[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 24 21:10:46 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b07be93 by security tracker role at 2023-04-24T20:10:35+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-31122
+	RESERVED
+CVE-2023-31121
+	RESERVED
+CVE-2023-31120
+	RESERVED
+CVE-2023-31119
+	RESERVED
+CVE-2023-31118
+	RESERVED
+CVE-2023-31117
+	RESERVED
+CVE-2023-31116
+	RESERVED
+CVE-2023-31115
+	RESERVED
+CVE-2023-31114
+	RESERVED
+CVE-2023-31113
+	RESERVED
+CVE-2023-31112
+	RESERVED
+CVE-2023-31111
+	RESERVED
+CVE-2023-31110
+	RESERVED
+CVE-2023-31109
+	RESERVED
+CVE-2023-31108
+	RESERVED
+CVE-2023-31107
+	RESERVED
+CVE-2023-31106
+	RESERVED
+CVE-2023-31105
+	RESERVED
+CVE-2023-31104
+	RESERVED
+CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...)
+	TODO: check
+CVE-2023-2256
+	RESERVED
+CVE-2023-2255
+	RESERVED
+CVE-2023-2254
+	RESERVED
+CVE-2023-2253
+	RESERVED
+CVE-2023-2252
+	RESERVED
+CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.2.2. ...)
+	TODO: check
+CVE-2023-2250
+	RESERVED
+CVE-2023-2249
+	RESERVED
+CVE-2023-2248
+	RESERVED
+CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module in ...)
+	TODO: check
+CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` ...)
+	TODO: check
 CVE-2023-31103
 	RESERVED
 CVE-2023-31102
@@ -119,8 +181,8 @@ CVE-2023-31047
 	RESERVED
 CVE-2023-31046
 	RESERVED
-CVE-2023-31045
-	RESERVED
+CVE-2023-31045 (** DISPUTED ** A stored Cross-site scripting (XSS) issue in Text Edito ...)
+	TODO: check
 CVE-2023-31044
 	RESERVED
 CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...)
@@ -153,10 +215,10 @@ CVE-2023-2241 (A vulnerability, which was classified as critical, was found in P
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	NOTE: https://github.com/podofo/podofo/issues/69
 	NOTE: https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
-CVE-2012-10014
-	RESERVED
-CVE-2012-10013
-	RESERVED
+CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-Boy Ba ...)
+	TODO: check
+CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin up to ...)
+	TODO: check
 CVE-2023-31037
 	RESERVED
 CVE-2023-31036
@@ -948,8 +1010,8 @@ CVE-2023-30778
 	RESERVED
 CVE-2023-30777
 	RESERVED
-CVE-2023-30776
-	RESERVED
+CVE-2023-30776 (An authenticated user with specific data permissions could access data ...)
+	TODO: check
 CVE-2023-2129
 	RESERVED
 CVE-2023-2128
@@ -1387,8 +1449,8 @@ CVE-2023-30624
 	RESERVED
 CVE-2023-30623
 	RESERVED
-CVE-2023-30622
-	RESERVED
+CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...)
+	TODO: check
 CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...)
 	NOT-FOR-US: Gipsy
 CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers build AI sol ...)
@@ -1405,8 +1467,8 @@ CVE-2023-30615
 	RESERVED
 CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
 	NOT-FOR-US: Pay (payments engine for Ruby on Rails)
-CVE-2023-30613
-	RESERVED
+CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...)
+	TODO: check
 CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...)
 	NOT-FOR-US: Cloud hypervisor
 CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...)
@@ -1771,8 +1833,8 @@ CVE-2023-30546
 	RESERVED
 CVE-2023-30545
 	RESERVED
-CVE-2023-30544
-	RESERVED
+CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...)
+	TODO: check
 CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...)
 	NOT-FOR-US: @web3-react
 CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
@@ -1795,8 +1857,8 @@ CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core
 	NOT-FOR-US: Snowflake JDBC
 CVE-2023-30534
 	RESERVED
-CVE-2023-30533
-	RESERVED
+CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...)
+	TODO: check
 CVE-2023-2011
 	RESERVED
 CVE-2023-2010
@@ -2075,8 +2137,8 @@ CVE-2023-30460
 	RESERVED
 CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker ...)
 	NOT-FOR-US: SmartPTT SCADA
-CVE-2023-30458
-	RESERVED
+CVE-2023-30458 (A username enumeration issue was discovered in Medicine Tracker System ...)
+	TODO: check
 CVE-2023-30457
 	RESERVED
 CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...)
@@ -2252,28 +2314,28 @@ CVE-2023-30380
 	RESERVED
 CVE-2023-30379
 	RESERVED
-CVE-2023-30378
-	RESERVED
+CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-b ...)
+	TODO: check
 CVE-2023-30377
 	RESERVED
-CVE-2023-30376
-	RESERVED
-CVE-2023-30375
-	RESERVED
+CVE-2023-30376 (In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a ...)
+	TODO: check
+CVE-2023-30375 (In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-ba ...)
+	TODO: check
 CVE-2023-30374
 	RESERVED
-CVE-2023-30373
-	RESERVED
-CVE-2023-30372
-	RESERVED
-CVE-2023-30371
-	RESERVED
-CVE-2023-30370
-	RESERVED
-CVE-2023-30369
-	RESERVED
-CVE-2023-30368
-	RESERVED
+CVE-2023-30373 (In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a  ...)
+	TODO: check
+CVE-2023-30372 (In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack ...)
+	TODO: check
+CVE-2023-30371 (In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-b ...)
+	TODO: check
+CVE-2023-30370 (In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-bas ...)
+	TODO: check
+CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. ...)
+	TODO: check
+CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWe ...)
+	TODO: check
 CVE-2023-30367
 	RESERVED
 CVE-2023-30366
@@ -3310,10 +3372,10 @@ CVE-2023-29851
 	RESERVED
 CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip ...)
 	NOT-FOR-US: SENAYAN Library Management System (SLiMS) Bulia
-CVE-2023-29849
-	RESERVED
-CVE-2023-29848
-	RESERVED
+CVE-2023-29849 (Bang Resto 1.0 was discovered to contain multiple SQL injection vulner ...)
+	TODO: check
+CVE-2023-29848 (Bang Resto 1.0 was discovered to contain a stored cross-site scripting ...)
+	TODO: check
 CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored cross-site sc ...)
 	NOT-FOR-US: AeroCMS
 CVE-2023-29846
@@ -3448,8 +3510,8 @@ CVE-2023-29782
 	RESERVED
 CVE-2023-29781
 	RESERVED
-CVE-2023-29780
-	RESERVED
+CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnera ...)
+	TODO: check
 CVE-2023-29779
 	RESERVED
 CVE-2023-29778
@@ -3842,10 +3904,10 @@ CVE-2023-29585
 	RESERVED
 CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the  ...)
 	NOT-FOR-US: mp4v2
-CVE-2023-29583
-	RESERVED
-CVE-2023-29582
-	RESERVED
+CVE-2023-29583 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
+	TODO: check
+CVE-2023-29582 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
+	TODO: check
 CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
 	- yasm <unfixed> (unimportant)
 	NOTE: https://github.com/yasm/yasm/issues/216
@@ -3854,10 +3916,10 @@ CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation vi
 	- yasm <unfixed> (unimportant)
 	NOTE: https://github.com/yasm/yasm/issues/215
 	NOTE: Crash in CLI tool, no security impact
-CVE-2023-29579
-	RESERVED
-CVE-2023-29578
-	RESERVED
+CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
+	TODO: check
+CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the  ...)
+	TODO: check
 CVE-2023-29577
 	RESERVED
 CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...)
@@ -3872,16 +3934,16 @@ CVE-2023-29572
 	RESERVED
 CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
 	NOT-FOR-US: Cesenta MJS
-CVE-2023-29570
-	RESERVED
+CVE-2023-29570 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+	TODO: check
 CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
 	NOT-FOR-US: Cesenta MJS
 CVE-2023-29568
 	RESERVED
 CVE-2023-29567
 	RESERVED
-CVE-2023-29566
-	RESERVED
+CVE-2023-29566 (huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 w ...)
+	TODO: check
 CVE-2023-29565
 	RESERVED
 CVE-2023-29564
@@ -3916,7 +3978,7 @@ CVE-2023-29551
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29551
 CVE-2023-29550
 	RESERVED
-	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3929,7 +3991,7 @@ CVE-2023-29549
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29549
 CVE-2023-29548
 	RESERVED
-	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3969,7 +4031,7 @@ CVE-2023-29542
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29542
 CVE-2023-29541
 	RESERVED
-	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3982,7 +4044,7 @@ CVE-2023-29540
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29540
 CVE-2023-29539
 	RESERVED
-	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3999,7 +4061,7 @@ CVE-2023-29537
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29537
 CVE-2023-29536
 	RESERVED
-	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -4008,7 +4070,7 @@ CVE-2023-29536
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29536
 CVE-2023-29535
 	RESERVED
-	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -4021,7 +4083,7 @@ CVE-2023-29534
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534
 CVE-2023-29533
 	RESERVED
-	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -4080,7 +4142,7 @@ CVE-2023-1946 (A vulnerability was found in SourceCodester Survey Application Sy
 	NOT-FOR-US: SourceCodester Survey Application System
 CVE-2023-1945
 	RESERVED
-	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945
@@ -4200,13 +4262,11 @@ CVE-2023-29482
 	RESERVED
 CVE-2023-29481
 	RESERVED
-CVE-2023-29480
-	RESERVED
+CVE-2023-29480 (Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked af ...)
 	- rnp <unfixed> (bug #1034558)
 	NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/
-CVE-2023-29479
-	RESERVED
-	{DSA-5392-1}
+CVE-2023-29479 (Ribose RNP before 0.16.3 may hang when the input is malformed. ...)
+	{DSA-5392-1 DLA-3400-1}
 	- rnp <unfixed> (bug #1034558)
 	- thunderbird 1:102.10.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29479
@@ -5471,19 +5531,19 @@ CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Comman
 	NOT-FOR-US: Akbim Computer Panon
 CVE-2023-29092
 	RESERVED
-CVE-2023-29091 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
 	NOT-FOR-US: Samsung
-CVE-2023-29090 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
 	NOT-FOR-US: Samsung
-CVE-2023-29089 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29089 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
 	NOT-FOR-US: Samsung
-CVE-2023-29088 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29088 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
 	NOT-FOR-US: Samsung
-CVE-2023-29087 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29087 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
 	NOT-FOR-US: Samsung
-CVE-2023-29086 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29086 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
 	NOT-FOR-US: Samsung
-CVE-2023-29085 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29085 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
 	NOT-FOR-US: Samsung
 CVE-2023-29084 (Zoho ManageEngine ADManager Plus through 7180 allows for authenticated ...)
 	NOT-FOR-US: Zoho ManageEngine
@@ -5655,8 +5715,8 @@ CVE-2023-1733 (A denial of service condition exists in the Prometheus server bun
 	- gitlab <unfixed>
 CVE-2023-1732
 	RESERVED
-CVE-2023-1731
-	RESERVED
+CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file upload fun ...)
+	TODO: check
 CVE-2023-1730
 	RESERVED
 CVE-2023-1729
@@ -6426,10 +6486,10 @@ CVE-2023-1625 [information leak in API]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621
 	NOTE: https://review.opendev.org/c/openstack/heat/+/868166
 	NOTE: https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf (20.0.0.0rc1)
-CVE-2023-1624
-	RESERVED
-CVE-2023-1623
-	RESERVED
+CVE-2023-1624 (The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleti ...)
+	TODO: check
+CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not proper ...)
+	TODO: check
 CVE-2023-1622
 	REJECTED
 CVE-2023-1621
@@ -7589,8 +7649,8 @@ CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing
 	NOTE: https://github.com/jettison-json/jettison/pull/62
 	NOTE: https://github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f (jettison-1.5.4)
 	NOTE: Introduced by: https://github.com/jettison-json/jettison/commit/be193159085b9fc2bc3526f8655871f9b0472d06 (jettison-1.3.1)
-CVE-2023-1435
-	RESERVED
+CVE-2023-1435 (The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise a ...)
+	TODO: check
 CVE-2023-1434
 	RESERVED
 CVE-2023-1433 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...)
@@ -7794,7 +7854,7 @@ CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versi
 	NOTE: https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 (v1.1.1)
 	NOTE: https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf
 CVE-2023-28427 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
-	{DSA-5392-1}
+	{DSA-5392-1 DLA-3400-1}
 	- node-matrix-js-sdk <unfixed> (bug #1033621)
 	[bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
 	[buster] - node-matrix-js-sdk <no-dsa> (Minor issue)
@@ -7936,8 +7996,8 @@ CVE-2023-22361
 	RESERVED
 CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...)
 	NOT-FOR-US: WAB-MAT
-CVE-2023-1420
-	RESERVED
+CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro W ...)
+	TODO: check
 CVE-2023-1419
 	RESERVED
 CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester  ...)
@@ -7948,8 +8008,8 @@ CVE-2023-1416 (A vulnerability classified as critical has been found in Simple A
 	NOT-FOR-US: Simple Art Gallery
 CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...)
 	NOT-FOR-US: Simple Art Gallery
-CVE-2023-1414
-	RESERVED
+CVE-2023-1414 (The WP VR WordPress plugin before 8.3.0 does not have authorisation an ...)
+	TODO: check
 CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and escape s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...)
@@ -9144,8 +9204,8 @@ CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and
 	NOT-FOR-US: Apport
 CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not va ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-1324
-	RESERVED
+CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sa ...)
+	TODO: check
 CVE-2023-1323
 	RESERVED
 CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as critical. A ...)
@@ -9269,10 +9329,10 @@ CVE-2023-27993
 	RESERVED
 CVE-2023-27992
 	RESERVED
-CVE-2023-27991
-	RESERVED
-CVE-2023-27990
-	RESERVED
+CVE-2023-27991 (The post-authentication command injection vulnerability in the CLI com ...)
+	TODO: check
+CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 throu ...)
+	TODO: check
 CVE-2023-27989
 	RESERVED
 CVE-2023-27988
@@ -9906,10 +9966,10 @@ CVE-2023-XXXX [Transaction cache overrides the current user]
 	NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/12108
 	NOTE: Fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/107b68af389a2cb5c95f663f7a3107fc12aecaf7
 	NOTE: Fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/1ce8523f11aa78a88dd03e1f0ae2e2b076b6fdb0 (trytond-6.0.29)
-CVE-2023-27849
-	RESERVED
-CVE-2023-27848
-	RESERVED
+CVE-2023-27849 (rails-routes-to-json v1.0.0 was discovered to contain a remote code ex ...)
+	TODO: check
+CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote code execut ...)
+	TODO: check
 CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and be ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-27846
@@ -10773,8 +10833,8 @@ CVE-2023-27526
 	RESERVED
 CVE-2023-27525 (An authenticated user with Gamma role authorization could have access  ...)
 	NOT-FOR-US: Apache Superset
-CVE-2023-27524
-	RESERVED
+CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to and inclu ...)
+	TODO: check
 CVE-2023-27523
 	RESERVED
 CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...)
@@ -11098,8 +11158,8 @@ CVE-2023-24463
 	RESERVED
 CVE-2023-22312
 	RESERVED
-CVE-2023-1129
-	RESERVED
+CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...)
+	TODO: check
 CVE-2023-1128
 	RESERVED
 CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. ...)
@@ -11107,8 +11167,8 @@ CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. ..
 	NOTE: https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
 	NOTE: https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c (v9.0.1367)
 	NOTE: Crash in CLI tool, no security impact
-CVE-2023-1126
-	RESERVED
+CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not sanitise an ...)
+	TODO: check
 CVE-2023-1125
 	RESERVED
 CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3  ...)
@@ -12413,8 +12473,8 @@ CVE-2023-26867
 	RESERVED
 CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions ...)
 	NOT-FOR-US: GreenPacket
-CVE-2023-26865
-	RESERVED
+CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and b ...)
+	TODO: check
 CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-26863
@@ -13249,8 +13309,8 @@ CVE-2023-1022 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorize
 	NOT-FOR-US: WP Meta SEO plugin for WordPress
 CVE-2023-1021
 	RESERVED
-CVE-2023-1020
-	RESERVED
+CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does  ...)
+	TODO: check
 CVE-2023-1019
 	RESERVED
 CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module Library  ...)
@@ -13337,8 +13397,8 @@ CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for Ex
 	NOT-FOR-US: Samsung
 CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
 	NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2023-26494
-	RESERVED
+CVE-2023-26494 (lorawan-stack is an open source LoRaWAN network server. Prior to versi ...)
+	TODO: check
 CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real ...)
 	NOT-FOR-US: Cocos Engine
 CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -14428,12 +14488,12 @@ CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon
 	NOT-FOR-US: Progress Flowmon Packet Investigator
 CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...)
 	NOT-FOR-US: Progress Flowmon
-CVE-2023-26099
-	RESERVED
+CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consult ...)
+	TODO: check
 CVE-2023-26098
 	RESERVED
-CVE-2023-26097
-	RESERVED
+CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorize ...)
+	TODO: check
 CVE-2023-26096
 	RESERVED
 CVE-2023-26095
@@ -14507,12 +14567,12 @@ CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By
 	NOT-FOR-US: Lexmark
 CVE-2023-26062
 	RESERVED
-CVE-2023-26061
-	RESERVED
-CVE-2023-26060
-	RESERVED
-CVE-2023-26059
-	RESERVED
+CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...)
+	TODO: check
+CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...)
+	TODO: check
+CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site  ...)
+	TODO: check
 CVE-2023-26058
 	RESERVED
 CVE-2023-26057
@@ -14688,8 +14748,8 @@ CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in Git
 	NOT-FOR-US: pixelfed
 CVE-2023-0900
 	RESERVED
-CVE-2023-0899
-	RESERVED
+CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does  ...)
+	TODO: check
 CVE-2023-0898
 	RESERVED
 CVE-2023-0897
@@ -17419,12 +17479,12 @@ CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an unauthenticated remote atta
 	NOT-FOR-US: vBulletin
 CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an adversary (with  ...)
 	NOT-FOR-US: McAfee
-CVE-2023-25133
-	RESERVED
-CVE-2023-25132
-	RESERVED
-CVE-2023-25131
-	RESERVED
+CVE-2023-25133 (Improper privilege management vulnerability in default.cmd file in Pow ...)
+	TODO: check
+CVE-2023-25132 (Unrestricted upload of file with dangerous type vulnerability in defau ...)
+	TODO: check
+CVE-2023-25131 (Use of default password vulnerability in PowerPanel Business Local/Rem ...)
+	TODO: check
 CVE-2023-25130
 	REJECTED
 CVE-2023-25129
@@ -18261,18 +18321,18 @@ CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 	[buster] - ruby-commonmarker <no-dsa> (Minor issue)
 	NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
 	NOTE: https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59 (0.29.0.gfm.10)
-CVE-2023-24823
-	RESERVED
-CVE-2023-24822
-	RESERVED
-CVE-2023-24821
-	RESERVED
-CVE-2023-24820
-	RESERVED
-CVE-2023-24819
-	RESERVED
-CVE-2023-24818
-	RESERVED
+CVE-2023-24823 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+	TODO: check
+CVE-2023-24822 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+	TODO: check
+CVE-2023-24821 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+	TODO: check
+CVE-2023-24820 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+	TODO: check
+CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+	TODO: check
+CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+	TODO: check
 CVE-2023-24817
 	RESERVED
 CVE-2023-24816 (IPython (Interactive Python) is a command shell for interactive comput ...)
@@ -18928,7 +18988,7 @@ CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitiz
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0547
 	RESERVED
-	{DSA-5392-1}
+	{DSA-5392-1 DLA-3400-1}
 	- thunderbird 1:102.10.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547
 CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not proper ...)
@@ -20685,20 +20745,20 @@ CVE-2023-0426
 	RESERVED
 CVE-2023-0425
 	RESERVED
-CVE-2023-0424
-	RESERVED
+CVE-2023-0424 (The MS-Reviews WordPress plugin through 1.5 does not sanitise and esca ...)
+	TODO: check
 CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not properly s ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0421
 	RESERVED
-CVE-2023-0420
-	RESERVED
+CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin through ...)
+	TODO: check
 CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0418
-	RESERVED
+CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not validate ...)
+	TODO: check
 CVE-2022-4894
 	RESERVED
 CVE-2022-4893
@@ -20912,8 +20972,8 @@ CVE-2023-23894
 	RESERVED
 CVE-2023-23893
 	RESERVED
-CVE-2023-23892
-	RESERVED
+CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23890
@@ -21233,8 +21293,8 @@ CVE-2023-0390
 	RESERVED
 CVE-2023-0389
 	RESERVED
-CVE-2023-0388
-	RESERVED
+CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly sanit ...)
+	TODO: check
 CVE-2023-0387
 	RESERVED
 CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...)
@@ -22082,8 +22142,8 @@ CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not properly ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0276
-	RESERVED
+CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not ...)
+	TODO: check
 CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0274
@@ -24028,18 +24088,18 @@ CVE-2023-22920 (A security misconfiguration vulnerability exists in the Zyxel LT
 	NOT-FOR-US: Zyxel
 CVE-2023-22919
 	RESERVED
-CVE-2023-22918
-	RESERVED
-CVE-2023-22917
-	RESERVED
-CVE-2023-22916
-	RESERVED
-CVE-2023-22915
-	RESERVED
-CVE-2023-22914
-	RESERVED
-CVE-2023-22913
-	RESERVED
+CVE-2023-22918 (A post-authentication information exposure vulnerability in the CGI pr ...)
+	TODO: check
+CVE-2023-22917 (A buffer overflow vulnerability in the “sdwan_iface_ipc” b ...)
+	TODO: check
+CVE-2023-22916 (The configuration parser of Zyxel ATP series firmware versions 5.10 th ...)
+	TODO: check
+CVE-2023-22915 (A buffer overflow vulnerability in the “fbwifi_forward.cgi&#8221 ...)
+	TODO: check
+CVE-2023-22914 (A path traversal vulnerability in the “account_print.cgi”  ...)
+	TODO: check
+CVE-2023-22913 (A post-authentication command injection vulnerability in the “ac ...)
+	TODO: check
 CVE-2023-22912 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
 	NOT-FOR-US: MediaWiki extension CheckUser
 CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
@@ -25414,16 +25474,16 @@ CVE-2023-22583
 	RESERVED
 CVE-2023-22582
 	RESERVED
-CVE-2023-22581
-	RESERVED
+CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it possible f ...)
+	TODO: check
 CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...)
 	NOT-FOR-US: DIVD
 CVE-2023-22579 (Due to improper parameter filtering in the sequalize js library, can a ...)
 	NOT-FOR-US: DIVD
 CVE-2023-22578 (Due to improper artibute filtering in the sequalize js library, can a  ...)
 	NOT-FOR-US: DIVD
-CVE-2023-22577
-	RESERVED
+CVE-2023-22577 (Within White Rabbit Switch it's possible as an unauthenticated user to ...)
+	TODO: check
 CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...)
 	NOT-FOR-US: AsyncHTTPClient
 CVE-2023-0039 (Duplicate. Please use CVE-2022-4060 instead. ...)
@@ -28116,8 +28176,8 @@ CVE-2022-47600
 	RESERVED
 CVE-2022-47599
 	RESERVED
-CVE-2022-47598
-	RESERVED
+CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP P ...)
+	TODO: check
 CVE-2022-47597
 	RESERVED
 CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...)
@@ -30783,8 +30843,8 @@ CVE-2022-47160
 	RESERVED
 CVE-2022-47159
 	RESERVED
-CVE-2022-47158
-	RESERVED
+CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
+	TODO: check
 CVE-2022-47157
 	RESERVED
 CVE-2022-47156
@@ -37105,8 +37165,8 @@ CVE-2022-45086 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
 CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy  ...)
 	NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
-CVE-2022-45084
-	RESERVED
+CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softacul ...)
+	TODO: check
 CVE-2022-45083
 	RESERVED
 CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
@@ -45146,7 +45206,8 @@ CVE-2022-43130
 	RESERVED
 CVE-2022-43129
 	RESERVED
-CVE-2022-43128 (Dreamer CMS 4.0.1 allows SQL injection via ArchivesMapper.xml. ...)
+CVE-2022-43128
+	REJECTED
 	NOT-FOR-US: Dreamer CMS
 CVE-2022-43127 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
 	NOT-FOR-US: Online Diagnostic Lab Management System
@@ -49398,8 +49459,8 @@ CVE-2022-41616
 	RESERVED
 CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-41612
-	RESERVED
+CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shar ...)
+	TODO: check
 CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41608



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b07be937283891e3e23cd97fb056c90ad2b09b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b07be937283891e3e23cd97fb056c90ad2b09b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230424/25258a65/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list