47785 (Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin ...)
+ TODO: check
+CVE-2023-47781 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thriv ...)
+ TODO: check
+CVE-2023-47775 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comme ...)
+ TODO: check
+CVE-2023-47765 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's ...)
+ TODO: check
+CVE-2023-47759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47758 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi ...)
+ TODO: check
+CVE-2023-47755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47467 (Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remot ...)
+ TODO: check
+CVE-2023-47380 (Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2023-47350 (SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to ...)
+ TODO: check
+CVE-2023-47316 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...)
+ TODO: check
+CVE-2023-47315 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...)
+ TODO: check
+CVE-2023-47314 (Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (X ...)
+ TODO: check
+CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal.)
+ TODO: check
+CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...)
+ TODO: check
+CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a ...)
+ TODO: check
+CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, b ...)
+ TODO: check
+CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester St ...)
+ TODO: check
+CVE-2023-46673 (It was identified that malformed scripts used in the script processor ...)
+ TODO: check
+CVE-2023-46357 (In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 f ...)
+ TODO: check
+CVE-2023-45377 (In the module "Chronopost Official" (chronopost) for PrestaShop, a gue ...)
+ TODO: check
+CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability i ...)
+ TODO: check
+CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior, contains a ...)
+ TODO: check
+CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local user is ...)
+ TODO: check
+CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which could a ...)
+ TODO: check
+CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Com ...)
+ TODO: check
+CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-2841 (The Advanced Local Pickup for WooCommerce plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2023-2497 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2023-2449 (The UserPro plugin for WordPress is vulnerable to unauthorized passwor ...)
+ TODO: check
+CVE-2023-2448 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2023-2440 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2023-2438 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2023-2437 (The UserPro plugin for WordPress is vulnerable to authentication bypas ...)
+ TODO: check
+CVE-2023-37924 (Apache Software Foundation Apache Submarine has an SQL injection vulne ...)
NOT-FOR-US: Apache Submarine
CVE-2023-6248 (The Syrus4 IoT gateway utilizes an unsecured MQTT server to download a ...)
NOT-FOR-US: Syrus4 IoT gateway
@@ -87,7 +273,8 @@ CVE-2023-6228 [heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c]
CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs showed e ...)
- firefox 120.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213
-CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox 115.4, and Thunderb ...)
+CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thun ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- tunderbird <unfixed>
@@ -101,6 +288,7 @@ CVE-2023-6210 (When an https: web page created a pop-up from a "javascript:" URL
- firefox 120.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6210
CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly parsed, and ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -108,6 +296,7 @@ CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly parsed
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6209
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6209
CVE-2023-6208 (When using X11, text selected by the page using the Selection API was ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -115,6 +304,7 @@ CVE-2023-6208 (When using X11, text selected by the page using the Selection API
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6208
CVE-2023-6207 (Ownership mismanagement led to a use-after-free in ReadableByteStreams ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -122,6 +312,7 @@ CVE-2023-6207 (Ownership mismanagement led to a use-after-free in ReadableByteSt
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6207
CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the length ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -129,6 +320,7 @@ CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the l
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206
CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had already ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -136,6 +328,7 @@ CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had al
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205
CVE-2023-6204 (On some systems\u2014depending on the graphics settings and drivers\u2 ...)
+ {DSA-5561-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird <unfixed>
@@ -824,7 +1017,7 @@ CVE-2023-47674 (Missing authentication for critical function vulnerability in Fi
NOT-FOR-US: First Corporation
CVE-2023-47638
REJECTED
-CVE-2023-43887
+CVE-2023-43887 (Libde265 v1.0.12 was discovered to contain multiple buffer overflows v ...)
- libde265 1.0.13-1
NOTE: https://github.com/strukturag/libde265/issues/418
NOTE: https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133 (v1.0.13)
@@ -924,6 +1117,7 @@ CVE-2023-5985 (A CWE-79 Improper Neutralization of Input During Web Page Generat
CVE-2023-5984 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...)
NOT-FOR-US: Schneider Electric
CVE-2023-5981 [ttiming side-channel inside RSA-PSK key exchange]
+ {DLA-3660-1}
- gnutls28 <unfixed> (bug #1056188)
[bookworm] - gnutls28 <no-dsa> (Minor issue; can be fixed via point release)
[bullseye] - gnutls28 <no-dsa> (Minor issue; can be fixed via point release)
@@ -4731,7 +4925,8 @@ CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary comm ...)
NOT-FOR-US: SeaCMS
-CVE-2023-45960 (An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a r ...)
+CVE-2023-45960
+ REJECTED
- dom4j <unfixed> (unimportant)
NOTE: https://github.com/dom4j/dom4j/issues/171
NOTE: Not considered as a vulnerability by upstream:
@@ -8092,7 +8287,7 @@ CVE-2023-43983 (Presto Changeo attributegrid up to 2.0.3 was discovered to conta
NOT-FOR-US: Presto Changeo attributegrid
CVE-2023-43981 (Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a ...)
NOT-FOR-US: Presto Changeo testsitecreator
-CVE-2023-43284 (An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firm ...)
+CVE-2023-43284 (D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail ...)
NOT-FOR-US: D-Link
CVE-2023-43260 (Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovere ...)
NOT-FOR-US: Milesight
@@ -30345,8 +30540,8 @@ CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Co
NOT-FOR-US: WordPress Plugin
CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Ch ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30496
- RESERVED
+CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-30495
RESERVED
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
@@ -35495,12 +35690,12 @@ CVE-2023-28751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28749
- RESERVED
+CVE-2023-28749 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSoluti ...)
+ TODO: check
CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28747
- RESERVED
+CVE-2023-28747 (Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Curren ...)
+ TODO: check
CVE-2023-28735
RESERVED
CVE-2023-28734
@@ -39338,8 +39533,8 @@ CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1 on Drupa
NOT-FOR-US: Email Registration
CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file ...)
NOT-FOR-US: Shingo Intrepidity
-CVE-2023-27633
- RESERVED
+CVE-2023-27633 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customif ...)
+ TODO: check
CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Praye ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -39913,28 +40108,28 @@ CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All v
NOT-FOR-US: RUGGEDCOM CROSSBOW
CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
NOT-FOR-US: RUGGEDCOM CROSSBOW
-CVE-2023-27461
- RESERVED
+CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When ...)
+ TODO: check
CVE-2023-27460
RESERVED
CVE-2023-27459
RESERVED
-CVE-2023-27458
- RESERVED
-CVE-2023-27457
- RESERVED
+CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...)
+ TODO: check
+CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains A ...)
+ TODO: check
CVE-2023-27456
RESERVED
CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Mar ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27454
RESERVED
-CVE-2023-27453
- RESERVED
+CVE-2023-27453 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...)
+ TODO: check
CVE-2023-27452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow- ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27451
- RESERVED
+CVE-2023-27451 (Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Inst ...)
+ TODO: check
CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27449
@@ -39943,16 +40138,16 @@ CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories T
NOT-FOR-US: WordPress plugin
CVE-2023-27447
RESERVED
-CVE-2023-27446
- RESERVED
+CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...)
+ TODO: check
CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Flo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27444
- RESERVED
+CVE-2023-27444 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / Per ...)
+ TODO: check
CVE-2023-27443 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27442
- RESERVED
+CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social ...)
+ TODO: check
CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27440
@@ -42195,8 +42390,8 @@ CVE-2019-25105 (A vulnerability, which was classified as problematic, was found
NOT-FOR-US: dro.pm
CVE-2023-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevit ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26542
- RESERVED
+CVE-2023-26542 (Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() W ...)
+ TODO: check
CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26540
@@ -42209,14 +42404,14 @@ CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26535
- RESERVED
+CVE-2023-26535 (Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP ...)
+ TODO: check
CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneW ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26533
RESERVED
-CVE-2023-26532
- RESERVED
+CVE-2023-26532 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes ...)
+ TODO: check
CVE-2023-26531 (Cross-Site Request Forgery (CSRF) vulnerability in \u95ea\u7535\u535a ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26530 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Keh ...)
@@ -43859,10 +44054,10 @@ CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Im
NOT-FOR-US: WordPress plugin
CVE-2023-25988
RESERVED
-CVE-2023-25987
- RESERVED
-CVE-2023-25986
- RESERVED
+CVE-2023-25987 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uro\u016 ...)
+ TODO: check
+CVE-2023-25986 (Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen \ ...)
+ TODO: check
CVE-2023-25985 (Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...)
@@ -45043,8 +45238,8 @@ CVE-2023-25684 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1
NOT-FOR-US: IBM
CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW ...)
NOT-FOR-US: IBM
-CVE-2023-25682
- RESERVED
+CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...)
+ TODO: check
CVE-2023-25681
RESERVED
CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to ...)
@@ -49438,7 +49633,7 @@ CVE-2023-24231 (A stored cross-site scripting (XSS) vulnerability in the compone
NOT-FOR-US: Inventory Management System
CVE-2023-24230 (A stored cross-site scripting (XSS) vulnerability in the component /fo ...)
NOT-FOR-US: Formwork
-CVE-2023-24229 (DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injecti ...)
+CVE-2023-24229 (DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with netwo ...)
NOT-FOR-US: DrayTek Vigor2960
CVE-2023-24228
RESERVED
@@ -72064,10 +72259,10 @@ CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of Cisc
NOT-FOR-US: Cisco
CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2023-20241
- RESERVED
-CVE-2023-20240
- RESERVED
+CVE-2023-20241 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...)
+ TODO: check
+CVE-2023-20240 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...)
+ TODO: check
CVE-2023-20239
RESERVED
CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...)
@@ -72386,8 +72581,8 @@ CVE-2023-20086 (A vulnerability in ICMPv6 processing of Cisco Adaptive Security
NOT-FOR-US: Cisco
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
-CVE-2023-20084
- RESERVED
+CVE-2023-20084 (A vulnerability in the endpoint software of Cisco Secure Endpoint for ...)
+ TODO: check
CVE-2023-20083 (A vulnerability in ICMPv6 inspection when configured with the Snort 2 ...)
NOT-FOR-US: Cisco
CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Serie ...)
@@ -92434,8 +92629,8 @@ CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Rou
NOT-FOR-US: PROSCEND
CVE-2022-36778 (insert HTML / js code inside input how to get to the vulnerable input ...)
NOT-FOR-US: Synel - eHarmony
-CVE-2022-36777
- RESERVED
+CVE-2022-36777 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...)
+ TODO: check
CVE-2022-36776 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerabl ...)
NOT-FOR-US: IBM
CVE-2022-36775 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and ...)
@@ -248309,7 +248504,7 @@ CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow
NOT-FOR-US: JetBrains YouTrack
CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...)
NOT-FOR-US: JetBrains YouTrack
-CVE-2020-15862 (Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP ...)
+CVE-2020-15862 (Net-SNMP through 5.8 has Improper Privilege Management because SNMP WR ...)
{DSA-4746-1 DLA-2299-1}
- net-snmp 5.8+dfsg-4 (bug #965166)
NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ada004be8f50ebd628d42d7f59e3089e2ef264
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/80ada004be8f50ebd628d42d7f59e3089e2ef264
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231122/8fde18b8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list