[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 20 08:12:14 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf9c9eac by security tracker role at 2023-12-20T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2023-6977 (This vulnerability enables malicious users to read sensitive files on  ...)
+	TODO: check
+CVE-2023-6976 (This vulnerability is capable of writing arbitrary files into arbitrar ...)
+	TODO: check
+CVE-2023-6975 (A malicious user could use this issue to get command execution on the  ...)
+	TODO: check
+CVE-2023-6974 (A malicious user could use this issue to access internal HTTP(s) serve ...)
+	TODO: check
+CVE-2023-6930 (EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthentica ...)
+	TODO: check
+CVE-2023-6929 (EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure  ...)
+	TODO: check
+CVE-2023-6928 (EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number o ...)
+	TODO: check
+CVE-2023-6689 (A successful CSRF attack could force the user to perform state changin ...)
+	TODO: check
+CVE-2023-50835 (Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Adv ...)
+	TODO: check
+CVE-2023-50707 (Through the exploitation of active user sessions, an attacker could se ...)
+	TODO: check
+CVE-2023-50706 (A user without administrator permissions with access to the UC500 wind ...)
+	TODO: check
+CVE-2023-50705 (An attacker could create malicious requests to obtain sensitive inform ...)
+	TODO: check
+CVE-2023-50704 (An attacker could construct a URL within the application that causes a ...)
+	TODO: check
+CVE-2023-50703 (An attacker with network access could perform a man-in-the-middle (Mit ...)
+	TODO: check
+CVE-2023-50466 (An authenticated command injection vulnerability in Weintek cMT2078X e ...)
+	TODO: check
+CVE-2023-49812 (Authorization Bypass Through User-Controlled Key vulnerability in J.N. ...)
+	TODO: check
+CVE-2023-49764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-49750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-49164 (Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra ...)
+	TODO: check
+CVE-2023-49147 (An issue was discovered in PDF24 Creator 11.14.0. The configuration of ...)
+	TODO: check
+CVE-2023-49004 (An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker t ...)
+	TODO: check
+CVE-2023-48764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-48741 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-48738 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-48327 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-47707 (IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross ...)
+	TODO: check
+CVE-2023-47706 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authent ...)
+	TODO: check
+CVE-2023-47705 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authent ...)
+	TODO: check
+CVE-2023-47704 (IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text ha ...)
+	TODO: check
+CVE-2023-47703 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote a ...)
+	TODO: check
+CVE-2023-47702 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote a ...)
+	TODO: check
+CVE-2023-47267 (An issue discovered in TheGreenBow Windows Enterprise Certified VPN Cl ...)
+	TODO: check
+CVE-2023-47161 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7,  ...)
+	TODO: check
+CVE-2023-47146 (IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive  ...)
+	TODO: check
+CVE-2023-46624 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
+	TODO: check
+CVE-2023-45887 (DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11  ...)
+	TODO: check
+CVE-2023-45172 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...)
+	TODO: check
+CVE-2023-42940 (A session rendering issue was addressed with improved session tracking ...)
+	TODO: check
+CVE-2023-42013 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7,  ...)
+	TODO: check
+CVE-2023-42012 (An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3 ...)
+	TODO: check
+CVE-2023-38126 (Softing edgeAggregator Restore Configuration Directory Traversal Remot ...)
+	TODO: check
+CVE-2023-37982 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+	TODO: check
+CVE-2023-35883 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...)
+	TODO: check
 CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student Manage ...)
 	NOT-FOR-US: SourceCodester Online Student Management System
 CVE-2023-6944
@@ -4993,7 +5079,7 @@ CVE-2023-48706 (Vim is a UNIX editor that, prior to version 9.0.2121, has a heap
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
 	NOTE: Fixed by: https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf8 (v9.0.2121)
 	NOTE: Crash in CLI tool, no security impact
-CVE-2023-6265 (Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to directory tr ...)
+CVE-2023-6265 (** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1. ...)
 	NOT-FOR-US: Draytek Vigor2960
 CVE-2023-6264 (Information leak in Content-Security-Policy header in Devolutions Serv ...)
 	NOT-FOR-US: Devolutions Server
@@ -46118,8 +46204,8 @@ CVE-2023-27174
 	RESERVED
 CVE-2023-27173
 	RESERVED
-CVE-2023-27172
-	RESERVED
+CVE-2023-27172 (Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT t ...)
+	TODO: check
 CVE-2023-27171
 	REJECTED
 CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a direc ...)
@@ -65586,8 +65672,8 @@ CVE-2022-41834
 	RESERVED
 CVE-2020-36611 (Incorrect Default Permissions vulnerability in Hitachi Tuning Manager  ...)
 	NOT-FOR-US: Hitachi
-CVE-2023-0011
-	RESERVED
+CVE-2023-0011 (A flaw in the input validation in TOBY-L2 allows a user to execute arb ...)
+	TODO: check
 CVE-2022-47193
 	RESERVED
 CVE-2022-47192 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...)
@@ -79256,8 +79342,8 @@ CVE-2022-43458 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
 	NOT-FOR-US: WordPress plugin
 CVE-2022-43453
 	RESERVED
-CVE-2022-43450
-	RESERVED
+CVE-2022-43450 (Authorization Bypass Through User-Controlled Key vulnerability in XWP  ...)
+	TODO: check
 CVE-2022-43445
 	RESERVED
 CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings functi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf9c9eac862b9c1ea597ba6556f47f9cf556a575

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf9c9eac862b9c1ea597ba6556f47f9cf556a575
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231220/68638711/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list