[Git][security-tracker-team/security-tracker][master] automatic update

Mon Dec 25 20:12:17 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c71995cb by security tracker role at 2023-12-25T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-49337 (Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via ...)
+	TODO: check
+CVE-2023-48653 (Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Reques ...)
+	TODO: check
+CVE-2023-48651 (Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forger ...)
+	TODO: check
+CVE-2023-48650 (Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admi ...)
+	TODO: check
+CVE-2023-41165 (An issue was discovered in Stormshield Network Security (SNS) 3.7.0 th ...)
+	TODO: check
+CVE-2023-38321 (OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other p ...)
+	TODO: check
+CVE-2023-34198 (In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7. ...)
+	TODO: check
 CVE-2023-7102 (Use of a Third Party library produced a vulnerability in Barracuda Net ...)
 	NOT-FOR-US: Barracuda (its use of Spreadsheet::ParseExcel, cf. CVE-2023-7102)
 CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing ...)
@@ -47187,8 +47201,8 @@ CVE-2023-27153
 	RESERVED
 CVE-2023-27152 (DECISO OPNsense 23.1 does not impose rate limits for authentication, a ...)
 	NOT-FOR-US: DECISO OPNsense
-CVE-2023-27151
-	RESERVED
+CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection vulnerabilit ...)
+	TODO: check
 CVE-2023-27150
 	RESERVED
 CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...)
@@ -105958,10 +105972,10 @@ CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not esca
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2167 (The Newspaper WordPress theme before 12 does not sanitise a parameter  ...)
 	NOT-FOR-US: WordPress theme
-CVE-2022-34270
-	RESERVED
-CVE-2022-34269
-	RESERVED
+CVE-2022-34270 (An issue was discovered in RWS WorldServer before 11.7.3. Regular user ...)
+	TODO: check
+CVE-2022-34269 (An issue was discovered in RWS WorldServer before 11.7.3. An authentic ...)
+	TODO: check
 CVE-2022-34268 (An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin ...)
 	NOT-FOR-US: RWS WorldServer
 CVE-2022-34267 (An issue was discovered in RWS WorldServer before 11.7.3. Adding a tok ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71995cbd345786efadeb35939dbb14a12b47f6f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c71995cbd345786efadeb35939dbb14a12b47f6f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/4defb756/attachment.htm>
