[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 7 20:10:49 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11df1906 by security tracker role at 2023-03-07T20:10:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-27905
+ RESERVED
+CVE-2023-27904
+ RESERVED
+CVE-2023-27903
+ RESERVED
+CVE-2023-27902
+ RESERVED
+CVE-2023-27901
+ RESERVED
+CVE-2023-27900
+ RESERVED
+CVE-2023-27899
+ RESERVED
+CVE-2023-27898
+ RESERVED
+CVE-2023-27897
+ RESERVED
+CVE-2023-27896
+ RESERVED
+CVE-2023-27895
+ RESERVED
+CVE-2023-27894
+ RESERVED
+CVE-2023-27893
+ RESERVED
+CVE-2023-1258
+ RESERVED
+CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series device ...)
+ TODO: check
+CVE-2023-1256
+ RESERVED
+CVE-2023-1255
+ RESERVED
+CVE-2023-1254 (A vulnerability has been found in SourceCodester Health Center Patient ...)
+ TODO: check
+CVE-2023-1253 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1252
+ RESERVED
+CVE-2023-1251
+ RESERVED
+CVE-2023-1250
+ RESERVED
+CVE-2023-1249
+ RESERVED
+CVE-2023-1248
+ RESERVED
+CVE-2023-1247 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
+ TODO: check
+CVE-2022-4932 (The Total Upkeep plugin for WordPress is vulnerable to information dis ...)
+ TODO: check
+CVE-2022-4931 (The BackupWordPress plugin for WordPress is vulnerable to information ...)
+ TODO: check
+CVE-2021-4333 (The WP Statistics plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2021-4332 (The Plus Addons for Elementor plugin for WordPress is vulnerable to ar ...)
+ TODO: check
+CVE-2021-4331 (The Plus Addons for Elementor plugin for WordPress is vulnerable to pr ...)
+ TODO: check
+CVE-2021-4330 (The Envato Elements & Download and Template Kit – Import plu ...)
+ TODO: check
+CVE-2020-36670 (The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disc ...)
+ TODO: check
+CVE-2020-36669 (The JetBackup – WP Backup, Migrate & Restore plugin for Word ...)
+ TODO: check
+CVE-2020-36668 (The JetBackup – WP Backup, Migrate & Restore plugin for Word ...)
+ TODO: check
+CVE-2020-36667 (The JetBackup – WP Backup, Migrate & Restore plugin for Word ...)
+ TODO: check
CVE-2023-27892
RESERVED
CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application authorization fr ...)
@@ -62,24 +132,24 @@ CVE-2023-24465
RESERVED
CVE-2023-1246
RESERVED
-CVE-2023-1245
- RESERVED
-CVE-2023-1244
- RESERVED
-CVE-2023-1243
- RESERVED
-CVE-2023-1242
- RESERVED
-CVE-2023-1241
- RESERVED
-CVE-2023-1240
- RESERVED
-CVE-2023-1239
- RESERVED
-CVE-2023-1238
- RESERVED
-CVE-2023-1237
- RESERVED
+CVE-2023-1245 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1244 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1243 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1242 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1241 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1240 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1239 (Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/ ...)
+ TODO: check
+CVE-2023-1238 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1237 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
CVE-2023-1236
RESERVED
CVE-2023-1235
@@ -1002,8 +1072,7 @@ CVE-2023-27524
RESERVED
CVE-2023-27523
RESERVED
-CVE-2023-27522
- RESERVED
+CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...)
- apache2 <unfixed> (bug #1032476)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/2
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-27522
@@ -1132,14 +1201,14 @@ CVE-2023-27480
RESERVED
CVE-2023-27479
RESERVED
-CVE-2023-27478
- RESERVED
+CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and tools ...)
+ TODO: check
CVE-2023-27477
RESERVED
CVE-2023-27476
RESERVED
-CVE-2023-27475
- RESERVED
+CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the go langu ...)
+ TODO: check
CVE-2023-27474 (Directus is a real-time API and App dashboard for managing SQL databas ...)
NOT-FOR-US: Directus
CVE-2023-27473
@@ -2406,12 +2475,12 @@ CVE-2023-26957
RESERVED
CVE-2023-26956
RESERVED
-CVE-2023-26955
- RESERVED
-CVE-2023-26954
- RESERVED
-CVE-2023-26953
- RESERVED
+CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
+ TODO: check
+CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
+ TODO: check
+CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
+ TODO: check
CVE-2023-26952
RESERVED
CVE-2023-26951
@@ -3290,8 +3359,8 @@ CVE-2022-48346
RESERVED
CVE-2020-36662
RESERVED
-CVE-2015-10087
- RESERVED
+CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...)
+ TODO: check
CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...)
NOT-FOR-US: OpenCycleCompass
CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...)
@@ -5908,8 +5977,7 @@ CVE-2021-4316
RESERVED
CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rat ...)
NOT-FOR-US: juju2143 WalrusIRC
-CVE-2023-25690
- RESERVED
+CVE-2023-25690 (Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 thr ...)
- apache2 <unfixed> (bug #1032476)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690
@@ -6200,8 +6268,8 @@ CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wr
NOT-FOR-US: PTC
CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...)
NOT-FOR-US: dimtion Shaarlier
-CVE-2023-25611
- RESERVED
+CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vulnerabil ...)
+ TODO: check
CVE-2023-25610
RESERVED
CVE-2023-25609
@@ -6212,8 +6280,8 @@ CVE-2023-25607
RESERVED
CVE-2023-25606
RESERVED
-CVE-2023-25605
- RESERVED
+CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - ...)
+ TODO: check
CVE-2023-25604
RESERVED
CVE-2023-25603
@@ -7163,8 +7231,8 @@ CVE-2023-25232
RESERVED
CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...)
NOT-FOR-US: Tenda
-CVE-2023-25230
- RESERVED
+CVE-2023-25230 (loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). ...)
+ TODO: check
CVE-2023-25229
RESERVED
CVE-2023-25228
@@ -7177,8 +7245,8 @@ CVE-2023-25225
RESERVED
CVE-2023-25224
RESERVED
-CVE-2023-25223
- RESERVED
+CVE-2023-25223 (CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/li ...)
+ TODO: check
CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12 ...)
- libredwg <itp> (bug #595191)
CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vuln ...)
@@ -8419,8 +8487,8 @@ CVE-2023-24783
RESERVED
CVE-2023-24782
RESERVED
-CVE-2023-24781
- RESERVED
+CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
CVE-2023-24780
RESERVED
CVE-2023-24779
@@ -8431,8 +8499,8 @@ CVE-2023-24777
RESERVED
CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...)
NOT-FOR-US: Funadmin
-CVE-2023-24775
- RESERVED
+CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
CVE-2023-24774
RESERVED
CVE-2023-24773
@@ -11111,8 +11179,8 @@ CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb ver
NOT-FOR-US: FortiGuard
CVE-2023-23777
RESERVED
-CVE-2023-23776
- RESERVED
+CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
+ TODO: check
CVE-2023-23775
RESERVED
CVE-2023-23549
@@ -23355,8 +23423,8 @@ CVE-2022-46259
RESERVED
CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
NOT-FOR-US: GitHub Enterprise Server
-CVE-2022-46257
- RESERVED
+CVE-2022-46257 (An information disclosure vulnerability was identified in GitHub Enter ...)
+ TODO: check
CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2022-46255 (An improper limitation of a pathname to a restricted directory vulnera ...)
@@ -24323,8 +24391,8 @@ CVE-2022-45863
RESERVED
CVE-2022-45862
RESERVED
-CVE-2022-45861
- RESERVED
+CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL ...)
+ TODO: check
CVE-2022-45860
RESERVED
CVE-2022-45859
@@ -29668,8 +29736,8 @@ CVE-2022-44420
RESERVED
CVE-2022-44419
RESERVED
-CVE-2022-3760
- RESERVED
+CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2022-3758
@@ -36589,8 +36657,8 @@ CVE-2022-42478
RESERVED
CVE-2022-42477
RESERVED
-CVE-2022-42476
- RESERVED
+CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
+ TODO: check
CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VP ...)
NOT-FOR-US: FortiOS SSL-VPN
CVE-2022-42474
@@ -39742,18 +39810,18 @@ CVE-2022-41335 (A relative path traversal vulnerability [CWE-23] in Fortinet For
NOT-FOR-US: Fortinet
CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...)
NOT-FOR-US: Fortinet
-CVE-2022-41333
- RESERVED
+CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400] in FortiR ...)
+ TODO: check
CVE-2022-41332
RESERVED
CVE-2022-41331
RESERVED
CVE-2022-41330
RESERVED
-CVE-2022-41329
- RESERVED
-CVE-2022-41328
- RESERVED
+CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ TODO: check
+CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...)
+ TODO: check
CVE-2022-41327
RESERVED
CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...)
@@ -41320,8 +41388,8 @@ CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC ver
NOT-FOR-US: Fortinet
CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...)
NOT-FOR-US: Fortinet
-CVE-2022-40676
- RESERVED
+CVE-2022-40676 (A improper neutralization of input during web page generation ('cross- ...)
+ TODO: check
CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through ...)
NOT-FOR-US: Fortinet
CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
@@ -43159,12 +43227,12 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a parti
NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...)
NOT-FOR-US: Fortinet
-CVE-2022-39953
- RESERVED
+CVE-2022-39953 (A improper privilege management in Fortinet FortiNAC version 9.4.0 thr ...)
+ TODO: check
CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions ...)
NOT-FOR-US: Fortinet
-CVE-2022-39951
- RESERVED
+CVE-2022-39951 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...)
@@ -78340,8 +78408,8 @@ CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code e
NOT-FOR-US: WhatsApp
CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...)
NOT-FOR-US: FortiGuard
-CVE-2022-27490
- RESERVED
+CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
+ TODO: check
CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-27488
@@ -95295,8 +95363,8 @@ CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line inte
NOT-FOR-US: FortiNet
CVE-2022-22298
RESERVED
-CVE-2022-22297
- RESERVED
+CVE-2022-22297 (An incomplete filtering of one or more instances of special elements v ...)
+ TODO: check
CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...)
NOT-FOR-US: Sourcecodester
CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
@@ -102287,10 +102355,10 @@ CVE-2021-44199 (DLL hijacking could lead to denial of service. The following pro
NOT-FOR-US: Acronis
CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...)
NOT-FOR-US: Acronis
-CVE-2021-44197
- RESERVED
-CVE-2021-44196
- RESERVED
+CVE-2021-44197 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2021-44196 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...)
NOT-FOR-US: Rapid7 Insight Agent
CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11df1906e1d62624c205aa5fb2c175bf36f3452a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11df1906e1d62624c205aa5fb2c175bf36f3452a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230307/41cd1314/attachment.htm>
More information about the debian-security-tracker-commits
mailing list