[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 8 20:10:48 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0fffe14 by security tracker role at 2023-03-08T20:10:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2023-27970
+	RESERVED
+CVE-2023-27969
+	RESERVED
+CVE-2023-27968
+	RESERVED
+CVE-2023-27967
+	RESERVED
+CVE-2023-27966
+	RESERVED
+CVE-2023-27965
+	RESERVED
+CVE-2023-27964
+	RESERVED
+CVE-2023-27963
+	RESERVED
+CVE-2023-27962
+	RESERVED
+CVE-2023-27961
+	RESERVED
+CVE-2023-27960
+	RESERVED
+CVE-2023-27959
+	RESERVED
+CVE-2023-27958
+	RESERVED
+CVE-2023-27957
+	RESERVED
+CVE-2023-27956
+	RESERVED
+CVE-2023-27955
+	RESERVED
+CVE-2023-27954
+	RESERVED
+CVE-2023-27953
+	RESERVED
+CVE-2023-27952
+	RESERVED
+CVE-2023-27951
+	RESERVED
+CVE-2023-27950
+	RESERVED
+CVE-2023-27949
+	RESERVED
+CVE-2023-27948
+	RESERVED
+CVE-2023-27947
+	RESERVED
+CVE-2023-27946
+	RESERVED
+CVE-2023-27945
+	RESERVED
+CVE-2023-27944
+	RESERVED
+CVE-2023-27943
+	RESERVED
+CVE-2023-27942
+	RESERVED
+CVE-2023-27941
+	RESERVED
+CVE-2023-27940
+	RESERVED
+CVE-2023-27939
+	RESERVED
+CVE-2023-27938
+	RESERVED
+CVE-2023-27937
+	RESERVED
+CVE-2023-27936
+	RESERVED
+CVE-2023-27935
+	RESERVED
+CVE-2023-27934
+	RESERVED
+CVE-2023-27933
+	RESERVED
+CVE-2023-27932
+	RESERVED
+CVE-2023-27931
+	RESERVED
+CVE-2023-27930
+	RESERVED
+CVE-2023-27929
+	RESERVED
+CVE-2023-27928
+	RESERVED
+CVE-2023-1276 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2023-1274
+	RESERVED
+CVE-2023-1273
+	RESERVED
+CVE-2023-1272
+	RESERVED
+CVE-2023-1271
+	RESERVED
+CVE-2023-1270 (Command Injection in GitHub repository btcpayserver/btcpayserver prior ...)
+	TODO: check
+CVE-2023-1269 (Use of Hard-coded Credentials in GitHub repository alextselegidis/easy ...)
+	TODO: check
+CVE-2023-1268
+	RESERVED
+CVE-2023-1267 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
 CVE-2023-XXXX [emacsclient-mail.desktop Emacs Lisp code injection]
 	- emacs <unfixed> (bug #1032538)
 	[bullseye] - emacs <not-affected> (Vulnerable code not present, introduced in 28.1)
@@ -77,29 +183,21 @@ CVE-2023-1260
 	RESERVED
 CVE-2023-1259
 	RESERVED
-CVE-2023-27905
-	RESERVED
+CVE-2023-27905 (Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core ...)
 	- jenkins <removed>
-CVE-2023-27904
-	RESERVED
+CVE-2023-27904 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...)
 	- jenkins <removed>
-CVE-2023-27903
-	RESERVED
+CVE-2023-27903 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary ...)
 	- jenkins <removed>
-CVE-2023-27902
-	RESERVED
+CVE-2023-27902 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary dir ...)
 	- jenkins <removed>
-CVE-2023-27901
-	RESERVED
+CVE-2023-27901 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Com ...)
 	- jenkins <removed>
-CVE-2023-27900
-	RESERVED
+CVE-2023-27900 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Com ...)
 	- jenkins <removed>
-CVE-2023-27899
-	RESERVED
+CVE-2023-27899 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary ...)
 	- jenkins <removed>
-CVE-2023-27898
-	RESERVED
+CVE-2023-27898 (Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.37 ...)
 	- jenkins <removed>
 CVE-2023-27897
 	RESERVED
@@ -1308,8 +1406,8 @@ CVE-2023-27484
 	RESERVED
 CVE-2023-27483
 	RESERVED
-CVE-2023-27482
-	RESERVED
+CVE-2023-27482 (homeassistant is an open source home automation tool. A remotely explo ...)
+	TODO: check
 CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...)
 	NOT-FOR-US: Directus
 CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -2329,8 +2427,8 @@ CVE-2023-27090
 	RESERVED
 CVE-2023-27089
 	RESERVED
-CVE-2023-27088
-	RESERVED
+CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...)
+	TODO: check
 CVE-2023-27087
 	RESERVED
 CVE-2023-27086
@@ -2601,12 +2699,12 @@ CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site
 	NOT-FOR-US: onekeyadmin
 CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
 	NOT-FOR-US: onekeyadmin
-CVE-2023-26952
-	RESERVED
+CVE-2023-26952 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
+	TODO: check
 CVE-2023-26951
 	RESERVED
-CVE-2023-26950
-	RESERVED
+CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
+	TODO: check
 CVE-2023-26949 (An arbitrary file upload vulnerability in the component /admin1/config ...)
 	NOT-FOR-US: onekeyadmin
 CVE-2023-26948
@@ -2661,8 +2759,8 @@ CVE-2023-26924
 	RESERVED
 CVE-2023-26923
 	RESERVED
-CVE-2023-26922
-	RESERVED
+CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...)
+	TODO: check
 CVE-2023-26921
 	RESERVED
 CVE-2023-26920
@@ -4315,8 +4413,8 @@ CVE-2023-26263
 	RESERVED
 CVE-2023-26262
 	RESERVED
-CVE-2023-26261
-	RESERVED
+CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection lead ...)
+	TODO: check
 CVE-2023-26260
 	RESERVED
 CVE-2023-26259
@@ -7007,8 +7105,8 @@ CVE-2023-25397
 	RESERVED
 CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...)
 	NOT-FOR-US: Caphyon Advanced Installer
-CVE-2023-25395
-	RESERVED
+CVE-2023-25395 (TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection  ...)
+	TODO: check
 CVE-2023-25394
 	RESERVED
 CVE-2023-25393
@@ -8624,8 +8722,8 @@ CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulner
 	NOT-FOR-US: Funadmin
 CVE-2023-24774
 	RESERVED
-CVE-2023-24773
-	RESERVED
+CVE-2023-24773 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
+	TODO: check
 CVE-2023-24772
 	RESERVED
 CVE-2023-24771
@@ -11787,8 +11885,7 @@ CVE-2023-23640
 	RESERVED
 CVE-2023-23639
 	RESERVED
-CVE-2023-23638
-	RESERVED
+CVE-2023-23638 (A deserialization vulnerability existed when dubbo generic invoke, whi ...)
 	NOT-FOR-US: Apache Dubbo
 CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an  ...)
 	NOT-FOR-US: WordPress plugin
@@ -21173,7 +21270,7 @@ CVE-2022-4424
 	RESERVED
 CVE-2022-4423
 	RESERVED
-CVE-2022-4422 (This issue affects: Bulutses Bilgi Teknolojileri LTD. ŞTİ. B ...)
+CVE-2022-4422 (Call Center System developed by Bulutses Information Technologies befo ...)
 	NOT-FOR-US: BULUTDESK CALLCENTER
 CVE-2022-4421 (A vulnerability was found in rAthena FluxCP. It has been classified as ...)
 	NOT-FOR-US: rAthena FluxCP
@@ -21752,8 +21849,8 @@ CVE-2022-46754 (Wyse Management Suite 3.8 and below contain an improper access c
 	NOT-FOR-US: Wyse Management Suite
 CVE-2022-46753
 	RESERVED
-CVE-2022-46752
-	RESERVED
+CVE-2022-46752 (Dell BIOS contains an Improper Authorization vulnerability. An unauthe ...)
+	TODO: check
 CVE-2022-46751
 	RESERVED
 CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an Insecu ...)
@@ -29498,7 +29595,7 @@ CVE-2022-3794 (The Jeg Elementor Kit plugin for WordPress is vulnerable to autho
 	NOT-FOR-US: Jeg Elementor Kit plugin for WordPress
 CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all versions ...)
 	- gitlab <unfixed>
-CVE-2022-3792 (This issue affects: Terminal Operating System versions before 5.0.13 ...)
+CVE-2022-3792 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: GullsEye
 CVE-2022-3791
 	REJECTED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0fffe142154800699546435ba6cb3830b770128

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0fffe142154800699546435ba6cb3830b770128
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230308/91824a56/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list