[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 29 09:12:22 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
034b5e4b by security tracker role at 2023-04-29T08:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,42 @@
-CVE-2023-31486 [HTTP::Tiny insecure default TLS configuration]
+CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...)
+	TODO: check
+CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when downloading  ...)
+	TODO: check
+CVE-2023-31483 (tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a di ...)
+	TODO: check
+CVE-2023-2425 (A vulnerability was found in SourceCodester Simple Student Information ...)
+	TODO: check
+CVE-2023-2424 (A vulnerability was found in DedeCMS 5.7.106 and classified as critica ...)
+	TODO: check
+CVE-2023-2421 (A vulnerability classified as problematic has been found in Control iD ...)
+	TODO: check
+CVE-2023-2420 (A vulnerability was found in MLECMS 3.0. It has been rated as critical ...)
+	TODO: check
+CVE-2023-2419 (A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been decla ...)
+	TODO: check
+CVE-2023-2418 (A vulnerability was found in Konga 2.8.3 on Kong. It has been classifi ...)
+	TODO: check
+CVE-2023-2417 (A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 ...)
+	TODO: check
+CVE-2023-2413 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
+	TODO: check
+CVE-2023-2412 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
+	TODO: check
+CVE-2023-2411 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
+	TODO: check
+CVE-2023-2410 (A vulnerability has been found in SourceCodester AC Repair and Service ...)
+	TODO: check
+CVE-2023-2409 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2023-2408 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2023-2397 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-2396 (A vulnerability classified as problematic was found in Netgear SRX5308 ...)
+	TODO: check
+CVE-2023-2395 (A vulnerability classified as problematic has been found in Netgear SR ...)
+	TODO: check
+CVE-2023-31486 (HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standa ...)
 	- libhttp-tiny-perl <unfixed> (bug #962407; unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14
 	NOTE: https://github.com/chansen/p5-http-tiny/issues/134
@@ -1576,8 +1614,8 @@ CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to
 	NOT-FOR-US: INEA ME RTU firmware
 CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...)
 	NOT-FOR-US: SourceCodester Purchase Order Management System
-CVE-2023-30792
-	RESERVED
+CVE-2023-30792 (Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript:  ...)
+	TODO: check
 CVE-2023-30791
 	RESERVED
 CVE-2023-30790
@@ -2505,6 +2543,7 @@ CVE-2023-2000
 	RESERVED
 CVE-2023-1999
 	RESERVED
+	{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -7352,7 +7391,7 @@ CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an unauthentica
 	NOT-FOR-US: SAP
 CVE-2023-28760
 	RESERVED
-CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0. A vulnerabil ...)
+CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0 on Windows. A ...)
 	NOT-FOR-US: Veritas
 CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allo ...)
 	NOT-FOR-US: Veritas
@@ -17281,10 +17320,10 @@ CVE-2023-25498
 	RESERVED
 CVE-2023-25497
 	RESERVED
-CVE-2023-25496
-	RESERVED
-CVE-2023-25495
-	RESERVED
+CVE-2023-25496 (A privilege escalation vulnerability was reported in Lenovo Drivers Ma ...)
+	TODO: check
+CVE-2023-25495 (A valid, authenticated administrative user can query a web interface A ...)
+	TODO: check
 CVE-2023-25494
 	RESERVED
 CVE-2023-25493
@@ -36366,7 +36405,7 @@ CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms
 	NOT-FOR-US: LibreNMS
 CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...)
 	- libonion <itp> (bug #744119)
-CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been declared as cr ...)
+CVE-2022-4065 (A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It ...)
 	- testng <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/cbeust/testng/pull/2806
 	NOTE: https://github.com/cbeust/testng/commit/47afa2c8a29e2cf925238af1ad7c76fba282793f
@@ -43778,8 +43817,8 @@ CVE-2022-43873 (An authenticated user can exploit a vulnerability in the IBM Spe
 	NOT-FOR-US: IBM
 CVE-2022-43872 (IBM Financial Transaction Manager 3.2.4 authorization checks are done  ...)
 	NOT-FOR-US: IBM
-CVE-2022-43871
-	RESERVED
+CVE-2022-43871 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...)
+	TODO: check
 CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server ...)
 	NOT-FOR-US: IBM
 CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...)
@@ -49868,8 +49907,8 @@ CVE-2022-41738
 	RESERVED
 CVE-2022-41737
 	RESERVED
-CVE-2022-41736
-	RESERVED
+CVE-2022-41736 (IBM Spectrum Scale Container Native Storage Access   5.1.2.1 through 5 ...)
+	TODO: check
 CVE-2022-41735 (IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through ...)
 	NOT-FOR-US: IBM
 CVE-2022-41734 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/034b5e4bc3a7868ebd1c6f96ce533cc8c7f06c72

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/034b5e4bc3a7868ebd1c6f96ce533cc8c7f06c72
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230429/981f5210/attachment-0001.htm>
