[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 5 21:10:40 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0315a05 by security tracker role at 2023-04-05T20:10:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2023-29399
+ RESERVED
+CVE-2023-29398
+ RESERVED
+CVE-2023-29397
+ RESERVED
+CVE-2023-29396
+ RESERVED
+CVE-2023-29395
+ RESERVED
+CVE-2023-29394
+ RESERVED
+CVE-2023-29393
+ RESERVED
+CVE-2023-29392
+ RESERVED
+CVE-2023-29391
+ RESERVED
+CVE-2023-29390
+ RESERVED
+CVE-2023-29389 (Toyota RAV4 2021 vehicles automatically trust messages from other ECUs ...)
+ TODO: check
+CVE-2023-29388
+ RESERVED
+CVE-2023-29387
+ RESERVED
+CVE-2023-29386
+ RESERVED
+CVE-2023-29385
+ RESERVED
+CVE-2023-29384
+ RESERVED
+CVE-2023-1893
+ RESERVED
+CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/si ...)
+ TODO: check
+CVE-2023-1891
+ RESERVED
+CVE-2023-1890
+ RESERVED
+CVE-2023-1889
+ RESERVED
+CVE-2023-1888
+ RESERVED
+CVE-2023-1887 (Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to ...)
+ TODO: check
+CVE-2023-1886 (Authentication Bypass by Capture-replay in GitHub repository thorsten/ ...)
+ TODO: check
+CVE-2023-1885 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-1884 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...)
+ TODO: check
+CVE-2023-1883 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...)
+ TODO: check
+CVE-2023-1882 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...)
+ TODO: check
+CVE-2023-1881 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+ TODO: check
+CVE-2023-1880 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
+ TODO: check
+CVE-2023-1879 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-1878 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-1877 (Command Injection in GitHub repository microweber/microweber prior to ...)
+ TODO: check
+CVE-2023-1876 (Deserialization of Untrusted Data in GitHub repository microweber/micr ...)
+ TODO: check
+CVE-2023-1875
+ RESERVED
+CVE-2023-1874
+ RESERVED
+CVE-2023-1873
+ RESERVED
+CVE-2023-1872
+ RESERVED
+CVE-2023-1871 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2023-1870 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2023-1869 (The YourChannel plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2023-1868 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...)
+ TODO: check
+CVE-2023-1867 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2023-1866 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...)
+ TODO: check
+CVE-2023-1864
+ RESERVED
+CVE-2023-1863
+ RESERVED
+CVE-2023-1862
+ RESERVED
+CVE-2023-1861
+ RESERVED
+CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2022-4940 (The WCFM Membership plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2022-4939 (THe WCFM Membership plugin for WordPress is vulnerable to privilege es ...)
+ TODO: check
+CVE-2022-4938 (The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2022-4937 (The WCFM Frontend Manager plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2022-4936 (The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2022-4935 (The WCFM Marketplace plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2021-4335
+ RESERVED
+CVE-2021-4334
+ RESERVED
+CVE-2014-125094
+ RESERVED
CVE-2023-29383
RESERVED
CVE-2023-29382
@@ -221,28 +339,28 @@ CVE-2023-29274
RESERVED
CVE-2023-29273
RESERVED
-CVE-2023-1860
- RESERVED
+CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has b ...)
+ TODO: check
CVE-2023-1859
RESERVED
-CVE-2023-1858
- RESERVED
-CVE-2023-1857
- RESERVED
-CVE-2023-1856
- RESERVED
+CVE-2023-1858 (A vulnerability was found in SourceCodester Earnings and Expense Track ...)
+ TODO: check
+CVE-2023-1857 (A vulnerability was found in SourceCodester Online Computer and Laptop ...)
+ TODO: check
+CVE-2023-1856 (A vulnerability has been found in SourceCodester Air Cargo Management ...)
+ TODO: check
CVE-2023-1855
RESERVED
-CVE-2023-1854
- RESERVED
-CVE-2023-1853
- RESERVED
-CVE-2023-1852
- RESERVED
-CVE-2023-1851
- RESERVED
-CVE-2023-1850
- RESERVED
+CVE-2023-1854 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-1853 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-1852 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-1851 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2023-1850 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...)
+ TODO: check
CVE-2023-1849 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...)
NOT-FOR-US: SourceCodester Online Payroll System
CVE-2023-1848 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...)
@@ -333,8 +451,7 @@ CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is vul
NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress
CVE-2023-1839
RESERVED
-CVE-2023-1838
- RESERVED
+CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drivers/vh ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
[buster] - linux 4.19.249-1
@@ -611,8 +728,8 @@ CVE-2023-24591
RESERVED
CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...)
NOT-FOR-US: firefly-iii
-CVE-2023-1788
- RESERVED
+CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/firef ...)
+ TODO: check
CVE-2023-1787
RESERVED
CVE-2023-1786
@@ -863,12 +980,12 @@ CVE-2023-1760 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
NOT-FOR-US: phpmyfaq
CVE-2023-1759 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
-CVE-2023-1758
- RESERVED
-CVE-2023-1757
- RESERVED
-CVE-2023-1756
- RESERVED
+CVE-2023-1758 (Failure to Sanitize Special Elements into a Different Plane (Special E ...)
+ TODO: check
+CVE-2023-1757 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-1756 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
CVE-2023-1755 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...)
NOT-FOR-US: phpmyfaq
CVE-2023-1754 (Improper Input Validation in GitHub repository thorsten/phpmyfaq prior ...)
@@ -1069,8 +1186,8 @@ CVE-2023-29008
RESERVED
CVE-2023-29007
RESERVED
-CVE-2023-29006
- RESERVED
+CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...)
+ TODO: check
CVE-2023-29005
RESERVED
CVE-2023-29004
@@ -1625,20 +1742,20 @@ CVE-2023-28857
RESERVED
CVE-2023-28856
RESERVED
-CVE-2023-28855
- RESERVED
+CVE-2023-28855 (Fields is a GLPI plugin that allows users to add custom fields on GLPI ...)
+ TODO: check
CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnera ...)
NOT-FOR-US: nophp
CVE-2023-28853 (Mastodon is a free, open-source social network server based on Activit ...)
TODO: check
-CVE-2023-28852
- RESERVED
+CVE-2023-28852 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple silverst ...)
NOT-FOR-US: Silverstripe
CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that allows ...)
NOT-FOR-US: Pimcore Perspective Editor
-CVE-2023-28849
- RESERVED
+CVE-2023-28849 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
CVE-2023-28848 (user_oidc is the OIDC connect user backend for Nextcloud, an open sour ...)
TODO: check
CVE-2023-28847
@@ -1659,8 +1776,8 @@ CVE-2023-28840 (Moby is an open source container framework developed by Docker I
TODO: check
CVE-2023-28839
RESERVED
-CVE-2023-28838
- RESERVED
+CVE-2023-28838 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
CVE-2023-28837 (Wagtail is an open source content management system built on Django. P ...)
NOT-FOR-US: Wagtail
CVE-2023-28836 (Wagtail is an open source content management system built on Django. S ...)
@@ -2042,8 +2159,8 @@ CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management Sy
NOT-FOR-US: SourceCodester Judging Management System
CVE-2023-1555
RESERVED
-CVE-2013-10022
- RESERVED
+CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
CVE-2023-28730
RESERVED
CVE-2023-28729
@@ -2105,6 +2222,7 @@ CVE-2023-1552
CVE-2023-28709
RESERVED
CVE-2023-28708 (When using the RemoteIpFilter with requests received from a reverse pr ...)
+ {DSA-5381-1 DLA-3384-1}
- tomcat10 10.1.6-1
- tomcat9 <unfixed> (bug #1033475)
- tomcat8 <removed>
@@ -2316,22 +2434,22 @@ CVE-2023-28641
RESERVED
CVE-2023-28640 (Apiman is a flexible and open source API Management platform. Due to a ...)
NOT-FOR-US: Apiman
-CVE-2023-28639
- RESERVED
+CVE-2023-28639 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...)
NOT-FOR-US: Snappier
CVE-2023-28637 (DataEase is an open source data visualization analysis tool. In Dataea ...)
NOT-FOR-US: DataEase
-CVE-2023-28636
- RESERVED
+CVE-2023-28636 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
CVE-2023-28635
RESERVED
-CVE-2023-28634
- RESERVED
-CVE-2023-28633
- RESERVED
-CVE-2023-28632
- RESERVED
+CVE-2023-28634 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2023-28633 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2023-28632 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
CVE-2023-28631 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...)
NOT-FOR-US: comrak
CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...)
@@ -2370,8 +2488,8 @@ CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated
NOT-FOR-US: SAUTER
CVE-2023-1523
RESERVED
-CVE-2023-1522
- RESERVED
+CVE-2023-1522 (SQL Injection in the Hardware Inventory report of Security Center 5.11 ...)
+ TODO: check
CVE-2023-1521
RESERVED
CVE-2023-1520
@@ -3199,8 +3317,8 @@ CVE-2023-1414
RESERVED
CVE-2023-1413
RESERVED
-CVE-2023-1412
- RESERVED
+CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...)
+ TODO: check
CVE-2023-1411
RESERVED
CVE-2023-1410 (Grafana is an open-source platform for monitoring and observability. G ...)
@@ -3351,8 +3469,8 @@ CVE-2019-25117
RESERVED
CVE-2019-25116
RESERVED
-CVE-2023-28342
- RESERVED
+CVE-2023-28342 (Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to cond ...)
+ TODO: check
CVE-2023-28341
RESERVED
CVE-2023-28340
@@ -4258,8 +4376,8 @@ CVE-2023-28071
RESERVED
CVE-2023-28070
RESERVED
-CVE-2023-28069
- RESERVED
+CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...)
+ TODO: check
CVE-2023-28068
RESERVED
CVE-2023-28067
@@ -5735,6 +5853,7 @@ CVE-2023-27588 (Hasura is an open-source product that provides users GraphQL or
CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to ...)
NOT-FOR-US: ReadtoMyShoe
CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Pr ...)
+ {DSA-5382-1}
- cairosvg 2.5.2-1.1 (bug #1033295)
[buster] - cairosvg <no-dsa> (Minor issue; fix would require backporting entire --unsafe mechanism)
NOTE: https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 (2.7.0)
@@ -7624,10 +7743,10 @@ CVE-2023-26859
RESERVED
CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...)
NOT-FOR-US: prestashop
-CVE-2023-26857
- RESERVED
-CVE-2023-26856
- RESERVED
+CVE-2023-26857 (An arbitrary file upload vulnerability in /admin/ajax.php?action=save_ ...)
+ TODO: check
+CVE-2023-26856 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...)
+ TODO: check
CVE-2023-26855 (The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt v ...)
NOT-FOR-US: ChurchCRM
CVE-2023-26854
@@ -7760,8 +7879,8 @@ CVE-2023-26791
RESERVED
CVE-2023-26790
RESERVED
-CVE-2023-26789
- RESERVED
+CVE-2023-26789 (Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected ...)
+ TODO: check
CVE-2023-26788
RESERVED
CVE-2023-26787
@@ -8373,8 +8492,8 @@ CVE-2023-26538
RESERVED
CVE-2023-26537
RESERVED
-CVE-2023-26536
- RESERVED
+CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...)
+ TODO: check
CVE-2023-26535
RESERVED
CVE-2023-26534
@@ -11506,8 +11625,8 @@ CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive inf
NOT-FOR-US: Dell
CVE-2023-25535
RESERVED
-CVE-2023-22660
- RESERVED
+CVE-2023-22660 (A heap-based buffer overflow vulnerability exists in the way Ichitaro ...)
+ TODO: check
CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...)
NOT-FOR-US: Interactive Geo Maps plugin for WordPress
CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...)
@@ -12048,8 +12167,8 @@ CVE-2023-25332
RESERVED
CVE-2023-25331
RESERVED
-CVE-2023-25330
- RESERVED
+CVE-2023-25330 (A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows rem ...)
+ TODO: check
CVE-2023-25329
RESERVED
CVE-2023-25328
@@ -12438,8 +12557,8 @@ CVE-2023-0672
RESERVED
CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. ...)
- froxlor <itp> (bug #581792)
-CVE-2023-0670
- RESERVED
+CVE-2023-0670 (Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an atta ...)
+ TODO: check
CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...)
NOT-FOR-US: Fortra GoAnywhere MFT
CVE-2023-0668
@@ -13642,7 +13761,7 @@ CVE-2023-24726 (Art Gallery Management System v1.0 was discovered to contain a S
NOT-FOR-US: Art Gallery Management System
CVE-2023-24725
RESERVED
-CVE-2023-24724 (A stored cross site scripting (XSS) vulnerability was discovered in th ...)
+CVE-2023-24724 (** DISPUTED ** A stored cross site scripting (XSS) vulnerability was d ...)
TODO: check
CVE-2023-24723
RESERVED
@@ -20171,8 +20290,8 @@ CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid w
NOT-FOR-US: OpenHarmony
CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...)
NOT-FOR-US: OpenHarmony
-CVE-2023-22291
- RESERVED
+CVE-2023-22291 (An invalid free vulnerability exists in the Frame stream parser functi ...)
+ TODO: check
CVE-2023-0091 (A flaw was found in Keycloak, where it did not properly check client t ...)
NOT-FOR-US: Keycloak
CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...)
@@ -28002,8 +28121,8 @@ CVE-2022-4272 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: FeMiner wms
CVE-2022-45124 (An information disclosure vulnerability exists in the User authenticat ...)
NOT-FOR-US: WellinTech KingHistorian
-CVE-2022-45115
- RESERVED
+CVE-2022-45115 (A buffer overflow vulnerability exists in the Attribute Arena function ...)
+ TODO: check
CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...)
NOT-FOR-US: ESTsoft Alyac
CVE-2022-46378
@@ -28596,8 +28715,8 @@ CVE-2022-44453
RESERVED
CVE-2022-44451
RESERVED
-CVE-2022-43664
- RESERVED
+CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro Word Pro ...)
+ TODO: check
CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll RecvPac ...)
NOT-FOR-US: WellinTech KingHistorian
CVE-2022-43503
@@ -31966,6 +32085,7 @@ CVE-2022-3934 (The FlatPM WordPress plugin before 3.0.13 does not sanitise and e
CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does not sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...)
+ {DSA-5381-1}
- tomcat9 9.0.70-1
[buster] - tomcat9 <not-affected> (The vulnerable code was introduced later)
- tomcat8 <removed>
@@ -37506,80 +37626,80 @@ CVE-2023-20155
RESERVED
CVE-2023-20154
RESERVED
-CVE-2023-20153
- RESERVED
-CVE-2023-20152
- RESERVED
-CVE-2023-20151
- RESERVED
-CVE-2023-20150
- RESERVED
-CVE-2023-20149
- RESERVED
-CVE-2023-20148
- RESERVED
-CVE-2023-20147
- RESERVED
-CVE-2023-20146
- RESERVED
-CVE-2023-20145
- RESERVED
-CVE-2023-20144
- RESERVED
-CVE-2023-20143
- RESERVED
-CVE-2023-20142
- RESERVED
-CVE-2023-20141
- RESERVED
-CVE-2023-20140
- RESERVED
-CVE-2023-20139
- RESERVED
-CVE-2023-20138
- RESERVED
-CVE-2023-20137
- RESERVED
+CVE-2023-20153 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
+ TODO: check
+CVE-2023-20152 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
+ TODO: check
+CVE-2023-20151 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20150 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20149 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20148 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20147 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20146 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20145 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20144 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20143 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20142 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20141 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20140 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20139 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20138 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20137 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2023-20136
RESERVED
CVE-2023-20135
RESERVED
-CVE-2023-20134
- RESERVED
+CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
+ TODO: check
CVE-2023-20133
RESERVED
-CVE-2023-20132
- RESERVED
-CVE-2023-20131
- RESERVED
-CVE-2023-20130
- RESERVED
-CVE-2023-20129
- RESERVED
-CVE-2023-20128
- RESERVED
-CVE-2023-20127
- RESERVED
+CVE-2023-20132 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
+ TODO: check
+CVE-2023-20131 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20130 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20129 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20128 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20127 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2023-20126
RESERVED
CVE-2023-20125
RESERVED
-CVE-2023-20124
- RESERVED
-CVE-2023-20123
- RESERVED
-CVE-2023-20122
- RESERVED
-CVE-2023-20121
- RESERVED
+CVE-2023-20124 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
+CVE-2023-20123 (A vulnerability in the offline access mode of Cisco Duo Two-Factor Aut ...)
+ TODO: check
+CVE-2023-20122 (Multiple vulnerabilities in the restricted shell of Cisco Evolved Prog ...)
+ TODO: check
+CVE-2023-20121 (Multiple vulnerabilities in the restricted shell of Cisco Evolved Prog ...)
+ TODO: check
CVE-2023-20120
RESERVED
CVE-2023-20119
RESERVED
CVE-2023-20118
RESERVED
-CVE-2023-20117
- RESERVED
+CVE-2023-20117 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2023-20116
RESERVED
CVE-2023-20115
@@ -37606,10 +37726,10 @@ CVE-2023-20105
RESERVED
CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...)
NOT-FOR-US: Cisco
-CVE-2023-20103
- RESERVED
-CVE-2023-20102
- RESERVED
+CVE-2023-20103 (A vulnerability in Cisco Secure Network Analytics could allow an authe ...)
+ TODO: check
+CVE-2023-20102 (A vulnerability in the web-based management interface of Cisco Secure ...)
+ TODO: check
CVE-2023-20101
RESERVED
CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the Contro ...)
@@ -37620,8 +37740,8 @@ CVE-2023-20098
RESERVED
CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could allow an au ...)
NOT-FOR-US: Cisco
-CVE-2023-20096
- RESERVED
+CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2023-20095
RESERVED
CVE-2023-20094
@@ -37666,8 +37786,8 @@ CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could all
NOT-FOR-US: Cisco
CVE-2023-20074
RESERVED
-CVE-2023-20073
- RESERVED
+CVE-2023-20073 (A vulnerability in the web-based management interface of Cisco RV340, ...)
+ TODO: check
CVE-2023-20072 (A vulnerability in the fragmentation handling code of tunnel protocol ...)
NOT-FOR-US: Cisco
CVE-2023-20071
@@ -37676,8 +37796,8 @@ CVE-2023-20070
RESERVED
CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco Prime I ...)
NOT-FOR-US: Cisco
-CVE-2023-20068
- RESERVED
+CVE-2023-20068 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
CVE-2023-20067 (A vulnerability in the HTTP-based client profiling feature of Cisco IO ...)
NOT-FOR-US: Cisco
CVE-2023-20066 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
@@ -37713,8 +37833,8 @@ CVE-2023-20052 (On Feb 15, 2023, the following vulnerability in the ClamAV scann
- clamav 1.0.1+dfsg-1 (bug #1031509)
[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
-CVE-2023-20051
- RESERVED
+CVE-2023-20051 (A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet D ...)
+ TODO: check
CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
NOT-FOR-US: Cisco
CVE-2023-20049 (A vulnerability in the bidirectional forwarding detection (BFD) hardwa ...)
@@ -37759,8 +37879,8 @@ CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV scann
NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8
CVE-2023-20031
RESERVED
-CVE-2023-20030
- RESERVED
+CVE-2023-20030 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS XE Softw ...)
NOT-FOR-US: Cisco
CVE-2023-20028
@@ -37773,12 +37893,12 @@ CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco S
NOT-FOR-US: Cisco
CVE-2023-20024
RESERVED
-CVE-2023-20023
- RESERVED
-CVE-2023-20022
- RESERVED
-CVE-2023-20021
- RESERVED
+CVE-2023-20023 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
+ TODO: check
+CVE-2023-20022 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
+ TODO: check
+CVE-2023-20021 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
+ TODO: check
CVE-2023-20020 (A vulnerability in the Device Management Servlet application of Cisco ...)
NOT-FOR-US: Cisco
CVE-2023-20019 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
@@ -42815,6 +42935,7 @@ CVE-2022-42254 (NVIDIA GPU Display Driver for Linux contains a vulnerability in
CVE-2022-42253
RESERVED
CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10. ...)
+ {DSA-5381-1 DLA-3384-1}
- tomcat9 9.0.68-1
- tomcat8 <removed>
NOTE: https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq
@@ -62989,7 +63110,7 @@ CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.0
NOT-FOR-US: WordPress plugin
CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not validate u ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2239 (The Request a Quote WordPress plugin through 2.3.7 does not sanitise a ...)
+CVE-2022-2239 (The Request a Quote WordPress plugin before 2.3.9 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2238 (A vulnerability was found in the search-api container in Red Hat Advan ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 / Stolostron
@@ -76656,6 +76777,7 @@ CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not sa
CVE-2022-1538
RESERVED
CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...)
+ {DLA-3383-1}
- grunt 1.5.3-1
[bullseye] - grunt <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/
@@ -161836,7 +161958,7 @@ CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF c
NOT-FOR-US: WordPress plugin
CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...)
+CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.9 does not sanitise, v ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0315a0591939cf8655fe253993c7ebb2d827791
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0315a0591939cf8655fe253993c7ebb2d827791
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230405/ff5bc806/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list