[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 18 21:10:34 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20d8b5cf by security tracker role at 2023-04-18T20:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,211 @@
+CVE-2023-30861
+ RESERVED
+CVE-2023-30860
+ RESERVED
+CVE-2023-30859
+ RESERVED
+CVE-2023-30858
+ RESERVED
+CVE-2023-30857
+ RESERVED
+CVE-2023-30856
+ RESERVED
+CVE-2023-30855
+ RESERVED
+CVE-2023-30854
+ RESERVED
+CVE-2023-30853
+ RESERVED
+CVE-2023-30852
+ RESERVED
+CVE-2023-30851
+ RESERVED
+CVE-2023-30850
+ RESERVED
+CVE-2023-30849
+ RESERVED
+CVE-2023-30848
+ RESERVED
+CVE-2023-30847
+ RESERVED
+CVE-2023-30846
+ RESERVED
+CVE-2023-30845
+ RESERVED
+CVE-2023-30844
+ RESERVED
+CVE-2023-30843
+ RESERVED
+CVE-2023-30842
+ RESERVED
+CVE-2023-30841
+ RESERVED
+CVE-2023-30840
+ RESERVED
+CVE-2023-30839
+ RESERVED
+CVE-2023-30838
+ RESERVED
+CVE-2023-30837
+ RESERVED
+CVE-2023-30836
+ RESERVED
+CVE-2023-30835
+ RESERVED
+CVE-2023-30834
+ RESERVED
+CVE-2023-30833
+ RESERVED
+CVE-2023-30832
+ RESERVED
+CVE-2023-30831
+ RESERVED
+CVE-2023-30830
+ RESERVED
+CVE-2023-30829
+ RESERVED
+CVE-2023-30828
+ RESERVED
+CVE-2023-30827
+ RESERVED
+CVE-2023-30826
+ RESERVED
+CVE-2023-30825
+ RESERVED
+CVE-2023-30824
+ RESERVED
+CVE-2023-30823
+ RESERVED
+CVE-2023-30822
+ RESERVED
+CVE-2023-30821
+ RESERVED
+CVE-2023-30820
+ RESERVED
+CVE-2023-30819
+ RESERVED
+CVE-2023-30818
+ RESERVED
+CVE-2023-30817
+ RESERVED
+CVE-2023-30816
+ RESERVED
+CVE-2023-30815
+ RESERVED
+CVE-2023-30814
+ RESERVED
+CVE-2023-30813
+ RESERVED
+CVE-2023-30812
+ RESERVED
+CVE-2023-30811
+ RESERVED
+CVE-2023-30810
+ RESERVED
+CVE-2023-30809
+ RESERVED
+CVE-2023-30808
+ RESERVED
+CVE-2023-30807
+ RESERVED
+CVE-2023-30806
+ RESERVED
+CVE-2023-30805
+ RESERVED
+CVE-2023-30804
+ RESERVED
+CVE-2023-30803
+ RESERVED
+CVE-2023-30802
+ RESERVED
+CVE-2023-30801
+ RESERVED
+CVE-2023-30800
+ RESERVED
+CVE-2023-30799
+ RESERVED
+CVE-2023-30798
+ RESERVED
+CVE-2023-30797
+ RESERVED
+CVE-2023-30796
+ RESERVED
+CVE-2023-30795
+ RESERVED
+CVE-2023-2166
+ RESERVED
+CVE-2023-2165
+ RESERVED
+CVE-2023-2164
+ RESERVED
+CVE-2023-2163
+ RESERVED
+CVE-2023-2162
+ RESERVED
+CVE-2023-2161
+ RESERVED
+CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa prior ...)
+ TODO: check
+CVE-2023-2159
+ RESERVED
+CVE-2023-2158
+ RESERVED
+CVE-2023-2157
+ RESERVED
+CVE-2023-2156
+ RESERVED
+CVE-2023-2155 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...)
+ TODO: check
+CVE-2023-2154 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...)
+ TODO: check
+CVE-2023-2153 (A vulnerability was found in SourceCodester Complaint Management Syste ...)
+ TODO: check
+CVE-2023-2152 (A vulnerability has been found in SourceCodester Student Study Center ...)
+ TODO: check
+CVE-2023-2151 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-2150 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-2149 (A vulnerability classified as critical was found in Campcodes Online T ...)
+ TODO: check
+CVE-2023-2148 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+ TODO: check
+CVE-2023-2147 (A vulnerability was found in Campcodes Online Thesis Archiving System ...)
+ TODO: check
+CVE-2023-2146 (A vulnerability was found in Campcodes Online Thesis Archiving System ...)
+ TODO: check
+CVE-2023-2145 (A vulnerability was found in Campcodes Online Thesis Archiving System ...)
+ TODO: check
+CVE-2023-2144 (A vulnerability was found in Campcodes Online Thesis Archiving System ...)
+ TODO: check
+CVE-2023-2143
+ RESERVED
+CVE-2023-2142
+ RESERVED
+CVE-2023-2141
+ RESERVED
+CVE-2023-2140
+ RESERVED
+CVE-2023-2139
+ RESERVED
+CVE-2022-4942
+ RESERVED
+CVE-2022-48475
+ RESERVED
+CVE-2022-48474
+ RESERVED
+CVE-2022-48473
+ RESERVED
+CVE-2022-48472
+ RESERVED
+CVE-2022-48471
+ RESERVED
+CVE-2022-48470
+ RESERVED
+CVE-2022-48469
+ RESERVED
+CVE-2014-125099
+ RESERVED
CVE-2023-30794
RESERVED
CVE-2023-30793
@@ -726,8 +934,8 @@ CVE-2023-2022
RESERVED
CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
- teampass <itp> (bug #730180)
-CVE-2023-2020
- RESERVED
+CVE-2023-2020 (Insufficient permission checks in the REST API in Tribe29 Checkmk < ...)
+ TODO: check
CVE-2023-2019
RESERVED
CVE-2023-2018
@@ -2387,10 +2595,10 @@ CVE-2023-29857
RESERVED
CVE-2023-29856
RESERVED
-CVE-2023-29855
- RESERVED
-CVE-2023-29854
- RESERVED
+CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via admin/languag ...)
+ TODO: check
+CVE-2023-29854 (DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the for ...)
+ TODO: check
CVE-2023-29853
RESERVED
CVE-2023-29852
@@ -2549,8 +2757,8 @@ CVE-2023-29776
RESERVED
CVE-2023-29775
RESERVED
-CVE-2023-29774
- RESERVED
+CVE-2023-29774 (Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). ...)
+ TODO: check
CVE-2023-29773
RESERVED
CVE-2023-29772
@@ -5319,8 +5527,8 @@ CVE-2023-28865
RESERVED
CVE-2023-28864
RESERVED
-CVE-2023-28863
- RESERVED
+CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of ...)
+ TODO: check
CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...)
- lemonldap-ng 2.16.1+ds-1
[bullseye] - lemonldap-ng <no-dsa> (Minor issue)
@@ -5951,8 +6159,8 @@ CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in
NOT-FOR-US: NGINX Agent
CVE-2023-1549
RESERVED
-CVE-2023-1548
- RESERVED
+CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
+ TODO: check
CVE-2023-1547
RESERVED
CVE-2023-1546
@@ -7904,14 +8112,14 @@ CVE-2023-1349 (A vulnerability, which was classified as problematic, has been fo
NOT-FOR-US: Hsycms
CVE-2016-15028 (A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been decl ...)
NOT-FOR-US: ICEPAY REST-API-NET
-CVE-2023-28143
- RESERVED
-CVE-2023-28142
- RESERVED
-CVE-2023-28141
- RESERVED
-CVE-2023-28140
- RESERVED
+CVE-2023-28143 (Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer ...)
+ TODO: check
+CVE-2023-28142 (A Race Condition exists in the Qualys Cloud Agent for Windows platform ...)
+ TODO: check
+CVE-2023-28141 (An NTFS Junction condition exists in the Qualys Cloud Agent for Window ...)
+ TODO: check
+CVE-2023-28140 (An Executable Hijacking condition exists in the Qualys Cloud Agent for ...)
+ TODO: check
CVE-2023-28139
RESERVED
CVE-2023-28138
@@ -8385,8 +8593,8 @@ CVE-2023-27978 (A CWE-502: Deserialization of Untrusted Data vulnerability exist
NOT-FOR-US: Schneider Electric
CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
NOT-FOR-US: Schneider Electric
-CVE-2023-27976
- RESERVED
+CVE-2023-27976 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists t ...)
+ TODO: check
CVE-2023-27975
RESERVED
CVE-2023-27974 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wh ...)
@@ -10978,8 +11186,8 @@ CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to
NOT-FOR-US: Hippo4j
CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...)
NOT-FOR-US: My-Blog
-CVE-2023-27092
- RESERVED
+CVE-2023-27092 (Cross Site Scripting vulnerability found in Jbootfly allows attackers ...)
+ TODO: check
CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows a ...)
NOT-FOR-US: XiaoBingby TeaCMS
CVE-2023-27090
@@ -15343,8 +15551,8 @@ CVE-2023-25558 (DataHub is an open-source metadata platform. When the DataHub fr
NOT-FOR-US: DataHub
CVE-2023-25557 (DataHub is an open-source metadata platform. The DataHub frontend acts ...)
NOT-FOR-US: DataHub
-CVE-2023-25556
- RESERVED
+CVE-2023-25556 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
+ TODO: check
CVE-2023-25555
RESERVED
CVE-2023-25554
@@ -20215,10 +20423,10 @@ CVE-2023-22318
RESERVED
CVE-2023-22309
RESERVED
-CVE-2023-22307
- RESERVED
-CVE-2023-22294
- RESERVED
+CVE-2023-22307 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...)
+ TODO: check
+CVE-2023-22294 (Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows ...)
+ TODO: check
CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, ...)
- check-mk <removed>
CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...)
@@ -31375,8 +31583,8 @@ CVE-2022-46642 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command i
NOT-FOR-US: D-Link
CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command injecti ...)
NOT-FOR-US: D-Link
-CVE-2022-46640
- RESERVED
+CVE-2022-46640 (Nanoleaf Desktop App before v1.3.1 was discovered to contain a command ...)
+ TODO: check
CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correos Pres ...)
NOT-FOR-US: Prestashop
CVE-2022-46638
@@ -33743,14 +33951,14 @@ CVE-2022-45841
RESERVED
CVE-2022-45840
RESERVED
-CVE-2022-45839
- RESERVED
-CVE-2022-45838
- RESERVED
+CVE-2022-45839 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2022-45838 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute Info ...)
+ TODO: check
CVE-2022-45837
RESERVED
-CVE-2022-45836
- RESERVED
+CVE-2022-45836 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, ...)
+ TODO: check
CVE-2022-45835
RESERVED
CVE-2022-45834
@@ -36991,8 +37199,8 @@ CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities in All-In-On
NOT-FOR-US: WordPress plugin
CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-44735
- RESERVED
+CVE-2022-44735 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gus ...)
+ TODO: check
CVE-2022-44734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44733 (Local privilege escalation due to insecure folder permissions. The fol ...)
@@ -38348,8 +38556,8 @@ CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W –
NOT-FOR-US: WordPress plugin
CVE-2022-44633
RESERVED
-CVE-2022-44632
- RESERVED
+CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deni ...)
+ TODO: check
CVE-2022-44631
RESERVED
CVE-2022-44630
@@ -122410,12 +122618,12 @@ CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-def
NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
CVE-2021-41615 (websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy bec ...)
NOT-FOR-US: GoAhead Web Server
-CVE-2021-41614
- RESERVED
-CVE-2021-41613
- RESERVED
-CVE-2021-41612
- RESERVED
+CVE-2021-41614 (An issue was discovered in the controller unit of the OpenRISC mor1kx ...)
+ TODO: check
+CVE-2021-41613 (An issue was discovered in the controller unit of the OpenRISC mor1kx ...)
+ TODO: check
+CVE-2021-41612 (An issue was discovered in the ALU unit of the OpenRISC mor1kx process ...)
+ TODO: check
CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...)
- squid 5.2-1
[bullseye] - squid <not-affected> (Vulnerable code introduced later)
@@ -125296,10 +125504,10 @@ CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input Durin
NOT-FOR-US: bookstack
CVE-2021-40508
RESERVED
-CVE-2021-40507
- RESERVED
-CVE-2021-40506
- RESERVED
+CVE-2021-40507 (An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 12 ...)
+ TODO: check
+CVE-2021-40506 (An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 12 ...)
+ TODO: check
CVE-2021-40505
RESERVED
CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d8b5cf2a406957d7cb21d374d9fa34348d33af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20d8b5cf2a406957d7cb21d374d9fa34348d33af
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230418/aed9c62b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list