[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 15 09:12:25 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6acdb4c5 by security tracker role at 2023-06-15T08:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2023-3193 (Cross-site scripting (XSS) vulnerability in the Layout module's SEO co ...)
+	TODO: check
+CVE-2023-35030 (Cross-site request forgery (CSRF) vulnerability in the Layout module's ...)
+	TODO: check
+CVE-2023-35029 (Open redirect vulnerability in the Layout module's SEO configuration i ...)
+	TODO: check
+CVE-2023-34565 (Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Creat ...)
+	TODO: check
+CVE-2023-34452 (Grav is a flat-file content management system. In versions 1.7.42 and  ...)
+	TODO: check
+CVE-2023-34449 (ink! is an embedded domain specific language to write smart contracts  ...)
+	TODO: check
+CVE-2023-34448 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
+	TODO: check
+CVE-2023-34253 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
+	TODO: check
+CVE-2023-34252 (Grav is a flat-file content management system. Prior to version 1.7.42 ...)
+	TODO: check
+CVE-2023-34251 (Grav is a flat-file content management system. Versions prior to 1.7.4 ...)
+	TODO: check
+CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scriptin ...)
+	TODO: check
+CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 router  ...)
+	TODO: check
+CVE-2023-2847 (During internal security analysis, a local privilege escalation vulner ...)
+	TODO: check
+CVE-2023-2820 (An information disclosure vulnerability in thefaye endpoint in Proofpo ...)
+	TODO: check
+CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI in Proof ...)
+	TODO: check
 CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...)
 	NOT-FOR-US: OTCMS
 CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...)
@@ -4554,8 +4584,8 @@ CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality t
 	NOT-FOR-US: Vuforia
 CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...)
 	NOT-FOR-US: Vuforia
-CVE-2023-2270
-	RESERVED
+CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts  ...)
+	TODO: check
 CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
 	- linux 6.3.7-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
@@ -7491,8 +7521,8 @@ CVE-2023-30152
 	RESERVED
 CVE-2023-30151
 	RESERVED
-CVE-2023-30150
-	RESERVED
+CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection ...)
+	TODO: check
 CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...)
 	NOT-FOR-US: PrestaShop module
 CVE-2023-30148
@@ -10653,7 +10683,7 @@ CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell
 	NOT-FOR-US: Rockwell Automation
 CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...)
 	- gitlab 15.10.8+ds1-2
-CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while parsing ...)
+CVE-2023-1709 (Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack- ...)
 	NOT-FOR-US: Siemens
 CVE-2023-29021
 	RESERVED
@@ -14216,8 +14246,8 @@ CVE-2023-1331 (The Redirection WordPress plugin before 1.1.5 does not have CSRF
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add nonce verif ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-1329
-	RESERVED
+CVE-2023-1329 (A potential security vulnerability has been identified for certain HP  ...)
+	TODO: check
 CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been classifie ...)
 	NOT-FOR-US: Guizhou 115cms
 CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an  ...)
@@ -21020,8 +21050,8 @@ CVE-2023-25685
 	RESERVED
 CVE-2023-25684 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and  ...)
 	NOT-FOR-US: IBM
-CVE-2023-25683
-	RESERVED
+CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW ...)
+	TODO: check
 CVE-2023-25682
 	RESERVED
 CVE-2023-25681
@@ -39359,8 +39389,8 @@ CVE-2022-4151 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gal
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4150 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4149
-	RESERVED
+CVE-2022-4149 (The Netskope client service (prior to R96) on Windows runs as NT AUTHO ...)
+	TODO: check
 CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...)
@@ -64312,7 +64342,7 @@ CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could
 	NOT-FOR-US: JetBrains TeamCity
 CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while Registr ...)
 	NOT-FOR-US: Linksys
-CVE-2022-38131 (RStudio Connect is affected by an Open Redirect issue. The vulnerabili ...)
+CVE-2022-38131 (RStudio Connect prior to 2023.01.0 is affected by an Open Redirect iss ...)
 	NOT-FOR-US: RStudio Connect
 CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
 	NOT-FOR-US: Keysight Sensor Management Server
@@ -77668,26 +77698,26 @@ CVE-2022-33170
 	RESERVED
 CVE-2022-33169 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...)
 	NOT-FOR-US: IBM
-CVE-2022-33168
-	RESERVED
+CVE-2022-33168 (IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause ...)
+	TODO: check
 CVE-2022-33167
 	RESERVED
-CVE-2022-33166
-	RESERVED
+CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...)
+	TODO: check
 CVE-2022-33165
 	RESERVED
 CVE-2022-33164
 	RESERVED
-CVE-2022-33163
-	RESERVED
+CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...)
+	TODO: check
 CVE-2022-33162
 	RESERVED
 CVE-2022-33161
 	RESERVED
 CVE-2022-33160
 	RESERVED
-CVE-2022-33159
-	RESERVED
+CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...)
+	TODO: check
 CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulner ...)
 	NOT-FOR-US: Trend Micro
 CVE-2022-33157 (The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 a ...)
@@ -78684,8 +78714,8 @@ CVE-2022-32759
 	RESERVED
 CVE-2022-32758
 	RESERVED
-CVE-2022-32757
-	RESERVED
+CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...)
+	TODO: check
 CVE-2022-32756
 	RESERVED
 CVE-2022-32755
@@ -78694,8 +78724,8 @@ CVE-2022-32754
 	RESERVED
 CVE-2022-32753
 	RESERVED
-CVE-2022-32752
-	RESERVED
+CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a r ...)
+	TODO: check
 CVE-2022-32751
 	RESERVED
 CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...)
@@ -111325,8 +111355,8 @@ CVE-2022-22309 (The POWER systems FSP is vulnerable to unauthenticated logins th
 	NOT-FOR-US: IBM
 CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...)
 	NOT-FOR-US: IBM
-CVE-2022-22307
-	RESERVED
+CVE-2022-22307 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to ...)
+	TODO: check
 CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web  ...)
 	NOT-FOR-US: KeystoneJS
 CVE-2021-46130



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acdb4c51a9459dcb5e6989c9c3c87aa7262664c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acdb4c51a9459dcb5e6989c9c3c87aa7262664c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230615/aaee280e/attachment.htm>


More information about the debian-security-tracker-commits mailing list