Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bceb538c by security tracker role at 2023-11-15T08:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary
file up ...)
+ TODO: check
+CVE-2023-6032 (A CWE-22: Improper Limitation of a Pathname to a Restricted
Directory ...)
+ TODO: check
+CVE-2023-5987 (A CWE-79 Improper Neutralization of Input During Web Page
Generation ( ...)
+ TODO: check
+CVE-2023-5986 (A CWE-601 URL Redirection to Untrusted Site vulnerability
exists that ...)
+ TODO: check
+CVE-2023-5985 (A CWE-79 Improper Neutralization of Input During Web Page
Generation v ...)
+ TODO: check
+CVE-2023-5984 (A CWE-494 Download of Code Without Integrity Check
vulnerability exist ...)
+ TODO: check
+CVE-2023-4889 (The Shareaholic plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2023-48217 (Statamic is a flat-first, Laravel + Git powered CMS designed
for build ...)
+ TODO: check
+CVE-2023-47678 (An improper access control vulnerability exists in RT-AC87U
all versio ...)
+ TODO: check
+CVE-2023-47641 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2023-47640 (DataHub is an open-source metadata platform. The HMAC
signature for Da ...)
+ TODO: check
+CVE-2023-47631 (vantage6 is a framework to manage and deploy privacy enhancing
technol ...)
+ TODO: check
+CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue
was found ...)
+ TODO: check
+CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2023-47586 (Multiple heap-based buffer overflow vulnerabilities exist in
V-Server ...)
+ TODO: check
+CVE-2023-47585 (Out-of-bounds read vulnerability exists in V-Server V4.0.18.0
and earl ...)
+ TODO: check
+CVE-2023-47584 (Out-of-bounds write vulnerability exists in V-Server V4.0.18.0
and ear ...)
+ TODO: check
+CVE-2023-47583 (Multiple out-of-bounds read vulnerabilities exist in TELLUS
Simulator ...)
+ TODO: check
+CVE-2023-47582 (Access of uninitialized pointer vulnerability exists in TELLUS
V4.0.17 ...)
+ TODO: check
+CVE-2023-47581 (Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0
and earlie ...)
+ TODO: check
+CVE-2023-47580 (Multiple improper restriction of operations within the bounds
of a mem ...)
+ TODO: check
+CVE-2023-47549 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability
on302 respo ...)
+ TODO: check
+CVE-2023-47547 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPFactor ...)
+ TODO: check
+CVE-2023-47546 (Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilityin Walte ...)
+ TODO: check
+CVE-2023-47545 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Fat ...)
+ TODO: check
+CVE-2023-47544 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Atarim Visu ...)
+ TODO: check
+CVE-2023-47533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in wpde ...)
+ TODO: check
+CVE-2023-47532 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Themeum ...)
+ TODO: check
+CVE-2023-47528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Sajj ...)
+ TODO: check
+CVE-2023-47524 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability
(requiresPH ...)
+ TODO: check
+CVE-2023-47522 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Photo Fe ...)
+ TODO: check
+CVE-2023-47520 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Michael ...)
+ TODO: check
+CVE-2023-47518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Matthew ...)
+ TODO: check
+CVE-2023-47517 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
SendPres ...)
+ TODO: check
+CVE-2023-47446 (Pre-School Enrollment version 1.0 is vulnerable to Cross Site
Scriptin ...)
+ TODO: check
+CVE-2023-47445 (Pre-School Enrollment version 1.0 is vulnerable to SQL
Injection via t ...)
+ TODO: check
+CVE-2023-47309 (Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site
Scripti ...)
+ TODO: check
+CVE-2023-47308 (In the module "Newsletter Popup PRO with Voucher/Coupon code"
(newslet ...)
+ TODO: check
+CVE-2023-47130 (Yii is an open source PHP web framework. yiisoft/yii before
version 1. ...)
+ TODO: check
+CVE-2023-47125 (TYPO3 is an open source PHP based web content management
system releas ...)
+ TODO: check
+CVE-2023-46672 (An issue was identified by Elastic whereby sensitive
information is re ...)
+ TODO: check
+CVE-2023-46582 (SQL injection vulnerability in Inventory Management v.1.0
allows a loc ...)
+ TODO: check
+CVE-2023-46581 (SQL injection vulnerability in Inventory Management v.1.0
allows a loc ...)
+ TODO: check
+CVE-2023-46580 (Cross-Site Scripting (XSS) vulnerability in Inventory
Management V1.0 ...)
+ TODO: check
+CVE-2023-46132 (Hyperledger Fabric is an open source permissioned distributed
ledger f ...)
+ TODO: check
+CVE-2023-46121 (yt-dlp is a youtube-dl fork with additional features and
fixes. The Ge ...)
+ TODO: check
+CVE-2023-46026 (Cross Site Scripting (XSS) vulnerability in profile.php in
phpgurukul ...)
+ TODO: check
+CVE-2023-46025 (SQL Injection vulnerability in teacher-info.php in phpgurukul
Teacher ...)
+ TODO: check
+CVE-2023-46024 (SQL Injection vulnerability in index.php in phpgurukul Teacher
Subject ...)
+ TODO: check
+CVE-2023-46023 (SQL injection vulnerability in addTask.php in Code-Projects
Simple Tas ...)
+ TODO: check
+CVE-2023-46022 (SQL Injection vulnerability in delete.php in Code-Projects
Blood Bank ...)
+ TODO: check
+CVE-2023-45627 (An authenticated Denial-of-Service (DoS) vulnerability exists
in the C ...)
+ TODO: check
+CVE-2023-45626 (An authenticated vulnerability has been identified allowing an
attacke ...)
+ TODO: check
+CVE-2023-45625 (Multiple authenticated command injection vulnerabilities exist
in the ...)
+ TODO: check
+CVE-2023-45624 (An unauthenticated Denial-of-Service (DoS) vulnerability
exists in the ...)
+ TODO: check
+CVE-2023-45623 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist
in the W ...)
+ TODO: check
+CVE-2023-45622 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist
in the B ...)
+ TODO: check
+CVE-2023-45621 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist
in the C ...)
+ TODO: check
+CVE-2023-45620 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist
in the C ...)
+ TODO: check
+CVE-2023-45619 (There is an arbitrary file deletion vulnerability in the RSSI
service ...)
+ TODO: check
+CVE-2023-45618 (There are arbitrary file deletion vulnerabilities in the
AirWave clien ...)
+ TODO: check
+CVE-2023-45617 (There are arbitrary file deletion vulnerabilities in the CLI
service a ...)
+ TODO: check
+CVE-2023-45616 (There is a buffer overflow vulnerability in the underlying
AirWave cli ...)
+ TODO: check
+CVE-2023-45615 (There are buffer overflow vulnerabilities in the underlying
CLI servic ...)
+ TODO: check
+CVE-2023-45614 (There are buffer overflow vulnerabilities in the underlying
CLI servic ...)
+ TODO: check
+CVE-2023-43979 (ETS Soft ybc_blog before v4.4.0 was discovered to contain a
SQL inject ...)
+ TODO: check
+CVE-2023-43591 (Improper privilege management in Zoom Rooms for macOS before
version ...)
+ TODO: check
+CVE-2023-43590 (Link following in Zoom Rooms for macOS before version 5.16.0
may allo ...)
+ TODO: check
+CVE-2023-43588 (Insufficient control flow management in some Zoom clients may
allow an ...)
+ TODO: check
+CVE-2023-43582 (Improper authorization in some Zoom clients may allow an
authorized us ...)
+ TODO: check
+CVE-2023-41718 (When a particular process flow is initiated, an attacker may
be able t ...)
+ TODO: check
+CVE-2023-41597 (EyouCms v1.6.2 was discovered to contain a reflected
cross-site script ...)
+ TODO: check
+CVE-2023-41570 (MikroTik RouterOS v7.1 to 7.11 was discovered to contain
incorrect acc ...)
+ TODO: check
+CVE-2023-40923 (MyPrestaModules ordersexport before v5.0 was discovered to
contain mul ...)
+ TODO: check
+CVE-2023-39537 (AMI AptioV contains a vulnerability in BIOS where an Attacker
may use ...)
+ TODO: check
+CVE-2023-39536 (AMI AptioV contains a vulnerability in BIOS where an Attacker
may use ...)
+ TODO: check
+CVE-2023-39535 (AMI AptioV contains a vulnerability in BIOS where an Attacker
may use ...)
+ TODO: check
+CVE-2023-39337 (A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8
older a ...)
+ TODO: check
+CVE-2023-39335 (A security vulnerability has been identified in EPMM Versions
11.10, 1 ...)
+ TODO: check
+CVE-2023-39206 (Buffer overflow in some Zoom clients may allow an
unauthenticated user ...)
+ TODO: check
+CVE-2023-39205 (Improper conditions check in Zoom Team Chat for Zoom clients
may allow ...)
+ TODO: check
+CVE-2023-39204 (Buffer overflow in some Zoom clients may allow an
unauthenticated user ...)
+ TODO: check
+CVE-2023-39203 (Uncontrolled resource consumption in Zoom Team Chat for Zoom
Desktop C ...)
+ TODO: check
+CVE-2023-39202 (Untrusted search path in Zoom Rooms Client for Windows and
Zoom VDI Cl ...)
+ TODO: check
+CVE-2023-39199 (Cryptographic issues with In-Meeting Chat for some Zoom
clients may al ...)
+ TODO: check
+CVE-2023-38544 (A logged in user can modify specific files that may lead to
unauthoriz ...)
+ TODO: check
+CVE-2023-38543 (When a specific component is loaded a local attacker and is
able to se ...)
+ TODO: check
+CVE-2023-38043 (When a specific component is loaded a local attacker and is
able to se ...)
+ TODO: check
+CVE-2023-36558 (ASP.NET Core - Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36437 (Azure DevOps Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36049 (.NET, .NET Framework, and Visual Studio Elevation of Privilege
Vulnera ...)
+ TODO: check
+CVE-2023-36038 (ASP.NET Core Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36007 (Microsoft Send Customer Voice survey from Dynamics 365
Spoofing Vulner ...)
+ TODO: check
+CVE-2023-35080 (A vulnerability has been identified in the Ivanti Secure
Access Window ...)
+ TODO: check
+CVE-2023-34060 (VMware Cloud Director Appliance contains an authentication
bypass vuln ...)
+ TODO: check
CVE-2023-44444 [GIMP PSP File Parsing Off-By-One Remote Code Execution
Vulnerability]
- gimp <unfixed>
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
@@ -317,7 +507,7 @@ CVE-2023-28377 (Improper authentication in some Intel(R)
NUC Kit NUC11PH USB fir
NOT-FOR-US: Intel
CVE-2023-22327 (Out-of-bounds write in firmware for some Intel(R) FPGA
products before ...)
NOT-FOR-US: Intel
-CVE-2023-5528
+CVE-2023-5528 (A security issue was discovered in Kubernetes where a user that
can cr ...)
- kubernetes <not-affected> (Windows-specific)
CVE-2023-23583 (Sequence of processor instructions leads to unexpected
behavior for so ...)
- intel-microcode <unfixed> (bug #1055962)
@@ -1940,7 +2130,7 @@ CVE-2023-5910 (A vulnerability was found in PopojiCMS
2.0.1 and classified as pr
NOT-FOR-US: PopojiCMS
CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core
before 1. ...)
NOT-FOR-US: transmute-core
-CVE-2023-46595 (Net-NTLM leak in Fireflow A32.20 and A32.50 allows an
attackerto obtai ...)
+CVE-2023-46595 (Net-NTLM leak in Fireflow A32.20 allows an attackerto obtain
victim\u2 ...)
NOT-FOR-US: Fireflow
CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop
Mejiro Com ...)
NOT-FOR-US: dmpop Mejiro
@@ -8637,7 +8827,7 @@ CVE-2023-5197 (A use-after-free vulnerability in the
Linux kernel's netfilter: n
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f15f29fd4779be8a418b66e9d52979bb6d6c2325 (6.6-rc3)
NOTE: https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325
-CVE-2023-5189 [insecure galaxy-importer tarfile extraction]
+CVE-2023-5189 (A path traversal vulnerability exists in Ansible when
extracting tarba ...)
NOT-FOR-US: Ansible Automation Hub
CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on
ports 33 ...)
- galera-4 26.4.13-1
@@ -27002,8 +27192,8 @@ CVE-2023-31102 (7-Zip through 22.01 on Linux allows an
integer underflow and cod
NOTE:
https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in
Apache So ...)
NOT-FOR-US: Apache InLong
-CVE-2023-31100
- RESERVED
+CVE-2023-31100 (Improper Access Control in SMI handler vulnerability in
Phoenix Secure ...)
+ TODO: check
CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an
authenticated use ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software
Foundation ...)
@@ -63354,8 +63544,8 @@ CVE-2022-4107 (The SMSA Shipping for WooCommerce
WordPress plugin before 1.0.5 d
NOT-FOR-US: WordPress plugin
CVE-2022-4106 (The Wholesale Market for WooCommerce WordPress plugin before
1.0.7 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45781
- RESERVED
+CVE-2022-45781 (Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994
and earlie ...)
+ TODO: check
CVE-2022-45780
RESERVED
CVE-2022-45779
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bceb538c66d704299b1c5d571edab7260c757aee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bceb538c66d704299b1c5d571edab7260c757aee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
