[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 9 20:13:10 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c8803cf5 by security tracker role at 2024-12-09T20:13:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,345 @@
+CVE-2024-8259 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-54938 (A Directory Listing issue was found in Kashipara E-Learning Management ...)
+ TODO: check
+CVE-2024-54937 (A Directory Listing issue was found in Kashipara E-Learning Management ...)
+ TODO: check
+CVE-2024-54936 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_m ...)
+ TODO: check
+CVE-2024-54935 (A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_m ...)
+ TODO: check
+CVE-2024-54934 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2024-54933 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2024-54932 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2024-54931 (A SQL Injection was found in /admin/delete_event.php in kashipara E-le ...)
+ TODO: check
+CVE-2024-54930 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2024-54929 (KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2024-54928 (kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2024-54927 (Kashipara E-learning Management System v1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2024-54926 (A SQL Injection vulnerability was found in /search_class.php of kaship ...)
+ TODO: check
+CVE-2024-54925 (A SQL Injection was found in /remove_sent_message.php in kashipara E-l ...)
+ TODO: check
+CVE-2024-54924 (A SQL Injection was found in /admin/edit_content.php in kashipara E-le ...)
+ TODO: check
+CVE-2024-54923 (A SQL Injection vulnerability was found in /admin/edit_teacher.php in ...)
+ TODO: check
+CVE-2024-54922 (A SQL Injection was found in /admin/edit_user.php of kashipara E-learn ...)
+ TODO: check
+CVE-2024-54921 (A SQL Injection was found in /student_signup.php in kashipara E-learni ...)
+ TODO: check
+CVE-2024-54920 (A SQL Injection vulnerability was found in /teacher_signup.php of kash ...)
+ TODO: check
+CVE-2024-54919 (A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php ...)
+ TODO: check
+CVE-2024-54918 (Kashipara E-learning Management System v1.0 is vulnerable to Remote Co ...)
+ TODO: check
+CVE-2024-54260 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54255 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in a ...)
+ TODO: check
+CVE-2024-54254 (Missing Authorization vulnerability in Kofi Mokome Message Filter for ...)
+ TODO: check
+CVE-2024-54253 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54251 (Missing Authorization vulnerability in Prodigy Commerce Prodigy Commer ...)
+ TODO: check
+CVE-2024-54247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54232 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54230 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54228 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54227 (Missing Authorization vulnerability in theDotstore Minimum and Maximum ...)
+ TODO: check
+CVE-2024-54226 (Cross-Site Request Forgery (CSRF) vulnerability in Karl Kiesinger Coun ...)
+ TODO: check
+CVE-2024-54225 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-54224 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54223 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2024-54220 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54219 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-54218 (Missing Authorization vulnerability in Thehp AIO Contact.This issue af ...)
+ TODO: check
+CVE-2024-54217 (Missing Authorization vulnerability in Repute info systems ARForms.Thi ...)
+ TODO: check
+CVE-2024-54215 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-54147 (Altair is a GraphQL client for all platforms. Prior to version 8.0.5, ...)
+ TODO: check
+CVE-2024-53949 (Improper Authorization vulnerability in Apache Superset whenFAB_ADD_SE ...)
+ TODO: check
+CVE-2024-53948 (Generation of Error Message Containing analytics metadata Information ...)
+ TODO: check
+CVE-2024-53947 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-53847 (The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulne ...)
+ TODO: check
+CVE-2024-53822 (Unrestricted Upload of File with Dangerous Type vulnerability in Genet ...)
+ TODO: check
+CVE-2024-53819 (Missing Authorization vulnerability in Sprout Invoices Client Invoicin ...)
+ TODO: check
+CVE-2024-53818 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53816 (Missing Authorization vulnerability in Themeum Tutor LMS Elementor Add ...)
+ TODO: check
+CVE-2024-53814 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2024-53798 (Missing Authorization vulnerability in BAKKBONE Australia FloristPress ...)
+ TODO: check
+CVE-2024-53791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-53790 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-53785 (Missing Authorization vulnerability in Alexander Volkov Chatter.This i ...)
+ TODO: check
+CVE-2024-53450 (RAGFlow 0.13.0 suffers from improper access control in document-hooks. ...)
+ TODO: check
+CVE-2024-53441 (An issue in the index.js decryptCookie function of cookie-encrypter v1 ...)
+ TODO: check
+CVE-2024-52599 (Tuleap is an open source suite to improve management of software devel ...)
+ TODO: check
+CVE-2024-52586 (eLabFTW is an open source electronic lab notebook for research labs. A ...)
+ TODO: check
+CVE-2024-52480 (Missing Authorization vulnerability in Astoundify Jobify - Job Board W ...)
+ TODO: check
+CVE-2024-52391 (Missing Authorization vulnerability in Genetech Pie Register Premium.T ...)
+ TODO: check
+CVE-2024-52385 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-49603 (Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an inco ...)
+ TODO: check
+CVE-2024-49602 (Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an impr ...)
+ TODO: check
+CVE-2024-49600 (Dell Power Manager (DPM), versions prior to 3.17, contain an improper ...)
+ TODO: check
+CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 allows attackers without valid a ...)
+ TODO: check
+CVE-2024-46901 (Insufficient validation of filenames against control characters in Apa ...)
+ TODO: check
+CVE-2024-46547 (A vulnerability was found in Romain Bourdon Wampserver all versions (d ...)
+ TODO: check
+CVE-2024-45761 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...)
+ TODO: check
+CVE-2024-45760 (Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, con ...)
+ TODO: check
+CVE-2024-43222 (Missing Authorization vulnerability in Envato Security Team Sweet Date ...)
+ TODO: check
+CVE-2024-42426 (Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an unco ...)
+ TODO: check
+CVE-2024-40583 (Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credential ...)
+ TODO: check
+CVE-2024-40582 (Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive ...)
+ TODO: check
+CVE-2024-38485 (Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection ...)
+ TODO: check
+CVE-2024-12307 (A function-level access control vulnerability in Unifiedtransform vers ...)
+ TODO: check
+CVE-2024-12306 (Multiple access control vulnerabilities in Unifiedtransform version 2. ...)
+ TODO: check
+CVE-2024-12305 (An object-level access control vulnerability in Unifiedtransform versi ...)
+ TODO: check
+CVE-2024-12057 (User credentials (login & password) are inserted into log files when a ...)
+ TODO: check
+CVE-2024-11991 (Motoko's incremental garbage collector is impacted by an uninitialized ...)
+ TODO: check
+CVE-2024-11608 (A maliciously crafted SKP file, when linked or imported into Autodesk ...)
+ TODO: check
+CVE-2024-11454 (A maliciously crafted DLL file, when placed in the same directory as a ...)
+ TODO: check
+CVE-2024-11268 (A maliciously crafted PDF file, when parsed through Autodesk Revit, ca ...)
+ TODO: check
+CVE-2023-7298 (A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, ...)
+ TODO: check
+CVE-2023-51362 (Missing Authorization vulnerability in Premio All-in-one Floating Cont ...)
+ TODO: check
+CVE-2023-51360 (Missing Authorization vulnerability in WPDeveloper Essential Blocks fo ...)
+ TODO: check
+CVE-2023-51359 (Missing Authorization vulnerability in WPDeveloper Essential Blocks fo ...)
+ TODO: check
+CVE-2023-51357 (Missing Authorization vulnerability in Conversios Conversios.io allows ...)
+ TODO: check
+CVE-2023-51355 (Missing Authorization vulnerability in MultiVendorX WC Marketplace all ...)
+ TODO: check
+CVE-2023-51353 (Missing Authorization vulnerability in supsystic.com Popup by Supsysti ...)
+ TODO: check
+CVE-2023-50904 (Missing Authorization vulnerability in Poll Maker Team Poll Maker allo ...)
+ TODO: check
+CVE-2023-50903 (Missing Authorization vulnerability in Wpmet Metform Elementor Contact ...)
+ TODO: check
+CVE-2023-50899 (Missing Authorization vulnerability in MultiVendorX Product Catalog En ...)
+ TODO: check
+CVE-2023-50887 (Missing Authorization vulnerability in UserFeedback Team User Feedback ...)
+ TODO: check
+CVE-2023-50884 (Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit ...)
+ TODO: check
+CVE-2023-50882 (Missing Authorization vulnerability in ProfilePress Membership Team Pr ...)
+ TODO: check
+CVE-2023-50877 (Missing Authorization vulnerability in woobewoo Product Filter by WBW ...)
+ TODO: check
+CVE-2023-50876 (Missing Authorization vulnerability in Molongui Molongui allows Exploi ...)
+ TODO: check
+CVE-2023-50375 (Missing Authorization vulnerability in Translate AI Multilingual Solut ...)
+ TODO: check
+CVE-2023-50373 (Missing Authorization vulnerability in WPSAAD Alt Manager allows Explo ...)
+ TODO: check
+CVE-2023-49861 (Missing Authorization vulnerability in socialmediafeather Social Media ...)
+ TODO: check
+CVE-2023-49859 (Missing Authorization vulnerability in Pixelite Login With Ajax allows ...)
+ TODO: check
+CVE-2023-49858 (Missing Authorization vulnerability in Austin Passy Custom Login allow ...)
+ TODO: check
+CVE-2023-49857 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...)
+ TODO: check
+CVE-2023-49856 (Missing Authorization vulnerability in RedNao Smart Forms allows Explo ...)
+ TODO: check
+CVE-2023-49851 (Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails al ...)
+ TODO: check
+CVE-2023-49850 (Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sit ...)
+ TODO: check
+CVE-2023-49849 (Missing Authorization vulnerability in Aakash Chakravarthy Shortcoder ...)
+ TODO: check
+CVE-2023-49848 (Missing Authorization vulnerability in wooproductimporter Sharkdropshi ...)
+ TODO: check
+CVE-2023-49845 (Missing Authorization vulnerability in Loud Dog Redirects allows Explo ...)
+ TODO: check
+CVE-2023-49835 (Missing Authorization vulnerability in Metaphor Creations Post Duplica ...)
+ TODO: check
+CVE-2023-49832 (Missing Authorization vulnerability in Paul Ryley Site Reviews allows ...)
+ TODO: check
+CVE-2023-49831 (Missing Authorization vulnerability in Metagauss User Registration For ...)
+ TODO: check
+CVE-2023-49818 (Missing Authorization vulnerability in Webflow Webflow Pages allows Ex ...)
+ TODO: check
+CVE-2023-49817 (Missing Authorization vulnerability in heoLixfy Flexible Woocommerce C ...)
+ TODO: check
+CVE-2023-49758 (Missing Authorization vulnerability in Veribo, Roland Murg WP Booking ...)
+ TODO: check
+CVE-2023-49757 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...)
+ TODO: check
+CVE-2023-49756 (Missing Authorization vulnerability in Themewinter Eventin allows Expl ...)
+ TODO: check
+CVE-2023-49755 (Missing Authorization vulnerability in B.M. Rafiul Alam Elementor Time ...)
+ TODO: check
+CVE-2023-49754 (Missing Authorization vulnerability in Yogesh Pawar, Clarion Technolog ...)
+ TODO: check
+CVE-2023-49196 (Missing Authorization vulnerability in Pagelayer Team PageLayer allows ...)
+ TODO: check
+CVE-2023-49194 (Insertion of Sensitive Information Into Debugging Code vulnerability i ...)
+ TODO: check
+CVE-2023-49193 (Missing Authorization vulnerability in NerdPress Social Pug allows Exp ...)
+ TODO: check
+CVE-2023-49192 (Missing Authorization vulnerability in Clever Widgets Enhanced Text Wi ...)
+ TODO: check
+CVE-2023-49167 (Missing Authorization vulnerability in Code4Life Database for CF7 allo ...)
+ TODO: check
+CVE-2023-49158 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49156 (Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing ...)
+ TODO: check
+CVE-2023-49154 (Missing Authorization vulnerability in Wow-Company Button Generator \u ...)
+ TODO: check
+CVE-2023-48779 (Missing Authorization vulnerability in 360 Javascript Viewer 360 Javas ...)
+ TODO: check
+CVE-2023-48776 (Missing Authorization vulnerability in Thomas Scholl canvasio3D Light ...)
+ TODO: check
+CVE-2023-48774 (Missing Authorization vulnerability in Martin Gibson IdeaPush allows E ...)
+ TODO: check
+CVE-2023-48750 (Missing Authorization vulnerability in VOID CODERS Void Elementor Post ...)
+ TODO: check
+CVE-2023-48740 (Missing Authorization vulnerability in Easy Social Feed Easy Social Fe ...)
+ TODO: check
+CVE-2023-48332 (Missing Authorization vulnerability in Tech Banker Mail Bank - #1 Mail ...)
+ TODO: check
+CVE-2023-48324 (Missing Authorization vulnerability in Awesome Support Team Awesome Su ...)
+ TODO: check
+CVE-2023-48287 (Missing Authorization vulnerability in Matat Technologies TextMe SMS a ...)
+ TODO: check
+CVE-2023-48286 (Missing Authorization vulnerability in Tips and Tricks HQ, wptipsntric ...)
+ TODO: check
+CVE-2023-48277 (Missing Authorization vulnerability in SuperPWA Super Progressive Web ...)
+ TODO: check
+CVE-2023-48274 (Missing Authorization vulnerability in Mondial Relay WooCommerce - WCM ...)
+ TODO: check
+CVE-2023-47871 (Missing Authorization vulnerability in IT Path Solutions Contact Form ...)
+ TODO: check
+CVE-2023-47869 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2023-47849 (Missing Authorization vulnerability in blossomthemes BlossomThemes Ema ...)
+ TODO: check
+CVE-2023-47847 (Missing Authorization vulnerability in PayTR \xd6deme ve Elektronik Pa ...)
+ TODO: check
+CVE-2023-47841 (Missing Authorization vulnerability in Analytify Analytify allows Expl ...)
+ TODO: check
+CVE-2023-47838 (Missing Authorization vulnerability in Jules Colle Conditional Fields ...)
+ TODO: check
+CVE-2023-47836 (Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Dat ...)
+ TODO: check
+CVE-2023-47832 (Missing Authorization vulnerability in searchiq SearchIQ allows Exploi ...)
+ TODO: check
+CVE-2023-47830 (Missing Authorization vulnerability in Addons for Contact Form 7 Live ...)
+ TODO: check
+CVE-2023-47826 (Missing Authorization vulnerability in NicheAddons Restaurant & Cafe A ...)
+ TODO: check
+CVE-2023-47823 (Missing Authorization vulnerability in nCrafts FormCraft allows Exploi ...)
+ TODO: check
+CVE-2023-47822 (Missing Authorization vulnerability in Sonaar Music MP3 Audio Player f ...)
+ TODO: check
+CVE-2023-47820 (Missing Authorization vulnerability in CRUDLab WP Like Button allows E ...)
+ TODO: check
+CVE-2023-47805 (Missing Authorization vulnerability in Themewinter WPCafe allows Explo ...)
+ TODO: check
+CVE-2023-47793 (Missing Authorization vulnerability in acmethemes Acme Fix Images allo ...)
+ TODO: check
+CVE-2023-47780 (Missing Authorization vulnerability in EasyAzon EasyAzon allows Exploi ...)
+ TODO: check
+CVE-2023-47776 (Missing Authorization vulnerability in miniOrange miniorange otp verif ...)
+ TODO: check
+CVE-2023-47764 (Missing Authorization vulnerability in Metaphor Creations Ditty allows ...)
+ TODO: check
+CVE-2023-47763 (Missing Authorization vulnerability in Martin Gibson WP Custom Admin I ...)
+ TODO: check
+CVE-2023-47762 (Missing Authorization vulnerability in WPDeveloper BetterDocs allows E ...)
+ TODO: check
+CVE-2023-47761 (Missing Authorization vulnerability in WPDeveloper Simple 301 Redirect ...)
+ TODO: check
+CVE-2023-47760 (Missing Authorization vulnerability in WPDeveloper Essential Blocks fo ...)
+ TODO: check
+CVE-2023-47756 (Missing Authorization vulnerability in David Vongries Welcome Email Ed ...)
+ TODO: check
+CVE-2023-47698 (Missing Authorization vulnerability in Artisan Workshop Japanized For ...)
+ TODO: check
+CVE-2023-47694 (Missing Authorization vulnerability in appsbd Mini Cart Drawer For Woo ...)
+ TODO: check
+CVE-2023-43962 (Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6. ...)
+ TODO: check
+CVE-2023-41953 (Missing Authorization vulnerability in ProfilePress Membership Team Pr ...)
+ TODO: check
+CVE-2023-32299 (Missing Authorization vulnerability in anzia Ni WooCommerce Sales Repo ...)
+ TODO: check
+CVE-2023-32293 (Missing Authorization vulnerability in Realwebcare WRC Pricing Tables ...)
+ TODO: check
+CVE-2023-32126 (Missing Authorization vulnerability in WPoperation SALERT allows Explo ...)
+ TODO: check
+CVE-2023-32117 (Missing Authorization vulnerability in SoftLab Integrate Google Drive ...)
+ TODO: check
+CVE-2023-32094 (Missing Authorization vulnerability in Felix Welberg Extended Post Sta ...)
+ TODO: check
CVE-2024-XXXX [RUSTSEC-2024-0421]
- rust-idna <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0421.html
@@ -203,9 +545,9 @@ CVE-2024-54747 (WAVLINK WN531P3 202383 was discovered to contain a hardcoded pas
NOT-FOR-US: WAVLINK
CVE-2024-54745 (WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded pa ...)
NOT-FOR-US: WAVLINK
-CVE-2024-54216 (Path Traversal vulnerability in NotFound ARForms allows Path Traversal ...)
+CVE-2024-54216 (Path Traversal: '.../...//' vulnerability in Envato Security Team ARFo ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability in NotFo ...)
+CVE-2024-54214 (Unrestricted Upload of File with Dangerous Type vulnerability in Envat ...)
NOT-FOR-US: WordPress plugin
CVE-2024-54213 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
@@ -3788,7 +4130,7 @@ CVE-2024-45194 (In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in t
NOT-FOR-US: Zimbra
CVE-2024-39290 (Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM ...)
NOT-FOR-US: AIPHONE
-CVE-2024-38296 (Dell Edge Gateway 5200 (Coffee Lake S), versions prior to 12.0.94.2380 ...)
+CVE-2024-38296 (Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gate ...)
NOT-FOR-US: Dell
CVE-2024-31408 (OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG ...)
NOT-FOR-US: AIPHONE
@@ -109290,6 +109632,7 @@ CVE-2023-3430 (A vulnerability was found in OpenImageIO, where a heap buffer ove
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841
NOTE: https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0)
CVE-2023-38473 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
+ {DLA-3990-1}
- avahi 0.8-14 (bug #1054880)
[bookworm] - avahi <no-dsa> (Minor issue)
[buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
@@ -109298,6 +109641,7 @@ CVE-2023-38473 (A vulnerability was found in Avahi. A reachable assertion exists
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
NOTE: https://github.com/avahi/avahi/commit/b448c9f771bada14ae8de175695a9729f8646797 (v0.9-rc1)
CVE-2023-38472 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
+ {DLA-3990-1}
- avahi 0.8-14 (bug #1054879)
[bookworm] - avahi <no-dsa> (Minor issue)
[buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
@@ -109306,6 +109650,7 @@ CVE-2023-38472 (A vulnerability was found in Avahi. A reachable assertion exists
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
NOTE: https://github.com/avahi/avahi/commit/b024ae5749f4aeba03478e6391687c3c9c8dee40 (v0.9-rc1)
CVE-2023-38471 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
+ {DLA-3990-1}
- avahi 0.8-14 (bug #1054878)
[bookworm] - avahi <no-dsa> (Minor issue)
[buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
@@ -109314,6 +109659,7 @@ CVE-2023-38471 (A vulnerability was found in Avahi. A reachable assertion exists
NOTE: https://github.com/avahi/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09 (v0.9-rc1)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
CVE-2023-38470 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
+ {DLA-3990-1}
- avahi 0.8-14 (bug #1054877)
[bookworm] - avahi <no-dsa> (Minor issue)
[buster] - avahi <postponed> (Minor issue; re-evaluate when fixed upstream)
@@ -109322,6 +109668,7 @@ CVE-2023-38470 (A vulnerability was found in Avahi. A reachable assertion exists
NOTE: https://github.com/avahi/avahi/commit/94cb6489114636940ac683515417990b55b5d66c (v0.9-rc1)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
CVE-2023-38469 (A vulnerability was found in Avahi, where a reachable assertion exists ...)
+ {DLA-3990-1}
- avahi 0.8-14 (bug #1054876)
[bookworm] - avahi <no-dsa> (Minor issue; can be mitigated by setting disable-user-service-publishing to yes)
[buster] - avahi <postponed> (Minor issue; can be mitigated by setting disable-user-service-publishing to yes)
@@ -129187,8 +129534,8 @@ CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Memb
NOT-FOR-US: WordPress plugin
CVE-2023-31215 (Unrestricted Upload of File with Dangerous Type vulnerability in Amade ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31214
- RESERVED
+CVE-2023-31214 (Missing Authorization vulnerability in Arul Prasad J WP Quick Post Dup ...)
+ TODO: check
CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -129603,8 +129950,8 @@ CVE-2023-31075 (Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy H
NOT-FOR-US: WordPress plugin
CVE-2023-31074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 E ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31073
- RESERVED
+CVE-2023-31073 (Missing Authorization vulnerability in Jose Vega Display custom fields ...)
+ TODO: check
CVE-2023-31072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick ...)
@@ -130175,14 +130522,14 @@ CVE-2023-30875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stev ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30873
- RESERVED
+CVE-2023-30873 (Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Ex ...)
+ TODO: check
CVE-2023-30872 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo P ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30870
- RESERVED
+CVE-2023-30870 (Missing Authorization vulnerability in wooproductimporter Sharkdropshi ...)
+ TODO: check
CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Chri ...)
@@ -130552,8 +130899,8 @@ CVE-2023-30785 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I
NOT-FOR-US: WordPress plugin
CVE-2023-30784 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30783
- RESERVED
+CVE-2023-30783 (Missing Authorization vulnerability in YummyWP Smart WooCommerce Searc ...)
+ TODO: check
CVE-2023-30782 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30781 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Bl ...)
@@ -130763,8 +131110,8 @@ CVE-2023-30750 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihom ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30748
- RESERVED
+CVE-2023-30748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-30747 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...)
@@ -131686,12 +132033,12 @@ CVE-2023-30490
RESERVED
CVE-2023-30489 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30488
- RESERVED
+CVE-2023-30488 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...)
+ TODO: check
CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPres ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30486
- RESERVED
+CVE-2023-30486 (Missing Authorization vulnerability in HashThemes Square allows Exploi ...)
+ TODO: check
CVE-2023-30485 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin I ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...)
@@ -131704,14 +132051,14 @@ CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Al
NOT-FOR-US: WordPress plugin
CVE-2023-30480 (Missing Authorization vulnerability in Sparkle WP Educenter.This issue ...)
NOT-FOR-US: WordPress theme
-CVE-2023-30479
- RESERVED
+CVE-2023-30479 (Missing Authorization vulnerability in Stamped.io Stamped.io Product R ...)
+ TODO: check
CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30476
- RESERVED
+CVE-2023-30476 (Missing Authorization vulnerability in Sparkle Themes Blogger Buzz all ...)
+ TODO: check
CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultima ...)
@@ -131751,7 +132098,7 @@ CVE-2023-1983 (A vulnerability was found in SourceCodester Sales Tracker Managem
CVE-2023-1982 (The Front Editor WordPress plugin through 4.0.4 does not sanitize and ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1981 (A vulnerability was found in the avahi library. This flaw allows an un ...)
- {DLA-3414-1}
+ {DLA-3990-1 DLA-3414-1}
- avahi 0.8-10 (bug #1034594)
NOTE: https://github.com/avahi/avahi/issues/375
NOTE: https://github.com/avahi/avahi/pull/407
@@ -134277,16 +134624,16 @@ CVE-2023-29435 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-29434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fanc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29433
- RESERVED
+CVE-2023-29433 (Missing Authorization vulnerability in \u817e\u8baf\u4e91 tencentcloud ...)
+ TODO: check
CVE-2023-29432 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29431
- RESERVED
+CVE-2023-29431 (Missing Authorization vulnerability in OntheGoSystems qTranslate X Cle ...)
+ TODO: check
CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHtheme ...)
NOT-FOR-US: WordPress theme
-CVE-2023-29429
- RESERVED
+CVE-2023-29429 (Missing Authorization vulnerability in WPEverest User Registration all ...)
+ TODO: check
CVE-2023-29428 (Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb So ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29427 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Book ...)
@@ -134299,8 +134646,8 @@ CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-29423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29422
- RESERVED
+CVE-2023-29422 (Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integrati ...)
+ TODO: check
CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtiff pac ...)
- tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/536
@@ -135028,12 +135375,12 @@ CVE-2023-29247 (Task instance details page in the UI is vulnerable to a stored X
- airflow <itp> (bug #819700)
CVE-2023-29246 (An attacker who has gained access to an admin account can perform RCE ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2023-29239
- RESERVED
+CVE-2023-29239 (Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control ...)
+ TODO: check
CVE-2023-29238 (Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29237
- RESERVED
+CVE-2023-29237 (Missing Authorization vulnerability in Muhammad Rehman Remove Duplicat ...)
+ TODO: check
CVE-2023-29236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...)
NOT-FOR-US: WordPress theme
CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Sw ...)
@@ -135284,8 +135631,8 @@ CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in Fo
NOT-FOR-US: FortiGuard
CVE-2023-29174 (Missing Authorization vulnerability in NervyThemes SKU Label Changer F ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29173
- RESERVED
+CVE-2023-29173 (Missing Authorization vulnerability in AWESOME TOGI Product Category T ...)
+ TODO: check
CVE-2023-29172 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Property ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29171 (Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Po ...)
@@ -137038,10 +137385,10 @@ CVE-2023-28691
RESERVED
CVE-2023-28690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28689
- RESERVED
-CVE-2023-28688
- RESERVED
+CVE-2023-28689 (Missing Authorization vulnerability in JoomSky JS Job Manager allows E ...)
+ TODO: check
+CVE-2023-28688 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk TH Variat ...)
+ TODO: check
CVE-2023-28687 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1551
@@ -137581,16 +137928,16 @@ CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update d
NOT-FOR-US: Qualcomm
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28536
- RESERVED
+CVE-2023-28536 (Missing Authorization vulnerability in Acato Branded Social Images all ...)
+ TODO: check
CVE-2023-28535 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Pa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Wi ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28532
- RESERVED
+CVE-2023-28532 (Missing Authorization vulnerability in wpdirectorykit.com Real Estate ...)
+ TODO: check
CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...)
- openssh 1:9.3p1-1 (bug #1033166)
[bookworm] - openssh 1:9.2p1-2+deb12u2
@@ -138043,10 +138390,10 @@ CVE-2023-28419 (Cross-Site Request Forgery (CSRF) vulnerability in Stranger Stud
NOT-FOR-US: WordPress plugin
CVE-2023-28418 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress theme
-CVE-2023-28417
- RESERVED
-CVE-2023-28416
- RESERVED
+CVE-2023-28417 (Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integrati ...)
+ TODO: check
+CVE-2023-28416 (Missing Authorization vulnerability in Sparkle Themes Chankhe allows E ...)
+ TODO: check
CVE-2023-28415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Xoot ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28414 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apex ...)
@@ -138893,14 +139240,14 @@ CVE-2023-28170 (Unrestricted Upload of File with Dangerous Type vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28168
- RESERVED
+CVE-2023-28168 (Missing Authorization vulnerability in Jerod Santo WordPress Console a ...)
+ TODO: check
CVE-2023-28167 (Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28166 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Ka ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28165
- RESERVED
+CVE-2023-28165 (Missing Authorization vulnerability in Tech Banker Backup Bank: WordPr ...)
+ TODO: check
CVE-2023-28164 (Dragging a URL from a cross-origin iframe that was removed during the ...)
{DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1}
- firefox 111.0-1
@@ -140714,10 +141061,10 @@ CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27626
- RESERVED
-CVE-2023-27625
- RESERVED
+CVE-2023-27626 (Missing Authorization vulnerability in Aleksandar Uro\u0161evi\u0107 S ...)
+ TODO: check
+CVE-2023-27625 (Missing Authorization vulnerability in Paul Ryley Site Reviews allows ...)
+ TODO: check
CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27623 (Cross-Site Request Forgery (CSRF) vulnerability in Jens T\xf6rnell WP ...)
@@ -141289,8 +141636,8 @@ CVE-2023-27456
RESERVED
CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Mar ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27454
- RESERVED
+CVE-2023-27454 (Missing Authorization vulnerability in Apollo13Themes Rife Elementor E ...)
+ TODO: check
CVE-2023-27453 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow- ...)
@@ -141299,8 +141646,8 @@ CVE-2023-27451 (Server-Side Request Forgery (SSRF) vulnerability in Darren Coone
NOT-FOR-US: WordPress plugin
CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27449
- RESERVED
+CVE-2023-27449 (Missing Authorization vulnerability in TotalSuite Total Poll Lite allo ...)
+ TODO: check
CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team Ma ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27447 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -141341,8 +141688,8 @@ CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken
NOT-FOR-US: WordPress plugin
CVE-2023-27429 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Auto ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27428
- RESERVED
+CVE-2023-27428 (Missing Authorization vulnerability in Damir Calusic WP users media al ...)
+ TODO: check
CVE-2023-27427 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZA ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27426 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noti ...)
@@ -143617,12 +143964,12 @@ CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Q
NOT-FOR-US: WordPress plugin
CVE-2023-26523 (Missing Authorization vulnerability in CodePeople Calculated Fields Fo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26522
- RESERVED
+CVE-2023-26522 (Missing Authorization vulnerability in OneWebsite WP Repost allows Exp ...)
+ TODO: check
CVE-2023-26521 (Missing Authorization vulnerability in CodePeople Search in Place allo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26520
- RESERVED
+CVE-2023-26520 (Missing Authorization vulnerability in Max Chirkov Advanced Text Widge ...)
+ TODO: check
CVE-2023-26519 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26518 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes ...)
@@ -145242,8 +145589,8 @@ CVE-2023-25995
RESERVED
CVE-2023-25994 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publis ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25993
- RESERVED
+CVE-2023-25993 (Missing Authorization vulnerability in WebberZone Top 10 allows Exploi ...)
+ TODO: check
CVE-2023-25992 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic p ...)
@@ -145296,8 +145643,8 @@ CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, M
NOT-FOR-US: WordPress plugin
CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25966
- RESERVED
+CVE-2023-25966 (Missing Authorization vulnerability in Ninja Team Filebird allows Expl ...)
+ TODO: check
CVE-2023-25965 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...)
@@ -145310,8 +145657,8 @@ CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ca
NOT-FOR-US: WordPress plugin
CVE-2023-25960 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25959
- RESERVED
+CVE-2023-25959 (Missing Authorization vulnerability in Apollo13Themes Apollo13 Framewo ...)
+ TODO: check
CVE-2023-25958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Just ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25957 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
@@ -145777,8 +146124,8 @@ CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25792 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Xiao ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25791
- RESERVED
+CVE-2023-25791 (Missing Authorization vulnerability in Cadus Pro Fontiran allows Explo ...)
+ TODO: check
CVE-2023-25790 (Improper Authentication, Improper Neutralization of Input During Web P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapf ...)
@@ -146150,8 +146497,8 @@ CVE-2023-25716 (Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-25715 (Missing Authorization vulnerability in GamiPress GamiPress \u2013 The ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25714
- RESERVED
+CVE-2023-25714 (Missing Authorization vulnerability in Fullworks Quick Paypal Payments ...)
+ TODO: check
CVE-2023-25713 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25712 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-B ...)
@@ -146172,8 +146519,8 @@ CVE-2023-25705 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25704 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehj ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25703
- RESERVED
+CVE-2023-25703 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...)
+ TODO: check
CVE-2023-25702 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Full ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25701 (Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ a ...)
@@ -147202,8 +147549,8 @@ CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25486
- RESERVED
+CVE-2023-25486 (Missing Authorization vulnerability in Migrate Clone allows Exploiting ...)
+ TODO: check
CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
@@ -147236,8 +147583,8 @@ CVE-2023-25471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in We
NOT-FOR-US: WordPress plugin
CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25469
- RESERVED
+CVE-2023-25469 (Missing Authorization vulnerability in Magazine3 Easy Table of Content ...)
+ TODO: check
CVE-2023-25468 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...)
@@ -147264,10 +147611,10 @@ CVE-2023-25457 (Missing Authorization vulnerability in Richteam Slider Carousel
NOT-FOR-US: WordPress plugin
CVE-2023-25456 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klav ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25455
- RESERVED
-CVE-2023-25454
- RESERVED
+CVE-2023-25455 (Missing Authorization vulnerability in miniOrange WordPress Social Log ...)
+ TODO: check
+CVE-2023-25454 (Missing Authorization vulnerability in Nate Reist Protected Posts Logo ...)
+ TODO: check
CVE-2023-25453 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sado ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...)
@@ -148235,8 +148582,8 @@ CVE-2013-10015 (A vulnerability has been found in fanzila WebFinance 0.5 and cla
NOT-FOR-US: fanzila WebFinance
CVE-2023-25068
RESERVED
-CVE-2023-25067
- RESERVED
+CVE-2023-25067 (Missing Authorization vulnerability in Noah Hearle, Design Extreme We\ ...)
+ TODO: check
CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flow ...)
NOT-FOR-US: FolioVision
CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tab ...)
@@ -148249,8 +148596,8 @@ CVE-2023-25062 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25061 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25060
- RESERVED
+CVE-2023-25060 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...)
+ TODO: check
CVE-2023-25059 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in aval ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sc ...)
@@ -148273,8 +148620,8 @@ CVE-2023-25050 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
NOT-FOR-US: WordPress plugin
CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impl ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25048
- RESERVED
+CVE-2023-25048 (Missing Authorization vulnerability in Fantastic Plugins Fantastic Con ...)
+ TODO: check
CVE-2023-25047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
@@ -148295,12 +148642,12 @@ CVE-2023-25039 (Missing Authorization vulnerability in CodePeople Google Maps CP
NOT-FOR-US: WordPress plugin
CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25037
- RESERVED
+CVE-2023-25037 (Missing Authorization vulnerability in CodePeople Booking Calendar Con ...)
+ TODO: check
CVE-2023-25036 (Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.An ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25035
- RESERVED
+CVE-2023-25035 (Missing Authorization vulnerability in Fullworks Quick Contact Form a ...)
+ TODO: check
CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean U ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share B ...)
@@ -148317,8 +148664,8 @@ CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25026
- RESERVED
+CVE-2023-25026 (Missing Authorization vulnerability in PayPal PayPal Brasil para WooCo ...)
+ TODO: check
CVE-2023-25025 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25024 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Iceg ...)
@@ -150394,8 +150741,8 @@ CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I
NOT-FOR-US: WordPress plugin
CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24407
- RESERVED
+CVE-2023-24407 (Missing Authorization vulnerability in WpDevArt Booking calendar, Appo ...)
+ TODO: check
CVE-2023-24406 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24405 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...)
@@ -150458,8 +150805,8 @@ CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommer
NOT-FOR-US: WordPress plugin
CVE-2023-24376 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Nico ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24375
- RESERVED
+CVE-2023-24375 (Missing Authorization vulnerability in miniOrange WordPress Social Log ...)
+ TODO: check
CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24373 (External Control of Assumed-Immutable Web Parameter vulnerability in W ...)
@@ -151402,8 +151749,8 @@ CVE-2023-23988 (Missing Authorization vulnerability in Joseph C Dolson My Ticket
NOT-FOR-US: WordPress plugin
CVE-2023-23987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEv ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23986
- RESERVED
+CVE-2023-23986 (Missing Authorization vulnerability in Noah Hearle, Design Extreme Rev ...)
+ TODO: check
CVE-2023-23985 (Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23984 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble ...)
@@ -151424,8 +151771,8 @@ CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23976 (Incorrect Default Permissions vulnerability in Metagauss RegistrationM ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23975
- RESERVED
+CVE-2023-23975 (Missing Authorization vulnerability in Fullworks Quick Event Manager a ...)
+ TODO: check
CVE-2023-23974 (Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Eve ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23973 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Cont ...)
@@ -151693,12 +152040,12 @@ CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugin
NOT-FOR-US: WordPress plugin
CVE-2023-23896 (Missing Authorization vulnerability in MyThemeShop URL Shortener by My ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23895
- RESERVED
+CVE-2023-23895 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...)
+ TODO: check
CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23893
- RESERVED
+CVE-2023-23893 (Missing Authorization vulnerability in Igor Benic Simple Giveaways all ...)
+ TODO: check
CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -151709,10 +152056,10 @@ CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23888 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23887
- RESERVED
-CVE-2023-23886
- RESERVED
+CVE-2023-23887 (Missing Authorization vulnerability in Shaon Easy Google Analytics for ...)
+ TODO: check
+CVE-2023-23886 (Missing Authorization vulnerability in mg12 WP-RecentComments allows E ...)
+ TODO: check
CVE-2023-23885 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...)
@@ -151747,8 +152094,8 @@ CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23868
- RESERVED
+CVE-2023-23868 (Missing Authorization vulnerability in WPFactory Cost of Goods for Woo ...)
+ TODO: check
CVE-2023-23867 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23866 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -151873,8 +152220,8 @@ CVE-2015-10071 (A vulnerability was found in gitter-badger ezpublish-modern-lega
NOT-FOR-US: gitter-badger ezpublish-modern-legacy
CVE-2023-23835 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
-CVE-2023-23834
- RESERVED
+CVE-2023-23834 (Missing Authorization vulnerability in Brainstorm Force Spectra allows ...)
+ TODO: check
CVE-2023-23833 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steve ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...)
@@ -151891,12 +152238,12 @@ CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-23826 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23825
- RESERVED
+CVE-2023-23825 (Missing Authorization vulnerability in Brainstorm Force Spectra allows ...)
+ TODO: check
CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability inWP-TopBar<= 5.36 versions.)
NOT-FOR-US: WordPress plugin
-CVE-2023-23823
- RESERVED
+CVE-2023-23823 (Missing Authorization vulnerability in Clever Widgets Enhanced Text Wi ...)
+ TODO: check
CVE-2023-23822 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludw ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23821 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
@@ -151913,8 +152260,8 @@ CVE-2023-23816 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Tward
NOT-FOR-US: WordPress plugin
CVE-2023-23815 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23814
- RESERVED
+CVE-2023-23814 (Missing Authorization vulnerability in CodePeople CP Multi View Event ...)
+ TODO: check
CVE-2023-23813 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joos ...)
@@ -152245,10 +152592,10 @@ CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-23727 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Form ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23726
- RESERVED
-CVE-2023-23725
- RESERVED
+CVE-2023-23726 (Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera ...)
+ TODO: check
+CVE-2023-23725 (Missing Authorization vulnerability in Chris Baldelomar Shortcodes all ...)
+ TODO: check
CVE-2023-23724 (Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Ema ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23723 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
@@ -152265,10 +152612,10 @@ CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Essta
NOT-FOR-US: Esstat17
CVE-2023-23717 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Georg ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23716
- RESERVED
-CVE-2023-23715
- RESERVED
+CVE-2023-23716 (Missing Authorization vulnerability in Zendesk Zendesk Support for Wor ...)
+ TODO: check
+CVE-2023-23715 (Missing Authorization vulnerability in JobBoardWP JobBoardWP \u2013 Jo ...)
+ TODO: check
CVE-2023-23714 (Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Th ...)
@@ -155710,8 +156057,8 @@ CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ch
NOT-FOR-US: WordPress plugin
CVE-2023-22709 (Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple H ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22708
- RESERVED
+CVE-2023-22708 (Missing Authorization vulnerability in Karim Salman Kraken.io Image Op ...)
+ TODO: check
CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Gre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22706 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Property ...)
@@ -155724,8 +156071,8 @@ CVE-2023-22703 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in We
NOT-FOR-US: WordPress plugin
CVE-2023-22702 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMob ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22701
- RESERVED
+CVE-2023-22701 (Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allow ...)
+ TODO: check
CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...)
NOT-FOR-US: PixelYourSite
CVE-2023-22699 (Missing Authorization vulnerability in MainWP MainWP Wordfence Extensi ...)
@@ -187697,10 +188044,10 @@ CVE-2022-38949
RESERVED
CVE-2022-38948
RESERVED
-CVE-2022-38947
- RESERVED
-CVE-2022-38946
- RESERVED
+CVE-2022-38947 (SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry ...)
+ TODO: check
+CVE-2022-38946 (Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 ...)
+ TODO: check
CVE-2022-38945
RESERVED
CVE-2022-38944
@@ -213155,8 +213502,8 @@ CVE-2022-29976 (An Authenticated Reflected Cross-site scripting at BCC Parameter
NOT-FOR-US: MDaemon
CVE-2022-29975 (An Authenticated Reflected Cross-site scripting at CC Parameter was di ...)
NOT-FOR-US: MDaemon
-CVE-2022-29974
- RESERVED
+CVE-2022-29974 (AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or ...)
+ TODO: check
CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive information ( ...)
[experimental] - fuse-exfat 1.4.0-1
- fuse-exfat 1.4.0-2 (bug #1014538)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8803cf5e088549f87c0f4f68fae1e3e9fe37b65
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8803cf5e088549f87c0f4f68fae1e3e9fe37b65
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241209/07bac143/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list