[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 15 20:10:36 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be61f2b1 by security tracker role at 2023-03-15T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,201 @@
+CVE-2023-28449
+ RESERVED
+CVE-2023-28448
+ RESERVED
+CVE-2023-28447
+ RESERVED
+CVE-2023-28446
+ RESERVED
+CVE-2023-28445
+ RESERVED
+CVE-2023-28444
+ RESERVED
+CVE-2023-28443
+ RESERVED
+CVE-2023-28442
+ RESERVED
+CVE-2023-28441
+ RESERVED
+CVE-2023-28440
+ RESERVED
+CVE-2023-28439
+ RESERVED
+CVE-2023-28438
+ RESERVED
+CVE-2023-28437
+ RESERVED
+CVE-2023-28436
+ RESERVED
+CVE-2023-28435
+ RESERVED
+CVE-2023-28434
+ RESERVED
+CVE-2023-28433
+ RESERVED
+CVE-2023-28432
+ RESERVED
+CVE-2023-28431
+ RESERVED
+CVE-2023-28430
+ RESERVED
+CVE-2023-28429
+ RESERVED
+CVE-2023-28428
+ RESERVED
+CVE-2023-28427
+ RESERVED
+CVE-2023-28426
+ RESERVED
+CVE-2023-28425
+ RESERVED
+CVE-2023-28424
+ RESERVED
+CVE-2023-28423
+ RESERVED
+CVE-2023-28422
+ RESERVED
+CVE-2023-28421
+ RESERVED
+CVE-2023-28420
+ RESERVED
+CVE-2023-28419
+ RESERVED
+CVE-2023-28418
+ RESERVED
+CVE-2023-28417
+ RESERVED
+CVE-2023-28416
+ RESERVED
+CVE-2023-28415
+ RESERVED
+CVE-2023-28414
+ RESERVED
+CVE-2023-28413
+ RESERVED
+CVE-2023-28409
+ RESERVED
+CVE-2023-28408
+ RESERVED
+CVE-2023-28394
+ RESERVED
+CVE-2023-28392
+ RESERVED
+CVE-2023-28390
+ RESERVED
+CVE-2023-28387
+ RESERVED
+CVE-2023-28382
+ RESERVED
+CVE-2023-28369
+ RESERVED
+CVE-2023-28367
+ RESERVED
+CVE-2023-27926
+ RESERVED
+CVE-2023-27925
+ RESERVED
+CVE-2023-27923
+ RESERVED
+CVE-2023-27922
+ RESERVED
+CVE-2023-27921
+ RESERVED
+CVE-2023-27920
+ RESERVED
+CVE-2023-27919
+ RESERVED
+CVE-2023-27918
+ RESERVED
+CVE-2023-27889
+ RESERVED
+CVE-2023-27888
+ RESERVED
+CVE-2023-27527
+ RESERVED
+CVE-2023-27521
+ RESERVED
+CVE-2023-27518
+ RESERVED
+CVE-2023-27514
+ RESERVED
+CVE-2023-27512
+ RESERVED
+CVE-2023-27510
+ RESERVED
+CVE-2023-27507
+ RESERVED
+CVE-2023-27397
+ RESERVED
+CVE-2023-27396
+ RESERVED
+CVE-2023-27385
+ RESERVED
+CVE-2023-27384
+ RESERVED
+CVE-2023-27304
+ RESERVED
+CVE-2023-26595
+ RESERVED
+CVE-2023-26593
+ RESERVED
+CVE-2023-25955
+ RESERVED
+CVE-2023-25954
+ RESERVED
+CVE-2023-25953
+ RESERVED
+CVE-2023-25950
+ RESERVED
+CVE-2023-25946
+ RESERVED
+CVE-2023-25755
+ RESERVED
+CVE-2023-25184
+ RESERVED
+CVE-2023-25072
+ RESERVED
+CVE-2023-25070
+ RESERVED
+CVE-2023-24586
+ RESERVED
+CVE-2023-23906
+ RESERVED
+CVE-2023-23901
+ RESERVED
+CVE-2023-23578
+ RESERVED
+CVE-2023-22441
+ RESERVED
+CVE-2023-22361
+ RESERVED
+CVE-2023-22282
+ RESERVED
+CVE-2023-1420
+ RESERVED
+CVE-2023-1419
+ RESERVED
+CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-1417
+ RESERVED
+CVE-2023-1416 (A vulnerability classified as critical has been found in Simple Art Ga ...)
+ TODO: check
+CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...)
+ TODO: check
+CVE-2023-1414
+ RESERVED
+CVE-2023-1413
+ RESERVED
+CVE-2023-1412
+ RESERVED
+CVE-2023-1411
+ RESERVED
+CVE-2023-1410
+ RESERVED
+CVE-2023-1409
+ RESERVED
+CVE-2022-48421
+ RESERVED
CVE-2023-28373
RESERVED
CVE-2023-28372
@@ -610,6 +808,7 @@ CVE-2023-28177
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28177
CVE-2023-28176
RESERVED
+ {DSA-5374-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28176
@@ -638,6 +837,7 @@ CVE-2023-28165
RESERVED
CVE-2023-28164
RESERVED
+ {DSA-5374-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28164
@@ -650,6 +850,7 @@ CVE-2023-28163
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28163
CVE-2023-28162
RESERVED
+ {DSA-5374-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28162
@@ -671,8 +872,8 @@ CVE-2023-1380
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1
NOTE: https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u
-CVE-2023-1379
- RESERVED
+CVE-2023-1379 (A vulnerability was found in SourceCodester Friendly Island Pizza Webs ...)
+ TODO: check
CVE-2023-1378 (A vulnerability classified as critical was found in SourceCodester Fri ...)
NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System
CVE-2023-1377
@@ -2002,8 +2203,8 @@ CVE-2023-27783
RESERVED
CVE-2023-27782
RESERVED
-CVE-2023-27781
- RESERVED
+CVE-2023-27781 (jpegoptim v1.5.2 was discovered to contain a heap overflow in the opti ...)
+ TODO: check
CVE-2023-27780
RESERVED
CVE-2023-27779
@@ -3792,10 +3993,10 @@ CVE-2023-27105
RESERVED
CVE-2023-27104
RESERVED
-CVE-2023-27103
- RESERVED
-CVE-2023-27102
- RESERVED
+CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via ...)
+ TODO: check
+CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation violation vi ...)
+ TODO: check
CVE-2023-27101
RESERVED
CVE-2023-27100
@@ -5744,8 +5945,8 @@ CVE-2023-26286
RESERVED
CVE-2023-26285
RESERVED
-CVE-2023-26284
- RESERVED
+CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through ...)
+ TODO: check
CVE-2023-26283
RESERVED
CVE-2023-26282
@@ -6253,8 +6454,8 @@ CVE-2023-26086
RESERVED
CVE-2023-26085
RESERVED
-CVE-2023-26084
- RESERVED
+CVE-2023-26084 (The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c ...)
+ TODO: check
CVE-2023-26083
RESERVED
CVE-2023-26082
@@ -6606,8 +6807,8 @@ CVE-2023-25970
RESERVED
CVE-2023-25969
RESERVED
-CVE-2023-25968
- RESERVED
+CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin ...)
+ TODO: check
CVE-2023-25967
RESERVED
CVE-2023-25966
@@ -7056,8 +7257,8 @@ CVE-2023-25806 (OpenSearch Security is a plugin for OpenSearch that offers encry
NOT-FOR-US: OpenSearch Security is a plugin for OpenSearch
CVE-2023-25805 (versionn, software for changing version information across multiple fi ...)
NOT-FOR-US: Node versionn
-CVE-2023-25804
- RESERVED
+CVE-2023-25804 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...)
+ TODO: check
CVE-2023-25803 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...)
NOT-FOR-US: Roxy-WI
CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...)
@@ -7231,12 +7432,14 @@ CVE-2023-25753
RESERVED
CVE-2023-25752
RESERVED
+ {DSA-5374-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25752
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25752
CVE-2023-25751
RESERVED
+ {DSA-5374-1}
- firefox <unfixed>
- firefox-esr 102.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25751
@@ -7454,10 +7657,10 @@ CVE-2023-25711
RESERVED
CVE-2023-25710
RESERVED
-CVE-2023-25709
- RESERVED
-CVE-2023-25708
- RESERVED
+CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatorai ...)
+ TODO: check
+CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR R ...)
+ TODO: check
CVE-2023-25707
RESERVED
CVE-2023-25706
@@ -7482,8 +7685,7 @@ CVE-2023-25697
RESERVED
CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow Hive Pro ...)
NOT-FOR-US: Apache Airflow Hive Provider
-CVE-2023-25695
- RESERVED
+CVE-2023-25695 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
- airflow <itp> (bug #819700)
CVE-2023-25694
REJECTED
@@ -8761,8 +8963,8 @@ CVE-2023-25284
RESERVED
CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows att ...)
NOT-FOR-US: D-Link
-CVE-2023-25282
- RESERVED
+CVE-2023-25282 (A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows atta ...)
+ TODO: check
CVE-2023-25281
RESERVED
CVE-2023-25280
@@ -10240,20 +10442,20 @@ CVE-2023-24734 (An arbitrary file upload vulnerability in the camera_upload.php
NOT-FOR-US: PMB
CVE-2023-24733 (PMB v7.4.6 was discovered to contain a reflected cross-site scripting ...)
NOT-FOR-US: PMB
-CVE-2023-24732
- RESERVED
-CVE-2023-24731
- RESERVED
-CVE-2023-24730
- RESERVED
-CVE-2023-24729
- RESERVED
-CVE-2023-24728
- RESERVED
+CVE-2023-24732 (Simple Customer Relationship Management System v1.0 as discovered to c ...)
+ TODO: check
+CVE-2023-24731 (Simple Customer Relationship Management System v1.0 as discovered to c ...)
+ TODO: check
+CVE-2023-24730 (Simple Customer Relationship Management System v1.0 as discovered to c ...)
+ TODO: check
+CVE-2023-24729 (Simple Customer Relationship Management System v1.0 as discovered to c ...)
+ TODO: check
+CVE-2023-24728 (Simple Customer Relationship Management System v1.0 as discovered to c ...)
+ TODO: check
CVE-2023-24727
RESERVED
-CVE-2023-24726
- RESERVED
+CVE-2023-24726 (Art Gallery Management System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
CVE-2023-24725
RESERVED
CVE-2023-24724
@@ -11692,8 +11894,8 @@ CVE-2023-24231 (A stored cross-site scripting (XSS) vulnerability in the compone
NOT-FOR-US: Inventory Management System
CVE-2023-24230 (A stored cross-site scripting (XSS) vulnerability in the component /fo ...)
NOT-FOR-US: Formwork
-CVE-2023-24229
- RESERVED
+CVE-2023-24229 (DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injecti ...)
+ TODO: check
CVE-2023-24228
RESERVED
CVE-2023-24227
@@ -13486,8 +13688,8 @@ CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Tr
NOT-FOR-US: SourceCodester Online Tours & Travels Management System
CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2023-0322
- RESERVED
+CVE-2023-0322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 m ...)
NOT-FOR-US: Campbell
CVE-2023-0320
@@ -15679,8 +15881,8 @@ CVE-2023-22878
RESERVED
CVE-2023-22877
RESERVED
-CVE-2023-22876
- RESERVED
+CVE-2023-22876 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...)
+ TODO: check
CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/T ...)
NOT-FOR-US: IBM
CVE-2023-22874
@@ -16377,8 +16579,8 @@ CVE-2023-0102 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is miss
NOT-FOR-US: LS ELECTRIC
CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus versions ...)
NOT-FOR-US: Nessus
-CVE-2023-0100
- RESERVED
+CVE-2023-0100 (In Eclipse BIRT, starting from version 2.6.2, the default configuratio ...)
+ TODO: check
CVE-2023-0099 (The Simple URLs WordPress plugin before 115 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0098 (The Simple URLs WordPress plugin before 115 does not escape some param ...)
@@ -21210,8 +21412,8 @@ CVE-2022-47429
RESERVED
CVE-2022-47428
RESERVED
-CVE-2022-47427
- RESERVED
+CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...)
+ TODO: check
CVE-2022-47426
RESERVED
CVE-2022-47425
@@ -23221,8 +23423,8 @@ CVE-2022-46776
RESERVED
CVE-2022-46775
RESERVED
-CVE-2022-46774
- RESERVED
+CVE-2022-46774 (IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application S ...)
+ TODO: check
CVE-2022-46773
RESERVED
CVE-2022-46772
@@ -28220,8 +28422,8 @@ CVE-2022-45157
RESERVED
CVE-2022-45156
RESERVED
-CVE-2022-45155
- RESERVED
+CVE-2022-45155 (An Improper Handling of Exceptional Conditions vulnerability in obs-se ...)
+ TODO: check
CVE-2022-45154 (A Cleartext Storage of Sensitive Information vulnerability in suppport ...)
NOT-FOR-US: SuSE supportutils
CVE-2022-45153 (An Incorrect Default Permissions vulnerability in saphanabootstrap-for ...)
@@ -30630,7 +30832,7 @@ CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items wer
NOT-FOR-US: JetBrains TeamCity
CVE-2022-44645 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a de ...)
NOT-FOR-US: Apache Linkis
-CVE-2022-44644 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an a ...)
+CVE-2022-44644 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in th ...)
NOT-FOR-US: Apache Linkis
CVE-2022-3853 (Cross-site Scripting (XSS) is a client-side code injection attack. The ...)
NOT-FOR-US: WordPress plugin
@@ -30963,8 +31165,8 @@ CVE-2022-44582
RESERVED
CVE-2022-44581
RESERVED
-CVE-2022-44580
- RESERVED
+CVE-2022-44580 (SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Re ...)
+ TODO: check
CVE-2022-44579
RESERVED
CVE-2022-44578
@@ -34392,8 +34594,8 @@ CVE-2022-43876
RESERVED
CVE-2022-43875 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
NOT-FOR-US: IBM
-CVE-2022-43874
- RESERVED
+CVE-2022-43874 (IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2 ...)
+ TODO: check
CVE-2022-43873 (An authenticated user can exploit a vulnerability in the IBM Spectrum ...)
NOT-FOR-US: IBM
CVE-2022-43872 (IBM Financial Transaction Manager 3.2.4 authorization checks are done ...)
@@ -40791,8 +40993,8 @@ CVE-2022-39044 (Hidden functionality vulnerability in multiple Buffalo network d
NOT-FOR-US: Buffalo
CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms ...)
NOT-FOR-US: CRM Perks
-CVE-2022-38456
- RESERVED
+CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2022-38141
RESERVED
CVE-2022-38063
@@ -50281,8 +50483,8 @@ CVE-2022-37404 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnera
NOT-FOR-US: WordPress plugin
CVE-2022-37403 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-37402
- RESERVED
+CVE-2022-37402 (Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugi ...)
+ TODO: check
CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts Accommodation Syste ...)
NOT-FOR-US: WordPress plugin
CVE-2022-37339 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...)
@@ -50627,8 +50829,8 @@ CVE-2022-37942 (Not used in 2022 ...)
NOT-FOR-US: Unused CVE ID
CVE-2022-37941 (Not used in 2022 ...)
NOT-FOR-US: Unused CVE ID
-CVE-2022-37940
- RESERVED
+CVE-2022-37940 (Potential security vulnerabilities have been identified in the HPE Fle ...)
+ TODO: check
CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...)
NOT-FOR-US: HPE
CVE-2022-37938 (Unauthenticated server side request forgery in HPE Serviceguard Manage ...)
@@ -58907,8 +59109,8 @@ CVE-2022-34155
RESERVED
CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Server plug ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-34148
- RESERVED
+CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2022-33974
RESERVED
CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osama ...)
@@ -239129,8 +239331,8 @@ CVE-2020-4929 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting
NOT-FOR-US: IBM
CVE-2020-4928 (IBM Cloud Pak System 2.3 could allow a local privileged attacker to up ...)
NOT-FOR-US: IBM
-CVE-2020-4927
- RESERVED
+CVE-2020-4927 (A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core com ...)
+ TODO: check
CVE-2020-4926 (A vulnerability in the Spectrum Scale 5.1 core component and IBM Elast ...)
NOT-FOR-US: IBM
CVE-2020-4925 (A security vulnerability in the Spectrum Scale 5.0 and 5.1 allows a no ...)
@@ -239874,8 +240076,8 @@ CVE-2020-4558
RESERVED
CVE-2020-4557 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
NOT-FOR-US: IBM
-CVE-2020-4556
- RESERVED
+CVE-2020-4556 (IBM Financial Transaction Manager for High Value Payments for Multi-Pl ...)
+ TODO: check
CVE-2020-4555 (IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate ...)
NOT-FOR-US: IBM
CVE-2020-4554 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be61f2b1af719d41d16bbba08b589c733db13217
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be61f2b1af719d41d16bbba08b589c733db13217
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230315/bef6a065/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list