[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Sep 16 09:11:48 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7b14a75 by security tracker role at 2023-09-16T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-5001 (The Horizontal scrolling announcement for WordPress plugin for WordPre ...)
+	TODO: check
+CVE-2023-4994 (The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2023-42442 (JumpServer is an open source bastion host and a professional operation ...)
+	TODO: check
+CVE-2023-42439 (GeoNode is an open source platform that facilitates the creation, shar ...)
+	TODO: check
+CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attack ...)
+	TODO: check
+CVE-2023-41901
+	REJECTED
+CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 9.4.21 t ...)
+	TODO: check
+CVE-2023-41626 (Gradio v3.27.0 was discovered to contain an arbitrary file upload vuln ...)
+	TODO: check
+CVE-2023-41436 (Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local at ...)
+	TODO: check
+CVE-2023-41157 (Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin  ...)
+	TODO: check
+CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin Control Panel  ...)
+	TODO: check
+CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23 ...)
+	TODO: check
+CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36562 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-36160 (An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_S ...)
+	TODO: check
 CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been rated  ...)
 	NOT-FOR-US: NextBX QWAlerter
 CVE-2023-4988 (A vulnerability, which was classified as problematic, was found in Bet ...)
@@ -4237,7 +4269,8 @@ CVE-2023-4332 (Broadcom RAID Controller web interface is vulnerable due to Impro
 	NOT-FOR-US: Broadcom RAID Controller web interface
 CVE-2023-4331 (Broadcom RAID Controller web interface is vulnerable has an insecure d ...)
 	NOT-FOR-US: Broadcom RAID Controller web interface
-CVE-2023-4330 (Broadcom RAID Controller web interface is vulnerable Denial of Service ...)
+CVE-2023-4330
+	REJECTED
 	NOT-FOR-US: Broadcom RAID Controller web interface
 CVE-2023-4329 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...)
 	NOT-FOR-US: Broadcom RAID Controller web interface
@@ -24260,7 +24293,8 @@ CVE-2023-1578 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.
 	NOT-FOR-US: pimcore
 CVE-2023-1577
 	RESERVED
-CVE-2023-1576 (A Heap buffer overflow in CPP/7zip/Archive/Zip/ZipIn.cpp:1116 in NArch ...)
+CVE-2023-1576
+	REJECTED
 	TODO: check
 CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: Mega Main Menu plugin for WordPress
@@ -32193,8 +32227,7 @@ CVE-2023-0925 (Version 10.11 of webMethods OneData runs an embedded instance of
 	NOT-FOR-US: webMethods OneData
 CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate the typ ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0923
-	RESERVED
+CVE-2023-0923 (A flaw was found in the Kubernetes service for notebooks in RHODS, whe ...)
 	NOT-FOR-US: Red Hat OpenShift Data Science
 CVE-2023-0922 (The Samba AD DC administration tool, when operating against a remote L ...)
 	- samba 2:4.17.7+dfsg-1
@@ -33407,8 +33440,7 @@ CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files
 	NOT-FOR-US: OpenNMS
 CVE-2023-0814 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...)
 	NOT-FOR-US: Profile Builder – User Profile & User Registration Forms plugin for WordPress
-CVE-2023-0813
-	RESERVED
+CVE-2023-0813 (A flaw was found in the Network Observability plugin for OpenShift con ...)
 	NOT-FOR-US: Network Observability plugin for OpenShift console
 CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress plugin b ...)
 	NOT-FOR-US: WordPress plugin
@@ -69022,8 +69054,8 @@ CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.
 	NOT-FOR-US: Measuresoft ScadaPro Server
 CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst ...)
 	NOT-FOR-US: OpenShift
-CVE-2022-3261
-	RESERVED
+CVE-2022-3261 (A flaw was found in OpenStack. Multiple components show plain-text pas ...)
+	TODO: check
 CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which helps preve ...)
 	NOT-FOR-US: Openshift
 CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b14a75d3909772f68e3e30cc6b7f203e0f97d0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b14a75d3909772f68e3e30cc6b7f203e0f97d0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230916/f3c0583f/attachment.htm>

More information about the debian-security-tracker-commits mailing list