[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 27 20:23:48 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d3813e2 by security tracker role at 2023-11-27T20:23:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,122 @@
-CVE-2023-43701
+CVE-2023-6329 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
+ TODO: check
+CVE-2023-6287 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...)
+ TODO: check
+CVE-2023-6254 (A Vulnerability in OTRS AgentInterface and ExternalInterface allows th ...)
+ TODO: check
+CVE-2023-6202 (Mattermost fails to perform proper authorization in the /plugins/focal ...)
+ TODO: check
+CVE-2023-5974 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to server ...)
+ TODO: check
+CVE-2023-5958 (The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape ema ...)
+ TODO: check
+CVE-2023-5942 (The Medialist WordPress plugin before 1.4.1 does not validate and esca ...)
+ TODO: check
+CVE-2023-5906 (The Job Manager & Career WordPress plugin before 1.4.4 contains a vuln ...)
+ TODO: check
+CVE-2023-5845 (The Simple Social Media Share Buttons WordPress plugin before 5.1.1 le ...)
+ TODO: check
+CVE-2023-5738 (The WordPress Backup & Migration WordPress plugin before 1.4.4 does no ...)
+ TODO: check
+CVE-2023-5737 (The WordPress Backup & Migration WordPress plugin before 1.4.4 does no ...)
+ TODO: check
+CVE-2023-5653 (The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does n ...)
+ TODO: check
+CVE-2023-5641 (The Martins Free & Easy SEO BackLink Link Building Network WordPress p ...)
+ TODO: check
+CVE-2023-5620 (The Web Push Notifications WordPress plugin before 4.35.0 does not pre ...)
+ TODO: check
+CVE-2023-5611 (The Seraphinite Accelerator WordPress plugin before 2.20.32 does not h ...)
+ TODO: check
+CVE-2023-5607 (An improper limitation of a path name to a restricted directory (path ...)
+ TODO: check
+CVE-2023-5604 (The Asgaros Forum WordPress plugin before 2.7.1 allows forum administr ...)
+ TODO: check
+CVE-2023-5560 (The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and ...)
+ TODO: check
+CVE-2023-5559 (The 10Web Booster WordPress plugin before 2.24.18 does not validate th ...)
+ TODO: check
+CVE-2023-5525 (The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is m ...)
+ TODO: check
+CVE-2023-5325 (The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does no ...)
+ TODO: check
+CVE-2023-5239 (The Security & Malware scan by CleanTalk WordPress plugin before 2.121 ...)
+ TODO: check
+CVE-2023-5209 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...)
+ TODO: check
+CVE-2023-4931 (Uncontrolled search path element vulnerability in Plesk Installer affe ...)
+ TODO: check
+CVE-2023-4922 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to a loca ...)
+ TODO: check
+CVE-2023-4642 (The kk Star Ratings WordPress plugin before 5.4.6 does not implement a ...)
+ TODO: check
+CVE-2023-4590 (Buffer overflow vulnerability in Frhed hex editor, affecting version 1 ...)
+ TODO: check
+CVE-2023-4514 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...)
+ TODO: check
+CVE-2023-4297 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...)
+ TODO: check
+CVE-2023-4252 (The EventPrime WordPress plugin through 3.2.9 specifies the price of a ...)
+ TODO: check
+CVE-2023-49316 (In Math/BinaryField.php in phpseclib before 3.0.34, excessively large ...)
+ TODO: check
+CVE-2023-49047 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parame ...)
+ TODO: check
+CVE-2023-49046 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...)
+ TODO: check
+CVE-2023-49043 (Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remot ...)
+ TODO: check
+CVE-2023-49042 (Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...)
+ TODO: check
+CVE-2023-49040 (An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute ...)
+ TODO: check
+CVE-2023-49029 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and ...)
+ TODO: check
+CVE-2023-49028 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and ...)
+ TODO: check
+CVE-2023-48369 (Mattermost fails to limit the log size of server logs allowing an atta ...)
+ TODO: check
+CVE-2023-48268 (Mattermost fails tolimit the amount of data extracted from compressed ...)
+ TODO: check
+CVE-2023-47865 (Mattermost fails to check if hardened mode is enabled when overriding ...)
+ TODO: check
+CVE-2023-47168 (Mattermost fails to properly check a redirect URL parameter allowing f ...)
+ TODO: check
+CVE-2023-45223 (Mattermost fails to properly validate the "Show Full Name" option in a ...)
+ TODO: check
+CVE-2023-43754 (Mattermost fails to check whether the \u201cAllow users to view archiv ...)
+ TODO: check
+CVE-2023-42000 (Arcserve UDP prior to 9.2 contains a path traversal vulnerability in c ...)
+ TODO: check
+CVE-2023-41999 (An authentication bypass exists in Arcserve UDP prior to version 9.2. ...)
+ TODO: check
+CVE-2023-41998 (Arcserve UDP prior to 9.2 contained a vulnerability in thecom.ca.arcfl ...)
+ TODO: check
+CVE-2023-41257 (A type confusion vulnerability exists in the way Foxit Reader 12.1.2.1 ...)
+ TODO: check
+CVE-2023-40703 (Mattermost fails to properly limit the characters allowed in different ...)
+ TODO: check
+CVE-2023-40194 (An arbitrary file creation vulnerability exists in the Javascript expo ...)
+ TODO: check
+CVE-2023-39542 (A code execution vulnerability exists in the Javascript saveAs API of ...)
+ TODO: check
+CVE-2023-38573 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...)
+ TODO: check
+CVE-2023-35985 (An arbitrary file creation vulnerability exists in the Javascript expo ...)
+ TODO: check
+CVE-2023-35075 (Mattermost fails to use innerText /textContentwhen setting the channel ...)
+ TODO: check
+CVE-2023-32616 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...)
+ TODO: check
+CVE-2023-31275 (An uninitialized pointer use vulnerability exists in the functionality ...)
+ TODO: check
+CVE-2023-2707 (The gAppointments WordPress plugin through 1.9.5.1 does not sanitise a ...)
+ TODO: check
+CVE-2023-43701 (Improper payload validation and an improper REST API response type, ma ...)
NOT-FOR-US: Apache Superset
-CVE-2023-42501
+CVE-2023-42501 (Unnecessary read permissions within the Gamma role would allow authent ...)
NOT-FOR-US: Apache Superset
-CVE-2023-40610
+CVE-2023-40610 (Improper authorization check and possible privilege escalation on Apac ...)
NOT-FOR-US: Apache Superset
CVE-2023-6313 (A vulnerability was found in SourceCodester URL Shortener 1.0. It has ...)
NOT-FOR-US: SourceCodester URL Shortener
@@ -96,7 +210,7 @@ CVE-2023-46575 (A SQL injection vulnerability in Meshery before 0.6.179 allows a
NOT-FOR-US: Meshery
CVE-2023-38914
REJECTED
-CVE-2023-49068
+CVE-2023-49068 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Apache DolphinScheduler
CVE-2023-49216 (Usedesk before 1.7.57 allows profile stored XSS.)
NOT-FOR-US: Usedesk
@@ -4661,6 +4775,7 @@ CVE-2023-46345 (Catdoc v0.95 was discovered to contain a NULL pointer dereferenc
- catdoc <unfixed> (unimportant)
NOTE: Crash in CLI tool, no security impact
CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior to versio ...)
+ {DLA-3669-1}
- cryptojs 3.1.2+dfsg-4 (bug #1055525)
NOTE: https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf
NOTE: https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a (4.2.0)
@@ -6498,6 +6613,7 @@ CVE-2023-43658 (dicourse-calendar is a plugin for the Discourse messaging platfo
CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the Export for T ...)
NOT-FOR-US: Liferay Portal
CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
+ {DSA-5568-1}
- fastdds 2.11.2+ds-6 (bug #1054163)
[bullseye] - fastdds <not-affected> (Vulnerable code not present)
NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm
@@ -9613,7 +9729,7 @@ CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain
NOT-FOR-US: Dell
CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output error backt ...)
- drupal7 <removed>
-CVE-2023-5871 [generator: Fix assertion in ext-mode BLOCK_STATUS]
+CVE-2023-5871 (A flaw was found in libnbd, due to a malicious Network Block Device (N ...)
- libnbd 1.18.1-1 (bug #1055170)
[bookworm] - libnbd <not-affected> (Vulnerable code not present)
[bullseye] - libnbd <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3813e259c65cb8ff1ac1a057bd7e64fb8e0cd4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3813e259c65cb8ff1ac1a057bd7e64fb8e0cd4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231127/f510ef3e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list