Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d3813e2 by security tracker role at 2023-11-27T20:23:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,122 @@
-CVE-2023-43701
+CVE-2023-6329 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on
[PLATF ...)
+ TODO: check
+CVE-2023-6287 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance
before ...)
+ TODO: check
+CVE-2023-6254 (A Vulnerability in OTRS AgentInterface and ExternalInterface
allows th ...)
+ TODO: check
+CVE-2023-6202 (Mattermost fails to perform proper authorization in the
/plugins/focal ...)
+ TODO: check
+CVE-2023-5974 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to
server ...)
+ TODO: check
+CVE-2023-5958 (The POST SMTP Mailer WordPress plugin before 2.7.1 does not
escape ema ...)
+ TODO: check
+CVE-2023-5942 (The Medialist WordPress plugin before 1.4.1 does not validate
and esca ...)
+ TODO: check
+CVE-2023-5906 (The Job Manager & Career WordPress plugin before 1.4.4 contains
a vuln ...)
+ TODO: check
+CVE-2023-5845 (The Simple Social Media Share Buttons WordPress plugin before
5.1.1 le ...)
+ TODO: check
+CVE-2023-5738 (The WordPress Backup & Migration WordPress plugin before 1.4.4
does no ...)
+ TODO: check
+CVE-2023-5737 (The WordPress Backup & Migration WordPress plugin before 1.4.4
does no ...)
+ TODO: check
+CVE-2023-5653 (The WassUp Real Time Analytics WordPress plugin through 1.9.4.5
does n ...)
+ TODO: check
+CVE-2023-5641 (The Martins Free & Easy SEO BackLink Link Building Network
WordPress p ...)
+ TODO: check
+CVE-2023-5620 (The Web Push Notifications WordPress plugin before 4.35.0 does
not pre ...)
+ TODO: check
+CVE-2023-5611 (The Seraphinite Accelerator WordPress plugin before 2.20.32
does not h ...)
+ TODO: check
+CVE-2023-5607 (An improper limitation of a path name to a restricted directory
(path ...)
+ TODO: check
+CVE-2023-5604 (The Asgaros Forum WordPress plugin before 2.7.1 allows forum
administr ...)
+ TODO: check
+CVE-2023-5560 (The WP-UserOnline WordPress plugin before 2.88.3 does not
sanitise and ...)
+ TODO: check
+CVE-2023-5559 (The 10Web Booster WordPress plugin before 2.24.18 does not
validate th ...)
+ TODO: check
+CVE-2023-5525 (The Limit Login Attempts Reloaded WordPress plugin before
2.25.26 is m ...)
+ TODO: check
+CVE-2023-5325 (The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6
does no ...)
+ TODO: check
+CVE-2023-5239 (The Security & Malware scan by CleanTalk WordPress plugin
before 2.121 ...)
+ TODO: check
+CVE-2023-5209 (The WordPress Online Booking and Scheduling Plugin WordPress
plugin be ...)
+ TODO: check
+CVE-2023-4931 (Uncontrolled search path element vulnerability in Plesk
Installer affe ...)
+ TODO: check
+CVE-2023-4922 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to
a loca ...)
+ TODO: check
+CVE-2023-4642 (The kk Star Ratings WordPress plugin before 5.4.6 does not
implement a ...)
+ TODO: check
+CVE-2023-4590 (Buffer overflow vulnerability in Frhed hex editor, affecting
version 1 ...)
+ TODO: check
+CVE-2023-4514 (The Mmm Simple File List WordPress plugin through 2.3 does not
validat ...)
+ TODO: check
+CVE-2023-4297 (The Mmm Simple File List WordPress plugin through 2.3 does not
validat ...)
+ TODO: check
+CVE-2023-4252 (The EventPrime WordPress plugin through 3.2.9 specifies the
price of a ...)
+ TODO: check
+CVE-2023-49316 (In Math/BinaryField.php in phpseclib before 3.0.34,
excessively large ...)
+ TODO: check
+CVE-2023-49047 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the
devName parame ...)
+ TODO: check
+CVE-2023-49046 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows
a remote ...)
+ TODO: check
+CVE-2023-49043 (Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows
a remot ...)
+ TODO: check
+CVE-2023-49042 (Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a
remote ...)
+ TODO: check
+CVE-2023-49040 (An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to
execute ...)
+ TODO: check
+CVE-2023-49029 (Cross Site Scripting vulnerability in smpn1smg absis
v.2017-10-19 and ...)
+ TODO: check
+CVE-2023-49028 (Cross Site Scripting vulnerability in smpn1smg absis
v.2017-10-19 and ...)
+ TODO: check
+CVE-2023-48369 (Mattermost fails to limit the log size of server logs allowing
an atta ...)
+ TODO: check
+CVE-2023-48268 (Mattermost fails tolimit the amount of data extracted from
compressed ...)
+ TODO: check
+CVE-2023-47865 (Mattermost fails to check if hardened mode is enabled when
overriding ...)
+ TODO: check
+CVE-2023-47168 (Mattermost fails to properly check a redirect URL parameter
allowing f ...)
+ TODO: check
+CVE-2023-45223 (Mattermost fails to properly validate the "Show Full Name"
option in a ...)
+ TODO: check
+CVE-2023-43754 (Mattermost fails to check whether the \u201cAllow users to
view archiv ...)
+ TODO: check
+CVE-2023-42000 (Arcserve UDP prior to 9.2 contains a path traversal
vulnerability in c ...)
+ TODO: check
+CVE-2023-41999 (An authentication bypass exists in Arcserve UDP prior to
version 9.2. ...)
+ TODO: check
+CVE-2023-41998 (Arcserve UDP prior to 9.2 contained a vulnerability in
thecom.ca.arcfl ...)
+ TODO: check
+CVE-2023-41257 (A type confusion vulnerability exists in the way Foxit Reader
12.1.2.1 ...)
+ TODO: check
+CVE-2023-40703 (Mattermost fails to properly limit the characters allowed in
different ...)
+ TODO: check
+CVE-2023-40194 (An arbitrary file creation vulnerability exists in the
Javascript expo ...)
+ TODO: check
+CVE-2023-39542 (A code execution vulnerability exists in the Javascript saveAs
API of ...)
+ TODO: check
+CVE-2023-38573 (A use-after-free vulnerability exists in the way Foxit Reader
12.1.2.1 ...)
+ TODO: check
+CVE-2023-35985 (An arbitrary file creation vulnerability exists in the
Javascript expo ...)
+ TODO: check
+CVE-2023-35075 (Mattermost fails to use innerText /textContentwhen setting the
channel ...)
+ TODO: check
+CVE-2023-32616 (A use-after-free vulnerability exists in the way Foxit Reader
12.1.2.1 ...)
+ TODO: check
+CVE-2023-31275 (An uninitialized pointer use vulnerability exists in the
functionality ...)
+ TODO: check
+CVE-2023-2707 (The gAppointments WordPress plugin through 1.9.5.1 does not
sanitise a ...)
+ TODO: check
+CVE-2023-43701 (Improper payload validation and an improper REST API response
type, ma ...)
NOT-FOR-US: Apache Superset
-CVE-2023-42501
+CVE-2023-42501 (Unnecessary read permissions within the Gamma role would allow
authent ...)
NOT-FOR-US: Apache Superset
-CVE-2023-40610
+CVE-2023-40610 (Improper authorization check and possible privilege escalation
on Apac ...)
NOT-FOR-US: Apache Superset
CVE-2023-6313 (A vulnerability was found in SourceCodester URL Shortener 1.0.
It has ...)
NOT-FOR-US: SourceCodester URL Shortener
@@ -96,7 +210,7 @@ CVE-2023-46575 (A SQL injection vulnerability in Meshery
before 0.6.179 allows a
NOT-FOR-US: Meshery
CVE-2023-38914
REJECTED
-CVE-2023-49068
+CVE-2023-49068 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: Apache DolphinScheduler
CVE-2023-49216 (Usedesk before 1.7.57 allows profile stored XSS.)
NOT-FOR-US: Usedesk
@@ -4661,6 +4775,7 @@ CVE-2023-46345 (Catdoc v0.95 was discovered to contain a
NULL pointer dereferenc
- catdoc <unfixed> (unimportant)
NOTE: Crash in CLI tool, no security impact
CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior
to versio ...)
+ {DLA-3669-1}
- cryptojs 3.1.2+dfsg-4 (bug #1055525)
NOTE:
https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf
NOTE:
https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a
(4.2.0)
@@ -6498,6 +6613,7 @@ CVE-2023-43658 (dicourse-calendar is a plugin for the
Discourse messaging platfo
CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the
Export for T ...)
NOT-FOR-US: Liferay Portal
CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution
Service ...)
+ {DSA-5568-1}
- fastdds 2.11.2+ds-6 (bug #1054163)
[bullseye] - fastdds <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm
@@ -9613,7 +9729,7 @@ CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for
Windows and prior, contain
NOT-FOR-US: Dell
CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output
error backt ...)
- drupal7 <removed>
-CVE-2023-5871 [generator: Fix assertion in ext-mode BLOCK_STATUS]
+CVE-2023-5871 (A flaw was found in libnbd, due to a malicious Network Block
Device (N ...)
- libnbd 1.18.1-1 (bug #1055170)
[bookworm] - libnbd <not-affected> (Vulnerable code not present)
[bullseye] - libnbd <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3813e259c65cb8ff1ac1a057bd7e64fb8e0cd4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d3813e259c65cb8ff1ac1a057bd7e64fb8e0cd4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
