[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 11 08:10:23 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7a6eb6fe by security tracker role at 2023-03-11T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-28143
+ RESERVED
+CVE-2023-28142
+ RESERVED
+CVE-2023-28141
+ RESERVED
+CVE-2023-28140
+ RESERVED
+CVE-2023-28139
+ RESERVED
+CVE-2023-28138
+ RESERVED
+CVE-2023-28137
+ RESERVED
+CVE-2023-28136
+ RESERVED
+CVE-2023-28135
+ RESERVED
+CVE-2023-28134
+ RESERVED
+CVE-2023-28133
+ RESERVED
+CVE-2023-28132
+ RESERVED
+CVE-2023-28131
+ RESERVED
+CVE-2023-28130
+ RESERVED
+CVE-2023-28129
+ RESERVED
+CVE-2023-28128
+ RESERVED
+CVE-2023-28127
+ RESERVED
+CVE-2023-28126
+ RESERVED
+CVE-2023-28125
+ RESERVED
+CVE-2023-28124
+ RESERVED
+CVE-2023-28123
+ RESERVED
+CVE-2023-28122
+ RESERVED
+CVE-2023-28121
+ RESERVED
+CVE-2023-28120
+ RESERVED
+CVE-2023-1348
+ RESERVED
+CVE-2023-1347
+ RESERVED
CVE-2023-28119
RESERVED
CVE-2023-28118
@@ -186,30 +238,30 @@ CVE-2023-28027
RESERVED
CVE-2023-28026
RESERVED
-CVE-2023-1346
- RESERVED
-CVE-2023-1345
- RESERVED
-CVE-2023-1344
- RESERVED
-CVE-2023-1343
- RESERVED
-CVE-2023-1342
- RESERVED
-CVE-2023-1341
- RESERVED
-CVE-2023-1340
- RESERVED
-CVE-2023-1339
- RESERVED
-CVE-2023-1338
- RESERVED
-CVE-2023-1337
- RESERVED
-CVE-2023-1336
- RESERVED
-CVE-2023-1335
- RESERVED
+CVE-2023-1346 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1345 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1344 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1343 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1342 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1341 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1340 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1339 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1338 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1337 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1336 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2023-1335 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
+ TODO: check
CVE-2023-1334 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress
CVE-2023-1333 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
@@ -766,8 +818,8 @@ CVE-2023-25076
RESERVED
CVE-2023-24465 (Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior vers ...)
TODO: check
-CVE-2023-1246
- RESERVED
+CVE-2023-1246 (Files or Directories Accessible to External Parties vulnerability in S ...)
+ TODO: check
CVE-2023-1245 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
NOT-FOR-US: Answer
CVE-2023-1244 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
@@ -918,8 +970,8 @@ CVE-2023-1200 (A vulnerability was found in ehuacui bbs. It has been declared as
NOT-FOR-US: ehuacui bbs
CVE-2023-1199
RESERVED
-CVE-2023-1198
- RESERVED
+CVE-2023-1198 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...)
NOT-FOR-US: UVdesk
CVE-2023-1196
@@ -1561,8 +1613,8 @@ CVE-2023-27579
RESERVED
CVE-2023-27578
RESERVED
-CVE-2023-27577
- RESERVED
+CVE-2023-27577 (flarum is a forum software package for building communities. In versio ...)
+ TODO: check
CVE-2023-27576
RESERVED
CVE-2023-27575
@@ -1616,7 +1668,7 @@ CVE-2023-22437
CVE-2023-1174
RESERVED
CVE-2023-1173
- RESERVED
+ REJECTED
CVE-2023-1172
RESERVED
CVE-2023-1171
@@ -1743,12 +1795,11 @@ CVE-2023-27534
RESERVED
CVE-2023-27533
RESERVED
-CVE-2023-27532
- RESERVED
+CVE-2023-27532 (Vulnerability in Veeam Backup & Replication component allows encry ...)
+ TODO: check
CVE-2023-27531
RESERVED
-CVE-2023-27530
- RESERVED
+CVE-2023-27530 (A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2. ...)
- ruby-rack <unfixed>
NOTE: https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388
NOTE: https://github.com/rack/rack/commit/8e8869d625e73e16b576b6d31b50208e9ec8002f (main)
@@ -8625,8 +8676,8 @@ CVE-2023-0620
RESERVED
CVE-2023-25000
RESERVED
-CVE-2023-24999
- RESERVED
+CVE-2023-24999 (HashiCorp Vault and Vault Enterprise’s approle auth method allow ...)
+ TODO: check
CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
- libcommons-fileupload-java 1.4-2 (bug #1031733)
[bullseye] - libcommons-fileupload-java <no-dsa> (Minor issue)
@@ -8704,8 +8755,8 @@ CVE-2023-24977 (Out-of-bounds Read vulnerability in Apache Software Foundation A
NOT-FOR-US: Apache InLong
CVE-2023-24976
RESERVED
-CVE-2023-24975
- RESERVED
+CVE-2023-24975 (IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caus ...)
+ TODO: check
CVE-2023-24974
RESERVED
CVE-2023-24973
@@ -11597,8 +11648,8 @@ CVE-2023-23913
RESERVED
CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...)
NOT-FOR-US: EdgeRouters
-CVE-2023-23911
- RESERVED
+CVE-2023-23911 (An improper access control vulnerability exists prior to v6 that could ...)
+ TODO: check
CVE-2023-23900
RESERVED
CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extension ...)
@@ -13458,12 +13509,12 @@ CVE-2023-23330
RESERVED
CVE-2023-23329
RESERVED
-CVE-2023-23328
- RESERVED
-CVE-2023-23327
- RESERVED
-CVE-2023-23326
- RESERVED
+CVE-2023-23328 (A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated ...)
+ TODO: check
+CVE-2023-23327 (An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Back ...)
+ TODO: check
+CVE-2023-23326 (A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3 ...)
+ TODO: check
CVE-2023-23325
RESERVED
CVE-2023-23324
@@ -14431,8 +14482,7 @@ CVE-2023-0195
RESERVED
CVE-2023-0194
RESERVED
-CVE-2023-0193
- RESERVED
+CVE-2023-0193 (NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a ...)
- nvidia-cuda-toolkit <unfixed> (bug #1032668)
[bullseye] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446
@@ -23161,7 +23211,8 @@ CVE-2022-46466
RESERVED
CVE-2022-46465
RESERVED
-CVE-2022-46464 (ConcreteCMS v9.1.3 was discovered to be vulnerable to Xpath injection ...)
+CVE-2022-46464
+ REJECTED
NOT-FOR-US: ConcreteCMS
CVE-2022-46463 (** DISPUTED ** An access control issue in Harbor v1.X.X to v2.5.3 allo ...)
NOT-FOR-US: Harbor
@@ -30023,8 +30074,8 @@ CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-44575 (A vulnerability has been identified in PLM Help Server V4.2 (All versi ...)
NOT-FOR-US: Siemens
-CVE-2022-44574
- RESERVED
+CVE-2022-44574 (An improper authentication vulnerability exists in Avalanche version 6 ...)
+ TODO: check
CVE-2022-44573
RESERVED
CVE-2022-44572 (A denial of service vulnerability in the multipart parsing component o ...)
@@ -33384,8 +33435,8 @@ CVE-2022-43904
RESERVED
CVE-2022-43903
RESERVED
-CVE-2022-43902
- RESERVED
+CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial ...)
+ TODO: check
CVE-2022-43901 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 coul ...)
NOT-FOR-US: IBM
CVE-2022-43900 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 coul ...)
@@ -34840,7 +34891,7 @@ CVE-2022-3592 (A symlink following vulnerability was found in Samba, where a use
- samba <not-affected> (Vulnerable code only in 4.17.0 and later)
NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html
CVE-2022-43399
- RESERVED
+ REJECTED
CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
NOT-FOR-US: Siemens
CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All versions & ...)
@@ -68630,7 +68681,7 @@ CVE-2022-31000 (solidus_backend is the admin interface for the Solidus e-commerc
CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file uploads ...)
NOT-FOR-US: FriendsofFlarum
CVE-2022-30996
- RESERVED
+ REJECTED
CVE-2022-30995
RESERVED
CVE-2022-30994 (Cleartext transmission of sensitive information. The following product ...)
@@ -107458,8 +107509,8 @@ CVE-2022-20931
RESERVED
CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
NOT-FOR-US: Cisco
-CVE-2022-20929
- RESERVED
+CVE-2022-20929 (A vulnerability in the upgrade signature verification of Cisco Enterpr ...)
+ TODO: check
CVE-2022-20928 (A vulnerability in the authentication and authorization flows for VPN ...)
NOT-FOR-US: Cisco
CVE-2022-20927 (A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appli ...)
@@ -230704,7 +230755,7 @@ CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular
NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226
CVE-2020-7732
RESERVED
-CVE-2020-7731 (This affects all versions of package github.com/russellhaering/gosaml2 ...)
+CVE-2020-7731 (This affects all versions <0.7.0 of package github.com/russellhaeri ...)
- golang-github-russellhaering-gosaml2 <itp> (bug #948190)
NOTE: https://github.com/russellhaering/gosaml2/issues/59
NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
@@ -238017,8 +238068,8 @@ CVE-2020-5004 (IBM Jazz Foundation products are vulnerable to cross-site scripti
NOT-FOR-US: IBM
CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML Extern ...)
NOT-FOR-US: IBM
-CVE-2020-5002
- RESERVED
+CVE-2020-5002 (IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an ...)
+ TODO: check
CVE-2020-5001 (IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a re ...)
NOT-FOR-US: IBM
CVE-2020-5000 (IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a6eb6fecf411e7eb50e83a039657ebd2ff393c0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a6eb6fecf411e7eb50e83a039657ebd2ff393c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230311/39907ce2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list