[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 17 20:12:26 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
49480703 by security tracker role at 2024-01-17T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2024-22715 (Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Reque ...)
+ TODO: check
+CVE-2024-22714 (Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) ...)
+ TODO: check
+CVE-2024-20287 (A vulnerability in the web-based management interface of the Cisco WAP ...)
+ TODO: check
+CVE-2024-20277 (A vulnerability in the web-based management interface of Cisco Thousan ...)
+ TODO: check
+CVE-2024-20272 (A vulnerability in the web-based management interface of Cisco Unity C ...)
+ TODO: check
+CVE-2024-20270 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ TODO: check
+CVE-2024-20251 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2024-0647 (A vulnerability, which was classified as problematic, was found in Spa ...)
+ TODO: check
+CVE-2024-0646 (An out-of-bounds memory write flaw was found in the Linux kernel\u2019 ...)
+ TODO: check
+CVE-2024-0645 (Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.53 ...)
+ TODO: check
+CVE-2024-0643 (Unrestricted upload of dangerous file types in the C21 Live Encoder an ...)
+ TODO: check
+CVE-2024-0642 (Inadequate access control in the C21 Live Encoder and Live Mosaic prod ...)
+ TODO: check
+CVE-2024-0641 (A denial of service vulnerability was found in tipc_crypto_key_revoke ...)
+ TODO: check
+CVE-2024-0639 (A denial of service vulnerability due to a deadlock was found in sctp_ ...)
+ TODO: check
+CVE-2024-0396 (In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.1 ...)
+ TODO: check
+CVE-2023-7031 (Insecure Direct Object Reference vulnerabilities were discovered in th ...)
+ TODO: check
+CVE-2023-5041 (The Track The Click WordPress plugin before 0.3.12 does not properly s ...)
+ TODO: check
+CVE-2023-5006 (The WP Discord Invite WordPress plugin before 2.5.1 does not protect s ...)
+ TODO: check
+CVE-2023-50950 (IBM QRadar SIEM 7.5 could disclose sensitive email information in resp ...)
+ TODO: check
+CVE-2023-44077 (Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles s ...)
+ TODO: check
+CVE-2023-34379 (Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento ...)
+ TODO: check
+CVE-2021-4434 (The Social Warfare plugin for WordPress is vulnerable to Remote Code E ...)
+ TODO: check
CVE-2024-20968
- mysql-8.0 8.0.35-1
CVE-2024-20984
@@ -560,7 +604,7 @@ CVE-2023-49107 (Generation of Error Message Containing Sensitive Information vul
NOT-FOR-US: Hitachi
CVE-2023-49106 (Missing Password Field Masking vulnerability in Hitachi Device Manager ...)
NOT-FOR-US: Hitachi
-CVE-2023-48104 (Alinto SOGo 5.8.0 is vulnerable to HTML Injection.)
+CVE-2023-48104 (Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.)
- sogo <unfixed> (bug #1060925)
NOTE: Fixed by: https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 (SOGo-5.9.1)
CVE-2023-47460 (SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a rem ...)
@@ -41804,6 +41848,7 @@ CVE-2023-30209
CVE-2023-30208
RESERVED
CVE-2023-30207 (A divide by zero issue discovered in Kodi Home Theater Software 19.5 a ...)
+ {DLA-3712-1}
- kodi 2:20.0~rc2+dfsg-2 (bug #1040593)
[bullseye] - kodi <no-dsa> (Minor issue)
NOTE: https://github.com/xbmc/xbmc/issues/22378
@@ -61071,8 +61116,8 @@ CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simp ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23896
- RESERVED
+CVE-2023-23896 (Missing Authorization vulnerability in MyThemeShop URL Shortener by My ...)
+ TODO: check
CVE-2023-23895
RESERVED
CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -61099,8 +61144,8 @@ CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin David ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23882
- RESERVED
+CVE-2023-23882 (Missing Authorization vulnerability in Brainstorm Force Ultimate Addon ...)
+ TODO: check
CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -63496,6 +63541,7 @@ CVE-2023-23084
CVE-2023-23083
RESERVED
CVE-2023-23082 (A heap buffer overflow vulnerability in Kodi Home Theater Software up ...)
+ {DLA-3712-1}
- kodi 2:20.0+dfsg-2 (bug #1031048)
[bullseye] - kodi <no-dsa> (Minor issue)
NOTE: https://github.com/xbmc/xbmc/issues/22377
@@ -82831,8 +82877,8 @@ CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software c
NOT-FOR-US: Cisco
CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
-CVE-2023-20271
- RESERVED
+CVE-2023-20271 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
CVE-2023-20270 (A vulnerability in the interaction between the Server Message Block (S ...)
NOT-FOR-US: Cisco
CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
@@ -82853,14 +82899,14 @@ CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN Mana
NOT-FOR-US: Cisco
CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could a ...)
NOT-FOR-US: Cisco
-CVE-2023-20260
- RESERVED
+CVE-2023-20260 (A vulnerability in the application CLI of Cisco Prime Infrastructure a ...)
+ TODO: check
CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...)
NOT-FOR-US: Cisco
-CVE-2023-20258
- RESERVED
-CVE-2023-20257
- RESERVED
+CVE-2023-20258 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2023-20257 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...)
NOT-FOR-US: Cisco
CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco Meeting S ...)
@@ -84707,8 +84753,8 @@ CVE-2022-43436 (The File Upload function of EasyTest has insufficient filtering
NOT-FOR-US: EasyTest
CVE-2022-42888 (Unauth. Privilege Escalation vulnerability inARMember premium plugin < ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-42884
- RESERVED
+CVE-2022-42884 (Missing Authorization vulnerability in ThemeinProgress WIP Custom Logi ...)
+ TODO: check
CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...)
@@ -84741,8 +84787,8 @@ CVE-2022-41995
RESERVED
CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format parsin ...)
NOT-FOR-US: PowerISO
-CVE-2022-41990
- RESERVED
+CVE-2022-41990 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Ta ...)
+ TODO: check
CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...)
@@ -84759,28 +84805,28 @@ CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for W
NOT-FOR-US: WordPress plugin
CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41790
- RESERVED
+CVE-2022-41790 (Missing Authorization vulnerability in CodePeople WP Time Slots Bookin ...)
+ TODO: check
CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soleda ...)
NOT-FOR-US: WordPress theme
-CVE-2022-41786
- RESERVED
+CVE-2022-41786 (Missing Authorization vulnerability in WP Job Portal WP Job Portal \u2 ...)
+ TODO: check
CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Gall ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin < ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41698
RESERVED
-CVE-2022-41695
- RESERVED
+CVE-2022-41695 (Missing Authorization vulnerability in SedLex Traffic Manager.This iss ...)
+ TODO: check
CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt P\ ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on Wor ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41619
- RESERVED
+CVE-2022-41619 (Missing Authorization vulnerability in SedLex Image Zoom.This issue af ...)
+ TODO: check
CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affil ...)
@@ -90164,8 +90210,8 @@ CVE-2022-40975
RESERVED
CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...)
NOT-FOR-US: Buffalo
-CVE-2022-40702
- RESERVED
+CVE-2022-40702 (Missing Authorization vulnerability in Zorem Advanced Local Pickup for ...)
+ TODO: check
CVE-2022-40700
RESERVED
CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr \u2013 ...)
@@ -90182,8 +90228,8 @@ CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Bett
NOT-FOR-US: WordPress plugin
CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inXylus The ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-40203
- RESERVED
+CVE-2022-40203 (Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pric ...)
+ TODO: check
CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= ...)
@@ -90196,16 +90242,16 @@ CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability inCRM Perks F
NOT-FOR-US: CRM Perks
CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-38141
- RESERVED
+CVE-2022-38141 (Missing Authorization vulnerability in Zorem Sales Report Email for Wo ...)
+ TODO: check
CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...)
NOT-FOR-US: WordPress plugin
CVE-2022-38057
RESERVED
CVE-2022-38055
RESERVED
-CVE-2022-36418
- RESERVED
+CVE-2022-36418 (Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Li ...)
+ TODO: check
CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: WordPress plugin
CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability inOceanwp sticky heade ...)
@@ -159826,6 +159872,7 @@ CVE-2021-42919
CVE-2021-42918
RESERVED
CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...)
+ {DLA-3712-1}
- kodi 2:19.3+dfsg1-1 (bug #998419)
[bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
[stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
@@ -448281,6 +448328,7 @@ CVE-2017-5984 (In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() ha
CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3. ...)
NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
+ {DLA-3712-1}
- kodi 2:18.6+dfsg1-1 (bug #855225)
[stretch] - kodi <ignored> (Minor issue)
[jessie] - kodi <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49480703c4a22ec5d7b114e6e285da1793b82d96
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49480703c4a22ec5d7b114e6e285da1793b82d96
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240117/72737567/attachment.htm>
More information about the debian-security-tracker-commits
mailing list