[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 9 08:11:44 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f99783ae by security tracker role at 2024-01-09T08:11:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2024-22125 (Under certain conditions the Microsoft Edge browser extension (SAP GUI ...)
+ TODO: check
+CVE-2024-22124 (Under certain conditions,Internet Communication Manager (ICM) orSAP We ...)
+ TODO: check
+CVE-2024-21738 (SAP NetWeaver ABAP Application Server and ABAP Platform do not suffici ...)
+ TODO: check
+CVE-2024-21737 (In SAP Application Interface Framework File Adapter - version 702, ahi ...)
+ TODO: check
+CVE-2024-21736 (SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSC ...)
+ TODO: check
+CVE-2024-21735 (SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105 ...)
+ TODO: check
+CVE-2024-21734 (SAP Marketing (Contacts App) - version 160, allows an attacker with lo ...)
+ TODO: check
+CVE-2024-21663 (Discord-Recon is a Discord bot created to automate bug bounty recon, a ...)
+ TODO: check
+CVE-2024-21651 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2024-21648 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2024-21646 (Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP lib ...)
+ TODO: check
+CVE-2023-7220 (A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 an ...)
+ TODO: check
+CVE-2023-7219 (A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 ...)
+ TODO: check
+CVE-2023-7218 (A vulnerability, which was classified as critical, was found in Totoli ...)
+ TODO: check
+CVE-2023-6842 (The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calcu ...)
+ TODO: check
+CVE-2023-6830 (The Formidable Forms plugin for WordPress is vulnerable to HTML inject ...)
+ TODO: check
+CVE-2023-6788 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
+ TODO: check
+CVE-2023-6594 (The WordPress Button Plugin MaxButtons plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-52202 (Deserialization of Untrusted Data vulnerability in SVNLabs Softwares H ...)
+ TODO: check
+CVE-2023-52198 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-52197 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-52196 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-52142 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-52074 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...)
+ TODO: check
+CVE-2023-52073 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...)
+ TODO: check
+CVE-2023-52072 (FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CS ...)
+ TODO: check
+CVE-2023-51717 (Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that ...)
+ TODO: check
+CVE-2023-51490 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-51408 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-51406 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-50932 (An issue was discovered in savignano S/Notify before 4.0.2 for Conflue ...)
+ TODO: check
+CVE-2023-50931 (An issue was discovered in savignano S/Notify before 2.0.1 for Bitbuck ...)
+ TODO: check
+CVE-2023-50930 (An issue was discovered in savignano S/Notify before 4.0.2 for Jira. W ...)
+ TODO: check
+CVE-2023-50643 (An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote atta ...)
+ TODO: check
+CVE-2023-50162 (SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers ...)
+ TODO: check
+CVE-2023-49961 (WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x an ...)
+ TODO: check
+CVE-2023-49238 (In Gradle Enterprise before 2023.1, a remote attacker may be able to g ...)
+ TODO: check
+CVE-2023-46906 (juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in ...)
+ TODO: check
+CVE-2023-39336 (An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager ...)
+ TODO: check
+CVE-2023-36629 (The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W0 ...)
+ TODO: check
CVE-2024-21747 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2024-21745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -2133,7 +2213,7 @@ CVE-2023-51766 (Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/C
NOTE: https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5
NOTE: https://git.exim.org/exim.git/commit/4596719398f6f2365bed563aafd757a6433ce7b4
NOTE: https://git.exim.org/exim.git/commit/5bb786d5ad568a88d50d15452aacc8404047e5ca
-CVE-2023-51765 (sendmail through at least 8.14.7 allows SMTP smuggling in certain conf ...)
+CVE-2023-51765 (sendmail through 8.17.2 allows SMTP smuggling in certain configuration ...)
- sendmail <unfixed> (bug #1059386)
[bookworm] - sendmail <no-dsa> (Minor issue)
[bullseye] - sendmail <no-dsa> (Minor issue)
@@ -4238,6 +4318,7 @@ CVE-2023-50369 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2023-50368 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...)
+ {DLA-3709-1}
- squid <unfixed> (bug #1058721)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
@@ -13523,6 +13604,7 @@ CVE-2023-46848 (Squid is vulnerable to Denial of Service, where a remote attack
- squid3 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
CVE-2023-46847 (Squid is vulnerable to a Denial of Service, where a remote attacker c ...)
+ {DLA-3709-1}
- squid 6.5-1 (bug #1055250)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
@@ -13533,6 +13615,7 @@ CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP and
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...)
+ {DLA-3709-1}
- squid 6.5-1 (bug #1054537)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
@@ -45147,17 +45230,17 @@ CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 hav
NOT-FOR-US: TP-Link
CVE-2023-28477 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-28476 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
+CVE-2023-28476 (Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is v ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28475 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and ver ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-28474 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
+CVE-2023-28474 (Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is v ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28473 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28472 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-28471 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
+CVE-2023-28471 (Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is v ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is ...)
NOT-FOR-US: Couchbase Server
@@ -47747,8 +47830,8 @@ CVE-2023-27741
RESERVED
CVE-2023-27740
RESERVED
-CVE-2023-27739
- RESERVED
+CVE-2023-27739 (easyXDM 2.5 allows XSS via the xdm_e parameter.)
+ TODO: check
CVE-2023-27738
RESERVED
CVE-2023-27737
@@ -49566,8 +49649,8 @@ CVE-2023-27100 (Improper restriction of excessive authentication attempts in the
NOT-FOR-US: Netgate pfSense Plus
CVE-2023-27099
RESERVED
-CVE-2023-27098
- RESERVED
+CVE-2023-27098 (TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access ...)
+ TODO: check
CVE-2023-27097
RESERVED
CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...)
@@ -49773,12 +49856,12 @@ CVE-2023-27002
RESERVED
CVE-2023-27001
RESERVED
-CVE-2023-27000
- RESERVED
-CVE-2023-26999
- RESERVED
-CVE-2023-26998
- RESERVED
+CVE-2023-27000 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...)
+ TODO: check
+CVE-2023-26999 (An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker ...)
+ TODO: check
+CVE-2023-26998 (Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 ...)
+ TODO: check
CVE-2023-26997
RESERVED
CVE-2023-26996
@@ -74714,8 +74797,8 @@ CVE-2022-45356
RESERVED
CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45354
- RESERVED
+CVE-2022-45354 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2022-45353 (Broken Access Control inBetheme theme <= 26.6.1 on WordPress.)
NOT-FOR-US: WordPress theme
CVE-2022-45352
@@ -90373,8 +90456,8 @@ CVE-2022-40706
RESERVED
CVE-2022-40705 (An Improper Restriction of XML External Entity Reference vulnerability ...)
NOT-FOR-US: Apache SOAP
-CVE-2022-40696
- RESERVED
+CVE-2022-40696 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288] ...)
NOT-FOR-US: FortiGuard
CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...)
@@ -97748,8 +97831,8 @@ CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plu
NOT-FOR-US: WordPress plugin
CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-36352
- RESERVED
+CVE-2022-36352 (Missing Authorization vulnerability in Profilegrid ProfileGrid \u2013 ...)
+ TODO: check
CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2022-36345 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download ...)
@@ -102088,8 +102171,8 @@ CVE-2022-34656 (Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-34344
- RESERVED
+CVE-2022-34344 (Missing Authorization vulnerability in Rymera Web Co Wholesale Suite \ ...)
+ TODO: check
CVE-2022-34154 (Authenticated (author or higher user role) Arbitrary File Upload vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2022-33970 (Authenticated WordPress Options Change vulnerability in Biplob018 Shor ...)
@@ -112440,7 +112523,7 @@ CVE-2022-30536 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2022-30337 (Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-29923 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...)
+CVE-2022-29923 (Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick ...)
NOT-FOR-US: WordPress plugin
CVE-2022-28700 (Authenticated Arbitrary File Creation via Export function vulnerabilit ...)
NOT-FOR-US: WordPress plugin
@@ -122046,7 +122129,7 @@ CVE-2022-29411 (SQL Injection (SQLi) vulnerability in Mufeng's Hermit \u97f3\u4e
CVE-2022-29410 (Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit \u ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29409
- RESERVED
+ REJECTED
CVE-2022-29408 (Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital' ...)
NOT-FOR-US: WordPress plugin
CVE-2022-29407
@@ -298318,12 +298401,14 @@ CVE-2023-49288 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5
CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
+ {DLA-3709-1}
- squid 6.5-1 (low)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
NOTE: https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 (SQUID_6_5)
NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
CVE-2023-49285 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
+ {DLA-3709-1}
- squid 6.5-1 (low)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f99783aef1b0bc8b7c08aa21b5f53565241463f0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f99783aef1b0bc8b7c08aa21b5f53565241463f0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240109/e60e3470/attachment.htm>
More information about the debian-security-tracker-commits
mailing list