[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jun 5 09:12:31 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df7315a7 by security tracker role at 2023-06-05T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-3100 (A vulnerability, which was classified as critical, has been found in I ...)
+	TODO: check
+CVE-2023-3099 (A vulnerability classified as critical was found in KylinSoft youker-a ...)
+	TODO: check
+CVE-2023-3098 (A vulnerability classified as critical has been found in KylinSoft you ...)
+	TODO: check
+CVE-2023-3097 (A vulnerability was found in KylinSoft kylin-software-properties on Ky ...)
+	TODO: check
+CVE-2023-3096 (A vulnerability was found in KylinSoft kylin-software-properties on Ky ...)
+	TODO: check
+CVE-2023-34411 (The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of se ...)
+	TODO: check
+CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...)
+	TODO: check
+CVE-2023-34407 (OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows  ...)
+	TODO: check
+CVE-2023-32334 (IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Applicatio ...)
+	TODO: check
+CVE-2015-10112 (A vulnerability classified as problematic has been found in WooFramewo ...)
+	TODO: check
+CVE-2014-125105 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 o ...)
+	TODO: check
 CVE-2023-3095 (Improper Access Control in GitHub repository nilsteampassnet/teampass  ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-3094 (A vulnerability classified as critical has been found in code-projects ...)
@@ -1438,7 +1460,7 @@ CVE-2023-32762 (An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9,
 	- qtbase-opensource-src 5.15.8+dfsg-10
 	- qtbase-opensource-src-gles <not-affected> (Not built in GLES variant)
 	NOTE: https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
-CVE-2023-34408 [XSS in RSS syntax]
+CVE-2023-34408 (DokuWiki before 2023-04-04a allows XSS via RSS titles.)
 	- dokuwiki 0.0.20220731.a-2 (bug #1036279)
 	[bullseye] - dokuwiki <no-dsa> (Minor issue)
 	NOTE: https://github.com/dokuwiki/dokuwiki/pull/3967
@@ -13383,8 +13405,8 @@ CVE-2023-27863 (IBM Spectrum Protect Plus Server 10.1.13, under specific configu
 	NOT-FOR-US: IBM
 CVE-2023-27862
 	RESERVED
-CVE-2023-27861
-	RESERVED
+CVE-2023-27861 (IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transm ...)
+	TODO: check
 CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensiti ...)
 	NOT-FOR-US: IBM
 CVE-2023-27859
@@ -15154,8 +15176,8 @@ CVE-2023-27287
 	RESERVED
 CVE-2023-27286 (IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to  ...)
 	NOT-FOR-US: IBM
-CVE-2023-27285
-	RESERVED
+CVE-2023-27285 (IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a ...)
+	TODO: check
 CVE-2023-27284 (IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to  ...)
 	NOT-FOR-US: IBM
 CVE-2023-27283
@@ -21490,10 +21512,10 @@ CVE-2023-0638 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 an
 	NOT-FOR-US: TRENDnet
 CVE-2023-0637 (A vulnerability, which was classified as critical, was found in TRENDn ...)
 	NOT-FOR-US: TRENDnet
-CVE-2023-0636
-	RESERVED
-CVE-2023-0635
-	RESERVED
+CVE-2023-0636 (Improper Input Validation vulnerability in ABB Ltd. ASPECT\xae-Enterpr ...)
+	TODO: check
+CVE-2023-0635 (Improper Privilege Management vulnerability in ABB Ltd. ASPECT\xae-Ent ...)
+	TODO: check
 CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...)
 	- openssh 1:9.2p1-1
 	[bullseye] - openssh <not-affected> (Vulnerable code not present)
@@ -28172,8 +28194,8 @@ CVE-2023-22864
 	RESERVED
 CVE-2023-22863 (IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP ...)
 	NOT-FOR-US: IBM
-CVE-2023-22862
-	RESERVED
+CVE-2023-22862 (IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authenti ...)
+	TODO: check
 CVE-2023-22861
 	RESERVED
 CVE-2023-22860 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1,  ...)
@@ -29281,8 +29303,8 @@ CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not sanit
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
-CVE-2023-0041
-	RESERVED
+CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over another use ...)
+	TODO: check
 CVE-2023-22586
 	RESERVED
 CVE-2023-22585



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df7315a78095979d023a6b629e87b04051481f51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df7315a78095979d023a6b629e87b04051481f51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230605/1bc538bc/attachment-0001.htm>
