[Git][security-tracker-team/security-tracker][master] 2 commits: chromium DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Oct 17 19:33:00 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ac1fc79 by Moritz Mühlenhoff at 2023-10-17T20:31:58+02:00
chromium DSA
- - - - -
38537ba4 by Moritz Mühlenhoff at 2023-10-17T20:32:29+02:00
NFUs
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,295 +1,298 @@
CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability. ...)
- TODO: check
+ - grafana <removed>
CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensitive in ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2023-4089 (On affected Wago products an remote attacker with administrative privi ...)
- TODO: check
+ NOT-FOR-US: Wago
CVE-2023-45807 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
- TODO: check
+ NOT-FOR-US: OpenSearch
CVE-2023-45659 (Engelsystem is a shift planning system for chaos events. If a users' ...)
- TODO: check
+ NOT-FOR-US: Engelsystem
CVE-2023-45542 (Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote ...)
- TODO: check
+ NOT-FOR-US: mooSocial
CVE-2023-45540 (An issue in Jorani Leave Management System 1.0.3 allows a remote attac ...)
- TODO: check
+ NOT-FOR-US: Jorani Leave Management System
CVE-2023-45386 (In the module extratabspro before version 2.2.8 from MyPresta.eu for P ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-45375 (In the module "PireosPay" (pireospay) before version 1.7.10 from 01gen ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-45358 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored ...)
- TODO: check
+ NOT-FOR-US: Archer
CVE-2023-45357 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensiti ...)
- TODO: check
+ NOT-FOR-US: Archer
CVE-2023-45152 (Engelsystem is a shift planning system for chaos events. A Blind SSRF ...)
- TODO: check
+ NOT-FOR-US: Engelsystem
CVE-2023-45147 (Discourse is an open source community platform. In affected versions a ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-45144 (com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in buil ...)
- TODO: check
+ NOT-FOR-US: com.xwiki.identity-oauth:identity-oauth-ui
CVE-2023-45141 (Fiber is an express inspired web framework written in Go. A Cross-Site ...)
- TODO: check
+ NOT-FOR-US: Fiber
CVE-2023-45131 (Discourse is an open source platform for community discussion. New cha ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-45128 (Fiber is an express inspired web framework written in Go. A Cross-Site ...)
- TODO: check
+ NOT-FOR-US: Fiber
CVE-2023-44694 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerab ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-44693 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerab ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-44394 (MantisBT is an open source bug tracker. Due to insufficient access-lev ...)
- TODO: check
+ - mantis <removed>
CVE-2023-44391 (Discourse is an open source platform for community discussion. User su ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-44388 (Discourse is an open source platform for community discussion. A malic ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-43814 (Discourse is an open source platform for community discussion. Attacke ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-43659 (Discourse is an open source platform for community discussion. Imprope ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2023-43658 (dicourse-calendar is a plugin for the Discourse messaging platform whi ...)
- TODO: check
+ NOT-FOR-US: Discourse plugin
CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the Export for T ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
TODO: check
CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
TODO: check
CVE-2023-40852 (SQL Injection vulnerability in Phpgurukul User Registration & Login an ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul
CVE-2023-40851 (Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registrati ...)
- TODO: check
+ NOT-FOR-US: Phpgurukul
CVE-2023-40374 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-40373 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-40372 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-39456 (Improper Input Validation vulnerability in Apache Traffic Server with ...)
TODO: check
CVE-2023-38740 (IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-38728 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-38720 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-38719 (IBM Db2 11.5 could allow a local user with special privileges to cause ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-34210 (SQL Injection in create customer group function in EasyUse MailHunter ...)
- TODO: check
+ NOT-FOR-US: EasyUse MailHunter
CVE-2023-34209 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: EasyUse MailHunter
CVE-2023-34208 (Path Traversal in create template function in EasyUse MailHunter Ultim ...)
- TODO: check
+ NOT-FOR-US: EasyUse MailHunter
CVE-2023-34207 (Unrestricted upload of file with dangerous type vulnerability in creat ...)
- TODO: check
+ NOT-FOR-US: EasyUse MailHunter
CVE-2012-10016 (A vulnerability classified as problematic has been found in Halulu sim ...)
- TODO: check
+ NOT-FOR-US: Halulu
CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
TODO: check
CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...)
- TODO: check
+ NOT-FOR-US: Devolutions Server
CVE-2023-5561 (The Popup Builder WordPress plugin through 4.1.15 does not sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as sending e-ma ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2023-5421 (An attacker who is logged into OTRS as an user with privileges to crea ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2023-5177 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5167 (The User Activity Log Pro WordPress plugin before 2.3.4 does not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5133 (This user-activity-log-pro WordPress plugin before 2.3.4 retrieves cli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5089 (The Defender Security WordPress plugin before 4.1.0 does not prevent r ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5087 (The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prev ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5057 (The ActivityPub WordPress plugin before 1.0.0 does not escape user met ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5003 (The Active Directory Integration / LDAP Integration WordPress plugin b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4971 (The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserial ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4950 (The Interactive Contact Form and Multi Step Form Builder WordPress plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4933 (The WP Job Openings WordPress plugin before 3.4.3 does not block listi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4862 (The File Manager Pro WordPress plugin before 1.8.1 does not adequately ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4861 (The File Manager Pro WordPress plugin before 1.8.1 allows admin users ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4834 (In Red Lion EuropembCONNECT24 and mymbCONNECT24 and Helmholz myREX24 a ...)
- TODO: check
+ NOT-FOR-US: Red Lion
CVE-2023-4827 (The File Manager Pro WordPress plugin before 1.8 does not properly che ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4822 (The vulnerability impacts instances with several organizations, and al ...)
- TODO: check
+ - grafana <removed>
CVE-2023-4821 (The Drag and Drop Multiple File Upload for WooCommerce WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WooCommerce plugin
CVE-2023-4820 (The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4819 (The Shared Files WordPress plugin before 1.7.6 does not return the rig ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4811 (The WordPress File Upload WordPress plugin before 4.23.3 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4805 (The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4800 (The DoLogin Security WordPress plugin before 3.7.1 does not restrict t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4798 (The User Avatar WordPress plugin before 1.2.2 does not properly saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4795 (The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4783 (The Magee Shortcodes WordPress plugin through 2.1.1 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4776 (The School Management System WordPress plugin before 2.2.5 uses the Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4725 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4691 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4687 (The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prev ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4666 (The Form Maker by 10Web WordPress plugin before 1.15.20 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4646 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4643 (The Enable Media Replace WordPress plugin before 4.1.3 unserializes us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4620 (The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4457 (Grafana is an open-source platform for monitoring and observability. ...)
- TODO: check
+ - grafana <removed>
CVE-2023-4388 (The EventON WordPress plugin before 2.2 does not sanitise and escape s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4290 (The WP Matterport Shortcode WordPress plugin before 2.1.7 does not esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4289 (The WP Matterport Shortcode WordPress plugin before 2.1.8 does not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46087 (Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-46066 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Cod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45985 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-45984 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-45836 (Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45831 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45763 (Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <=2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45753 (Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45752 (Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45749 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenk ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45748 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45690 (Default file permissions on South River Technologies' Titan MFT and Ti ...)
- TODO: check
+ NOT-FOR-US: South River Technologies
CVE-2023-45689 (Lack of sufficient path validation in South River Technologies' Titan ...)
- TODO: check
+ NOT-FOR-US: South River Technologies
CVE-2023-45688 (Lack of sufficient path validation in South River Technologies' Titan ...)
- TODO: check
+ NOT-FOR-US: South River Technologies
CVE-2023-45687 (A session fixation vulnerability in South River Technologies' Titan MF ...)
- TODO: check
+ NOT-FOR-US: South River Technologies
CVE-2023-45686 (Insufficient path validation when writing a file via WebDAV in South R ...)
- TODO: check
+ NOT-FOR-US: South River Technologies
CVE-2023-45685 (Insufficient path validation when extracting a zip archive in South Ri ...)
- TODO: check
+ NOT-FOR-US: South River Technologies
CVE-2023-45683 (github.com/crewjam/saml is a saml library for the go language. In affe ...)
TODO: check
CVE-2023-45669 (WebAuthn4J Spring Security provides Web Authentication specification s ...)
- TODO: check
+ NOT-FOR-US: WebAuthn4J Spring Security
CVE-2023-45660 (Nextcloud mail is an email app for the Nextcloud home server platform. ...)
- TODO: check
+ NOT-FOR-US: Nextcloud plugin
CVE-2023-45656 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45655 (Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixField ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45654 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45653 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Vid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45651 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Att ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45650 (Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45647 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45645 (Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Str ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45643 (Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45642 (Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pix ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45641 (Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45639 (Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort Search ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45638 (Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gatew ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45629 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery \u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45606 (Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45605 (Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45274 (Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45273 (Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45151 (Nextcloud server is an open source home cloud platform. Affected versi ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-45150 (Nextcloud calendar is a calendar app for the Nextcloud server platform ...)
- TODO: check
+ NOT-FOR-US: Nextcloud plugin
CVE-2023-45149 (Nextcloud talk is a chat module for the Nextcloud server platform. In ...)
- TODO: check
+ NOT-FOR-US: Nextcloud plugin
CVE-2023-45148 (Nextcloud is an open source home cloud server. When Memcached is used ...)
- TODO: check
+ - nextcloud-server <itp> (bug #941708)
CVE-2023-44987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Time ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tych ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44985 (Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44984 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44229 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-43121 (A Directory Traversal vulnerability discovered in Chalet application i ...)
- TODO: check
+ NOT-FOR-US: Extreme Networks Switch Engine
CVE-2023-43120 (An issue discovered in Extreme Networks Switch Engine (EXOS) before 32 ...)
- TODO: check
+ NOT-FOR-US: Extreme Networks Switch Engine
CVE-2023-43119 (An Access Control issue discovered in Extreme Networks Switch Engine ( ...)
- TODO: check
+ NOT-FOR-US: Extreme Networks Switch Engine
CVE-2023-43118 (Cross Site Request Forgery (CSRF) vulnerability in Chalet application ...)
- TODO: check
+ NOT-FOR-US: Extreme Networks Switch Engine
CVE-2023-40180 (silverstripe-graphql is a package which serves Silverstripe data in Gr ...)
- TODO: check
+ NOT-FOR-US: silverstripe-graphql
CVE-2023-3991 (An OS command injection vulnerability exists in the httpd iperfrun.cgi ...)
- TODO: check
+ NOT-FOR-US: FreshTomato
CVE-2023-3746 (The ActivityPub WordPress plugin before 1.0.0 does not sanitize and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3707 (The ActivityPub WordPress plugin before 1.0.0 does not ensure that pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3706 (The ActivityPub WordPress plugin before 1.0.0 does not ensure that pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3392 (The Read More & Accordion WordPress plugin before 3.2.7 unserializes u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3279 (The WordPress Gallery Plugin WordPress plugin before 3.39 does not val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3155 (The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3154 (The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-38059 (The loading of external images is not blocked, even if configured, if ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2023-43668 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...)
NOT-FOR-US: Apache InLong
CVE-2023-43667 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -297,75 +300,75 @@ CVE-2023-43667 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2023-43666 (Insufficient Verification of Data Authenticity vulnerability in Apache ...)
NOT-FOR-US: Apache InLong
CVE-2023-5591 (SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2023-5590 (NULL Pointer Dereference in GitHub repository seleniumhq/selenium prio ...)
- TODO: check
+ NOT-FOR-US: Selenium
CVE-2023-5589 (A vulnerability was found in SourceCodester Judging Management System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-5588 (A vulnerability was found in kphrx pleroma. It has been classified as ...)
- TODO: check
+ NOT-FOR-US: Pleroma
CVE-2023-5587 (A vulnerability was found in SourceCodester Free Hospital Management S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-45898 (The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/ext ...)
TODO: check
CVE-2023-45757 (Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows ...)
- TODO: check
+ NOT-FOR-US: Apache bRPC
CVE-2023-45580 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45579 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45578 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45577 (An issue in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23 ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45576 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45575 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45574 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45573 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45572 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
- TODO: check
+ NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45158 (An OS command injection vulnerability exists in web2py 2.24.1 and earl ...)
- TODO: check
+ - web2py <removed>
CVE-2023-44809 (D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-44808 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_ ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-40791 (extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4 ...)
TODO: check
CVE-2023-40790
REJECTED
CVE-2023-40377 (Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-38280 (IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 coul ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-36955 (TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a st ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-36954 (TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-36953 (TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to comm ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-36952 (TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-36950 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-36947 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-36340 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a st ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-35018 (IBM Security Verify Governance 10.0 could allow a privileged use to up ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-35013 (IBM Security Verify Governance 10.0, Identity Manager could allow a lo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-33836 (IBM Security Verify Governance 10.0 contains hard-coded credentials, s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-48612 (A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink One ...)
- TODO: check
+ NOT-FOR-US: ClassLink OneClick Extension
CVE-2023-38312 (A directory traversal vulnerability in Valve Counter-Strike 8684 allow ...)
- TODO: check
+ NOT-FOR-US: Counter-Strike
CVE-2018-25091 (urllib3 before 1.24.2 does not remove the authorization HTTP header wh ...)
{DLA-3610-1}
- python-urllib3 1.25.6-4
@@ -375,7 +378,7 @@ CVE-2018-25091 (urllib3 before 1.24.2 does not remove the authorization HTTP hea
CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0 ...)
TODO: check
CVE-2023-5585 (A vulnerability was found in SourceCodester Online Motorcycle Rental S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2023-45871 (An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i ...)
TODO: check
CVE-2023-45863 (An issue was discovered in lib/kobject.c in the Linux kernel before 6. ...)
@@ -383,7 +386,7 @@ CVE-2023-45863 (An issue was discovered in lib/kobject.c in the Linux kernel bef
CVE-2023-45862 (An issue was discovered in drivers/usb/storage/ene_ub6250.c for the EN ...)
TODO: check
CVE-2023-40378 (IBM Directory Server for IBM i contains a local privilege escalation v ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-5582 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: zzzcms
CVE-2023-5581 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -22201,7 +22204,7 @@ CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could
CVE-2023-30992
RESERVED
CVE-2023-30991 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute ...)
NOT-FOR-US: IBM
CVE-2023-30989 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local pr ...)
@@ -22209,7 +22212,7 @@ CVE-2023-30989 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a lo
CVE-2023-30988 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...)
NOT-FOR-US: IBM
CVE-2023-30987 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-30986 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-30985 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
@@ -26428,7 +26431,7 @@ CVE-2023-29486
CVE-2023-29485
RESERVED
CVE-2023-29484 (In Terminalfour before 8.3.16, misconfigured LDAP users are able to lo ...)
- TODO: check
+ NOT-FOR-US: Terminalfour
CVE-2023-29483
RESERVED
CVE-2023-29482
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Oct 2023] DSA-5529-1 slurm-wlm - security update
+ {CVE-2023-41914}
+ [bookworm] - slurm-wlm 22.05.8-4+deb12u1
[16 Oct 2023] DSA-5522-3 tomcat9 - regression update
[bullseye] - tomcat9 9.0.43-2~deb11u9
[16 Oct 2023] DSA-5528-1 node-babel7 - security update
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6dc5871daf79d22fd17e4b2692857b0801851428...38537ba4075f844e1fdd6a7ddcca38fe8541c22a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6dc5871daf79d22fd17e4b2692857b0801851428...38537ba4075f844e1fdd6a7ddcca38fe8541c22a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231017/2e66b747/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list