[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 14 20:10:33 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c9ce7e4 by security tracker role at 2023-01-14T20:10:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,45 @@
-CVE-2023-23590
+CVE-2023-0301 (Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/a ...)
+	TODO: check
+CVE-2023-0300 (Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-even ...)
+	TODO: check
+CVE-2023-0299 (Improper Input Validation in GitHub repository publify/publify prior t ...)
+	TODO: check
+CVE-2022-4889
+	RESERVED
+CVE-2018-25075
+	RESERVED
+CVE-2016-15019
+	RESERVED
+CVE-2016-15018
+	RESERVED
+CVE-2015-10052
+	RESERVED
+CVE-2015-10051
+	RESERVED
+CVE-2015-10050
+	RESERVED
+CVE-2015-10049
+	RESERVED
+CVE-2015-10048
+	RESERVED
+CVE-2015-10047
+	RESERVED
+CVE-2015-10046
+	RESERVED
+CVE-2015-10045
+	RESERVED
+CVE-2015-10044
 	RESERVED
-CVE-2023-0298
+CVE-2014-125079
 	RESERVED
+CVE-2014-125078
+	RESERVED
+CVE-2014-125077
+	RESERVED
+CVE-2023-23590
+	RESERVED
+CVE-2023-0298 (Improper Authorization in GitHub repository firefly-iii/firefly-iii pr ...)
+	TODO: check
 CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev ...)
 	TODO: check
 CVE-2023-0296
@@ -2969,8 +3007,8 @@ CVE-2014-125039 (A vulnerability, which was classified as problematic, has been
 	NOT-FOR-US: kkokko NeoXplora
 CVE-2010-10003 (A vulnerability classified as critical was found in gesellix titlelink ...)
 	NOT-FOR-US: gesellix titlelink
-CVE-2023-22602
-	RESERVED
+CVE-2023-22602 (When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+,  ...)
+	TODO: check
 CVE-2023-22601 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...)
 	NOT-FOR-US: InHand Networks InRouter
 CVE-2023-22600 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...)
@@ -13739,8 +13777,8 @@ CVE-2022-45355
 	RESERVED
 CVE-2022-45354
 	RESERVED
-CVE-2022-45353
-	RESERVED
+CVE-2022-45353 (Broken Access Control in Betheme theme <= 26.6.1 on WordPress. ...)
+	TODO: check
 CVE-2022-45352
 	RESERVED
 CVE-2022-45351
@@ -26617,8 +26655,8 @@ CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Orde
 	NOT-FOR-US: WordPress plugin
 CVE-2022-39044 (Hidden functionality vulnerability in multiple Buffalo network devices ...)
 	NOT-FOR-US: Buffalo
-CVE-2022-38467
-	RESERVED
+CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms  ...)
+	TODO: check
 CVE-2022-38456
 	RESERVED
 CVE-2022-38141
@@ -35636,8 +35674,8 @@ CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-38217
 	RESERVED
-CVE-2022-2815
-	RESERVED
+CVE-2022-2815 (Insecure Storage of Sensitive Information in GitHub repository publify ...)
+	TODO: check
 CVE-2022-2814 (A vulnerability has been found in SourceCodester Simple and Nice Shopp ...)
 	NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
 CVE-2022-2813 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -54574,8 +54612,8 @@ CVE-2022-29506 (Out-of-bounds read vulnerability exist in the simulator module c
 	NOT-FOR-US: Fuji
 CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to  ...)
 	NOT-FOR-US: yogeshojha/rengine
-CVE-2022-1812
-	RESERVED
+CVE-2022-1812 (Integer Overflow or Wraparound in GitHub repository publify/publify pr ...)
+	TODO: check
 CVE-2022-1811 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
 	NOT-FOR-US: Publify
 CVE-2022-1810 (Improper Access Control in GitHub repository publify/publify prior to  ...)
@@ -81510,6 +81548,7 @@ CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor
 CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
 	NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
 CVE-2022-22728 (A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buf ...)
+	{DLA-3269-1}
 	- libapreq2 2.17-1 (bug #1018191)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/08/25/3
 CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c9ce7e4aac79dc198d6385f2740777245ba3dbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c9ce7e4aac79dc198d6385f2740777245ba3dbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230114/ba457f85/attachment.htm>

More information about the debian-security-tracker-commits mailing list