[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 26 09:12:19 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29cb2e3b by security tracker role at 2023-06-26T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...)
+	TODO: check
+CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...)
+	TODO: check
+CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission validation f ...)
+	TODO: check
+CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows ...)
+	TODO: check
+CVE-2023-36662 (The TechTime User Management components for Atlassian products allow s ...)
+	TODO: check
+CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth ...)
+	TODO: check
+CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory  ...)
+	TODO: check
 CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...)
 	NOT-FOR-US: Campcodes Retro Cellphone Online Store
 CVE-2023-36632 (The legacy email.utils.parseaddr function in Python through 3.11.4 all ...)
@@ -3592,7 +3606,7 @@ CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10.
 CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...)
 	NOT-FOR-US: Teltonika
 CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...)
-	{DSA-5419-1}
+	{DSA-5419-1 DLA-3471-1}
 	[experimental] - c-ares 1.19.1-1
 	- c-ares 1.18.1-3
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
@@ -5576,7 +5590,7 @@ CVE-2023-31132
 CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...)
 	NOT-FOR-US: Greenplum Database
 CVE-2023-31130 (c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ...)
-	{DSA-5419-1}
+	{DSA-5419-1 DLA-3471-1}
 	[experimental] - c-ares 1.19.1-1
 	- c-ares 1.18.1-3
 	NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
@@ -10337,10 +10351,10 @@ CVE-2023-29426
 	RESERVED
 CVE-2023-29425
 	RESERVED
-CVE-2023-29424
-	RESERVED
-CVE-2023-29423
-	RESERVED
+CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plai ...)
+	TODO: check
+CVE-2023-29423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
+	TODO: check
 CVE-2023-29422
 	RESERVED
 CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtiff pac ...)
@@ -11464,8 +11478,8 @@ CVE-2023-29095
 	RESERVED
 CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-29093
-	RESERVED
+CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
 CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...)
 	TODO: check
 CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow  ...)
@@ -11846,16 +11860,16 @@ CVE-2023-28994
 	RESERVED
 CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-28992
-	RESERVED
-CVE-2023-28991
-	RESERVED
+CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...)
+	TODO: check
+CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
+	TODO: check
 CVE-2023-28990
 	RESERVED
 CVE-2023-28989
 	RESERVED
-CVE-2023-28988
-	RESERVED
+CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
+	TODO: check
 CVE-2023-28987
 	RESERVED
 CVE-2023-28986
@@ -12518,10 +12532,10 @@ CVE-2023-1622
 	REJECTED
 CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	TODO: check
-CVE-2023-1620
-	RESERVED
-CVE-2023-1619
-	RESERVED
+CVE-2023-1620 (Multiple WAGO devices in multiple versions may allow an authenticated  ...)
+	TODO: check
+CVE-2023-1619 (Multiple WAGO devices in multiple versions may allow an authenticated  ...)
+	TODO: check
 CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...)
@@ -17054,8 +17068,8 @@ CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/netwo
 	NOT-FOR-US: Epson
 CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
 	NOT-FOR-US: SourceCodester Electronic Medical Records System
-CVE-2023-1150
-	RESERVED
+CVE-2023-1150 (Uncontrolled resource consumption in Series WAGO 750-3x/-8x products m ...)
+	TODO: check
 CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...)
 	NOT-FOR-US: btcpayserver
 CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
@@ -27618,8 +27632,8 @@ CVE-2023-23549
 	RESERVED
 CVE-2023-23548
 	RESERVED
-CVE-2023-22359
-	RESERVED
+CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...)
+	TODO: check
 CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions < ...)
 	- check-mk <removed>
 CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29cb2e3bb7566f7a4638b34ce3ba40e52c5dc8d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29cb2e3bb7566f7a4638b34ce3ba40e52c5dc8d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230626/2207c572/attachment.htm>


More information about the debian-security-tracker-commits mailing list