[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 3 21:10:47 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f84fd6f by security tracker role at 2023-04-03T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2023-29216
+ RESERVED
+CVE-2023-29215
+ RESERVED
+CVE-2023-29214
+ RESERVED
+CVE-2023-29213
+ RESERVED
+CVE-2023-29212
+ RESERVED
+CVE-2023-29211
+ RESERVED
+CVE-2023-29210
+ RESERVED
+CVE-2023-29209
+ RESERVED
+CVE-2023-29208
+ RESERVED
+CVE-2023-29207
+ RESERVED
+CVE-2023-29206
+ RESERVED
+CVE-2023-29205
+ RESERVED
+CVE-2023-29204
+ RESERVED
+CVE-2023-29203
+ RESERVED
+CVE-2023-29202
+ RESERVED
+CVE-2023-29201
+ RESERVED
+CVE-2023-29200
+ RESERVED
+CVE-2023-29199
+ RESERVED
+CVE-2023-29198
+ RESERVED
+CVE-2023-29197
+ RESERVED
+CVE-2023-29196
+ RESERVED
+CVE-2023-29195
+ RESERVED
+CVE-2023-29194
+ RESERVED
+CVE-2023-29193
+ RESERVED
+CVE-2023-29192
+ RESERVED
+CVE-2023-29191
+ RESERVED
+CVE-2023-29190
+ RESERVED
+CVE-2023-29189
+ RESERVED
+CVE-2023-29188
+ RESERVED
+CVE-2023-29187
+ RESERVED
+CVE-2023-29186
+ RESERVED
+CVE-2023-29185
+ RESERVED
+CVE-2023-29184
+ RESERVED
+CVE-2023-29183
+ RESERVED
+CVE-2023-29182
+ RESERVED
+CVE-2023-29181
+ RESERVED
+CVE-2023-29180
+ RESERVED
+CVE-2023-29179
+ RESERVED
+CVE-2023-29178
+ RESERVED
+CVE-2023-29177
+ RESERVED
+CVE-2023-29176
+ RESERVED
+CVE-2023-29175
+ RESERVED
+CVE-2023-29174
+ RESERVED
+CVE-2023-29173
+ RESERVED
+CVE-2023-29172
+ RESERVED
+CVE-2023-29171
+ RESERVED
+CVE-2023-29170
+ RESERVED
+CVE-2023-1807
+ RESERVED
+CVE-2023-1806
+ RESERVED
+CVE-2023-1805
+ RESERVED
+CVE-2023-1804
+ RESERVED
+CVE-2023-1803
+ RESERVED
+CVE-2023-1802
+ RESERVED
CVE-2023-1801
RESERVED
CVE-2023-1800 (A vulnerability, which was classified as critical, has been found in s ...)
@@ -210,10 +316,10 @@ CVE-2023-1768
RESERVED
CVE-2023-1767
RESERVED
-CVE-2023-1766
- RESERVED
-CVE-2023-1765
- RESERVED
+CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-29092
RESERVED
CVE-2023-29091
@@ -1046,16 +1152,16 @@ CVE-2023-28856
RESERVED
CVE-2023-28855
RESERVED
-CVE-2023-28854
- RESERVED
+CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnera ...)
+ TODO: check
CVE-2023-28853
RESERVED
CVE-2023-28852
RESERVED
-CVE-2023-28851
- RESERVED
-CVE-2023-28850
- RESERVED
+CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple silverst ...)
+ TODO: check
+CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that allows ...)
+ TODO: check
CVE-2023-28849
RESERVED
CVE-2023-28848
@@ -1080,14 +1186,14 @@ CVE-2023-28839
RESERVED
CVE-2023-28838
RESERVED
-CVE-2023-28837
- RESERVED
-CVE-2023-28836
- RESERVED
+CVE-2023-28837 (Wagtail is an open source content management system built on Django. P ...)
+ TODO: check
+CVE-2023-28836 (Wagtail is an open source content management system built on Django. S ...)
+ TODO: check
CVE-2023-28835 (Nextcloud server is an open source home cloud implementation. In affec ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2023-28834
- RESERVED
+CVE-2023-28834 (Nextcloud Server is an open source personal cloud server. Nextcloud Se ...)
+ TODO: check
CVE-2023-28833 (Nextcloud server is an open source home cloud implementation. In affec ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-28832
@@ -1764,8 +1870,8 @@ CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In
TODO: check
CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...)
TODO: check
-CVE-2023-28625
- RESERVED
+CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module for the ...)
+ TODO: check
CVE-2023-28624
RESERVED
CVE-2023-28623
@@ -3331,8 +3437,8 @@ CVE-2023-1379 (A vulnerability was found in SourceCodester Friendly Island Pizza
NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System
CVE-2023-1378 (A vulnerability classified as critical was found in SourceCodester Fri ...)
NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System
-CVE-2023-1377
- RESERVED
+CVE-2023-1377 (The Solidres WordPress plugin through 0.9.4 does not sanitise and esca ...)
+ TODO: check
CVE-2023-1376
RESERVED
CVE-2023-1375
@@ -3792,8 +3898,8 @@ CVE-2023-1332
RESERVED
CVE-2023-1331
RESERVED
-CVE-2023-1330
- RESERVED
+CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add nonce verif ...)
+ TODO: check
CVE-2023-1329
RESERVED
CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been classifie ...)
@@ -5735,8 +5841,8 @@ CVE-2023-1126
RESERVED
CVE-2023-1125
RESERVED
-CVE-2023-1124
- RESERVED
+CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 ...)
+ TODO: check
CVE-2023-1123
RESERVED
CVE-2023-1122
@@ -7798,8 +7904,8 @@ CVE-2023-26531
RESERVED
CVE-2023-26530
RESERVED
-CVE-2023-26529
- RESERVED
+CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dupe ...)
+ TODO: check
CVE-2023-26528
RESERVED
CVE-2023-26527
@@ -8370,12 +8476,12 @@ CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: MedData Informatics MedDataPACS
CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...)
NOT-FOR-US: Trellix
-CVE-2023-0977
- RESERVED
+CVE-2023-0977 (A heap-based overflow vulnerability in Trellix Agent (Windows and Linu ...)
+ TODO: check
CVE-2023-0976
RESERVED
-CVE-2023-0975
- RESERVED
+CVE-2023-0975 (A vulnerability exists in Trellix Agent for Windows version 5.7.8 and ...)
+ TODO: check
CVE-2023-0974
RESERVED
CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...)
@@ -8545,8 +8651,7 @@ CVE-2023-26271
RESERVED
CVE-2023-26270
RESERVED
-CVE-2023-26269
- RESERVED
+CVE-2023-26269 (Apache James server version 3.7.3 and earlier provides a JMX managemen ...)
NOT-FOR-US: Apache James
CVE-2023-26268
RESERVED
@@ -9993,8 +10098,8 @@ CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.
- nomad <unfixed>
[bullseye] - nomad <no-dsa> (Minor issue)
NOTE: https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292
-CVE-2023-0820
- RESERVED
+CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does not pr ...)
+ TODO: check
CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...)
- gpac <unfixed> (bug #1033116)
[bullseye] - gpac <no-dsa> (Minor issue)
@@ -15439,8 +15544,8 @@ CVE-2023-0401 (A NULL pointer can be dereferenced when signatures are being veri
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3b6dfd70db844c4499bec6ad6601623a565e674 (openssl-3.0.8)
CVE-2023-0400 (The protection bypass vulnerability in DLP for Windows 11.9.x is addre ...)
NOT-FOR-US: DLP for Windows
-CVE-2023-0399
- RESERVED
+CVE-2023-0399 (The Image Over Image For WPBakery Page Builder WordPress plugin before ...)
+ TODO: check
CVE-2023-0398 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
CVE-2023-23860 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...)
@@ -21112,12 +21217,12 @@ CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as pro
NOT-FOR-US: cloudsync
CVE-2022-4772 (A vulnerability was found in Widoco and classified as critical. Affect ...)
NOT-FOR-US: Widoco
-CVE-2022-4771
- RESERVED
-CVE-2022-4770
- RESERVED
-CVE-2022-4769
- RESERVED
+CVE-2022-4771 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
+CVE-2022-4770 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
+CVE-2022-4769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been classified as ...)
NOT-FOR-US: Dropbox merou
CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...)
@@ -28440,7 +28545,7 @@ CVE-2022-4150 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gal
NOT-FOR-US: WordPress plugin
CVE-2022-4149
RESERVED
-CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...)
+CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...)
NOT-FOR-US: Quarkus
@@ -31232,8 +31337,8 @@ CVE-2022-3962
NOT-FOR-US: Kiali
CVE-2022-3961 (The Directorist WordPress plugin before 7.4.4 does not prevent users w ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3960
- RESERVED
+CVE-2022-3960 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
CVE-2022-45167 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
NOT-FOR-US: Archibus Web Central
CVE-2022-45166 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...)
@@ -37264,14 +37369,14 @@ CVE-2022-43943
REJECTED
CVE-2022-43942
REJECTED
-CVE-2022-43941
- RESERVED
-CVE-2022-43940
- RESERVED
-CVE-2022-43939
- RESERVED
-CVE-2022-43938
- RESERVED
+CVE-2022-43941 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+ TODO: check
+CVE-2022-43940 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+ TODO: check
+CVE-2022-43939 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+ TODO: check
+CVE-2022-43938 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
CVE-2022-43937
RESERVED
CVE-2022-43936
@@ -37618,16 +37723,16 @@ CVE-2022-43775 (The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains
NOT-FOR-US: Delta Electronics DIAEnergy
CVE-2022-43774 (The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contain ...)
NOT-FOR-US: Delta Electronics DIAEnergy
-CVE-2022-43773
- RESERVED
-CVE-2022-43772
- RESERVED
-CVE-2022-43771
- RESERVED
+CVE-2022-43773 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
+CVE-2022-43772 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+ TODO: check
+CVE-2022-43771 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
+ TODO: check
CVE-2022-43770
RESERVED
-CVE-2022-43769
- RESERVED
+CVE-2022-43769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
CVE-2022-43768
RESERVED
CVE-2022-43767
@@ -50606,10 +50711,10 @@ CVE-2022-38925
RESERVED
CVE-2022-38924
RESERVED
-CVE-2022-38923
- RESERVED
-CVE-2022-38922
- RESERVED
+CVE-2022-38923 (BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Head ...)
+ TODO: check
+CVE-2022-38922 (BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Heade ...)
+ TODO: check
CVE-2022-38921
RESERVED
CVE-2022-38920
@@ -52216,8 +52321,8 @@ CVE-2022-38084
RESERVED
CVE-2022-38083
RESERVED
-CVE-2022-38072
- RESERVED
+CVE-2022-38072 (An improper array index validation vulnerability exists in the stl_fix ...)
+ TODO: check
CVE-2022-38071
RESERVED
CVE-2022-37408
@@ -57485,8 +57590,8 @@ CVE-2022-36442 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19.
NOT-FOR-US: Zebra Enterprise Home Screen
CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gb ...)
NOT-FOR-US: Zebra Enterprise Home Screen
-CVE-2022-36440
- RESERVED
+CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...)
+ TODO: check
CVE-2022-2537 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2536 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...)
@@ -82735,8 +82840,8 @@ CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformatio
- linux 5.16.18-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8)
-CVE-2022-27665
- RESERVED
+CVE-2022-27665 (Reflected XSS (via AngularJS sandbox escape expressions) exists in Pro ...)
+ TODO: check
CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers ca ...)
- golang-1.19 1.19.1-1
- golang-1.18 1.18.6-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f84fd6fa4145bd594fd72524a0c45b59fc6a10c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f84fd6fa4145bd594fd72524a0c45b59fc6a10c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230403/16d4aacb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list