[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 10 08:10:33 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cee50d32 by security tracker role at 2023-03-10T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-28025
+ RESERVED
+CVE-2023-28024
+ RESERVED
+CVE-2023-28023
+ RESERVED
+CVE-2023-28022
+ RESERVED
+CVE-2023-28021
+ RESERVED
+CVE-2023-28020
+ RESERVED
+CVE-2023-28019
+ RESERVED
+CVE-2023-28018
+ RESERVED
+CVE-2023-28017
+ RESERVED
+CVE-2023-28016
+ RESERVED
+CVE-2023-28015
+ RESERVED
+CVE-2023-28014
+ RESERVED
+CVE-2023-28013
+ RESERVED
+CVE-2023-28012
+ RESERVED
+CVE-2023-28011
+ RESERVED
+CVE-2023-28010
+ RESERVED
+CVE-2023-28009
+ RESERVED
+CVE-2023-28008
+ RESERVED
+CVE-2023-28007
+ RESERVED
+CVE-2023-28006
+ RESERVED
+CVE-2023-28005
+ RESERVED
+CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...)
+ TODO: check
+CVE-2023-1306
+ RESERVED
+CVE-2023-1305
+ RESERVED
+CVE-2023-1304
+ RESERVED
+CVE-2023-1303 (A vulnerability was found in UCMS 1.6 and classified as critical. This ...)
+ TODO: check
+CVE-2023-1302 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-1301 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-1300 (A vulnerability classified as critical was found in SourceCodester COV ...)
+ TODO: check
+CVE-2023-1299
+ RESERVED
+CVE-2023-1298
+ RESERVED
CVE-2023-28004
RESERVED
CVE-2023-28003
@@ -106,12 +168,12 @@ CVE-2023-1277 (A vulnerability, which was classified as critical, was found in k
NOT-FOR-US: kylin-system-updater
CVE-2018-25081 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wi ...)
NOT-FOR-US: Bitwarden
-CVE-2017-20182
- RESERVED
-CVE-2014-125093
- RESERVED
-CVE-2013-10020
- RESERVED
+CVE-2017-20182 (A vulnerability was found in Mobile Vikings Django AJAX Utilities up t ...)
+ TODO: check
+CVE-2014-125093 (A vulnerability has been found in Ad Blocking Detector Plugin up to 1. ...)
+ TODO: check
+CVE-2013-10020 (A vulnerability, which was classified as problematic, was found in MMD ...)
+ TODO: check
CVE-2023-27970
RESERVED
CVE-2023-27969
@@ -1538,8 +1600,8 @@ CVE-2023-27492
RESERVED
CVE-2023-27491
RESERVED
-CVE-2023-27490
- RESERVED
+CVE-2023-27490 (NextAuth.js is an open source authentication solution for Next.js appl ...)
+ TODO: check
CVE-2023-27489
RESERVED
CVE-2023-27488
@@ -1550,10 +1612,10 @@ CVE-2023-27486 (xCAT is a toolkit for deployment and administration of computer
NOT-FOR-US: xCAT
CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...)
NOT-FOR-US: thmmniii/fbs-core
-CVE-2023-27484
- RESERVED
-CVE-2023-27483
- RESERVED
+CVE-2023-27484 (crossplane-runtime is a set of go libraries used to build Kubernetes c ...)
+ TODO: check
+CVE-2023-27483 (crossplane-runtime is a set of go libraries used to build Kubernetes c ...)
+ TODO: check
CVE-2023-27482 (homeassistant is an open source home automation tool. A remotely explo ...)
- homeassistant <itp> (bug #839786)
CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -2042,8 +2104,8 @@ CVE-2023-1086
RESERVED
CVE-2023-1085
RESERVED
-CVE-2023-1084
- RESERVED
+CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
CVE-2023-1083
RESERVED
CVE-2023-1082
@@ -2176,8 +2238,8 @@ CVE-2023-1073
- linux 6.1.11-1
NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3
-CVE-2023-1072
- RESERVED
+CVE-2023-1072 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2023-1071
RESERVED
CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...)
@@ -2327,32 +2389,32 @@ CVE-2023-27216
RESERVED
CVE-2023-27215
RESERVED
-CVE-2023-27214
- RESERVED
-CVE-2023-27213
- RESERVED
-CVE-2023-27212
- RESERVED
-CVE-2023-27211
- RESERVED
-CVE-2023-27210
- RESERVED
+CVE-2023-27214 (Online Student Management System v1.0 was discovered to contain multip ...)
+ TODO: check
+CVE-2023-27213 (Online Student Management System v1.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2023-27212 (A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of ...)
+ TODO: check
+CVE-2023-27211 (A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Onl ...)
+ TODO: check
+CVE-2023-27210 (Online Pizza Ordering System 1.0 was discovered to contain a SQL injec ...)
+ TODO: check
CVE-2023-27209
RESERVED
-CVE-2023-27208
- RESERVED
-CVE-2023-27207
- RESERVED
-CVE-2023-27206
- RESERVED
-CVE-2023-27205
- RESERVED
-CVE-2023-27204
- RESERVED
-CVE-2023-27203
- RESERVED
-CVE-2023-27202
- RESERVED
+CVE-2023-27208 (A cross-site scripting (XSS) vulnerability in /php-opos/login.php of O ...)
+ TODO: check
+CVE-2023-27207 (Online Pizza Ordering System 1.0 was discovered to contain a SQL injec ...)
+ TODO: check
+CVE-2023-27206 (A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of B ...)
+ TODO: check
+CVE-2023-27205 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2023-27204 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2023-27203 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2023-27202 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2023-27201
RESERVED
CVE-2023-27200
@@ -2517,18 +2579,18 @@ CVE-2023-27121
RESERVED
CVE-2023-27120
RESERVED
-CVE-2023-27119
- RESERVED
+CVE-2023-27119 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...)
+ TODO: check
CVE-2023-27118
RESERVED
-CVE-2023-27117
- RESERVED
-CVE-2023-27116
- RESERVED
-CVE-2023-27115
- RESERVED
-CVE-2023-27114
- RESERVED
+CVE-2023-27117 (WebAssembly v1.0.29 was discovered to contain a heap overflow via the ...)
+ TODO: check
+CVE-2023-27116 (WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleT ...)
+ TODO: check
+CVE-2023-27115 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...)
+ TODO: check
+CVE-2023-27114 (radare2 v5.8.3 was discovered to contain a segmentation fault via the ...)
+ TODO: check
CVE-2023-27113
RESERVED
CVE-2023-27112
@@ -2841,8 +2903,8 @@ CVE-2023-26959
RESERVED
CVE-2023-26958
RESERVED
-CVE-2023-26957
- RESERVED
+CVE-2023-26957 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete ...)
+ TODO: check
CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
@@ -8270,12 +8332,12 @@ CVE-2023-0625
RESERVED
CVE-2023-0624 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...)
NOT-FOR-US: OrangeScrum
-CVE-2023-0623
- RESERVED
-CVE-2023-0622
- RESERVED
-CVE-2023-0621
- RESERVED
+CVE-2023-0623 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...)
+ TODO: check
+CVE-2023-0622 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...)
+ TODO: check
+CVE-2023-0621 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read ...)
+ TODO: check
CVE-2023-0620
RESERVED
CVE-2023-25000
@@ -9749,8 +9811,8 @@ CVE-2023-0485
RESERVED
CVE-2023-0484
RESERVED
-CVE-2023-0483
- RESERVED
+CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...)
- resteasy <unfixed> (bug #1031728)
- resteasy3.0 <unfixed> (bug #1031729)
@@ -13065,8 +13127,8 @@ CVE-2023-0225
RESERVED
CVE-2023-0224
RESERVED
-CVE-2023-0223
- RESERVED
+CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-4886
RESERVED
CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...)
@@ -15461,8 +15523,8 @@ CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9
NOTE: https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4 (v9.0.1144)
NOTE: Crash in CLI tool, no security impact
-CVE-2023-0050
- RESERVED
+CVE-2023-0050 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. ...)
- vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9
@@ -20231,8 +20293,8 @@ CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not val
NOT-FOR-US: WordPress plugin
CVE-2022-4463
RESERVED
-CVE-2022-4462
- RESERVED
+CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-4461
RESERVED
CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does no ...)
@@ -22034,8 +22096,8 @@ CVE-2022-4333
RESERVED
CVE-2022-4332
RESERVED
-CVE-2022-4331
- RESERVED
+CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
CVE-2022-4330 (The WP Attachments WordPress plugin through 5.0.5 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...)
@@ -22328,8 +22390,8 @@ CVE-2022-4319
CVE-2022-4318
RESERVED
- cri-o <itp> (bug #979702)
-CVE-2022-4317
- RESERVED
+CVE-2022-4317 (An issue has been discovered in GitLab DAST analyzer affecting all ver ...)
+ TODO: check
CVE-2022-4316
RESERVED
CVE-2022-4315 (An issue has been discovered in GitLab DAST analyzer affecting all ver ...)
@@ -22925,8 +22987,8 @@ CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a
NOT-FOR-US: Avast Antivirus
CVE-2022-4290
RESERVED
-CVE-2022-4289
- RESERVED
+CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-4288
RESERVED
CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...)
@@ -30039,8 +30101,7 @@ CVE-2022-3769 (The OWM Weather WordPress plugin before 5.6.9 does not properly s
NOT-FOR-US: WordPress plugin
CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3767
- RESERVED
+CVE-2022-3767 (Missing validation in DAST analyzer affecting all versions from 1.11.0 ...)
- gitlab <unfixed>
CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
NOT-FOR-US: phpmyfaq
@@ -30122,8 +30183,8 @@ CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Mia-Med
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2022-3758
- RESERVED
+CVE-2022-3758 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-44418
RESERVED
CVE-2022-44417
@@ -32708,8 +32769,8 @@ CVE-2023-20066
RESERVED
CVE-2023-20065
RESERVED
-CVE-2023-20064
- RESERVED
+CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS X ...)
+ TODO: check
CVE-2023-20063
RESERVED
CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...)
@@ -32741,8 +32802,8 @@ CVE-2023-20051
RESERVED
CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
NOT-FOR-US: Cisco
-CVE-2023-20049
- RESERVED
+CVE-2023-20049 (A vulnerability in the bidirectional forwarding detection (BFD) hardwa ...)
+ TODO: check
CVE-2023-20048
RESERVED
CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...)
@@ -38775,8 +38836,8 @@ CVE-2022-41617 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1
NOT-FOR-US: F5 BIG-IP
CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2022-3381
- RESERVED
+CVE-2022-3381 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 unserialize ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...)
@@ -131893,8 +131954,8 @@ CVE-2021-34127
RESERVED
CVE-2021-34126
RESERVED
-CVE-2021-34125
- RESERVED
+CVE-2021-34125 (An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and ...)
+ TODO: check
CVE-2021-34124
RESERVED
CVE-2021-34123
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cee50d326837af0cbd4168253e345a03946f9e63
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cee50d326837af0cbd4168253e345a03946f9e63
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230310/7c856d14/attachment.htm>
More information about the debian-security-tracker-commits
mailing list