Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
477f64e6 by security tracker role at 2023-07-31T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-4026
+ REJECTED
+CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in
the Li ...)
+ TODO: check
+CVE-2023-3997 (Splunk SOAR versions 6.0.2 and earlier are indirectly affected
by a po ...)
+ TODO: check
+CVE-2023-3983 (An authenticated SQL injection vulnerability exists in
Advantech iView ...)
+ TODO: check
+CVE-2023-3817 (Issue summary: Checking excessively long DH keys or parameters
may be ...)
+ TODO: check
+CVE-2023-3508 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a
flawed ...)
+ TODO: check
+CVE-2023-3507 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a
flawed ...)
+ TODO: check
+CVE-2023-3345 (The LMS by Masteriyo WordPress plugin before 1.6.8 does not
properly s ...)
+ TODO: check
+CVE-2023-3292 (The grid-kit-premium WordPress plugin before 2.2.0 does not
escape som ...)
+ TODO: check
+CVE-2023-3134 (The Forminator WordPress plugin before 1.24.4 does not properly
escape ...)
+ TODO: check
+CVE-2023-3130 (The Short URL WordPress plugin before 1.6.5 does not sanitise
and esca ...)
+ TODO: check
+CVE-2023-38989 (An issue in the delete function in the UserController class of
jeesite ...)
+ TODO: check
+CVE-2023-38750 (In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9
before 9.0.0 ...)
+ TODO: check
+CVE-2023-38311 (An issue was discovered in Webmin 2.021. A Stored Cross-Site
Scripting ...)
+ TODO: check
+CVE-2023-38310 (An issue was discovered in Webmin 2.021. A Stored Cross-Site
Scripting ...)
+ TODO: check
+CVE-2023-38309 (An issue was discovered in Webmin 2.021. A Reflected
Cross-Site Script ...)
+ TODO: check
+CVE-2023-38308 (An issue was discovered in Webmin 2.021. A Cross-Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2023-38307 (An issue was discovered in Webmin 2.021. A Stored Cross-Site
Scripting ...)
+ TODO: check
+CVE-2023-38306 (An issue was discovered in Webmin 2.021. A Cross-site
Scripting (XSS) ...)
+ TODO: check
+CVE-2023-38305 (An issue was discovered in Webmin 2.021. The download
functionality al ...)
+ TODO: check
+CVE-2023-38304 (An issue was discovered in Webmin 2.021. A Stored Cross-Site
Scripting ...)
+ TODO: check
+CVE-2023-38303 (An issue was discovered in Webmin 2.021. One can exploit a
stored Cros ...)
+ TODO: check
+CVE-2023-37771 (Art Gallery Management System v1.0 contains a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2023-37647 (SEMCMS v1.5 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
+CVE-2023-37580 (Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS
in the ...)
+ TODO: check
+CVE-2023-36092 (Authentication Bypass vulnerability in D-Link DIR-859 FW105b03
allows ...)
+ TODO: check
+CVE-2023-36091 (Authentication Bypass vulnerability in D-Link DIR-895 FW102b07
allows ...)
+ TODO: check
+CVE-2023-36090 (Authentication Bypass vulnerability in D-Link DIR-885L
FW102b01 allows ...)
+ TODO: check
+CVE-2023-36089 (Authentication Bypass vulnerability in D-Link DIR-645 firmware
version ...)
+ TODO: check
+CVE-2023-35861 (A shell-injection vulnerability in email notifications on
Supermicro m ...)
+ TODO: check
+CVE-2023-35792 (Vound Intella Connect 2.6.0.3 is vulnerable to stored
Cross-site Scrip ...)
+ TODO: check
+CVE-2023-35791 (Vound Intella Connect 2.6.0.3 has an Open Redirect
vulnerability.)
+ TODO: check
+CVE-2023-34917 (Fuge CMS v1.0 contains an Open Redirect vulnerability in
member/Regist ...)
+ TODO: check
+CVE-2023-34916 (Fuge CMS v1.0 contains an Open Redirect vulnerability via
/front/Proce ...)
+ TODO: check
+CVE-2023-34872 (A vulnerability in Outline.cc for Poppler prior to 23.06.0
allows a re ...)
+ TODO: check
+CVE-2023-34842 (Remote Code Execution vulnerability in DedeCMS through 5.7.109
allows ...)
+ TODO: check
+CVE-2023-34644 (Remote code execution vulnerability in Ruijie Networks
Product: RG-EW ...)
+ TODO: check
+CVE-2023-34635 (Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2023-33534 (A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei
Intellig ...)
+ TODO: check
+CVE-2020-36763 (Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows
remote a ...)
+ TODO: check
CVE-2023-4007 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
CVE-2023-4006 (Improper Neutralization of Formula Elements in a CSV File in
GitHub re ...)
@@ -14,7 +94,7 @@ CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an
unauthenticated DoS condi
NOT-FOR-US: ASUS
CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS
condition. ...)
NOT-FOR-US: ASUS
-CVE-2023-4004
+CVE-2023-4004 (A use-after-free flaw was found in the Linux kernel's netfilter
in the ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/87b5a5c209405cb6b57424cdfa226a6dbd349232 (6.5-rc3)
@@ -6879,7 +6959,7 @@ CVE-2023-32714 (In the Splunk App for Lookup File Editing
versions below 4.0.1,
NOT-FOR-US: Splunk
CVE-2023-32713 (In Splunk App for Stream versions below 8.1.1, a
low-privileged user c ...)
NOT-FOR-US: Splunk
-CVE-2023-32712 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14,
an atta ...)
+CVE-2023-32712 (In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and
8.2.11.2, a ...)
NOT-FOR-US: Splunk
CVE-2023-32711 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14,
a Splun ...)
NOT-FOR-US: Splunk
@@ -19863,7 +19943,7 @@ CVE-2023-28025
RESERVED
CVE-2023-28024
RESERVED
-CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI
Softwar ...)
+CVE-2023-28023 (HCL Verse is susceptible to a Stored Cross Site Scripting
(XSS) vulner ...)
NOT-FOR-US: HCL
CVE-2023-28022
RESERVED
@@ -19883,7 +19963,7 @@ CVE-2023-28015 (The HCL Domino AppDev Pack IAM service
is susceptible to a User
NOT-FOR-US: HCL
CVE-2023-28014 (HCL BigFix Mobile is vulnerable to a cross-site scripting
attack. An a ...)
NOT-FOR-US: HCL
-CVE-2023-28013 (HCL BigFix Mobile is vulnerable to a cross-site scripting
attack. An a ...)
+CVE-2023-28013 (HCL Verse is susceptible to a Reflected Cross Site Scripting
(XSS) vul ...)
NOT-FOR-US: HCL
CVE-2023-28012 (HCL BigFix Mobile is vulnerable to a command injection attack.
An auth ...)
NOT-FOR-US: HCL
@@ -29042,8 +29122,8 @@ CVE-2023-0604
RESERVED
CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does
not have ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0602
- RESERVED
+CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not
properl ...)
+ TODO: check
CVE-2023-0601
RESERVED
CVE-2023-24855
@@ -33070,8 +33150,8 @@ CVE-2023-0268 (The Mega Addons For WPBakery Page
Builder WordPress plugin before
NOT-FOR-US: WordPress plugin
CVE-2023-0267 (The Ultimate Carousel For WPBakery Page Builder WordPress
plugin throu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4888
- RESERVED
+CVE-2022-4888 (The Checkout Fields Manager WordPress plugin before 1.0.2,
Abandoned C ...)
+ TODO: check
CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
NOT-FOR-US: Th3-822 Rapidleech
CVE-2009-10002 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -52726,7 +52806,7 @@ CVE-2023-20595
CVE-2023-20594
RESERVED
CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific
microarchitectural ...)
- {DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3508-1}
+ {DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3511-1 DLA-3508-1}
- linux 6.4.4-2
- amd64-microcode 3.20230719.1 (bug #1041863)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1
@@ -59156,10 +59236,10 @@ CVE-2022-42185
RESERVED
CVE-2022-42184
RESERVED
-CVE-2022-42183
- RESERVED
-CVE-2022-42182
- RESERVED
+CVE-2022-42183 (Precisely Spectrum Spatial Analyst 20.01 is vulnerable to
Server-Side ...)
+ TODO: check
+CVE-2022-42182 (Precisely Spectrum Spatial Analyst 20.01 is vulnerable to
Directory Tr ...)
+ TODO: check
CVE-2022-42181
RESERVED
CVE-2022-42180
@@ -160203,10 +160283,10 @@ CVE-2021-31683
RESERVED
CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM
web appli ...)
NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application
-CVE-2021-31681
- RESERVED
-CVE-2021-31680
- RESERVED
+CVE-2021-31681 (Deserialization of Untrusted Data vulnerability in yolo 3
allows attac ...)
+ TODO: check
+CVE-2021-31680 (Deserialization of Untrusted Data vulnerability in yolo 5
allows attac ...)
+ TODO: check
CVE-2021-31679 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF
vulnerabilit ...)
NOT-FOR-US: PESCMS Team
CVE-2021-31678 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF
vulnerabilit ...)
@@ -160263,8 +160343,8 @@ CVE-2021-31653
RESERVED
CVE-2021-31652
RESERVED
-CVE-2021-31651
- RESERVED
+CVE-2021-31651 (Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3
allows r ...)
+ TODO: check
CVE-2021-31650 (A SQL injection vulnerability in Sourcecodester Online Grading
System ...)
NOT-FOR-US: Sourcecodester Online Grading System
CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a
deserializat ...)
@@ -216072,8 +216152,8 @@ CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise
Series 2.4 and UniBox Camp
NOT-FOR-US: UniBox
CVE-2020-21882
RESERVED
-CVE-2020-21881
- RESERVED
+CVE-2020-21881 (Cross Site Request Forgery (CSRF) vulnerability in admin.php
in DuxCMS ...)
+ TODO: check
CVE-2020-21880
RESERVED
CVE-2020-21879
@@ -216564,8 +216644,8 @@ CVE-2020-21664
RESERVED
CVE-2020-21663
RESERVED
-CVE-2020-21662
- RESERVED
+CVE-2020-21662 (SQL injection vulnerability in yunyecms 2.0.2 allows remote
attackers ...)
+ TODO: check
CVE-2020-21661
RESERVED
CVE-2020-21660
@@ -302065,6 +302145,7 @@ CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the
OpenID Connect extension for D
NOTE:
https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61
NOTE:
https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66
CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices
(AMD) ...)
+ {DLA-3511-1}
- amd64-microcode 3.20220411.1 (bug #970395)
[bullseye] - amd64-microcode 3.20230719.1~deb11u1
NOTE: https://seclists.org/fulldisclosure/2019/Jun/46
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/477f64e6e12e3772cf77b3be0c6976d0220eecce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/477f64e6e12e3772cf77b3be0c6976d0220eecce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
