[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 6 08:10:34 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d04009ec by security tracker role at 2023-03-06T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,440 @@
-CVE-2023-27635
+CVE-2023-27849
+	RESERVED
+CVE-2023-27848
+	RESERVED
+CVE-2023-27847
+	RESERVED
+CVE-2023-27846
+	RESERVED
+CVE-2023-27845
+	RESERVED
+CVE-2023-27844
+	RESERVED
+CVE-2023-27843
+	RESERVED
+CVE-2023-27842
+	RESERVED
+CVE-2023-27841
+	RESERVED
+CVE-2023-27840
+	RESERVED
+CVE-2023-27839
+	RESERVED
+CVE-2023-27838
+	RESERVED
+CVE-2023-27837
+	RESERVED
+CVE-2023-27836
+	RESERVED
+CVE-2023-27835
+	RESERVED
+CVE-2023-27834
+	RESERVED
+CVE-2023-27833
+	RESERVED
+CVE-2023-27832
+	RESERVED
+CVE-2023-27831
+	RESERVED
+CVE-2023-27830
+	RESERVED
+CVE-2023-27829
+	RESERVED
+CVE-2023-27828
+	RESERVED
+CVE-2023-27827
+	RESERVED
+CVE-2023-27826
+	RESERVED
+CVE-2023-27825
+	RESERVED
+CVE-2023-27824
+	RESERVED
+CVE-2023-27823
+	RESERVED
+CVE-2023-27822
+	RESERVED
+CVE-2023-27821
+	RESERVED
+CVE-2023-27820
+	RESERVED
+CVE-2023-27819
+	RESERVED
+CVE-2023-27818
+	RESERVED
+CVE-2023-27817
+	RESERVED
+CVE-2023-27816
+	RESERVED
+CVE-2023-27815
+	RESERVED
+CVE-2023-27814
+	RESERVED
+CVE-2023-27813
+	RESERVED
+CVE-2023-27812
+	RESERVED
+CVE-2023-27811
+	RESERVED
+CVE-2023-27810
+	RESERVED
+CVE-2023-27809
+	RESERVED
+CVE-2023-27808
+	RESERVED
+CVE-2023-27807
+	RESERVED
+CVE-2023-27806
+	RESERVED
+CVE-2023-27805
+	RESERVED
+CVE-2023-27804
+	RESERVED
+CVE-2023-27803
+	RESERVED
+CVE-2023-27802
+	RESERVED
+CVE-2023-27801
+	RESERVED
+CVE-2023-27800
+	RESERVED
+CVE-2023-27799
+	RESERVED
+CVE-2023-27798
+	RESERVED
+CVE-2023-27797
+	RESERVED
+CVE-2023-27796
+	RESERVED
+CVE-2023-27795
+	RESERVED
+CVE-2023-27794
+	RESERVED
+CVE-2023-27793
+	RESERVED
+CVE-2023-27792
+	RESERVED
+CVE-2023-27791
+	RESERVED
+CVE-2023-27790
+	RESERVED
+CVE-2023-27789
+	RESERVED
+CVE-2023-27788
+	RESERVED
+CVE-2023-27787
+	RESERVED
+CVE-2023-27786
+	RESERVED
+CVE-2023-27785
+	RESERVED
+CVE-2023-27784
+	RESERVED
+CVE-2023-27783
+	RESERVED
+CVE-2023-27782
+	RESERVED
+CVE-2023-27781
+	RESERVED
+CVE-2023-27780
+	RESERVED
+CVE-2023-27779
+	RESERVED
+CVE-2023-27778
+	RESERVED
+CVE-2023-27777
+	RESERVED
+CVE-2023-27776
+	RESERVED
+CVE-2023-27775
+	RESERVED
+CVE-2023-27774
+	RESERVED
+CVE-2023-27773
+	RESERVED
+CVE-2023-27772
+	RESERVED
+CVE-2023-27771
+	RESERVED
+CVE-2023-27770
+	RESERVED
+CVE-2023-27769
+	RESERVED
+CVE-2023-27768
+	RESERVED
+CVE-2023-27767
+	RESERVED
+CVE-2023-27766
+	RESERVED
+CVE-2023-27765
+	RESERVED
+CVE-2023-27764
+	RESERVED
+CVE-2023-27763
+	RESERVED
+CVE-2023-27762
+	RESERVED
+CVE-2023-27761
+	RESERVED
+CVE-2023-27760
+	RESERVED
+CVE-2023-27759
+	RESERVED
+CVE-2023-27758
+	RESERVED
+CVE-2023-27757
+	RESERVED
+CVE-2023-27756
+	RESERVED
+CVE-2023-27755
+	RESERVED
+CVE-2023-27754
+	RESERVED
+CVE-2023-27753
+	RESERVED
+CVE-2023-27752
+	RESERVED
+CVE-2023-27751
+	RESERVED
+CVE-2023-27750
+	RESERVED
+CVE-2023-27749
+	RESERVED
+CVE-2023-27748
+	RESERVED
+CVE-2023-27747
+	RESERVED
+CVE-2023-27746
+	RESERVED
+CVE-2023-27745
+	RESERVED
+CVE-2023-27744
+	RESERVED
+CVE-2023-27743
+	RESERVED
+CVE-2023-27742
+	RESERVED
+CVE-2023-27741
+	RESERVED
+CVE-2023-27740
+	RESERVED
+CVE-2023-27739
+	RESERVED
+CVE-2023-27738
+	RESERVED
+CVE-2023-27737
+	RESERVED
+CVE-2023-27736
+	RESERVED
+CVE-2023-27735
+	RESERVED
+CVE-2023-27734
+	RESERVED
+CVE-2023-27733
+	RESERVED
+CVE-2023-27732
+	RESERVED
+CVE-2023-27731
+	RESERVED
+CVE-2023-27730
+	RESERVED
+CVE-2023-27729
+	RESERVED
+CVE-2023-27728
+	RESERVED
+CVE-2023-27727
+	RESERVED
+CVE-2023-27726
+	RESERVED
+CVE-2023-27725
+	RESERVED
+CVE-2023-27724
+	RESERVED
+CVE-2023-27723
+	RESERVED
+CVE-2023-27722
+	RESERVED
+CVE-2023-27721
+	RESERVED
+CVE-2023-27720
+	RESERVED
+CVE-2023-27719
+	RESERVED
+CVE-2023-27718
+	RESERVED
+CVE-2023-27717
+	RESERVED
+CVE-2023-27716
+	RESERVED
+CVE-2023-27715
+	RESERVED
+CVE-2023-27714
+	RESERVED
+CVE-2023-27713
+	RESERVED
+CVE-2023-27712
+	RESERVED
+CVE-2023-27711
+	RESERVED
+CVE-2023-27710
+	RESERVED
+CVE-2023-27709
+	RESERVED
+CVE-2023-27708
+	RESERVED
+CVE-2023-27707
+	RESERVED
+CVE-2023-27706
+	RESERVED
+CVE-2023-27705
+	RESERVED
+CVE-2023-27704
+	RESERVED
+CVE-2023-27703
+	RESERVED
+CVE-2023-27702
+	RESERVED
+CVE-2023-27701
+	RESERVED
+CVE-2023-27700
+	RESERVED
+CVE-2023-27699
+	RESERVED
+CVE-2023-27698
+	RESERVED
+CVE-2023-27697
+	RESERVED
+CVE-2023-27696
+	RESERVED
+CVE-2023-27695
+	RESERVED
+CVE-2023-27694
+	RESERVED
+CVE-2023-27693
+	RESERVED
+CVE-2023-27692
+	RESERVED
+CVE-2023-27691
+	RESERVED
+CVE-2023-27690
+	RESERVED
+CVE-2023-27689
+	RESERVED
+CVE-2023-27688
+	RESERVED
+CVE-2023-27687
+	RESERVED
+CVE-2023-27686
+	RESERVED
+CVE-2023-27685
+	RESERVED
+CVE-2023-27684
+	RESERVED
+CVE-2023-27683
+	RESERVED
+CVE-2023-27682
+	RESERVED
+CVE-2023-27681
+	RESERVED
+CVE-2023-27680
+	RESERVED
+CVE-2023-27679
+	RESERVED
+CVE-2023-27678
+	RESERVED
+CVE-2023-27677
+	RESERVED
+CVE-2023-27676
+	RESERVED
+CVE-2023-27675
+	RESERVED
+CVE-2023-27674
+	RESERVED
+CVE-2023-27673
+	RESERVED
+CVE-2023-27672
+	RESERVED
+CVE-2023-27671
+	RESERVED
+CVE-2023-27670
+	RESERVED
+CVE-2023-27669
+	RESERVED
+CVE-2023-27668
+	RESERVED
+CVE-2023-27667
+	RESERVED
+CVE-2023-27666
+	RESERVED
+CVE-2023-27665
+	RESERVED
+CVE-2023-27664
+	RESERVED
+CVE-2023-27663
+	RESERVED
+CVE-2023-27662
+	RESERVED
+CVE-2023-27661
+	RESERVED
+CVE-2023-27660
+	RESERVED
+CVE-2023-27659
+	RESERVED
+CVE-2023-27658
+	RESERVED
+CVE-2023-27657
+	RESERVED
+CVE-2023-27656
+	RESERVED
+CVE-2023-27655
+	RESERVED
+CVE-2023-27654
+	RESERVED
+CVE-2023-27653
+	RESERVED
+CVE-2023-27652
+	RESERVED
+CVE-2023-27651
+	RESERVED
+CVE-2023-27650
+	RESERVED
+CVE-2023-27649
+	RESERVED
+CVE-2023-27648
+	RESERVED
+CVE-2023-27647
+	RESERVED
+CVE-2023-27646
+	RESERVED
+CVE-2023-27645
+	RESERVED
+CVE-2023-27644
+	RESERVED
+CVE-2023-27643
+	RESERVED
+CVE-2023-27642
+	RESERVED
+CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...)
+	TODO: check
+CVE-2023-27640
+	RESERVED
+CVE-2023-27639
+	RESERVED
+CVE-2023-27638
+	RESERVED
+CVE-2023-27637
+	RESERVED
+CVE-2023-27636
+	RESERVED
+CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-1183
+	RESERVED
+CVE-2023-1182
+	RESERVED
+CVE-2022-48364
+	RESERVED
+CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary ...)
 	- debian-goodies <unfixed> (bug #1031267)
 	[bullseye] - debian-goodies <no-dsa> (Minor issue; user prompted before execution)
 CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...)
@@ -95,18 +531,18 @@ CVE-2015-10095
 	RESERVED
 CVE-2015-10094
 	RESERVED
-CVE-2015-10093
-	RESERVED
-CVE-2015-10092
-	RESERVED
-CVE-2015-10091
-	RESERVED
-CVE-2015-10090
-	RESERVED
-CVE-2014-125092
-	RESERVED
-CVE-2006-10001
-	RESERVED
+CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1.  ...)
+	TODO: check
+CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It h ...)
+	TODO: check
+CVE-2015-10091 (A vulnerability has been found in ByWater Solutions bywater-koha-xslt  ...)
+	TODO: check
+CVE-2015-10090 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classi ...)
+	TODO: check
+CVE-2006-10001 (A vulnerability, which was classified as problematic, was found in Sub ...)
+	TODO: check
 CVE-2023-27601
 	RESERVED
 CVE-2023-27600
@@ -229,14 +665,14 @@ CVE-2023-1167
 	RESERVED
 CVE-2023-1166
 	RESERVED
-CVE-2022-4929
-	RESERVED
-CVE-2022-4928
-	RESERVED
-CVE-2022-4927
-	RESERVED
-CVE-2021-4329
-	RESERVED
+CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...)
+	TODO: check
+CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been declare ...)
+	TODO: check
+CVE-2022-4927 (A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and clas ...)
+	TODO: check
+CVE-2021-4329 (A vulnerability, which was classified as critical, has been found in j ...)
+	TODO: check
 CVE-2015-10088 (A vulnerability, which was classified as critical, was found in ayttm  ...)
 	- ayttm <removed>
 	NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046
@@ -249,7 +685,7 @@ CVE-2008-10003 (A vulnerability was found in iGamingModules flashgames 1.1.0. It
 	NOT-FOR-US: iGamingModules flashgames
 CVE-2008-10002 (A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and cla ...)
 	NOT-FOR-US: cfire24 ajaxlife
-CVE-2023-27560 (Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop w ...)
+CVE-2023-27560 (Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loo ...)
 	- php-phpseclib3 <unfixed> (bug #1032371)
 	NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/0398f7a81550a487170edca0ed39f360d4509e83 (3.0.0)
 	NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440
@@ -2781,8 +3217,8 @@ CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce S
 	NOT-FOR-US: SourceCodester Moosikay E-Commerce System
 CVE-2023-26511
 	RESERVED
-CVE-2023-26510
-	RESERVED
+CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft  ...)
+	TODO: check
 CVE-2023-26509
 	RESERVED
 CVE-2023-26508
@@ -3833,18 +4269,18 @@ CVE-2023-26113
 	RESERVED
 CVE-2023-26112
 	RESERVED
-CVE-2023-26111
-	RESERVED
+CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...)
+	TODO: check
 CVE-2023-26110
 	RESERVED
 CVE-2023-26109
 	RESERVED
-CVE-2023-26108
-	RESERVED
-CVE-2023-26107
-	RESERVED
-CVE-2023-26106
-	RESERVED
+CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...)
+	TODO: check
+CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...)
+	TODO: check
+CVE-2023-26106 (All versions of the package dot-lens are vulnerable to Prototype Pollu ...)
+	TODO: check
 CVE-2023-26105 (All versions of the package utilities are vulnerable to Prototype Poll ...)
 	NOT-FOR-US: mde JavaScript utilities
 CVE-2023-26104 (All versions of the package lite-web-server are vulnerable to Denial o ...)
@@ -4281,10 +4717,10 @@ CVE-2023-25957
 	RESERVED
 CVE-2023-25956 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
 	NOT-FOR-US: Apache Airflow AWS Provider
-CVE-2023-25077
-	RESERVED
-CVE-2023-22838
-	RESERVED
+CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key Settings of E ...)
+	TODO: check
+CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and Product  ...)
+	TODO: check
 CVE-2023-0896
 	RESERVED
 CVE-2023-0895 (The WP Coder – add custom html, css and js code plugin for WordP ...)
@@ -5070,7 +5506,7 @@ CVE-2023-25720
 	RESERVED
 CVE-2023-25719 (ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect ...)
 	NOT-FOR-US: ConnectWise
-CVE-2023-25718 (The cryptographic code signing process and controls on ConnectWise Con ...)
+CVE-2023-25718 (In ConnectWise Control through 22.9.10032 (formerly known as ScreenCon ...)
 	NOT-FOR-US: ConnectWise
 CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an ...)
 	NOT-FOR-US: Ruckus Wireless Admin
@@ -5625,8 +6061,8 @@ CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag
 	NOT-FOR-US: Wallabag
 CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...)
 	NOT-FOR-US: Wallabag
-CVE-2023-0734
-	RESERVED
+CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
+	TODO: check
 CVE-2023-0733
 	RESERVED
 CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
@@ -13417,12 +13853,12 @@ CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared
 	NOT-FOR-US: HealthMateWeb
 CVE-2010-10004 (A vulnerability was found in Information Cards Module and classified a ...)
 	NOT-FOR-US: Information Cards Module
-CVE-2023-22858
-	RESERVED
-CVE-2023-22857
-	RESERVED
-CVE-2023-22856
-	RESERVED
+CVE-2023-22858 (An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, al ...)
+	TODO: check
+CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
+	TODO: check
+CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
+	TODO: check
 CVE-2023-0117
 	RESERVED
 CVE-2023-0116
@@ -15586,22 +16022,22 @@ CVE-2022-XXXX [RUSTSEC-2022-0074]
 	- rust-prettytable-rs <unfixed> (bug #1027282)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html
 	NOTE: https://github.com/phsym/prettytable-rs/issues/145
-CVE-2023-22438
-	RESERVED
-CVE-2023-22432
-	RESERVED
+CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 ...)
+	TODO: check
+CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to 2.23.1. ...)
+	TODO: check
 CVE-2023-22429
 	RESERVED
 CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching function  ...)
 	NOT-FOR-US: SHIRASAGI
 CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...)
 	NOT-FOR-US: SHIRASAGI
-CVE-2023-22424
-	RESERVED
-CVE-2023-22421
-	RESERVED
-CVE-2023-22419
-	RESERVED
+CVE-2023-22424 (Use-after-free vulnerability exists in Kostac PLC Programming Software ...)
+	TODO: check
+CVE-2023-22421 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
+	TODO: check
+CVE-2023-22419 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
+	TODO: check
 CVE-2023-22377 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
 	NOT-FOR-US: tsClinical
 CVE-2023-22376 (** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnera ...)
@@ -15632,12 +16068,12 @@ CVE-2023-22346 (Out-of-bound read vulnerability exists in Screen Creator Advance
 	NOT-FOR-US: Screen Creator Advance
 CVE-2023-22345 (Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ve ...)
 	NOT-FOR-US: Screen Creator Advance
-CVE-2023-22344
-	RESERVED
-CVE-2023-22336
-	RESERVED
-CVE-2023-22335
-	RESERVED
+CVE-2023-22344 (Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and e ...)
+	TODO: check
+CVE-2023-22336 (Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Raku ...)
+	TODO: check
+CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier ...)
+	TODO: check
 CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...)
 	NOT-FOR-US: EasyMail
 CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
@@ -26616,8 +27052,8 @@ CVE-2022-44877 (login/index.php in CWP (aka Control Web Panel or CentOS Web Pane
 	NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel)
 CVE-2022-44876
 	RESERVED
-CVE-2022-44875
-	RESERVED
+CVE-2022-44875 (KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.All ...)
+	TODO: check
 CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered t ...)
 	NOT-FOR-US: wasm3
 CVE-2022-44873



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d04009ecf82cef3a836dae069af8a92c1be501ac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d04009ecf82cef3a836dae069af8a92c1be501ac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230306/5c6f0ce9/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list