[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 19 Dec 2023 00:12:34 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3a12766e by security tracker role at 2023-12-19T08:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,82 @@
-CVE-2023-6927
+CVE-2023-6940 (with only one user interaction(download a malicious config), 
attackers ...)
+       TODO: check
+CVE-2023-6488 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for 
WordPre ...)
+       TODO: check
+CVE-2023-6355 (Incorrect selection of fuse values in the Controller 7000 
platform all ...)
+       TODO: check
+CVE-2023-6315 (Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 
and all p ...)
+       TODO: check
+CVE-2023-6314 (Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and 
all previ ...)
+       TODO: check
+CVE-2023-5432 (The Jquery news ticker plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2023-5413 (The Image horizontal reel scroll slideshow plugin for WordPress 
is vul ...)
+       TODO: check
+CVE-2023-49821 (Cross-Site Request Forgery (CSRF) vulnerability in LiveChat 
LiveChat \ ...)
+       TODO: check
+CVE-2023-49819 (Deserialization of Untrusted Data vulnerability in Gordon 
B\xf6hme, An ...)
+       TODO: check
+CVE-2023-49763 (Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic 
Ltd CSp ...)
+       TODO: check
+CVE-2023-49761 (Cross-Site Request Forgery (CSRF) vulnerability in Gravity 
Master Prod ...)
+       TODO: check
+CVE-2023-49760 (Cross-Site Request Forgery (CSRF) vulnerability in 
Giannopoulos Kostas ...)
+       TODO: check
+CVE-2023-49759 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors 
Team WooDi ...)
+       TODO: check
+CVE-2023-49163 (Cross-Site Request Forgery (CSRF) vulnerability in Michael 
Winkler tea ...)
+       TODO: check
+CVE-2023-49155 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company 
Button  ...)
+       TODO: check
+CVE-2023-49153 (Cross-Site Request Forgery (CSRF) vulnerability in Saiful 
Islam Add to ...)
+       TODO: check
+CVE-2023-49148 (Cross-Site Request Forgery (CSRF) vulnerability in Kulwant 
Nagi Affili ...)
+       TODO: check
+CVE-2023-48781 (Cross-Site Request Forgery (CSRF) vulnerability in Marketing 
Rapel MkR ...)
+       TODO: check
+CVE-2023-48778 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme 
Product  ...)
+       TODO: check
+CVE-2023-48773 (Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor 
WooCommer ...)
+       TODO: check
+CVE-2023-48772 (Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad 
J Preve ...)
+       TODO: check
+CVE-2023-48769 (Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral 
Chat Bub ...)
+       TODO: check
+CVE-2023-48768 (Cross-Site Request Forgery (CSRF) vulnerability in 
CodeAstrology Team  ...)
+       TODO: check
+CVE-2023-48751 (Missing Authorization, Cross-Site Request Forgery (CSRF) 
vulnerability ...)
+       TODO: check
+CVE-2023-47754 (Missing Authorization vulnerability in Clever plugins Delete 
Duplicate ...)
+       TODO: check
+CVE-2023-47558 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-47530 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-47506 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-46686 (A reliance on untrusted inputs in a security decision could be 
exploit ...)
+       TODO: check
+CVE-2023-46212 (Missing Authorization, Cross-Site Request Forgery (CSRF) 
vulnerability ...)
+       TODO: check
+CVE-2023-46154 (Deserialization of Untrusted Data vulnerability in E2Pdf.Com 
E2Pdf \u2 ...)
+       TODO: check
+CVE-2023-44982 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+       TODO: check
+CVE-2023-42015 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 
7.2.3.7,  ...)
+       TODO: check
+CVE-2023-41967 (Sensitive information uncleared after debug/power state 
transition in  ...)
+       TODO: check
+CVE-2023-40691 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 
19.0.1,  ...)
+       TODO: check
+CVE-2023-34168 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-33331 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2019-25157 (A vulnerability was found in Ethex Contracts. It has been 
classified a ...)
+       TODO: check
+CVE-2014-125107 (A vulnerability was found in Corveda PHPSandbox 1.3.4 and 
classified a ...)
+       TODO: check
+CVE-2023-6927 (A flaw was found in Keycloak. This issue may allow an attacker 
to stea ...)
        NOT-FOR-US: Keycloak
 CVE-2023-6920
        REJECTED
@@ -2639,6 +2717,7 @@ CVE-2023-34439 (Pleasanter 1.3.47.0 and earlier contains 
a stored cross-site scr
 CVE-2023-32268 (Exposure of Proxy Administrator Credentials  An authenticated 
administ ...)
        NOT-FOR-US: Microfocus
 CVE-2023-46218 (This flaw allows a malicious HTTP server to set "super 
cookies" in cur ...)
+       {DLA-3692-1}
        - curl 8.5.0-1 (bug #1057646)
        NOTE: Introduced by: 
https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465 
(curl-7_46_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb 
(curl-8_5_0)
@@ -4719,7 +4798,7 @@ CVE-2023-6008 (The UserPro plugin for WordPress is 
vulnerable to Cross-Site Requ
        NOT-FOR-US: WordPress plugin
 CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized 
access  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-6918
+CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for 
message d ...)
        - libssh <unfixed>
        NOTE: 
https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd
 (libssh-0.10.6)
        NOTE: 
https://gitlab.com/libssh/libssh-mirror/-/commit/63ff242131c8e6d98917456f71f6d33b9ef3a763
 (libssh-0.10.6)
@@ -42185,6 +42264,7 @@ CVE-2023-28324 (A improper input validation 
vulnerability exists in Ivanti Endpo
 CVE-2023-28323 (A deserialization of untrusted data exists in EPM 2022 Su3 and 
all pri ...)
        NOT-FOR-US: Ivanti
 CVE-2023-28322 (An information disclosure vulnerability exists in curl <v8.1.0 
when do ...)
+       {DLA-3692-1}
        - curl 7.88.1-10 (bug #1036239)
        [bullseye] - curl 7.74.0-1.3+deb11u9
        NOTE: https://curl.se/docs/CVE-2023-28322.html
@@ -51594,20 +51674,20 @@ CVE-2023-25185 (An issue was discovered on NOKIA 
Airscale ASIKA Single RAN devic
        NOT-FOR-US: NOKIA
 CVE-2023-25074 (Improper privilege validation in Command Centre Server allows 
authenti ...)
        NOT-FOR-US: Gallagher
-CVE-2023-24590
-       RESERVED
+CVE-2023-24590 (A format string issue in the Controller 6000's optional 
diagnostic web ...)
+       TODO: check
 CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the 
Controller  ...)
        NOT-FOR-US: Gallagher
-CVE-2023-23584
-       RESERVED
-CVE-2023-23576
-       RESERVED
-CVE-2023-23570
-       RESERVED
+CVE-2023-23584 (An observable response discrepancy in the Gallagher Command 
Centre RES ...)
+       TODO: check
+CVE-2023-23576 (Incorrect behavior order in the Command Centre Server could 
allow priv ...)
+       TODO: check
+CVE-2023-23570 (Client-Side enforcement of Server-Side security for the 
Command Centre ...)
+       TODO: check
 CVE-2023-23568 (Improper privilege validation in Command Centre Server allows 
authenti ...)
        NOT-FOR-US: Gallagher
-CVE-2023-22439
-       RESERVED
+CVE-2023-22439 (Improper input validation of a large HTTP request in the 
Controller 60 ...)
+       TODO: check
 CVE-2023-22428 (Improper privilege validation in Command Centre Server allows 
authenti ...)
        NOT-FOR-US: Gallagher
 CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server 
allows an a ...)
@@ -69538,8 +69618,8 @@ CVE-2022-45811
        RESERVED
 CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File 
vulnerabilit ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-45809
-       RESERVED
+CVE-2022-45809 (Time-of-check Time-of-use (TOCTOU) Race Condition 
vulnerability in Ric ...)
+       TODO: check
 CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS 
Plugin < ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45807 (Cross-Site Request Forgery (CSRF) inWPVibes WP Mail Log plugin 
<= 1.0. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a12766e5176b5ecb4daedaf297c16f2ddb96d90

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a12766e5176b5ecb4daedaf297c16f2ddb96d90
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to