[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 6 08:10:34 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d04009ec by security tracker role at 2023-03-06T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,440 @@
-CVE-2023-27635
+CVE-2023-27849
+ RESERVED
+CVE-2023-27848
+ RESERVED
+CVE-2023-27847
+ RESERVED
+CVE-2023-27846
+ RESERVED
+CVE-2023-27845
+ RESERVED
+CVE-2023-27844
+ RESERVED
+CVE-2023-27843
+ RESERVED
+CVE-2023-27842
+ RESERVED
+CVE-2023-27841
+ RESERVED
+CVE-2023-27840
+ RESERVED
+CVE-2023-27839
+ RESERVED
+CVE-2023-27838
+ RESERVED
+CVE-2023-27837
+ RESERVED
+CVE-2023-27836
+ RESERVED
+CVE-2023-27835
+ RESERVED
+CVE-2023-27834
+ RESERVED
+CVE-2023-27833
+ RESERVED
+CVE-2023-27832
+ RESERVED
+CVE-2023-27831
+ RESERVED
+CVE-2023-27830
+ RESERVED
+CVE-2023-27829
+ RESERVED
+CVE-2023-27828
+ RESERVED
+CVE-2023-27827
+ RESERVED
+CVE-2023-27826
+ RESERVED
+CVE-2023-27825
+ RESERVED
+CVE-2023-27824
+ RESERVED
+CVE-2023-27823
+ RESERVED
+CVE-2023-27822
+ RESERVED
+CVE-2023-27821
+ RESERVED
+CVE-2023-27820
+ RESERVED
+CVE-2023-27819
+ RESERVED
+CVE-2023-27818
+ RESERVED
+CVE-2023-27817
+ RESERVED
+CVE-2023-27816
+ RESERVED
+CVE-2023-27815
+ RESERVED
+CVE-2023-27814
+ RESERVED
+CVE-2023-27813
+ RESERVED
+CVE-2023-27812
+ RESERVED
+CVE-2023-27811
+ RESERVED
+CVE-2023-27810
+ RESERVED
+CVE-2023-27809
+ RESERVED
+CVE-2023-27808
+ RESERVED
+CVE-2023-27807
+ RESERVED
+CVE-2023-27806
+ RESERVED
+CVE-2023-27805
+ RESERVED
+CVE-2023-27804
+ RESERVED
+CVE-2023-27803
+ RESERVED
+CVE-2023-27802
+ RESERVED
+CVE-2023-27801
+ RESERVED
+CVE-2023-27800
+ RESERVED
+CVE-2023-27799
+ RESERVED
+CVE-2023-27798
+ RESERVED
+CVE-2023-27797
+ RESERVED
+CVE-2023-27796
+ RESERVED
+CVE-2023-27795
+ RESERVED
+CVE-2023-27794
+ RESERVED
+CVE-2023-27793
+ RESERVED
+CVE-2023-27792
+ RESERVED
+CVE-2023-27791
+ RESERVED
+CVE-2023-27790
+ RESERVED
+CVE-2023-27789
+ RESERVED
+CVE-2023-27788
+ RESERVED
+CVE-2023-27787
+ RESERVED
+CVE-2023-27786
+ RESERVED
+CVE-2023-27785
+ RESERVED
+CVE-2023-27784
+ RESERVED
+CVE-2023-27783
+ RESERVED
+CVE-2023-27782
+ RESERVED
+CVE-2023-27781
+ RESERVED
+CVE-2023-27780
+ RESERVED
+CVE-2023-27779
+ RESERVED
+CVE-2023-27778
+ RESERVED
+CVE-2023-27777
+ RESERVED
+CVE-2023-27776
+ RESERVED
+CVE-2023-27775
+ RESERVED
+CVE-2023-27774
+ RESERVED
+CVE-2023-27773
+ RESERVED
+CVE-2023-27772
+ RESERVED
+CVE-2023-27771
+ RESERVED
+CVE-2023-27770
+ RESERVED
+CVE-2023-27769
+ RESERVED
+CVE-2023-27768
+ RESERVED
+CVE-2023-27767
+ RESERVED
+CVE-2023-27766
+ RESERVED
+CVE-2023-27765
+ RESERVED
+CVE-2023-27764
+ RESERVED
+CVE-2023-27763
+ RESERVED
+CVE-2023-27762
+ RESERVED
+CVE-2023-27761
+ RESERVED
+CVE-2023-27760
+ RESERVED
+CVE-2023-27759
+ RESERVED
+CVE-2023-27758
+ RESERVED
+CVE-2023-27757
+ RESERVED
+CVE-2023-27756
+ RESERVED
+CVE-2023-27755
+ RESERVED
+CVE-2023-27754
+ RESERVED
+CVE-2023-27753
+ RESERVED
+CVE-2023-27752
+ RESERVED
+CVE-2023-27751
+ RESERVED
+CVE-2023-27750
+ RESERVED
+CVE-2023-27749
+ RESERVED
+CVE-2023-27748
+ RESERVED
+CVE-2023-27747
+ RESERVED
+CVE-2023-27746
+ RESERVED
+CVE-2023-27745
+ RESERVED
+CVE-2023-27744
+ RESERVED
+CVE-2023-27743
+ RESERVED
+CVE-2023-27742
+ RESERVED
+CVE-2023-27741
+ RESERVED
+CVE-2023-27740
+ RESERVED
+CVE-2023-27739
+ RESERVED
+CVE-2023-27738
+ RESERVED
+CVE-2023-27737
+ RESERVED
+CVE-2023-27736
+ RESERVED
+CVE-2023-27735
+ RESERVED
+CVE-2023-27734
+ RESERVED
+CVE-2023-27733
+ RESERVED
+CVE-2023-27732
+ RESERVED
+CVE-2023-27731
+ RESERVED
+CVE-2023-27730
+ RESERVED
+CVE-2023-27729
+ RESERVED
+CVE-2023-27728
+ RESERVED
+CVE-2023-27727
+ RESERVED
+CVE-2023-27726
+ RESERVED
+CVE-2023-27725
+ RESERVED
+CVE-2023-27724
+ RESERVED
+CVE-2023-27723
+ RESERVED
+CVE-2023-27722
+ RESERVED
+CVE-2023-27721
+ RESERVED
+CVE-2023-27720
+ RESERVED
+CVE-2023-27719
+ RESERVED
+CVE-2023-27718
+ RESERVED
+CVE-2023-27717
+ RESERVED
+CVE-2023-27716
+ RESERVED
+CVE-2023-27715
+ RESERVED
+CVE-2023-27714
+ RESERVED
+CVE-2023-27713
+ RESERVED
+CVE-2023-27712
+ RESERVED
+CVE-2023-27711
+ RESERVED
+CVE-2023-27710
+ RESERVED
+CVE-2023-27709
+ RESERVED
+CVE-2023-27708
+ RESERVED
+CVE-2023-27707
+ RESERVED
+CVE-2023-27706
+ RESERVED
+CVE-2023-27705
+ RESERVED
+CVE-2023-27704
+ RESERVED
+CVE-2023-27703
+ RESERVED
+CVE-2023-27702
+ RESERVED
+CVE-2023-27701
+ RESERVED
+CVE-2023-27700
+ RESERVED
+CVE-2023-27699
+ RESERVED
+CVE-2023-27698
+ RESERVED
+CVE-2023-27697
+ RESERVED
+CVE-2023-27696
+ RESERVED
+CVE-2023-27695
+ RESERVED
+CVE-2023-27694
+ RESERVED
+CVE-2023-27693
+ RESERVED
+CVE-2023-27692
+ RESERVED
+CVE-2023-27691
+ RESERVED
+CVE-2023-27690
+ RESERVED
+CVE-2023-27689
+ RESERVED
+CVE-2023-27688
+ RESERVED
+CVE-2023-27687
+ RESERVED
+CVE-2023-27686
+ RESERVED
+CVE-2023-27685
+ RESERVED
+CVE-2023-27684
+ RESERVED
+CVE-2023-27683
+ RESERVED
+CVE-2023-27682
+ RESERVED
+CVE-2023-27681
+ RESERVED
+CVE-2023-27680
+ RESERVED
+CVE-2023-27679
+ RESERVED
+CVE-2023-27678
+ RESERVED
+CVE-2023-27677
+ RESERVED
+CVE-2023-27676
+ RESERVED
+CVE-2023-27675
+ RESERVED
+CVE-2023-27674
+ RESERVED
+CVE-2023-27673
+ RESERVED
+CVE-2023-27672
+ RESERVED
+CVE-2023-27671
+ RESERVED
+CVE-2023-27670
+ RESERVED
+CVE-2023-27669
+ RESERVED
+CVE-2023-27668
+ RESERVED
+CVE-2023-27667
+ RESERVED
+CVE-2023-27666
+ RESERVED
+CVE-2023-27665
+ RESERVED
+CVE-2023-27664
+ RESERVED
+CVE-2023-27663
+ RESERVED
+CVE-2023-27662
+ RESERVED
+CVE-2023-27661
+ RESERVED
+CVE-2023-27660
+ RESERVED
+CVE-2023-27659
+ RESERVED
+CVE-2023-27658
+ RESERVED
+CVE-2023-27657
+ RESERVED
+CVE-2023-27656
+ RESERVED
+CVE-2023-27655
+ RESERVED
+CVE-2023-27654
+ RESERVED
+CVE-2023-27653
+ RESERVED
+CVE-2023-27652
+ RESERVED
+CVE-2023-27651
+ RESERVED
+CVE-2023-27650
+ RESERVED
+CVE-2023-27649
+ RESERVED
+CVE-2023-27648
+ RESERVED
+CVE-2023-27647
+ RESERVED
+CVE-2023-27646
+ RESERVED
+CVE-2023-27645
+ RESERVED
+CVE-2023-27644
+ RESERVED
+CVE-2023-27643
+ RESERVED
+CVE-2023-27642
+ RESERVED
+CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...)
+ TODO: check
+CVE-2023-27640
+ RESERVED
+CVE-2023-27639
+ RESERVED
+CVE-2023-27638
+ RESERVED
+CVE-2023-27637
+ RESERVED
+CVE-2023-27636
+ RESERVED
+CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-1183
+ RESERVED
+CVE-2023-1182
+ RESERVED
+CVE-2022-48364
+ RESERVED
+CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary ...)
- debian-goodies <unfixed> (bug #1031267)
[bullseye] - debian-goodies <no-dsa> (Minor issue; user prompted before execution)
CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...)
@@ -95,18 +531,18 @@ CVE-2015-10095
RESERVED
CVE-2015-10094
RESERVED
-CVE-2015-10093
- RESERVED
-CVE-2015-10092
- RESERVED
-CVE-2015-10091
- RESERVED
-CVE-2015-10090
- RESERVED
-CVE-2014-125092
- RESERVED
-CVE-2006-10001
- RESERVED
+CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. ...)
+ TODO: check
+CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It h ...)
+ TODO: check
+CVE-2015-10091 (A vulnerability has been found in ByWater Solutions bywater-koha-xslt ...)
+ TODO: check
+CVE-2015-10090 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classi ...)
+ TODO: check
+CVE-2006-10001 (A vulnerability, which was classified as problematic, was found in Sub ...)
+ TODO: check
CVE-2023-27601
RESERVED
CVE-2023-27600
@@ -229,14 +665,14 @@ CVE-2023-1167
RESERVED
CVE-2023-1166
RESERVED
-CVE-2022-4929
- RESERVED
-CVE-2022-4928
- RESERVED
-CVE-2022-4927
- RESERVED
-CVE-2021-4329
- RESERVED
+CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...)
+ TODO: check
+CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been declare ...)
+ TODO: check
+CVE-2022-4927 (A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and clas ...)
+ TODO: check
+CVE-2021-4329 (A vulnerability, which was classified as critical, has been found in j ...)
+ TODO: check
CVE-2015-10088 (A vulnerability, which was classified as critical, was found in ayttm ...)
- ayttm <removed>
NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046
@@ -249,7 +685,7 @@ CVE-2008-10003 (A vulnerability was found in iGamingModules flashgames 1.1.0. It
NOT-FOR-US: iGamingModules flashgames
CVE-2008-10002 (A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and cla ...)
NOT-FOR-US: cfire24 ajaxlife
-CVE-2023-27560 (Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop w ...)
+CVE-2023-27560 (Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loo ...)
- php-phpseclib3 <unfixed> (bug #1032371)
NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/0398f7a81550a487170edca0ed39f360d4509e83 (3.0.0)
NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440
@@ -2781,8 +3217,8 @@ CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce S
NOT-FOR-US: SourceCodester Moosikay E-Commerce System
CVE-2023-26511
RESERVED
-CVE-2023-26510
- RESERVED
+CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft ...)
+ TODO: check
CVE-2023-26509
RESERVED
CVE-2023-26508
@@ -3833,18 +4269,18 @@ CVE-2023-26113
RESERVED
CVE-2023-26112
RESERVED
-CVE-2023-26111
- RESERVED
+CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...)
+ TODO: check
CVE-2023-26110
RESERVED
CVE-2023-26109
RESERVED
-CVE-2023-26108
- RESERVED
-CVE-2023-26107
- RESERVED
-CVE-2023-26106
- RESERVED
+CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...)
+ TODO: check
+CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...)
+ TODO: check
+CVE-2023-26106 (All versions of the package dot-lens are vulnerable to Prototype Pollu ...)
+ TODO: check
CVE-2023-26105 (All versions of the package utilities are vulnerable to Prototype Poll ...)
NOT-FOR-US: mde JavaScript utilities
CVE-2023-26104 (All versions of the package lite-web-server are vulnerable to Denial o ...)
@@ -4281,10 +4717,10 @@ CVE-2023-25957
RESERVED
CVE-2023-25956 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
NOT-FOR-US: Apache Airflow AWS Provider
-CVE-2023-25077
- RESERVED
-CVE-2023-22838
- RESERVED
+CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key Settings of E ...)
+ TODO: check
+CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and Product ...)
+ TODO: check
CVE-2023-0896
RESERVED
CVE-2023-0895 (The WP Coder – add custom html, css and js code plugin for WordP ...)
@@ -5070,7 +5506,7 @@ CVE-2023-25720
RESERVED
CVE-2023-25719 (ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect ...)
NOT-FOR-US: ConnectWise
-CVE-2023-25718 (The cryptographic code signing process and controls on ConnectWise Con ...)
+CVE-2023-25718 (In ConnectWise Control through 22.9.10032 (formerly known as ScreenCon ...)
NOT-FOR-US: ConnectWise
CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an ...)
NOT-FOR-US: Ruckus Wireless Admin
@@ -5625,8 +6061,8 @@ CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag
NOT-FOR-US: Wallabag
CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...)
NOT-FOR-US: Wallabag
-CVE-2023-0734
- RESERVED
+CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...)
+ TODO: check
CVE-2023-0733
RESERVED
CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
@@ -13417,12 +13853,12 @@ CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared
NOT-FOR-US: HealthMateWeb
CVE-2010-10004 (A vulnerability was found in Information Cards Module and classified a ...)
NOT-FOR-US: Information Cards Module
-CVE-2023-22858
- RESERVED
-CVE-2023-22857
- RESERVED
-CVE-2023-22856
- RESERVED
+CVE-2023-22858 (An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, al ...)
+ TODO: check
+CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
+ TODO: check
+CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...)
+ TODO: check
CVE-2023-0117
RESERVED
CVE-2023-0116
@@ -15586,22 +16022,22 @@ CVE-2022-XXXX [RUSTSEC-2022-0074]
- rust-prettytable-rs <unfixed> (bug #1027282)
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html
NOTE: https://github.com/phsym/prettytable-rs/issues/145
-CVE-2023-22438
- RESERVED
-CVE-2023-22432
- RESERVED
+CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 ...)
+ TODO: check
+CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to 2.23.1. ...)
+ TODO: check
CVE-2023-22429
RESERVED
CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching function ...)
NOT-FOR-US: SHIRASAGI
CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...)
NOT-FOR-US: SHIRASAGI
-CVE-2023-22424
- RESERVED
-CVE-2023-22421
- RESERVED
-CVE-2023-22419
- RESERVED
+CVE-2023-22424 (Use-after-free vulnerability exists in Kostac PLC Programming Software ...)
+ TODO: check
+CVE-2023-22421 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
+ TODO: check
+CVE-2023-22419 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...)
+ TODO: check
CVE-2023-22377 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
NOT-FOR-US: tsClinical
CVE-2023-22376 (** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnera ...)
@@ -15632,12 +16068,12 @@ CVE-2023-22346 (Out-of-bound read vulnerability exists in Screen Creator Advance
NOT-FOR-US: Screen Creator Advance
CVE-2023-22345 (Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ve ...)
NOT-FOR-US: Screen Creator Advance
-CVE-2023-22344
- RESERVED
-CVE-2023-22336
- RESERVED
-CVE-2023-22335
- RESERVED
+CVE-2023-22344 (Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and e ...)
+ TODO: check
+CVE-2023-22336 (Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Raku ...)
+ TODO: check
+CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier ...)
+ TODO: check
CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...)
NOT-FOR-US: EasyMail
CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...)
@@ -26616,8 +27052,8 @@ CVE-2022-44877 (login/index.php in CWP (aka Control Web Panel or CentOS Web Pane
NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel)
CVE-2022-44876
RESERVED
-CVE-2022-44875
- RESERVED
+CVE-2022-44875 (KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.All ...)
+ TODO: check
CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered t ...)
NOT-FOR-US: wasm3
CVE-2022-44873
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d04009ecf82cef3a836dae069af8a92c1be501ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d04009ecf82cef3a836dae069af8a92c1be501ac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230306/5c6f0ce9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list