[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 11 21:10:40 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1c1bd39 by security tracker role at 2023-04-11T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2023-30500
+ RESERVED
+CVE-2023-30499
+ RESERVED
+CVE-2023-30498
+ RESERVED
+CVE-2023-30497
+ RESERVED
+CVE-2023-30496
+ RESERVED
+CVE-2023-30495
+ RESERVED
+CVE-2023-30494
+ RESERVED
+CVE-2023-30493
+ RESERVED
+CVE-2023-30492
+ RESERVED
+CVE-2023-30491
+ RESERVED
+CVE-2023-30490
+ RESERVED
+CVE-2023-30489
+ RESERVED
+CVE-2023-30488
+ RESERVED
+CVE-2023-30487
+ RESERVED
+CVE-2023-30486
+ RESERVED
+CVE-2023-30485
+ RESERVED
+CVE-2023-30484
+ RESERVED
+CVE-2023-30483
+ RESERVED
+CVE-2023-30482
+ RESERVED
+CVE-2023-30481
+ RESERVED
+CVE-2023-30480
+ RESERVED
+CVE-2023-30479
+ RESERVED
+CVE-2023-30478
+ RESERVED
+CVE-2023-30477
+ RESERVED
+CVE-2023-30476
+ RESERVED
+CVE-2023-30475
+ RESERVED
+CVE-2023-30474
+ RESERVED
+CVE-2023-30473
+ RESERVED
+CVE-2023-30472
+ RESERVED
+CVE-2023-30471
+ RESERVED
+CVE-2023-30470
+ RESERVED
+CVE-2023-1990
+ RESERVED
+CVE-2023-1989
+ RESERVED
+CVE-2023-1988 (A vulnerability was found in SourceCodester Online Computer and Laptop ...)
+ TODO: check
+CVE-2023-1987 (A vulnerability has been found in SourceCodester Online Computer and L ...)
+ TODO: check
+CVE-2023-1986 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1985 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-1984 (A vulnerability classified as critical was found in SourceCodester Com ...)
+ TODO: check
+CVE-2023-1983 (A vulnerability was found in SourceCodester Sales Tracker Management S ...)
+ TODO: check
+CVE-2023-1982
+ RESERVED
+CVE-2023-1981
+ RESERVED
+CVE-2023-1980 (Two factor authentication bypass on login in Devolutions Remote Deskto ...)
+ TODO: check
+CVE-2023-1979
+ RESERVED
+CVE-2023-1978
+ RESERVED
+CVE-2023-1977
+ RESERVED
+CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub repository ...)
+ TODO: check
+CVE-2023-1974 (Exposure of Sensitive Information Through Metadata in GitHub repositor ...)
+ TODO: check
CVE-2023-30469
RESERVED
CVE-2023-30468
@@ -8,8 +104,8 @@ CVE-2023-30467
RESERVED
CVE-2023-30466
RESERVED
-CVE-2023-30465
- RESERVED
+CVE-2023-30465 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-1972
RESERVED
CVE-2023-1971 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...)
@@ -1895,7 +1991,7 @@ CVE-2023-29548
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29548
CVE-2023-29547
RESERVED
- - firefox <unfixed>
+ - firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29547
CVE-2023-29546
RESERVED
@@ -2106,8 +2202,8 @@ CVE-2023-1941 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System
CVE-2023-1940 (A vulnerability classified as critical was found in SourceCodester Sim ...)
NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System
-CVE-2023-1939
- RESERVED
+CVE-2023-1939 (No access control for the OTP key on OTP entries in Devolutions Remote ...)
+ TODO: check
CVE-2023-1938
RESERVED
CVE-2023-1937 (A vulnerability, which was classified as problematic, was found in zhe ...)
@@ -3489,10 +3585,10 @@ CVE-2023-29056
RESERVED
CVE-2023-29055
RESERVED
-CVE-2023-29054
- RESERVED
-CVE-2023-29053
- RESERVED
+CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
+ TODO: check
+CVE-2023-29053 (A vulnerability has been identified in JT Open (All versions < V11. ...)
+ TODO: check
CVE-2023-29052
RESERVED
CVE-2023-29051
@@ -3805,10 +3901,10 @@ CVE-2022-48431 (In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle a
- intellij-idea <itp> (bug #747616)
CVE-2022-48430 (In JetBrains IntelliJ IDEA before 2023.1 file content could be disclos ...)
- intellij-idea <itp> (bug #747616)
-CVE-2021-46879
- RESERVED
-CVE-2021-46878
- RESERVED
+CVE-2021-46879 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong var ...)
+ TODO: check
+CVE-2021-46878 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous p ...)
+ TODO: check
CVE-2023-28958
RESERVED
CVE-2023-28957
@@ -4280,8 +4376,8 @@ CVE-2023-28830
RESERVED
CVE-2023-28829
RESERVED
-CVE-2023-28828
- RESERVED
+CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < ...)
+ TODO: check
CVE-2023-28827
RESERVED
CVE-2023-28379
@@ -4441,8 +4537,8 @@ CVE-2023-28768
RESERVED
CVE-2023-28767
RESERVED
-CVE-2023-28766
- RESERVED
+CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All v ...)
+ TODO: check
CVE-2023-25180
RESERVED
CVE-2023-24593
@@ -4703,8 +4799,8 @@ CVE-2023-1554
RESERVED
CVE-2023-1553
RESERVED
-CVE-2023-1552
- RESERVED
+CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a deserialization vulne ...)
+ TODO: check
CVE-2023-28709
RESERVED
CVE-2023-28708 (When using the RemoteIpFilter with requests received from a reverse pr ...)
@@ -5355,8 +5451,8 @@ CVE-2023-28491
RESERVED
CVE-2023-28490
RESERVED
-CVE-2023-28489
- RESERVED
+CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
+ TODO: check
CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate the ge ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1477
@@ -5758,20 +5854,20 @@ CVE-2023-27304
RESERVED
CVE-2023-26595
RESERVED
-CVE-2023-26593
- RESERVED
-CVE-2023-25955
- RESERVED
+CVE-2023-26593 (CENTUM series provided by Yokogawa Electric Corporation are vulnerable ...)
+ TODO: check
+CVE-2023-25955 (National land numerical information data conversion tool all versions ...)
+ TODO: check
CVE-2023-25954
RESERVED
CVE-2023-25953
RESERVED
-CVE-2023-25950
- RESERVED
+CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ...)
+ TODO: check
CVE-2023-25946
RESERVED
-CVE-2023-25755
- RESERVED
+CVE-2023-25755 (Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerabl ...)
+ TODO: check
CVE-2023-25184
RESERVED
CVE-2023-25072
@@ -5790,8 +5886,8 @@ CVE-2023-22441
RESERVED
CVE-2023-22361
RESERVED
-CVE-2023-22282
- RESERVED
+CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...)
+ TODO: check
CVE-2023-1420
RESERVED
CVE-2023-1419
@@ -5844,8 +5940,8 @@ CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are
NOTE: https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7
NOTE: https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78
NOTE: https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb
-CVE-2023-28368
- RESERVED
+CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ( ...)
+ TODO: check
CVE-2023-28366
RESERVED
CVE-2023-28365
@@ -6302,12 +6398,12 @@ CVE-2023-28217
RESERVED
CVE-2023-28216
RESERVED
-CVE-2023-27917
- RESERVED
-CVE-2023-27389
- RESERVED
-CVE-2023-23575
- RESERVED
+CVE-2023-27917 (OS command injection vulnerability in CONPROSYS IoT Gateway products a ...)
+ TODO: check
+CVE-2023-27389 (Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway ...)
+ TODO: check
+CVE-2023-23575 (Improper access control vulnerability in CONPROSYS IoT Gateway product ...)
+ TODO: check
CVE-2023-1381 (The WP Meta SEO WordPress plugin before 4.5.5 does not validate image ...)
NOT-FOR-US: WordPress plugin
CVE-2022-48402
@@ -6882,8 +6978,8 @@ CVE-2023-28064
RESERVED
CVE-2023-28063
RESERVED
-CVE-2023-28062
- RESERVED
+CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access ...)
+ TODO: check
CVE-2023-28061
RESERVED
CVE-2023-28060
@@ -7117,8 +7213,8 @@ CVE-2023-27997
RESERVED
CVE-2023-27996
RESERVED
-CVE-2023-27995
- RESERVED
+CVE-2023-27995 (A improper neutralization of special elements used in a template engin ...)
+ TODO: check
CVE-2023-27994
RESERVED
CVE-2023-27993
@@ -8178,8 +8274,8 @@ CVE-2023-27647
RESERVED
CVE-2023-27646
RESERVED
-CVE-2023-27645
- RESERVED
+CVE-2023-27645 (An issue found in POWERAMP audioplayer build 925 bundle play and build ...)
+ TODO: check
CVE-2023-27644
RESERVED
CVE-2023-27643
@@ -8621,8 +8717,8 @@ CVE-2023-1153 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Pacsrapor
CVE-2023-1152 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Persolus
-CVE-2023-27520
- RESERVED
+CVE-2023-27520 (Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printer ...)
+ TODO: check
CVE-2023-27511
RESERVED
CVE-2023-27509
@@ -8653,8 +8749,8 @@ CVE-2023-25772
RESERVED
CVE-2023-24460
RESERVED
-CVE-2023-23572
- RESERVED
+CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/network int ...)
+ TODO: check
CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
NOT-FOR-US: SourceCodester Electronic Medical Records System
CVE-2023-1150
@@ -8772,8 +8868,8 @@ CVE-2023-27466
RESERVED
CVE-2023-27465
RESERVED
-CVE-2023-27464
- RESERVED
+CVE-2023-27464 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...)
+ TODO: check
CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
NOT-FOR-US: RUGGEDCOM CROSSBOW
CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
@@ -9543,8 +9639,8 @@ CVE-2023-27194
RESERVED
CVE-2023-27193
RESERVED
-CVE-2023-27192
- RESERVED
+CVE-2023-27192 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...)
+ TODO: check
CVE-2023-27191 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...)
TODO: check
CVE-2023-27190
@@ -9569,8 +9665,8 @@ CVE-2023-27181
RESERVED
CVE-2023-27180 (GDidees CMS v3.9.1 was discovered to contain a source code disclosure ...)
NOT-FOR-US: GDidees CMS
-CVE-2023-27179
- RESERVED
+CVE-2023-27179 (GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary fi ...)
+ TODO: check
CVE-2023-27178 (An arbitrary file upload vulnerability in the upload function of GDide ...)
TODO: check
CVE-2023-27177
@@ -10022,8 +10118,8 @@ CVE-2023-26966
RESERVED
CVE-2023-26965
RESERVED
-CVE-2023-26964
- RESERVED
+CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...)
+ TODO: check
CVE-2023-26963
RESERVED
CVE-2023-26962
@@ -10123,8 +10219,8 @@ CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox
TODO: check
CVE-2023-26918
RESERVED
-CVE-2023-26917
- RESERVED
+CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
+ TODO: check
CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
- libyang2 <unfixed> (bug #1034154)
NOTE: https://github.com/CESNET/libyang/issues/1979
@@ -10264,12 +10360,12 @@ CVE-2023-26849
RESERVED
CVE-2023-26848 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...)
NOT-FOR-US: TOTOLINK
-CVE-2023-26847
- RESERVED
-CVE-2023-26846
- RESERVED
-CVE-2023-26845
- RESERVED
+CVE-2023-26847 (A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 a ...)
+ TODO: check
+CVE-2023-26846 (A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 a ...)
+ TODO: check
+CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers ...)
+ TODO: check
CVE-2023-26844
RESERVED
CVE-2023-26843
@@ -10793,8 +10889,8 @@ CVE-2023-26599
RESERVED
CVE-2023-26598
RESERVED
-CVE-2023-26588
- RESERVED
+CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network devices ...)
+ TODO: check
CVE-2023-26584
RESERVED
CVE-2023-26583
@@ -10873,10 +10969,10 @@ CVE-2023-26547 (The InputMethod module has a vulnerability of serialization/dese
NOT-FOR-US: Huawei
CVE-2023-26546
RESERVED
-CVE-2023-24544
- RESERVED
-CVE-2023-24464
- RESERVED
+CVE-2023-24544 (Improper access control vulnerability in Buffalo network devices allow ...)
+ TODO: check
+CVE-2023-24464 (Stored-cross-site scripting vulnerability in Buffalo network devices a ...)
+ TODO: check
CVE-2023-1048 (A vulnerability, which was classified as critical, has been found in T ...)
NOT-FOR-US: TechPowerUp Ryzen DRAM Calculator
CVE-2023-1047 (A vulnerability classified as critical was found in TechPowerUp RealTe ...)
@@ -11720,8 +11816,8 @@ CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arb
- mono 6.8.0.105+dfsg-3.3 (bug #972146)
[bullseye] - mono <no-dsa> (Minor issue; will be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
-CVE-2023-26293
- RESERVED
+CVE-2023-26293 (A vulnerability has been identified in TIA Portal V15 (All versions), ...)
+ TODO: check
CVE-2023-26292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Forcepoint
CVE-2023-26291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -15460,8 +15556,8 @@ CVE-2023-0647 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: dst-admin
CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5.0. A ...)
NOT-FOR-US: dst-admin
-CVE-2023-0645
- RESERVED
+CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a specifical ...)
+ TODO: check
CVE-2023-0644
RESERVED
CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub repository s ...)
@@ -19777,8 +19873,8 @@ CVE-2015-10041 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as cr
NOT-FOR-US: Dovgalyuk AIBattle
CVE-2015-10040 (A vulnerability was found in gitlearn. It has been declared as problem ...)
NOT-FOR-US: gitlearn
-CVE-2023-23588
- RESERVED
+CVE-2023-23588 (A vulnerability has been identified in SIMATIC IPC1047 (All versions), ...)
+ TODO: check
CVE-2023-23587
RESERVED
CVE-2023-23586 (Due to a vulnerability in the io_uring subsystem, it is possible to le ...)
@@ -20604,8 +20700,8 @@ CVE-2023-23279 (Canteen Management System 1.0 is vulnerable to SQL Injection via
NOT-FOR-US: Canteen Management System
CVE-2023-23278
RESERVED
-CVE-2023-23277
- RESERVED
+CVE-2023-23277 (Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote ...)
+ TODO: check
CVE-2023-23276
RESERVED
CVE-2023-23275
@@ -22823,10 +22919,10 @@ CVE-2023-22644
RESERVED
CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
NOT-FOR-US: SAP
-CVE-2023-22642
- RESERVED
-CVE-2023-22641
- RESERVED
+CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in FortiAna ...)
+ TODO: check
+CVE-2023-22641 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
+ TODO: check
CVE-2023-22640
RESERVED
CVE-2023-22639
@@ -22837,8 +22933,8 @@ CVE-2023-22637
RESERVED
CVE-2023-22636 (An unauthorized configuration download vulnerability in FortiWeb 6.3.6 ...)
NOT-FOR-US: Fortinet
-CVE-2023-22635
- RESERVED
+CVE-2023-22635 (A download of code without Integrity check vulnerability [CWE-494] in ...)
+ TODO: check
CVE-2023-22634
RESERVED
CVE-2023-22633
@@ -24348,8 +24444,8 @@ CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of EC-
NOT-FOR-US: EC-CUBE
CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to 2.23.1. ...)
- web2py <removed>
-CVE-2023-22429
- RESERVED
+CVE-2023-22429 (Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier ...)
+ TODO: check
CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching function ...)
NOT-FOR-US: SHIRASAGI
CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...)
@@ -27459,18 +27555,18 @@ CVE-2022-47470
RESERVED
CVE-2022-47469
RESERVED
-CVE-2022-47468
- RESERVED
-CVE-2022-47467
- RESERVED
-CVE-2022-47466
- RESERVED
-CVE-2022-47465
- RESERVED
-CVE-2022-47464
- RESERVED
-CVE-2022-47463
- RESERVED
+CVE-2022-47468 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-47467 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-47466 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-47465 (In vdsp service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-47464 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-47463 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
CVE-2022-47462 (In telephone service, there is a missing permission check. This could ...)
NOT-FOR-US: Unisoc
CVE-2022-47461 (In telephone service, there is a missing permission check. This could ...)
@@ -28056,8 +28152,8 @@ CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to a
NOT-FOR-US: Unisoc
CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to a missin ...)
NOT-FOR-US: Unisoc
-CVE-2022-47362
- RESERVED
+CVE-2022-47362 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
CVE-2022-47361 (In firewall service, there is a missing permission check. This could l ...)
NOT-FOR-US: Unisoc
CVE-2022-47360 (In log service, there is a missing permission check. This could lead t ...)
@@ -28104,14 +28200,14 @@ CVE-2022-47340
RESERVED
CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...)
NOT-FOR-US: Unisoc
-CVE-2022-47338
- RESERVED
-CVE-2022-47337
- RESERVED
-CVE-2022-47336
- RESERVED
-CVE-2022-47335
- RESERVED
+CVE-2022-47338 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-47337 (In media service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2022-47336 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2022-47335 (In telecom service, there is a missing permission check. This could le ...)
+ TODO: check
CVE-2022-47334
RESERVED
CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...)
@@ -31434,7 +31530,7 @@ CVE-2022-40973
RESERVED
CVE-2022-37331
RESERVED
-CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All versions). Th ...)
+CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All versions < ...)
NOT-FOR-US: Siemens
CVE-2022-46264
RESERVED
@@ -33263,7 +33359,7 @@ CVE-2022-45486
RESERVED
CVE-2022-45485
RESERVED
-CVE-2022-45484 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-45484 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...)
NOT-FOR-US: kiwi Test Plan
@@ -40555,26 +40651,26 @@ CVE-2022-43957
RESERVED
CVE-2022-43956
RESERVED
-CVE-2022-43955
- RESERVED
+CVE-2022-43955 (An improper neutralization of input during web page generation [CWE-79 ...)
+ TODO: check
CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...)
NOT-FOR-US: Fortinet
CVE-2022-43953
RESERVED
-CVE-2022-43952
- RESERVED
-CVE-2022-43951
- RESERVED
+CVE-2022-43952 (An improper neutralization of input during web page generation ('Cross ...)
+ TODO: check
+CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ TODO: check
CVE-2022-43950
RESERVED
CVE-2022-43949
RESERVED
-CVE-2022-43948
- RESERVED
-CVE-2022-43947
- RESERVED
-CVE-2022-43946
- RESERVED
+CVE-2022-43948 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2022-43947 (An improper restriction of excessive authentication attempts vulnerabi ...)
+ TODO: check
+CVE-2022-43946 (Multiple vulnerabilities including an incorrect permission assignment ...)
+ TODO: check
CVE-2022-3727
RESERVED
CVE-2022-3726 (Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all ...)
@@ -40985,14 +41081,14 @@ CVE-2022-43772 (Hitachi Vantara Pentaho Business Analytics Server versions befor
NOT-FOR-US: Hitachi
CVE-2022-43771 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
NOT-FOR-US: Hitachi
-CVE-2022-43770
- RESERVED
+CVE-2022-43770 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.3. ...)
+ TODO: check
CVE-2022-43769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
NOT-FOR-US: Hitachi
-CVE-2022-43768
- RESERVED
-CVE-2022-43767
- RESERVED
+CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
+ TODO: check
+CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
+ TODO: check
CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...)
NOT-FOR-US: Apache IoTDB
CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn’t process correctly s ...)
@@ -41036,8 +41132,8 @@ CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when usi
NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...)
NOT-FOR-US: Sophos
-CVE-2022-3695
- RESERVED
+CVE-2022-3695 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the administrator toke ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3693 (The File Management System developed by FileOrbis before version 10.6. ...)
@@ -41160,8 +41256,8 @@ CVE-2022-43718 (Upload data forms do not correctly render user input leading to
CVE-2022-43717 (Dashboard rendering does not sufficiently sanitize the content of mark ...)
NOT-FOR-US: Apache Superset
NOTE: https://github.com/apache/superset/pull/21895
-CVE-2022-43716
- RESERVED
+CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...)
+ TODO: check
CVE-2022-43715
RESERVED
CVE-2022-43714
@@ -44757,8 +44853,8 @@ CVE-2022-42481
RESERVED
CVE-2022-42478
RESERVED
-CVE-2022-42477
- RESERVED
+CVE-2022-42477 (An improper input validation vulnerability [CWE-20] in FortiAnalyzer v ...)
+ TODO: check
CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
NOT-FOR-US: Fortinet
CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VP ...)
@@ -44771,10 +44867,10 @@ CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('ht
NOT-FOR-US: Fortinet
CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
NOT-FOR-US: FortiGuard
-CVE-2022-42470
- RESERVED
-CVE-2022-42469
- RESERVED
+CVE-2022-42470 (A relative path traversal vulnerability in Fortinet FortiClient (Windo ...)
+ TODO: check
+CVE-2022-42469 (A permissive list of allowed inputs vulnerability [CWE-183] in FortiGa ...)
+ TODO: check
CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile readin ...)
{DSA-5384-1 DLA-3382-1}
[experimental] - openimageio 2.4.7.1+dfsg-1
@@ -47955,10 +48051,10 @@ CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400] in
NOT-FOR-US: Fortinet
CVE-2022-41332
RESERVED
-CVE-2022-41331
- RESERVED
-CVE-2022-41330
- RESERVED
+CVE-2022-41331 (A missing authentication for critical function vulnerability [CWE-306] ...)
+ TODO: check
+CVE-2022-41330 (An improper neutralization of input during web page generation vulnera ...)
+ TODO: check
CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
NOT-FOR-US: Fortinet
CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...)
@@ -48152,27 +48248,27 @@ CVE-2022-41290 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged
NOT-FOR-US: IBM
CVE-2022-41289
RESERVED
-CVE-2022-41288 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41288 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41287 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41287 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41286 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41286 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41285 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41285 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41284 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41284 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41283 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41283 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41282 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41282 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41281 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41281 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41280 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41280 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41279 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41279 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
-CVE-2022-41278 (A vulnerability has been identified in JT2Go (All versions), Teamcente ...)
+CVE-2022-41278 (A vulnerability has been identified in JT2Go (All versions < V14.1. ...)
NOT-FOR-US: Siemens
CVE-2022-41277
RESERVED
@@ -49518,14 +49614,14 @@ CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE
NOT-FOR-US: FortiGuard
CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...)
NOT-FOR-US: Fortinet
-CVE-2022-40682
- RESERVED
+CVE-2022-40682 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...)
+ TODO: check
CVE-2022-40681
RESERVED
CVE-2022-40680 (A improper neutralization of input during web page generation ('cross- ...)
NOT-FOR-US: FortiGuard
-CVE-2022-40679
- RESERVED
+CVE-2022-40679 (An improper neutralization of special elements used in an OS command v ...)
+ TODO: check
CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC versions ...)
NOT-FOR-US: Fortinet
CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...)
@@ -62632,8 +62728,8 @@ CVE-2022-35852
RESERVED
CVE-2022-35851 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
-CVE-2022-35850
- RESERVED
+CVE-2022-35850 (An improper neutralization of script-related HTML tags in a web page v ...)
+ TODO: check
CVE-2022-35849
RESERVED
CVE-2022-35848
@@ -76973,7 +77069,7 @@ CVE-2022-30696 (Local privilege escalation due to a DLL hijacking vulnerability.
NOT-FOR-US: Acronis
CVE-2022-30695 (Local privilege escalation due to excessive permissions assigned to ch ...)
NOT-FOR-US: Acronis
-CVE-2022-30694 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+CVE-2022-30694 (The login endpoint /FormLogin in affected web services does not apply ...)
NOT-FOR-US: Siemens
CVE-2022-30543 (A leftover debug code vulnerability exists in the console infct functi ...)
NOT-FOR-US: InHand Networks InRouter302
@@ -86571,12 +86667,12 @@ CVE-2022-27489 (A improper neutralization of special elements used in an os comm
NOT-FOR-US: Fortinet
CVE-2022-27488
RESERVED
-CVE-2022-27487
- RESERVED
+CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...)
+ TODO: check
CVE-2022-27486
RESERVED
-CVE-2022-27485
- RESERVED
+CVE-2022-27485 (A improper neutralization of special elements used in an sql command ( ...)
+ TODO: check
CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0 throug ...)
NOT-FOR-US: FortiGuard
CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...)
@@ -124317,7 +124413,7 @@ CVE-2021-40370
RESERVED
CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS vulner ...)
- jspwiki <removed>
-CVE-2021-40368 (A vulnerability has been identified in SIMATIC S7-400 H V6 CPU family ...)
+CVE-2021-40368 (A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 ...)
NOT-FOR-US: Siemens
CVE-2021-40367
RESERVED
@@ -195876,8 +195972,8 @@ CVE-2020-24738
RESERVED
CVE-2020-24737
RESERVED
-CVE-2020-24736
- RESERVED
+CVE-2020-24736 (Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before all ...)
+ TODO: check
CVE-2020-24735
RESERVED
CVE-2020-24734
@@ -206535,10 +206631,10 @@ CVE-2020-19805
RESERVED
CVE-2020-19804
RESERVED
-CVE-2020-19803
- RESERVED
-CVE-2020-19802
- RESERVED
+CVE-2020-19803 (Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 ...)
+ TODO: check
+CVE-2020-19802 (File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remot ...)
+ TODO: check
CVE-2020-19801
RESERVED
CVE-2020-19800
@@ -284180,7 +284276,7 @@ CVE-2019-10925 (A vulnerability has been identified in SIMATIC MV400 family (All
NOT-FOR-US: Siemens
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
NOT-FOR-US: Siemens
-CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+CVE-2019-10923 (A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7, ...)
NOT-FOR-US: Siemens
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1c1bd39dbc02543aac3eb3f3160f349fbefa9a4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1c1bd39dbc02543aac3eb3f3160f349fbefa9a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230411/b6cb30ea/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list