[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 14 08:10:24 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
93b7c3c7 by security tracker role at 2023-03-14T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,291 @@
+CVE-2023-28325
+ RESERVED
+CVE-2023-28324
+ RESERVED
+CVE-2023-28323
+ RESERVED
+CVE-2023-28322
+ RESERVED
+CVE-2023-28321
+ RESERVED
+CVE-2023-28320
+ RESERVED
+CVE-2023-28319
+ RESERVED
+CVE-2023-28318
+ RESERVED
+CVE-2023-28317
+ RESERVED
+CVE-2023-28316
+ RESERVED
+CVE-2023-28315
+ RESERVED
+CVE-2023-28314
+ RESERVED
+CVE-2023-28313
+ RESERVED
+CVE-2023-28312
+ RESERVED
+CVE-2023-28311
+ RESERVED
+CVE-2023-28310
+ RESERVED
+CVE-2023-28309
+ RESERVED
+CVE-2023-28308
+ RESERVED
+CVE-2023-28307
+ RESERVED
+CVE-2023-28306
+ RESERVED
+CVE-2023-28305
+ RESERVED
+CVE-2023-28304
+ RESERVED
+CVE-2023-28303
+ RESERVED
+CVE-2023-28302
+ RESERVED
+CVE-2023-28301
+ RESERVED
+CVE-2023-28300
+ RESERVED
+CVE-2023-28299
+ RESERVED
+CVE-2023-28298
+ RESERVED
+CVE-2023-28297
+ RESERVED
+CVE-2023-28296
+ RESERVED
+CVE-2023-28295
+ RESERVED
+CVE-2023-28294
+ RESERVED
+CVE-2023-28293
+ RESERVED
+CVE-2023-28292
+ RESERVED
+CVE-2023-28291
+ RESERVED
+CVE-2023-28290
+ RESERVED
+CVE-2023-28289
+ RESERVED
+CVE-2023-28288
+ RESERVED
+CVE-2023-28287
+ RESERVED
+CVE-2023-28286
+ RESERVED
+CVE-2023-28285
+ RESERVED
+CVE-2023-28284
+ RESERVED
+CVE-2023-28283
+ RESERVED
+CVE-2023-28282
+ RESERVED
+CVE-2023-28281
+ RESERVED
+CVE-2023-28280
+ RESERVED
+CVE-2023-28279
+ RESERVED
+CVE-2023-28278
+ RESERVED
+CVE-2023-28277
+ RESERVED
+CVE-2023-28276
+ RESERVED
+CVE-2023-28275
+ RESERVED
+CVE-2023-28274
+ RESERVED
+CVE-2023-28273
+ RESERVED
+CVE-2023-28272
+ RESERVED
+CVE-2023-28271
+ RESERVED
+CVE-2023-28270
+ RESERVED
+CVE-2023-28269
+ RESERVED
+CVE-2023-28268
+ RESERVED
+CVE-2023-28267
+ RESERVED
+CVE-2023-28266
+ RESERVED
+CVE-2023-28265
+ RESERVED
+CVE-2023-28264
+ RESERVED
+CVE-2023-28263
+ RESERVED
+CVE-2023-28262
+ RESERVED
+CVE-2023-28261
+ RESERVED
+CVE-2023-28260
+ RESERVED
+CVE-2023-28259
+ RESERVED
+CVE-2023-28258
+ RESERVED
+CVE-2023-28257
+ RESERVED
+CVE-2023-28256
+ RESERVED
+CVE-2023-28255
+ RESERVED
+CVE-2023-28254
+ RESERVED
+CVE-2023-28253
+ RESERVED
+CVE-2023-28252
+ RESERVED
+CVE-2023-28251
+ RESERVED
+CVE-2023-28250
+ RESERVED
+CVE-2023-28249
+ RESERVED
+CVE-2023-28248
+ RESERVED
+CVE-2023-28247
+ RESERVED
+CVE-2023-28246
+ RESERVED
+CVE-2023-28245
+ RESERVED
+CVE-2023-28244
+ RESERVED
+CVE-2023-28243
+ RESERVED
+CVE-2023-28242
+ RESERVED
+CVE-2023-28241
+ RESERVED
+CVE-2023-28240
+ RESERVED
+CVE-2023-28239
+ RESERVED
+CVE-2023-28238
+ RESERVED
+CVE-2023-28237
+ RESERVED
+CVE-2023-28236
+ RESERVED
+CVE-2023-28235
+ RESERVED
+CVE-2023-28234
+ RESERVED
+CVE-2023-28233
+ RESERVED
+CVE-2023-28232
+ RESERVED
+CVE-2023-28231
+ RESERVED
+CVE-2023-28230
+ RESERVED
+CVE-2023-28229
+ RESERVED
+CVE-2023-28228
+ RESERVED
+CVE-2023-28227
+ RESERVED
+CVE-2023-28226
+ RESERVED
+CVE-2023-28225
+ RESERVED
+CVE-2023-28224
+ RESERVED
+CVE-2023-28223
+ RESERVED
+CVE-2023-28222
+ RESERVED
+CVE-2023-28221
+ RESERVED
+CVE-2023-28220
+ RESERVED
+CVE-2023-28219
+ RESERVED
+CVE-2023-28218
+ RESERVED
+CVE-2023-28217
+ RESERVED
+CVE-2023-28216
+ RESERVED
+CVE-2023-27917
+ RESERVED
+CVE-2023-27389
+ RESERVED
+CVE-2023-23575
+ RESERVED
+CVE-2023-1381
+ RESERVED
+CVE-2022-48402
+ RESERVED
+CVE-2022-48401
+ RESERVED
+CVE-2022-48400
+ RESERVED
+CVE-2022-48399
+ RESERVED
+CVE-2022-48398
+ RESERVED
+CVE-2022-48397
+ RESERVED
+CVE-2022-48396
+ RESERVED
+CVE-2022-48395
+ RESERVED
+CVE-2022-48394
+ RESERVED
+CVE-2022-48393
+ RESERVED
+CVE-2020-36680
+ RESERVED
+CVE-2020-36679
+ RESERVED
+CVE-2020-36678
+ RESERVED
+CVE-2020-36677
+ RESERVED
+CVE-2020-36676
+ RESERVED
+CVE-2020-36675
+ RESERVED
+CVE-2020-36674
+ RESERVED
+CVE-2020-36673
+ RESERVED
+CVE-2020-36672
+ RESERVED
+CVE-2020-36671
+ RESERVED
+CVE-2019-25115
+ RESERVED
+CVE-2019-25114
+ RESERVED
+CVE-2019-25113
+ RESERVED
+CVE-2019-25112
+ RESERVED
+CVE-2019-25111
+ RESERVED
+CVE-2019-25110
+ RESERVED
+CVE-2019-25109
+ RESERVED
+CVE-2019-25108
+ RESERVED
+CVE-2019-25107
+ RESERVED
+CVE-2019-25106
+ RESERVED
CVE-2023-28215
RESERVED
CVE-2023-28214
@@ -980,14 +1268,14 @@ CVE-2023-27898 (Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 throug
- jenkins <removed>
CVE-2023-27897
RESERVED
-CVE-2023-27896
- RESERVED
-CVE-2023-27895
- RESERVED
-CVE-2023-27894
- RESERVED
-CVE-2023-27893
- RESERVED
+CVE-2023-27896 (In SAP BusinessObjects Business Intelligence Platform - version 420, 4 ...)
+ TODO: check
+CVE-2023-27895 (SAP Authenticator for Android - version 1.3.0, allows the screen to be ...)
+ TODO: check
+CVE-2023-27894 (SAP BusinessObjects Business Intelligence Platform (Web Services) - ve ...)
+ TODO: check
+CVE-2023-27893 (An attacker authenticated as a user with a non-administrative role and ...)
+ TODO: check
CVE-2023-1258
RESERVED
CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series device ...)
@@ -1876,20 +2164,20 @@ CVE-2023-27589
RESERVED
CVE-2023-27588
RESERVED
-CVE-2023-27587
- RESERVED
+CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to ...)
+ TODO: check
CVE-2023-27586
RESERVED
CVE-2023-27585
RESERVED
CVE-2023-27584
RESERVED
-CVE-2023-27583
- RESERVED
-CVE-2023-27582
- RESERVED
-CVE-2023-27581
- RESERVED
+CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...)
+ TODO: check
+CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with version 0 ...)
+ TODO: check
+CVE-2023-27581 (github-slug-action is a GitHub Action to expose slug value of GitHub e ...)
+ TODO: check
CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...)
TODO: check
CVE-2023-27579
@@ -2124,14 +2412,14 @@ CVE-2023-27506
RESERVED
CVE-2023-27505
RESERVED
-CVE-2023-27501
- RESERVED
-CVE-2023-27500
- RESERVED
+CVE-2023-27501 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, ...)
+ TODO: check
+CVE-2023-27500 (An attacker with non-administrative authorizations can exploit a direc ...)
+ TODO: check
CVE-2023-27499
RESERVED
-CVE-2023-27498
- RESERVED
+CVE-2023-27498 (SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated at ...)
+ TODO: check
CVE-2023-27497
RESERVED
CVE-2023-27393
@@ -2786,14 +3074,14 @@ CVE-2023-27273
RESERVED
CVE-2023-27272
RESERVED
-CVE-2023-27271
- RESERVED
-CVE-2023-27270
- RESERVED
-CVE-2023-27269
- RESERVED
-CVE-2023-27268
- RESERVED
+CVE-2023-27271 (In SAP BusinessObjects Business Intelligence Platform (Web Services) - ...)
+ TODO: check
+CVE-2023-27270 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...)
+ TODO: check
+CVE-2023-27269 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...)
+ TODO: check
+CVE-2023-27268 (SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does ...)
+ TODO: check
CVE-2023-27267
RESERVED
CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...)
@@ -3328,8 +3616,8 @@ CVE-2023-27054
RESERVED
CVE-2023-27053
RESERVED
-CVE-2023-27052
- RESERVED
+CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL injection vulner ...)
+ TODO: check
CVE-2023-27051
RESERVED
CVE-2023-27050
@@ -4735,16 +5023,16 @@ CVE-2023-26463
NOTE: Introduced by: https://github.com/strongswan/strongswan/commit/63fd718915b5d246dcc5560382db0c30de309040 (5.9.8dr1)
CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privi ...)
NOT-FOR-US: ThingsBoard
-CVE-2023-26461
- RESERVED
-CVE-2023-26460
- RESERVED
-CVE-2023-26459
- RESERVED
+CVE-2023-26461 (SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an ...)
+ TODO: check
+CVE-2023-26460 (Cache Management Service in SAP NetWeaver Application Server for Java ...)
+ TODO: check
+CVE-2023-26459 (Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP P ...)
+ TODO: check
CVE-2023-26458
RESERVED
-CVE-2023-26457
- RESERVED
+CVE-2023-26457 (SAP Content Server - version 7.53, does not sufficiently encode user-c ...)
+ TODO: check
CVE-2023-26456
RESERVED
CVE-2023-26455
@@ -6492,10 +6780,10 @@ CVE-2023-25805 (versionn, software for changing version information across multi
NOT-FOR-US: Node versionn
CVE-2023-25804
RESERVED
-CVE-2023-25803
- RESERVED
-CVE-2023-25802
- RESERVED
+CVE-2023-25803 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...)
+ TODO: check
+CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...)
+ TODO: check
CVE-2023-25801
RESERVED
CVE-2023-25800
@@ -7247,14 +7535,14 @@ CVE-2023-25620
RESERVED
CVE-2023-25619
RESERVED
-CVE-2023-25618
- RESERVED
-CVE-2023-25617
- RESERVED
-CVE-2023-25616
- RESERVED
-CVE-2023-25615
- RESERVED
+CVE-2023-25618 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...)
+ TODO: check
+CVE-2023-25617 (SAP Business Object (Adaptive Job Server) - versions 420, 430, allows ...)
+ TODO: check
+CVE-2023-25616 (In some scenario, SAP Business Objects Business Intelligence Platform ...)
+ TODO: check
+CVE-2023-25615 (Due to insufficient input sanitization, SAP ABAP - versions 751, 753, ...)
+ TODO: check
CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, ...)
NOT-FOR-US: SAP
CVE-2023-25613 (An LDAP Injection vulnerability exists in the LdapIdentityBackend of A ...)
@@ -8331,8 +8619,8 @@ CVE-2023-25209
RESERVED
CVE-2023-25208
RESERVED
-CVE-2023-25207
- RESERVED
+CVE-2023-25207 (PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdf ...)
+ TODO: check
CVE-2023-25206
RESERVED
CVE-2023-25205
@@ -10310,8 +10598,8 @@ CVE-2023-24528 (SAP Fiori apps for Travel Management in SAP ERP (My Travel Reque
NOT-FOR-US: SAP
CVE-2023-24527
RESERVED
-CVE-2023-24526
- RESERVED
+CVE-2023-24526 (SAP NetWeaver Application Server Java for Classload Service - version ...)
+ TODO: check
CVE-2023-24525 (SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, ...)
NOT-FOR-US: SAP
CVE-2023-24524 (SAP S/4 HANA Map Treasury Correspondence Format Data does not perform ...)
@@ -10817,8 +11105,8 @@ CVE-2023-24370
RESERVED
CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows atta ...)
NOT-FOR-US: UJCMS
-CVE-2023-24368
- RESERVED
+CVE-2023-24368 (Incorrect access control in Temenos T24 Release 20 allows attackers to ...)
+ TODO: check
CVE-2023-24367
RESERVED
CVE-2023-24366
@@ -11005,8 +11293,8 @@ CVE-2023-24281
RESERVED
CVE-2023-24280
RESERVED
-CVE-2023-24279
- RESERVED
+CVE-2023-24279 (A cross-site scripting (XSS) vulnerability in Open Networking Foundati ...)
+ TODO: check
CVE-2023-24278
RESERVED
CVE-2023-24277
@@ -12044,8 +12332,8 @@ CVE-2023-23859 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750,
NOT-FOR-US: SAP
CVE-2023-23858 (Due to insufficient input validation, SAP NetWeaver AS for ABAP and AB ...)
NOT-FOR-US: SAP
-CVE-2023-23857
- RESERVED
+CVE-2023-23857 (Due to missing authentication check, SAP NetWeaver AS for Java - versi ...)
+ TODO: check
CVE-2023-23856 (In SAP BusinessObjects Business Intelligence (Web Intelligence user in ...)
NOT-FOR-US: SAP
CVE-2023-23855 (SAP Solution Manager - version 720, allows an authenticated attacker t ...)
@@ -12411,28 +12699,28 @@ CVE-2023-0357
RESERVED
CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encry ...)
NOT-FOR-US: SOCOMEC MODULYS GP Netvision
-CVE-2023-0355
- RESERVED
-CVE-2023-0354
- RESERVED
-CVE-2023-0353
- RESERVED
-CVE-2023-0352
- RESERVED
-CVE-2023-0351
- RESERVED
-CVE-2023-0350
- RESERVED
-CVE-2023-0349
- RESERVED
-CVE-2023-0348
- RESERVED
-CVE-2023-0347
- RESERVED
-CVE-2023-0346
- RESERVED
-CVE-2023-0345
- RESERVED
+CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could allow an a ...)
+ TODO: check
+CVE-2023-0354 (The Akuvox E11 web server can be accessed without any user authenticat ...)
+ TODO: check
+CVE-2023-0353 (Akuvox E11 uses a weak encryption algorithm for stored passwords and u ...)
+ TODO: check
+CVE-2023-0352 (The Akuvox E11 password recovery webpage can be accessed without authe ...)
+ TODO: check
+CVE-2023-0351 (The Akuvox E11 web server backend library allows command injection in ...)
+ TODO: check
+CVE-2023-0350 (Akuvox E11 does not ensure that a file extension is associated with th ...)
+ TODO: check
+CVE-2023-0349 (The Akuvox E11 libvoice library provides unauthenticated access to the ...)
+ TODO: check
+CVE-2023-0348 (Akuvox E11 allows direct SIP calls. No access control is enforced by t ...)
+ TODO: check
+CVE-2023-0347 (The Akuvox E11 Media Access Control (MAC) address, a primary identifie ...)
+ TODO: check
+CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP connec ...)
+ TODO: check
+CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default and can ...)
+ TODO: check
CVE-2023-0344
RESERVED
CVE-2023-0343
@@ -18032,8 +18320,8 @@ CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when a
NOT-FOR-US: SAP
CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for OLAP al ...)
NOT-FOR-US: SAP
-CVE-2023-0021
- RESERVED
+CVE-2023-0021 (Due to insufficient encoding of user input, SAP NetWeaver - versions 7 ...)
+ TODO: check
CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_ ...)
NOT-FOR-US: AyaCMS
CVE-2022-4663 (The Members Import plugin for WordPress is vulnerable to Self Cross-Si ...)
@@ -18899,8 +19187,8 @@ CVE-2022-47597
RESERVED
CVE-2022-47596
RESERVED
-CVE-2022-47595
- RESERVED
+CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2022-47594
RESERVED
CVE-2022-47593
@@ -21520,8 +21808,8 @@ CVE-2022-47173
RESERVED
CVE-2022-47172
RESERVED
-CVE-2022-47171
- RESERVED
+CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2022-47170
RESERVED
CVE-2022-47169
@@ -21536,10 +21824,10 @@ CVE-2022-47165
RESERVED
CVE-2022-47164
RESERVED
-CVE-2022-47163
- RESERVED
-CVE-2022-47162
- RESERVED
+CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...)
+ TODO: check
+CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...)
+ TODO: check
CVE-2022-47161
RESERVED
CVE-2022-47160
@@ -21552,8 +21840,8 @@ CVE-2022-47157
RESERVED
CVE-2022-47156
RESERVED
-CVE-2022-47155
- RESERVED
+CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...)
+ TODO: check
CVE-2022-47154
RESERVED
CVE-2022-47153
@@ -50015,28 +50303,28 @@ CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gatewa
NOT-FOR-US: GE Gas Power
CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...)
NOT-FOR-US: iHistorian Data Display of WorkstationST
-CVE-2022-37951
- RESERVED
-CVE-2022-37950
- RESERVED
-CVE-2022-37949
- RESERVED
-CVE-2022-37948
- RESERVED
-CVE-2022-37947
- RESERVED
-CVE-2022-37946
- RESERVED
-CVE-2022-37945
- RESERVED
-CVE-2022-37944
- RESERVED
-CVE-2022-37943
- RESERVED
-CVE-2022-37942
- RESERVED
-CVE-2022-37941
- RESERVED
+CVE-2022-37951 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37950 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37949 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37948 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37947 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37946 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37945 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37944 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37943 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37942 (Not used in 2022 ...)
+ TODO: check
+CVE-2022-37941 (Not used in 2022 ...)
+ TODO: check
CVE-2022-37940
RESERVED
CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93b7c3c7d69be846320e54e5889961ebcf595dec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93b7c3c7d69be846320e54e5889961ebcf595dec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230314/680012e3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list