[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 26 09:12:19 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29cb2e3b by security tracker role at 2023-06-26T08:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...)
+ TODO: check
+CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...)
+ TODO: check
+CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission validation f ...)
+ TODO: check
+CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows ...)
+ TODO: check
+CVE-2023-36662 (The TechTime User Management components for Atlassian products allow s ...)
+ TODO: check
+CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth ...)
+ TODO: check
+CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory ...)
+ TODO: check
CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...)
NOT-FOR-US: Campcodes Retro Cellphone Online Store
CVE-2023-36632 (The legacy email.utils.parseaddr function in Python through 3.11.4 all ...)
@@ -3592,7 +3606,7 @@ CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10.
CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...)
NOT-FOR-US: Teltonika
CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...)
- {DSA-5419-1}
+ {DSA-5419-1 DLA-3471-1}
[experimental] - c-ares 1.19.1-1
- c-ares 1.18.1-3
NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
@@ -5576,7 +5590,7 @@ CVE-2023-31132
CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...)
NOT-FOR-US: Greenplum Database
CVE-2023-31130 (c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ...)
- {DSA-5419-1}
+ {DSA-5419-1 DLA-3471-1}
[experimental] - c-ares 1.19.1-1
- c-ares 1.18.1-3
NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
@@ -10337,10 +10351,10 @@ CVE-2023-29426
RESERVED
CVE-2023-29425
RESERVED
-CVE-2023-29424
- RESERVED
-CVE-2023-29423
- RESERVED
+CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plai ...)
+ TODO: check
+CVE-2023-29423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
+ TODO: check
CVE-2023-29422
RESERVED
CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtiff pac ...)
@@ -11464,8 +11478,8 @@ CVE-2023-29095
RESERVED
CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29093
- RESERVED
+CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...)
TODO: check
CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow ...)
@@ -11846,16 +11860,16 @@ CVE-2023-28994
RESERVED
CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28992
- RESERVED
-CVE-2023-28991
- RESERVED
+CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...)
+ TODO: check
+CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
+ TODO: check
CVE-2023-28990
RESERVED
CVE-2023-28989
RESERVED
-CVE-2023-28988
- RESERVED
+CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
+ TODO: check
CVE-2023-28987
RESERVED
CVE-2023-28986
@@ -12518,10 +12532,10 @@ CVE-2023-1622
REJECTED
CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all versions start ...)
TODO: check
-CVE-2023-1620
- RESERVED
-CVE-2023-1619
- RESERVED
+CVE-2023-1620 (Multiple WAGO devices in multiple versions may allow an authenticated ...)
+ TODO: check
+CVE-2023-1619 (Multiple WAGO devices in multiple versions may allow an authenticated ...)
+ TODO: check
CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...)
NOT-FOR-US: Mitsubishi
CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...)
@@ -17054,8 +17068,8 @@ CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/netwo
NOT-FOR-US: Epson
CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
NOT-FOR-US: SourceCodester Electronic Medical Records System
-CVE-2023-1150
- RESERVED
+CVE-2023-1150 (Uncontrolled resource consumption in Series WAGO 750-3x/-8x products m ...)
+ TODO: check
CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...)
NOT-FOR-US: btcpayserver
CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
@@ -27618,8 +27632,8 @@ CVE-2023-23549
RESERVED
CVE-2023-23548
RESERVED
-CVE-2023-22359
- RESERVED
+CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...)
+ TODO: check
CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions < ...)
- check-mk <removed>
CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29cb2e3bb7566f7a4638b34ce3ba40e52c5dc8d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29cb2e3bb7566f7a4638b34ce3ba40e52c5dc8d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230626/2207c572/attachment.htm>
More information about the debian-security-tracker-commits
mailing list