[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 2 09:12:13 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60659f95 by security tracker role at 2023-06-02T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2023-3000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-2835 (The WP Directory Kit plugin for WordPress is vulnerable to Reflected C ...)
+	TODO: check
+CVE-2016-15032 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
+	TODO: check
+CVE-2015-10110 (A vulnerability classified as problematic was found in ruddernation Ti ...)
+	TODO: check
 CVE-2023-3035 (A vulnerability has been found in Guangdong Pythagorean OA Office Syst ...)
 	NOT-FOR-US: Guangdong Pythagorean OA Office System
 CVE-2023-34339 (In JetBrains Ktor before 2.3.1 headers containing authentication data  ...)
@@ -70,6 +78,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0039]
 	NOTE: https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/
 	NOTE: https://gitlab.com/sequoia-pgp/sequoia/-/commit/f6307652fb2cbf4e0fbd3f897b1ec70863fcfa61
 CVE-2023-32324 (OpenPrinting CUPS is an open source printing system. In versions 2.4.2 ...)
+	{DLA-3440-1}
 	- cups 2.4.2-4
 	[bookworm] - cups <no-dsa> (Can be fixed via point release; exploitable when setting loglevel to DEBUG)
 	[bullseye] - cups <no-dsa> (Can be fixed via point release; exploitable when setting loglevel to DEBUG)
@@ -3696,8 +3705,8 @@ CVE-2023-2203 (A flaw was found in the WebKitGTK package. An improper input vali
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188543
 CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosariosi ...)
 	NOT-FOR-US: RosarioSIS
-CVE-2023-2201
-	RESERVED
+CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injection vi ...)
+	TODO: check
 CVE-2023-2200
 	RESERVED
 CVE-2023-2199
@@ -4790,14 +4799,14 @@ CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in
 	NOT-FOR-US: Armoli Technology Cargo Tracking System
 CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Minova Technology eTrace
-CVE-2023-2063
-	RESERVED
-CVE-2023-2062
-	RESERVED
-CVE-2023-2061
-	RESERVED
-CVE-2023-2060
-	RESERVED
+CVE-2023-2063 (Unrestricted Upload of File with Dangerous Type vulnerability in FTP f ...)
+	TODO: check
+CVE-2023-2062 (Missing Password Field Masking vulnerability in Mitsubishi Electric Co ...)
+	TODO: check
+CVE-2023-2061 (Use of Hard-coded Password vulnerability in FTP function on Mitsubishi ...)
+	TODO: check
+CVE-2023-2060 (Weak Password Requirements vulnerability in FTP function on Mitsubishi ...)
+	TODO: check
 CVE-2023-2059 (A vulnerability was found in DedeCMS 5.7.87. It has been rated as prob ...)
 	NOT-FOR-US: DedeCMS
 CVE-2023-2058 (A vulnerability was found in EyouCms up to 1.6.2. It has been declared ...)
@@ -5527,7 +5536,7 @@ CVE-2023-30396
 	RESERVED
 CVE-2023-30395
 	RESERVED
-CVE-2023-30394 (MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS)  ...)
+CVE-2023-30394 (Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site ...)
 	NOT-FOR-US: MoveIT
 CVE-2023-30393
 	RESERVED
@@ -6876,8 +6885,8 @@ CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android
 	NOT-FOR-US: Story Saver for Instragram
 CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...)
 	NOT-FOR-US: Story Saver for Instragram
-CVE-2023-29746
-	RESERVED
+CVE-2023-29746 (An issue found in The Thaiger v.1.2 for Android allows unauthorized ap ...)
+	TODO: check
 CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized  ...)
 	NOT-FOR-US: BestWeather
 CVE-2023-29744
@@ -6896,8 +6905,8 @@ CVE-2023-29738 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Andr
 	NOT-FOR-US: Wave Animated Keyboard Emoji
 CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...)
 	NOT-FOR-US: Wave Animated Keyboard Emoji
-CVE-2023-29736
-	RESERVED
+CVE-2023-29736 (Keyboard Themes 1.275.1.164 for Android contains a dictionary traversa ...)
+	TODO: check
 CVE-2023-29735 (An issue found in edjing Mix v.7.09.01 for Android allows a local atta ...)
 	NOT-FOR-US: edjing Mix
 CVE-2023-29734 (An issue found in edjing Mix v.7.09.01 for Android allows unauthorized ...)
@@ -6918,14 +6927,14 @@ CVE-2023-29727 (The Call Blocker application 6.6.3 for Android allows unauthoriz
 	NOT-FOR-US: Call Blocker
 CVE-2023-29726 (The Call Blocker application 6.6.3 for Android incorrectly opens a key ...)
 	NOT-FOR-US: Call Blocker
-CVE-2023-29725
-	RESERVED
-CVE-2023-29724
-	RESERVED
-CVE-2023-29723
-	RESERVED
-CVE-2023-29722
-	RESERVED
+CVE-2023-29725 (The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applic ...)
+	TODO: check
+CVE-2023-29724 (The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps t ...)
+	TODO: check
+CVE-2023-29723 (The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unau ...)
+	TODO: check
+CVE-2023-29722 (The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unau ...)
+	TODO: check
 CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads to comman ...)
 	NOT-FOR-US: SofaWiki
 CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...)
@@ -12341,8 +12350,8 @@ CVE-2023-28149
 	RESERVED
 CVE-2023-28148
 	RESERVED
-CVE-2023-28147
-	RESERVED
+CVE-2023-28147 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
+	TODO: check
 CVE-2023-28146
 	RESERVED
 CVE-2023-28145
@@ -13689,10 +13698,10 @@ CVE-2023-27747 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authen
 	NOT-FOR-US: BlackVue DR750-2CH LTE
 CVE-2023-27746 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a  ...)
 	NOT-FOR-US: BlackVue DR750-2CH LTE
-CVE-2023-27745
-	RESERVED
-CVE-2023-27744
-	RESERVED
+CVE-2023-27745 (An issue in South River Technologies TitanFTP Before v2.0.1.2102 allow ...)
+	TODO: check
+CVE-2023-27744 (An issue was discovered in South River Technologies TitanFTP NextGen s ...)
+	TODO: check
 CVE-2023-27743
 	RESERVED
 CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerabil ...)
@@ -13899,10 +13908,10 @@ CVE-2023-27642
 	RESERVED
 CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...)
 	NOT-FOR-US: L-Soft
-CVE-2023-27640
-	RESERVED
-CVE-2023-27639
-	RESERVED
+CVE-2023-27640 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
+	TODO: check
+CVE-2023-27639 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
+	TODO: check
 CVE-2023-27638 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
 	NOT-FOR-US: tshirtecommerce
 CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...)
@@ -14247,8 +14256,8 @@ CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0
 	NOTE: ISO 10681 support was added in 3.6
 CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub repository  ...)
 	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
-CVE-2023-1159
-	RESERVED
+CVE-2023-1159 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
 CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...)
 	NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
 CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...)
@@ -38230,8 +38239,8 @@ CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via
 	[bullseye] - xemacs21 <no-dsa> (Minor issue)
 	[buster] - xemacs21 <no-dsa> (Minor issue)
 	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51
-CVE-2022-45938
-	RESERVED
+CVE-2022-45938 (An issue was discovered in Comcast Defined Technologies microeisbss th ...)
+	TODO: check
 CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
 	NOT-FOR-US: Siemens
 CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector (All ver ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60659f95411319e470a40cd479c138b235e23eb8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60659f95411319e470a40cd479c138b235e23eb8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230602/bc966ba9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list