[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 25 08:10:22 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b5fcac5 by security tracker role at 2023-02-25T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-1031
+	RESERVED
+CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...)
+	TODO: check
+CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...)
+	TODO: check
+CVE-2023-1028
+	RESERVED
+CVE-2023-1027
+	RESERVED
+CVE-2023-1026
+	RESERVED
+CVE-2019-25105
+	RESERVED
 CVE-2023-26543
 	RESERVED
 CVE-2023-26542
@@ -699,6 +713,7 @@ CVE-2023-0943 (A vulnerability, which was classified as problematic, has been fo
 CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is vulnerable to Re ...)
 	NOT-FOR-US: Japanized For WooCommerce plugin for WordPress
 CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary ...)
+	{DLA-3343-1}
 	- mono 6.8.0.105+dfsg-3.3 (bug #972146)
 	[bullseye] - mono <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
@@ -6616,8 +6631,8 @@ CVE-2023-24191 (Online Food Ordering System v2 was discovered to contain a cross
 	NOT-FOR-US: Online Food Ordering System
 CVE-2023-24190
 	RESERVED
-CVE-2023-24189
-	RESERVED
+CVE-2023-24189 (An XML External Entity (XXE) vulnerability in urule v2.1.7 allows atta ...)
+	TODO: check
 CVE-2023-24188 (ureport v2.2.9 was discovered to contain a directory traversal vulnera ...)
 	NOT-FOR-US: ureport
 CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows at ...)
@@ -26396,8 +26411,8 @@ CVE-2022-44312 (PicoC Version 3.2.2 was discovered to contain a heap buffer over
 	NOT-FOR-US: PicoC
 CVE-2022-44311 (html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the ...)
 	NOT-FOR-US: html2xhtml
-CVE-2022-44310
-	RESERVED
+CVE-2022-44310 (In Development IL ecdh before 0.2.0, an attacker can send an invalid p ...)
+	TODO: check
 CVE-2022-44309
 	RESERVED
 CVE-2022-44308
@@ -87310,8 +87325,8 @@ CVE-2022-23538 (github.com/sylabs/scs-library-client is the Go client for the Si
 	TODO: check details, might as well affect golang-github-apptainer-container-library-client
 CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...)
 	NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus)
-CVE-2022-23535
-	RESERVED
+CVE-2022-23535 (LiteDB is a small, fast and lightweight .NET NoSQL embedded database.  ...)
+	TODO: check
 CVE-2022-23534
 	RESERVED
 CVE-2022-23533
@@ -125216,8 +125231,8 @@ CVE-2021-35292
 	RESERVED
 CVE-2021-35291
 	RESERVED
-CVE-2021-35290
-	RESERVED
+CVE-2021-35290 (File Upload vulnerability in balerocms-src 0.8.3 allows remote attacke ...)
+	TODO: check
 CVE-2021-35289
 	RESERVED
 CVE-2021-35288
@@ -127645,10 +127660,10 @@ CVE-2021-34251
 CVE-2021-34250
 	REJECTED
 	NOT-FOR-US: baijiacms
-CVE-2021-34249
-	RESERVED
-CVE-2021-34248
-	RESERVED
+CVE-2021-34249 (SQL injection vulnerability in sourcecodester online-book-store 1.0 al ...)
+	TODO: check
+CVE-2021-34248 (SQL injection vulnerability in sourcecodester mobile-shop-system-php-m ...)
+	TODO: check
 CVE-2021-34247
 	RESERVED
 CVE-2021-34246
@@ -127809,8 +127824,8 @@ CVE-2021-34169
 	RESERVED
 CVE-2021-34168
 	RESERVED
-CVE-2021-34167
-	RESERVED
+CVE-2021-34167 (Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows ...)
+	TODO: check
 CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...)
 	NOT-FOR-US: Sourcecodester
 CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...)
@@ -128032,8 +128047,8 @@ CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. Th
 	NOT-FOR-US: EdgeGallery/developer
 CVE-2021-34065
 	RESERVED
-CVE-2021-34064 (An issue found in Koel v.5.1.4 and before allows remote attackers to g ...)
-	TODO: check
+CVE-2021-34064
+	REJECTED
 CVE-2021-34063
 	RESERVED
 CVE-2021-34062



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5fcac5dc5d432f2bcd1baee9dc8f7f9852f8ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3b5fcac5dc5d432f2bcd1baee9dc8f7f9852f8ed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230225/9213e7c7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list