[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 31 20:12:21 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a4e974ae by security tracker role at 2023-10-31T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2023-5873 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ TODO: check
+CVE-2023-5739 (Certain versions of HP PC Hardware Diagnostics Windows are potentially ...)
+ TODO: check
+CVE-2023-5519 (The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks ...)
+ TODO: check
+CVE-2023-5464 (The Jquery accordion slideshow plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2023-5458 (The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plu ...)
+ TODO: check
+CVE-2023-5439 (The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2023-5438 (The wp image slideshow plugin for WordPress is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2023-5437 (The WP fade in text news plugin for WordPress is vulnerable to SQL Inj ...)
+ TODO: check
+CVE-2023-5436 (The Vertical marquee plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2023-5435 (The Up down image slideshow gallery plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-5434 (The Superb slideshow gallery plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2023-5433 (The Message ticker plugin for WordPress is vulnerable to SQL Injection ...)
+ TODO: check
+CVE-2023-5431 (The Left right image slideshow gallery plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-5430 (The Jquery news ticker plugin for WordPress is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2023-5429 (The Information Reel plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2023-5428 (The Image vertical reel scroll slideshow plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2023-5412 (The Image horizontal reel scroll slideshow plugin for WordPress is vul ...)
+ TODO: check
+CVE-2023-5360 (The Royal Elementor Addons and Templates WordPress plugin before 1.3.7 ...)
+ TODO: check
+CVE-2023-5307 (The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 ...)
+ TODO: check
+CVE-2023-5243 (The Login Screen Manager WordPress plugin through 3.5.2 does not sanit ...)
+ TODO: check
+CVE-2023-5238 (The EventPrime WordPress plugin before 3.2.0 does not sanitise and esc ...)
+ TODO: check
+CVE-2023-5237 (The Memberlite Shortcodes WordPress plugin before 1.3.9 does not valid ...)
+ TODO: check
+CVE-2023-5229 (The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape ...)
+ TODO: check
+CVE-2023-5211 (The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escap ...)
+ TODO: check
+CVE-2023-5116 (The Live updates from Excel plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2023-5114 (The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2023-5099 (The HTML filter and csv-file search plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-5098 (The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 ...)
+ TODO: check
+CVE-2023-5073 (The iframe forms plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2023-4836 (The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does n ...)
+ TODO: check
+CVE-2023-4823 (The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an ...)
+ TODO: check
+CVE-2023-4390 (The Popup box WordPress plugin before 3.7.2 does not sanitize and esca ...)
+ TODO: check
+CVE-2023-4251 (The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks ...)
+ TODO: check
+CVE-2023-4250 (The EventPrime WordPress plugin before 3.2.0 does not sanitise and esc ...)
+ TODO: check
+CVE-2023-46993 (In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg ...)
+ TODO: check
+CVE-2023-46992 (TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Acc ...)
+ TODO: check
+CVE-2023-46979 (TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a com ...)
+ TODO: check
+CVE-2023-46978 (TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Acce ...)
+ TODO: check
+CVE-2023-46977 (TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a s ...)
+ TODO: check
+CVE-2023-46976 (TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection vi ...)
+ TODO: check
+CVE-2023-46723 (lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and ...)
+ TODO: check
+CVE-2023-46722 (The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Pr ...)
+ TODO: check
+CVE-2023-46622 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach ...)
+ TODO: check
+CVE-2023-46313 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...)
+ TODO: check
+CVE-2023-46312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech ...)
+ TODO: check
+CVE-2023-46256 (PX4-Autopilot provides PX4 flight control solution for drones. In vers ...)
+ TODO: check
+CVE-2023-46255 (SpiceDB is an open source, Google Zanzibar-inspired database for creat ...)
+ TODO: check
+CVE-2023-46250 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
+ TODO: check
+CVE-2023-46249 (authentik is an open-source Identity Provider. Prior to versions 2023. ...)
+ TODO: check
+CVE-2023-46248 (Cody is an artificial intelligence (AI) coding assistant. The Cody AI ...)
+ TODO: check
+CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application. Versions 2. ...)
+ TODO: check
+CVE-2023-46240 (CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 v ...)
+ TODO: check
+CVE-2023-46239 (quic-go is an implementation of the QUIC protocol in Go. Starting in v ...)
+ TODO: check
+CVE-2023-46237 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
+ TODO: check
+CVE-2023-46236 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
+ TODO: check
+CVE-2023-46235 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...)
+ TODO: check
+CVE-2023-45955 (An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers t ...)
+ TODO: check
+CVE-2023-43796 (Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 a ...)
+ TODO: check
+CVE-2023-42658 (Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow loca ...)
+ TODO: check
+CVE-2023-42425 (An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote at ...)
+ TODO: check
+CVE-2023-41377 (.)
+ TODO: check
+CVE-2023-40681 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...)
+ TODO: check
+CVE-2023-40050 (Upload profile either through API or user interface in Chef Automate p ...)
+ TODO: check
+CVE-2023-38994 (An issue in Univention UCS v.5.0 allows a local attacker to execute ar ...)
+ TODO: check
+CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-37832 (A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows a ...)
+ TODO: check
+CVE-2023-37831 (An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attac ...)
+ TODO: check
+CVE-2023-37243 (The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availabil ...)
+ TODO: check
+CVE-2023-36508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-35879 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-33927 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-5867 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
CVE-2023-5866 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
@@ -452,11 +594,13 @@ CVE-2023-39726 (An issue in Mintty v.3.6.4 and before allows a remote attacker t
CVE-2023-38328 (An issue was discovered in eGroupWare 17.1.20190111. An Improper Passw ...)
- egroupware <removed>
CVE-2023-34059 (open-vm-tools contains a file descriptor hijack vulnerability in the v ...)
+ {DSA-5543-1}
- open-vm-tools 2:12.3.5-1 (bug #1054666)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/2
NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-34059.patch/CVE-2023-34059.patch
NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/3
CVE-2023-34058 (VMware Tools contains a SAML token signature bypass vulnerability.A ma ...)
+ {DSA-5543-1}
- open-vm-tools 2:12.3.5-1 (bug #1054666)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/1
NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-34058.patch/CVE-2023-34058.patch
@@ -3287,7 +3431,7 @@ CVE-2023-27380 (An OS command injection vulnerability exists in the admin.cgi US
CVE-2023-24479 (An authentication bypass vulnerability exists in the httpd nvram.cgi f ...)
NOT-FOR-US: Yifan
CVE-2023-44981 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...)
- {DLA-3624-1}
+ {DSA-5544-1 DLA-3624-1}
- zookeeper 3.9.1-1 (bug #1054224)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/11/4
NOTE: https://github.com/apache/zookeeper/commit/e2070bed85d8b0c98a5a0045bf92421f473c412e (master)
@@ -4714,6 +4858,7 @@ CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Adve
NOTE: https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459 (v3.1.2)
NOTE: https://github.com/openvswitch/ovs/commit/489553b1c21692063931a9f50b6849b23128443c (v3.2.0)
CVE-2023-4610
+ REJECTED
- linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229691
NOTE: https://www.spinics.net/lists/kernel/msg4920917.html
@@ -5047,7 +5192,7 @@ CVE-2023-39429 (Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LA
NOT-FOR-US: FURUNO SYSTEMS wireless LAN access point devices
CVE-2023-39222 (OS command injection vulnerability in FURUNO SYSTEMS wireless LAN acce ...)
NOT-FOR-US: FURUNO SYSTEMS wireless LAN access point devices
-CVE-2023-37605 (Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23. ...)
+CVE-2023-37605 (Weak Exception Handling vulnerability in baramundi software GmbH EMM A ...)
NOT-FOR-US: baramundi
CVE-2023-36628 (A flaw exists in VASA which allows users with access to a vSphere/ESXi ...)
NOT-FOR-US: VASA
@@ -8236,6 +8381,7 @@ CVE-2023-4865 (A vulnerability has been found in SourceCodester Take-Note App 1.
CVE-2023-4864 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Take-Note App
CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to ...)
+ {DLA-3643-1}
- pmix 5.0.1-1 (bug #1051729)
NOTE: https://github.com/openpmix/openpmix/commit/da036933c2795c1f40d0835e15f17e204e4daf0f (v4.2.6)
NOTE: https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17 (v5.0.1)
@@ -9629,7 +9775,7 @@ CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository bookstack
NOT-FOR-US: bookstack
CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized modificati ...)
NOT-FOR-US: AffiliateWP for WordPress
-CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15 ...)
+CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, ...)
NOT-FOR-US: Splunk
CVE-2023-4209 (The POEditor WordPress plugin before 0.9.8 does not have CSRF checks i ...)
NOT-FOR-US: WordPress plugin
@@ -13968,7 +14114,7 @@ CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in t
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2227726
NOTE: https://github.com/wanrenmi/a-usb-kernel-bug
-CVE-2023-3997 (Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a po ...)
+CVE-2023-3997 (Splunk SOAR versions lower than 6.1.0 are indirectly affected by a pot ...)
NOT-FOR-US: Splunk SOAR
CVE-2023-3983 (An authenticated SQL injection vulnerability exists in Advantech iView ...)
NOT-FOR-US: Advantech iView
@@ -24057,8 +24203,8 @@ CVE-2023-31214
RESERVED
CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31212
- RESERVED
+CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-31211
RESERVED
CVE-2023-31210
@@ -31498,8 +31644,8 @@ CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vl
NOT-FOR-US: WordPress plugin
CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28777
- RESERVED
+CVE-2023-28777 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: Lightbox plugin
CVE-2023-28775
@@ -43036,12 +43182,12 @@ CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25048
RESERVED
-CVE-2023-25047
- RESERVED
+CVE-2023-25047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25045
- RESERVED
+CVE-2023-25045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25043
@@ -45135,8 +45281,8 @@ CVE-2023-24412 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24410
- RESERVED
+CVE-2023-24410 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -46118,8 +46264,8 @@ CVE-2023-24002 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24001 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yann ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24000
- RESERVED
+CVE-2023-24000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...)
@@ -51235,8 +51381,8 @@ CVE-2023-22520
RESERVED
CVE-2023-22519
RESERVED
-CVE-2023-22518
- RESERVED
+CVE-2023-22518 (All versions of Confluence Data Center and Server are affected by this ...)
+ TODO: check
CVE-2023-22517
RESERVED
CVE-2023-22516
@@ -82814,8 +82960,8 @@ CVE-2022-3008 (The tinygltf library uses the C library function wordexp() to per
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053
NOTE: https://github.com/syoyo/tinygltf/issues/368
NOTE: https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751
-CVE-2022-3007
- RESERVED
+CVE-2022-3007 (The vulnerability exists in Syska SW100 Smartwatch due to an improper ...)
+ TODO: check
CVE-2022-3006
RESERVED
CVE-2022-3005 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
@@ -477658,8 +477804,8 @@ CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) catego
NOT-FOR-US: EC-CUBE plugin
CVE-2016-1204
RESERVED
-CVE-2016-1203
- RESERVED
+CVE-2016-1203 (Improper file verification vulnerability in SaAT Netizen installer ver ...)
+ TODO: check
CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before 0.33.5 all ...)
NOT-FOR-US: Atom Electron
CVE-2016-1201 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0. ...)
@@ -497088,8 +497234,8 @@ CVE-2015-2970 (index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows rem
NOT-FOR-US: Oekaki BBS
CVE-2015-2969 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP S ...)
NOT-FOR-US: Oekaki BBS
-CVE-2015-2968
- RESERVED
+CVE-2015-2968 (LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vu ...)
+ TODO: check
CVE-2015-2966 (Directory traversal vulnerability in the Droidware UK Explorer+ File M ...)
NOT-FOR-US: Droidware UK Explorer+ File Manager application for Android
CVE-2015-2965 (Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 an ...)
@@ -504065,8 +504211,8 @@ CVE-2015-0899 (The MultiPageValidator implementation in Apache Struts 1 1.1 thro
NOTE: Patch appplies cleanly to the Wheezy and Squeeze versions
CVE-2015-0898 (futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows al ...)
NOT-FOR-US: futomi CGI Cafe MP Form Mail CGI eCommerce
-CVE-2015-0897
- RESERVED
+CVE-2015-0897 (LINE for Android version 5.0.2 and earlier and LINE for iOS version 5. ...)
+ TODO: check
CVE-2015-0896 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer befor ...)
{DLA-453-1 DLA-296-1}
- extplorer <removed> (bug #783231)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4e974aeff88b784bddfa629534b020eba90bcc9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4e974aeff88b784bddfa629534b020eba90bcc9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231031/f919e04f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list