[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 27 09:10:25 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d13c6b8 by security tracker role at 2023-04-27T08:10:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-31290 (Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser ex ...)
+	TODO: check
+CVE-2023-31289
+	RESERVED
+CVE-2023-31288
+	RESERVED
+CVE-2023-31287 (An issue was discovered in Serenity Serene (and StartSharp) before 6.7 ...)
+	TODO: check
+CVE-2023-31286 (An issue was discovered in Serenity Serene (and StartSharp) before 6.7 ...)
+	TODO: check
+CVE-2023-31285 (An XSS issue was discovered in Serenity Serene (and StartSharp) before ...)
+	TODO: check
+CVE-2023-31284
+	RESERVED
+CVE-2023-31283
+	RESERVED
+CVE-2023-31282
+	RESERVED
+CVE-2023-31281
+	RESERVED
+CVE-2023-31280
+	RESERVED
+CVE-2023-31279
+	RESERVED
+CVE-2023-31245
+	RESERVED
+CVE-2023-31241
+	RESERVED
+CVE-2023-31240
+	RESERVED
+CVE-2023-31193
+	RESERVED
+CVE-2023-28649
+	RESERVED
+CVE-2023-28412
+	RESERVED
+CVE-2023-28386
+	RESERVED
+CVE-2023-25183
+	RESERVED
+CVE-2023-2319
+	RESERVED
+CVE-2023-2318
+	RESERVED
+CVE-2023-2317
+	RESERVED
+CVE-2023-2316
+	RESERVED
+CVE-2023-2315
+	RESERVED
 CVE-2023-31269
 	RESERVED
 CVE-2023-31268
@@ -105,8 +155,8 @@ CVE-2023-2299
 	RESERVED
 CVE-2023-2298
 	RESERVED
-CVE-2023-2297
-	RESERVED
+CVE-2023-2297 (The Profile Builder – User Profile & User Registration Forms ...)
+	TODO: check
 CVE-2023-2296
 	RESERVED
 CVE-2022-4945
@@ -143,8 +193,8 @@ CVE-2023-2293 (A vulnerability was found in SourceCodester Purchase Order Manage
 	NOT-FOR-US: SourceCodester Purchase Order Management System
 CVE-2023-2292
 	RESERVED
-CVE-2023-2291
-	RESERVED
+CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in ManageEngine A ...)
+	TODO: check
 CVE-2023-2290
 	RESERVED
 CVE-2023-2289
@@ -1178,14 +1228,14 @@ CVE-2023-30848
 	RESERVED
 CVE-2023-30847
 	RESERVED
-CVE-2023-30846
-	RESERVED
-CVE-2023-30845
-	RESERVED
+CVE-2023-30846 (typed-rest-client is a library for Node Rest and Http Clients with typ ...)
+	TODO: check
+CVE-2023-30845 (ESPv2 is a service proxy that provides API management capabilities usi ...)
+	TODO: check
 CVE-2023-30844
 	RESERVED
-CVE-2023-30843
-	RESERVED
+CVE-2023-30843 (Payload is a free and open source headless content management system.  ...)
+	TODO: check
 CVE-2023-30842 (AVideo is an open-source video platform. Prior to version 12.4, AVideo ...)
 	NOT-FOR-US: AVideo
 CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning integration ...)
@@ -2782,8 +2832,8 @@ CVE-2023-30365
 	RESERVED
 CVE-2023-30364
 	RESERVED
-CVE-2023-30363
-	RESERVED
+CVE-2023-30363 (vConsole v3.15.0 was discovered to contain a prototype pollution due t ...)
+	TODO: check
 CVE-2023-30362
 	RESERVED
 CVE-2023-30361
@@ -2948,8 +2998,8 @@ CVE-2023-30282
 	RESERVED
 CVE-2023-30281
 	RESERVED
-CVE-2023-30280
-	RESERVED
+CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700 ...)
+	TODO: check
 CVE-2023-30279
 	RESERVED
 CVE-2023-30278
@@ -3836,10 +3886,10 @@ CVE-2023-29838
 	RESERVED
 CVE-2023-29837
 	RESERVED
-CVE-2023-29836
-	RESERVED
-CVE-2023-29835
-	RESERVED
+CVE-2023-29836 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...)
+	TODO: check
+CVE-2023-29835 (Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9. ...)
+	TODO: check
 CVE-2023-29834
 	RESERVED
 CVE-2023-29833
@@ -4316,8 +4366,8 @@ CVE-2023-29598 (lmxcms v1.4.1 was discovered to contain a SQL injection vulnerab
 	NOT-FOR-US: lmxcms
 CVE-2023-29597 (bloofox v0.5.2 was discovered to contain a SQL injection vulnerability ...)
 	NOT-FOR-US: bloofox
-CVE-2023-29596
-	RESERVED
+CVE-2023-29596 (Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an  ...)
+	TODO: check
 CVE-2023-29595
 	RESERVED
 CVE-2023-29594
@@ -4854,10 +4904,10 @@ CVE-2023-29445
 	RESERVED
 CVE-2023-29444
 	RESERVED
-CVE-2023-29443
-	RESERVED
-CVE-2023-29442
-	RESERVED
+CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to ...)
+	TODO: check
+CVE-2023-29442 (Zoho ManageEngine Applications Manager through 16390 allows DOM XSS. ...)
+	TODO: check
 CVE-2023-29441
 	RESERVED
 CVE-2023-29440
@@ -5799,8 +5849,8 @@ CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/
 	NOT-FOR-US: firefly-iii
 CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
-CVE-2023-1786
-	RESERVED
+CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before version 2 ...)
+	TODO: check
 CVE-2023-1785 (A vulnerability was found in SourceCodester Earnings and Expense Track ...)
 	NOT-FOR-US: SourceCodester Earnings and Expense Tracker App
 CVE-2023-1784 (A vulnerability was found in jeecg-boot 3.5.0 and classified as critic ...)
@@ -7373,8 +7423,8 @@ CVE-2023-28699
 	RESERVED
 CVE-2023-28698
 	RESERVED
-CVE-2023-28697
-	RESERVED
+CVE-2023-28697 (Moxa MiiNePort E1 has a vulnerability of insufficient access control.  ...)
+	TODO: check
 CVE-2023-28696
 	RESERVED
 CVE-2023-28695
@@ -9720,10 +9770,10 @@ CVE-2023-28011
 	RESERVED
 CVE-2023-28010
 	RESERVED
-CVE-2023-28009
-	RESERVED
-CVE-2023-28008
-	RESERVED
+CVE-2023-28009 (HCL Workload Automation is vulnerable to an XML External Entity Inject ...)
+	TODO: check
+CVE-2023-28008 (HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML Ex ...)
+	TODO: check
 CVE-2023-28007
 	RESERVED
 CVE-2023-28006
@@ -12406,8 +12456,8 @@ CVE-2023-27109
 	RESERVED
 CVE-2023-27108
 	RESERVED
-CVE-2023-27107
-	RESERVED
+CVE-2023-27107 (Incorrect access control in the runReport function of MyQ Solution Pri ...)
+	TODO: check
 CVE-2023-27106
 	RESERVED
 CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling M5S Port ...)
@@ -13522,8 +13572,8 @@ CVE-2023-26569
 	RESERVED
 CVE-2023-26568
 	RESERVED
-CVE-2023-26567
-	RESERVED
+CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) plac ...)
+	TODO: check
 CVE-2023-26566
 	RESERVED
 CVE-2023-26565
@@ -14551,14 +14601,14 @@ CVE-2023-26248
 	RESERVED
 CVE-2023-26247
 	RESERVED
-CVE-2023-26246
-	RESERVED
-CVE-2023-26245
-	RESERVED
-CVE-2023-26244
-	RESERVED
-CVE-2023-26243
-	RESERVED
+CVE-2023-26246 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...)
+	TODO: check
+CVE-2023-26245 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...)
+	TODO: check
+CVE-2023-26244 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...)
+	TODO: check
+CVE-2023-26243 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...)
+	TODO: check
 CVE-2023-26242 (afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the  ...)
 	- linux <unfixed> (unimportant)
 	NOTE: https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/
@@ -17493,8 +17543,8 @@ CVE-2023-25294
 	RESERVED
 CVE-2023-25293
 	RESERVED
-CVE-2023-25292
-	RESERVED
+CVE-2023-25292 (Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office vers ...)
+	TODO: check
 CVE-2023-25291
 	RESERVED
 CVE-2023-25290
@@ -18691,8 +18741,8 @@ CVE-2023-24838 (HGiga PowerStation has a vulnerability of Information Leakage. A
 	NOT-FOR-US: HGiga PowerStation
 CVE-2023-24837 (HGiga PowerStation remote management function has insufficient filteri ...)
 	NOT-FOR-US: HGiga
-CVE-2023-24836
-	RESERVED
+CVE-2023-24836 (SUNNET CTMS has vulnerability of path traversal within its file upload ...)
+	TODO: check
 CVE-2023-24835 (Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Co ...)
 	NOT-FOR-US: Softnext
 CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...)
@@ -24638,8 +24688,8 @@ CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect ac
 	NOT-FOR-US: LibrePhotos
 CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient filtering f ...)
 	NOT-FOR-US: Openfind Mail2000
-CVE-2023-22901
-	RESERVED
+CVE-2023-22901 (ChangingTec MOTP system has a path traversal vulnerability. A remote a ...)
+	TODO: check
 CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...)
 	NOT-FOR-US: Efence
 CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not  ...)
@@ -27925,8 +27975,8 @@ CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validat
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4623
 	RESERVED
-CVE-2022-45876
-	RESERVED
+CVE-2022-45876 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...)
+	TODO: check
 CVE-2022-45468 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...)
 	NOT-FOR-US: VISAM VBASE Automation Base
 CVE-2022-45444 (Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
@@ -28263,8 +28313,8 @@ CVE-2022-47760
 	RESERVED
 CVE-2022-47759
 	RESERVED
-CVE-2022-47758
-	RESERVED
+CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allo ...)
+	TODO: check
 CVE-2022-47757
 	RESERVED
 CVE-2022-47756
@@ -36286,8 +36336,8 @@ CVE-2022-45458
 	RESERVED
 CVE-2022-45457
 	RESERVED
-CVE-2022-45456
-	RESERVED
+CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The following p ...)
+	TODO: check
 CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...)
 	NOT-FOR-US: Acronis
 CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...)
@@ -40516,10 +40566,10 @@ CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booste
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3761
 	RESERVED
-CVE-2023-20853
-	RESERVED
-CVE-2023-20852
-	RESERVED
+CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...)
+	TODO: check
+CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...)
+	TODO: check
 CVE-2022-44448 (In wlan driver, there is a possible missing params check. This could l ...)
 	NOT-FOR-US: Unisoc
 CVE-2022-44447 (In wlan driver, there is a possible null pointer dereference issue due ...)
@@ -142867,7 +142917,7 @@ CVE-2021-33992
 	RESERVED
 CVE-2021-33991
 	RESERVED
-CVE-2021-33990 (Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&Curre ...)
+CVE-2021-33990 (** DISPUTED ** Liferay Portal 6.2.5 allows Command=FileUpload&Type ...)
 	NOT-FOR-US: Liferay Portal
 CVE-2021-33989
 	RESERVED
@@ -174817,8 +174867,8 @@ CVE-2020-36072 (SQL injection vulnerability found in Tailor Management System v.
 	NOT-FOR-US: Tailor Management System
 CVE-2020-36071 (SQL injection vulnerability found in Tailor Management System v.1 allo ...)
 	NOT-FOR-US: Tailor Management System
-CVE-2020-36070
-	RESERVED
+CVE-2020-36070 (Insecure Permission vulnerability found in Yoyager v.1.4 and before al ...)
+	TODO: check
 CVE-2020-36069
 	RESERVED
 CVE-2020-36068
@@ -447584,7 +447634,7 @@ CVE-2016-2143 (The fork implementation in the Linux kernel before 4.5 on s390 pl
 	NOTE: Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)
 CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on th ...)
 	NOT-FOR-US: OpenShift
-CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the ENCRYPT ...)
+CVE-2016-2141 (It was found that JGroups did not require necessary headers for encryp ...)
 	- libjgroups-java <unfixed> (low; bug #867493)
 	[bookworm] - libjgroups-java <ignored> (Minor issue, only used as build dep)
 	[bullseye] - libjgroups-java <ignored> (Minor issue, only used as build dep)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d13c6b831e7b0324d7df29bc5a36da4000ff1b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d13c6b831e7b0324d7df29bc5a36da4000ff1b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230427/3f97f2f2/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list