[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 15 09:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6acdb4c5 by security tracker role at 2023-06-15T08:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2023-3193 (Cross-site scripting (XSS) vulnerability in the Layout module's SEO co ...)
+ TODO: check
+CVE-2023-35030 (Cross-site request forgery (CSRF) vulnerability in the Layout module's ...)
+ TODO: check
+CVE-2023-35029 (Open redirect vulnerability in the Layout module's SEO configuration i ...)
+ TODO: check
+CVE-2023-34565 (Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Creat ...)
+ TODO: check
+CVE-2023-34452 (Grav is a flat-file content management system. In versions 1.7.42 and ...)
+ TODO: check
+CVE-2023-34449 (ink! is an embedded domain specific language to write smart contracts ...)
+ TODO: check
+CVE-2023-34448 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
+ TODO: check
+CVE-2023-34253 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
+ TODO: check
+CVE-2023-34252 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
+ TODO: check
+CVE-2023-34251 (Grav is a flat-file content management system. Versions prior to 1.7.4 ...)
+ TODO: check
+CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scriptin ...)
+ TODO: check
+CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 router ...)
+ TODO: check
+CVE-2023-2847 (During internal security analysis, a local privilege escalation vulner ...)
+ TODO: check
+CVE-2023-2820 (An information disclosure vulnerability in thefaye endpoint in Proofpo ...)
+ TODO: check
+CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI in Proof ...)
+ TODO: check
CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...)
NOT-FOR-US: OTCMS
CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...)
@@ -4554,8 +4584,8 @@ CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality t
NOT-FOR-US: Vuforia
CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...)
NOT-FOR-US: Vuforia
-CVE-2023-2270
- RESERVED
+CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts ...)
+ TODO: check
CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
- linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
@@ -7491,8 +7521,8 @@ CVE-2023-30152
RESERVED
CVE-2023-30151
RESERVED
-CVE-2023-30150
- RESERVED
+CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection ...)
+ TODO: check
CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...)
NOT-FOR-US: PrestaShop module
CVE-2023-30148
@@ -10653,7 +10683,7 @@ CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell
NOT-FOR-US: Rockwell Automation
CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...)
- gitlab 15.10.8+ds1-2
-CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while parsing ...)
+CVE-2023-1709 (Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack- ...)
NOT-FOR-US: Siemens
CVE-2023-29021
RESERVED
@@ -14216,8 +14246,8 @@ CVE-2023-1331 (The Redirection WordPress plugin before 1.1.5 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add nonce verif ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1329
- RESERVED
+CVE-2023-1329 (A potential security vulnerability has been identified for certain HP ...)
+ TODO: check
CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been classifie ...)
NOT-FOR-US: Guizhou 115cms
CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an ...)
@@ -21020,8 +21050,8 @@ CVE-2023-25685
RESERVED
CVE-2023-25684 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
NOT-FOR-US: IBM
-CVE-2023-25683
- RESERVED
+CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW ...)
+ TODO: check
CVE-2023-25682
RESERVED
CVE-2023-25681
@@ -39359,8 +39389,8 @@ CVE-2022-4151 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gal
NOT-FOR-US: WordPress plugin
CVE-2022-4150 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4149
- RESERVED
+CVE-2022-4149 (The Netskope client service (prior to R96) on Windows runs as NT AUTHO ...)
+ TODO: check
CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...)
@@ -64312,7 +64342,7 @@ CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could
NOT-FOR-US: JetBrains TeamCity
CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while Registr ...)
NOT-FOR-US: Linksys
-CVE-2022-38131 (RStudio Connect is affected by an Open Redirect issue. The vulnerabili ...)
+CVE-2022-38131 (RStudio Connect prior to 2023.01.0 is affected by an Open Redirect iss ...)
NOT-FOR-US: RStudio Connect
CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
NOT-FOR-US: Keysight Sensor Management Server
@@ -77668,26 +77698,26 @@ CVE-2022-33170
RESERVED
CVE-2022-33169 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...)
NOT-FOR-US: IBM
-CVE-2022-33168
- RESERVED
+CVE-2022-33168 (IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause ...)
+ TODO: check
CVE-2022-33167
RESERVED
-CVE-2022-33166
- RESERVED
+CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...)
+ TODO: check
CVE-2022-33165
RESERVED
CVE-2022-33164
RESERVED
-CVE-2022-33163
- RESERVED
+CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...)
+ TODO: check
CVE-2022-33162
RESERVED
CVE-2022-33161
RESERVED
CVE-2022-33160
RESERVED
-CVE-2022-33159
- RESERVED
+CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...)
+ TODO: check
CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulner ...)
NOT-FOR-US: Trend Micro
CVE-2022-33157 (The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 a ...)
@@ -78684,8 +78714,8 @@ CVE-2022-32759
RESERVED
CVE-2022-32758
RESERVED
-CVE-2022-32757
- RESERVED
+CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...)
+ TODO: check
CVE-2022-32756
RESERVED
CVE-2022-32755
@@ -78694,8 +78724,8 @@ CVE-2022-32754
RESERVED
CVE-2022-32753
RESERVED
-CVE-2022-32752
- RESERVED
+CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a r ...)
+ TODO: check
CVE-2022-32751
RESERVED
CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...)
@@ -111325,8 +111355,8 @@ CVE-2022-22309 (The POWER systems FSP is vulnerable to unauthenticated logins th
NOT-FOR-US: IBM
CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...)
NOT-FOR-US: IBM
-CVE-2022-22307
- RESERVED
+CVE-2022-22307 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to ...)
+ TODO: check
CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: KeystoneJS
CVE-2021-46130
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acdb4c51a9459dcb5e6989c9c3c87aa7262664c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acdb4c51a9459dcb5e6989c9c3c87aa7262664c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230615/aaee280e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list