[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 16 21:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f4831df by security tracker role at 2023-10-16T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,212 @@
-CVE-2023-43668
+CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
+ TODO: check
+CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...)
+ TODO: check
+CVE-2023-5561 (The Popup Builder WordPress plugin through 4.1.15 does not sanitise an ...)
+ TODO: check
+CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as sending e-ma ...)
+ TODO: check
+CVE-2023-5421 (An attacker who is logged into OTRS as an user with privileges to crea ...)
+ TODO: check
+CVE-2023-5177 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the ...)
+ TODO: check
+CVE-2023-5167 (The User Activity Log Pro WordPress plugin before 2.3.4 does not prope ...)
+ TODO: check
+CVE-2023-5133 (This user-activity-log-pro WordPress plugin before 2.3.4 retrieves cli ...)
+ TODO: check
+CVE-2023-5089 (The Defender Security WordPress plugin before 4.1.0 does not prevent r ...)
+ TODO: check
+CVE-2023-5087 (The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prev ...)
+ TODO: check
+CVE-2023-5057 (The ActivityPub WordPress plugin before 1.0.0 does not escape user met ...)
+ TODO: check
+CVE-2023-5003 (The Active Directory Integration / LDAP Integration WordPress plugin b ...)
+ TODO: check
+CVE-2023-4971 (The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserial ...)
+ TODO: check
+CVE-2023-4950 (The Interactive Contact Form and Multi Step Form Builder WordPress plu ...)
+ TODO: check
+CVE-2023-4933 (The WP Job Openings WordPress plugin before 3.4.3 does not block listi ...)
+ TODO: check
+CVE-2023-4862 (The File Manager Pro WordPress plugin before 1.8.1 does not adequately ...)
+ TODO: check
+CVE-2023-4861 (The File Manager Pro WordPress plugin before 1.8.1 allows admin users ...)
+ TODO: check
+CVE-2023-4834 (In Red Lion EuropembCONNECT24 and mymbCONNECT24 and Helmholz myREX24 a ...)
+ TODO: check
+CVE-2023-4827 (The File Manager Pro WordPress plugin before 1.8 does not properly che ...)
+ TODO: check
+CVE-2023-4822 (The vulnerability impacts instances with several organizations, and al ...)
+ TODO: check
+CVE-2023-4821 (The Drag and Drop Multiple File Upload for WooCommerce WordPress plugi ...)
+ TODO: check
+CVE-2023-4820 (The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11 ...)
+ TODO: check
+CVE-2023-4819 (The Shared Files WordPress plugin before 1.7.6 does not return the rig ...)
+ TODO: check
+CVE-2023-4811 (The WordPress File Upload WordPress plugin before 4.23.3 does not sani ...)
+ TODO: check
+CVE-2023-4805 (The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and esca ...)
+ TODO: check
+CVE-2023-4800 (The DoLogin Security WordPress plugin before 3.7.1 does not restrict t ...)
+ TODO: check
+CVE-2023-4798 (The User Avatar WordPress plugin before 1.2.2 does not properly saniti ...)
+ TODO: check
+CVE-2023-4795 (The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does no ...)
+ TODO: check
+CVE-2023-4783 (The Magee Shortcodes WordPress plugin through 2.1.1 does not validate ...)
+ TODO: check
+CVE-2023-4776 (The School Management System WordPress plugin before 2.2.5 uses the Wo ...)
+ TODO: check
+CVE-2023-4725 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitis ...)
+ TODO: check
+CVE-2023-4691 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...)
+ TODO: check
+CVE-2023-4687 (The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prev ...)
+ TODO: check
+CVE-2023-4666 (The Form Maker by 10Web WordPress plugin before 1.15.20 does not valid ...)
+ TODO: check
+CVE-2023-4646 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not validat ...)
+ TODO: check
+CVE-2023-4643 (The Enable Media Replace WordPress plugin before 4.1.3 unserializes us ...)
+ TODO: check
+CVE-2023-4620 (The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize ...)
+ TODO: check
+CVE-2023-4457 (Grafana is an open-source platform for monitoring and observability. ...)
+ TODO: check
+CVE-2023-4388 (The EventON WordPress plugin before 2.2 does not sanitise and escape s ...)
+ TODO: check
+CVE-2023-4290 (The WP Matterport Shortcode WordPress plugin before 2.1.7 does not esc ...)
+ TODO: check
+CVE-2023-4289 (The WP Matterport Shortcode WordPress plugin before 2.1.8 does not val ...)
+ TODO: check
+CVE-2023-46087 (Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit T ...)
+ TODO: check
+CVE-2023-46066 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Cod ...)
+ TODO: check
+CVE-2023-45985 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...)
+ TODO: check
+CVE-2023-45984 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...)
+ TODO: check
+CVE-2023-45836 (Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxo ...)
+ TODO: check
+CVE-2023-45831 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin ...)
+ TODO: check
+CVE-2023-45763 (Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <=2. ...)
+ TODO: check
+CVE-2023-45753 (Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which ...)
+ TODO: check
+CVE-2023-45752 (Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gal ...)
+ TODO: check
+CVE-2023-45749 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenk ...)
+ TODO: check
+CVE-2023-45748 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp ...)
+ TODO: check
+CVE-2023-45690 (Default file permissions on South River Technologies' Titan MFT and Ti ...)
+ TODO: check
+CVE-2023-45689 (Lack of sufficient path validation in South River Technologies' Titan ...)
+ TODO: check
+CVE-2023-45688 (Lack of sufficient path validation in South River Technologies' Titan ...)
+ TODO: check
+CVE-2023-45687 (A session fixation vulnerability in South River Technologies' Titan MF ...)
+ TODO: check
+CVE-2023-45686 (Insufficient path validation when writing a file via WebDAV in South R ...)
+ TODO: check
+CVE-2023-45685 (Insufficient path validation when extracting a zip archive in South Ri ...)
+ TODO: check
+CVE-2023-45683 (github.com/crewjam/saml is a saml library for the go language. In affe ...)
+ TODO: check
+CVE-2023-45669 (WebAuthn4J Spring Security provides Web Authentication specification s ...)
+ TODO: check
+CVE-2023-45660 (Nextcloud mail is an email app for the Nextcloud home server platform. ...)
+ TODO: check
+CVE-2023-45656 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Lo ...)
+ TODO: check
+CVE-2023-45655 (Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixField ...)
+ TODO: check
+CVE-2023-45654 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...)
+ TODO: check
+CVE-2023-45653 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Vid ...)
+ TODO: check
+CVE-2023-45651 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Att ...)
+ TODO: check
+CVE-2023-45650 (Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 ...)
+ TODO: check
+CVE-2023-45647 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant ...)
+ TODO: check
+CVE-2023-45645 (Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Str ...)
+ TODO: check
+CVE-2023-45643 (Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT ...)
+ TODO: check
+CVE-2023-45642 (Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pix ...)
+ TODO: check
+CVE-2023-45641 (Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Co ...)
+ TODO: check
+CVE-2023-45639 (Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort Search ...)
+ TODO: check
+CVE-2023-45638 (Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gatew ...)
+ TODO: check
+CVE-2023-45629 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery \u ...)
+ TODO: check
+CVE-2023-45606 (Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs p ...)
+ TODO: check
+CVE-2023-45605 (Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke F ...)
+ TODO: check
+CVE-2023-45274 (Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse ...)
+ TODO: check
+CVE-2023-45273 (Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout ...)
+ TODO: check
+CVE-2023-45151 (Nextcloud server is an open source home cloud platform. Affected versi ...)
+ TODO: check
+CVE-2023-45150 (Nextcloud calendar is a calendar app for the Nextcloud server platform ...)
+ TODO: check
+CVE-2023-45149 (Nextcloud talk is a chat module for the Nextcloud server platform. In ...)
+ TODO: check
+CVE-2023-45148 (Nextcloud is an open source home cloud server. When Memcached is used ...)
+ TODO: check
+CVE-2023-44987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Time ...)
+ TODO: check
+CVE-2023-44986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tych ...)
+ TODO: check
+CVE-2023-44985 (Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2023-44984 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-44229 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
+CVE-2023-43121 (A Directory Traversal vulnerability discovered in Chalet application i ...)
+ TODO: check
+CVE-2023-43120 (An issue discovered in Extreme Networks Switch Engine (EXOS) before 32 ...)
+ TODO: check
+CVE-2023-43119 (An Access Control issue discovered in Extreme Networks Switch Engine ( ...)
+ TODO: check
+CVE-2023-43118 (Cross Site Request Forgery (CSRF) vulnerability in Chalet application ...)
+ TODO: check
+CVE-2023-40180 (silverstripe-graphql is a package which serves Silverstripe data in Gr ...)
+ TODO: check
+CVE-2023-3991 (An OS command injection vulnerability exists in the httpd iperfrun.cgi ...)
+ TODO: check
+CVE-2023-3746 (The ActivityPub WordPress plugin before 1.0.0 does not sanitize and es ...)
+ TODO: check
+CVE-2023-3707 (The ActivityPub WordPress plugin before 1.0.0 does not ensure that pos ...)
+ TODO: check
+CVE-2023-3706 (The ActivityPub WordPress plugin before 1.0.0 does not ensure that pos ...)
+ TODO: check
+CVE-2023-3392 (The Read More & Accordion WordPress plugin before 3.2.7 unserializes u ...)
+ TODO: check
+CVE-2023-3279 (The WordPress Gallery Plugin WordPress plugin before 3.39 does not val ...)
+ TODO: check
+CVE-2023-3155 (The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerabl ...)
+ TODO: check
+CVE-2023-3154 (The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerabl ...)
+ TODO: check
+CVE-2023-38059 (The loading of external images is not blocked, even if configured, if ...)
+ TODO: check
+CVE-2023-43668 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...)
NOT-FOR-US: Apache InLong
-CVE-2023-43667
+CVE-2023-43667 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Apache InLong
-CVE-2023-43666
+CVE-2023-43666 (Insufficient Verification of Data Authenticity vulnerability in Apache ...)
NOT-FOR-US: Apache InLong
CVE-2023-5591 (SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.)
TODO: check
@@ -306,7 +510,7 @@ CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of third-party packages
CVE-2023-45138 (Change Request is an pplication allowing users to request changes on a ...)
NOT-FOR-US: XWiki addon
CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior ...)
- {DLA-3618-1}
+ {DSA-5528-1 DLA-3618-1}
- node-babel <removed>
- node-babel7 7.20.15+ds1+~cs214.269.168-5 (bug #1053880)
NOTE: github.com: https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
@@ -1155,7 +1359,7 @@ CVE-2023-3961 [smbd allows client access to unix domain sockets on the file syst
NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
NOTE: In scope for continued Samba support
CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...)
- {DSA-5522-1 DSA-5521-1 DLA-3617-1}
+ {DSA-5522-1 DSA-5521-1 DLA-3621-1 DLA-3617-1}
- tomcat9 9.0.70-2
- tomcat10 10.1.14-1
- trafficserver <unfixed> (bug #1053801)
@@ -26134,8 +26338,8 @@ CVE-2023-29486
RESERVED
CVE-2023-29485
RESERVED
-CVE-2023-29484
- RESERVED
+CVE-2023-29484 (In Terminalfour before 8.3.16, misconfigured LDAP users are able to lo ...)
+ TODO: check
CVE-2023-29483
RESERVED
CVE-2023-29482
@@ -30446,7 +30650,7 @@ CVE-2023-1402 (The course participation report required additional checks to pre
- moodle <removed>
CVE-2023-1401 (An issue has been discovered in GitLab DAST scanner affecting all vers ...)
NOT-FOR-US: GitLab DAST scanner
-CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin through 5.16.2 does n ...)
+CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted d ...)
NOT-FOR-US: N6854A Geolocation Server
@@ -65523,8 +65727,8 @@ CVE-2023-20200 (A vulnerability in the Simple Network Management Protocol (SNMP)
NOT-FOR-US: Cisco
CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS could ...)
NOT-FOR-US: Cisco
-CVE-2023-20198
- RESERVED
+CVE-2023-20198 (Cisco is aware of active exploitation of a previously unknown vulnerab ...)
+ TODO: check
CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...)
{DLA-3544-1}
- clamav 1.0.2+dfsg-1 (bug #1050057)
@@ -84995,11 +85199,13 @@ CVE-2022-37052 (A reachable Object::getString assertion in Poppler 22.07.0 allow
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c (poppler-22.08.0)
CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a reachable abort ...)
+ {DLA-3620-1}
- poppler 22.08.0-2
[bullseye] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b (poppler-22.08.0)
CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers t ...)
+ {DLA-3620-1}
- poppler 22.08.0-2
[bullseye] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274
@@ -224252,6 +224458,7 @@ CVE-2020-23806
CVE-2020-23805
RESERVED
CVE-2020-23804 (Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allow ...)
+ {DLA-3620-1}
- poppler 20.09.0-1
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/936
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ec8a43c8df29fdd6f1228276160898ccd9401c92 (poppler-20.08.0)
@@ -255644,7 +255851,7 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would al
CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vulnerabil ...)
- osquery <itp> (bug #803502)
CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
- {DSA-4696-1 DLA-2786-1}
+ {DSA-4696-1 DLA-3621-1 DLA-2786-1}
- nghttp2 1.41.0-1
- nodejs 10.21.0~dfsg-1 (bug #962145)
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4831df97c063995e7f6c36d4c93df823957f03
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f4831df97c063995e7f6c36d4c93df823957f03
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231016/61d80ead/attachment.htm>
More information about the debian-security-tracker-commits
mailing list