[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 21 08:10:21 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf153774 by security tracker role at 2023-03-21T08:10:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2023-28686
+	RESERVED
+CVE-2023-28685
+	RESERVED
+CVE-2023-28684
+	RESERVED
+CVE-2023-28683
+	RESERVED
+CVE-2023-28682
+	RESERVED
+CVE-2023-28681
+	RESERVED
+CVE-2023-28680
+	RESERVED
+CVE-2023-28679
+	RESERVED
+CVE-2023-28678
+	RESERVED
+CVE-2023-28677
+	RESERVED
+CVE-2023-28676
+	RESERVED
+CVE-2023-28675
+	RESERVED
+CVE-2023-28674
+	RESERVED
+CVE-2023-28673
+	RESERVED
+CVE-2023-28672
+	RESERVED
+CVE-2023-28671
+	RESERVED
+CVE-2023-28670
+	RESERVED
+CVE-2023-28669
+	RESERVED
+CVE-2023-28668
+	RESERVED
+CVE-2023-28667
+	RESERVED
+CVE-2023-28666
+	RESERVED
+CVE-2023-28665
+	RESERVED
+CVE-2023-28664
+	RESERVED
+CVE-2023-28663
+	RESERVED
+CVE-2023-28662
+	RESERVED
+CVE-2023-28661
+	RESERVED
+CVE-2023-28660
+	RESERVED
+CVE-2023-28659
+	RESERVED
+CVE-2023-1543 (Insufficient Session Expiration in GitHub repository answerdev/answer  ...)
+	TODO: check
+CVE-2023-1542 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...)
+	TODO: check
+CVE-2023-1541 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...)
+	TODO: check
+CVE-2023-1540 (Observable Response Discrepancy in GitHub repository answerdev/answer  ...)
+	TODO: check
+CVE-2023-1539 (Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6 ...)
+	TODO: check
+CVE-2023-1538 (Observable Timing Discrepancy in GitHub repository answerdev/answer pr ...)
+	TODO: check
+CVE-2023-1537 (Authentication Bypass by Capture-replay in GitHub repository answerdev ...)
+	TODO: check
+CVE-2023-1536 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+	TODO: check
+CVE-2023-1535 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+	TODO: check
+CVE-2023-1534
+	RESERVED
+CVE-2023-1533
+	RESERVED
+CVE-2023-1532
+	RESERVED
+CVE-2023-1531
+	RESERVED
+CVE-2023-1530
+	RESERVED
+CVE-2023-1529
+	RESERVED
+CVE-2023-1528
+	RESERVED
+CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/cor ...)
+	TODO: check
+CVE-2023-1526
+	RESERVED
+CVE-2023-1525
+	RESERVED
+CVE-2023-1524
+	RESERVED
 CVE-2023-28655
 	RESERVED
 CVE-2023-28652
@@ -120,8 +216,8 @@ CVE-2018-25082
 	RESERVED
 CVE-2016-15029
 	RESERVED
-CVE-2012-10009
-	RESERVED
+CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2. It has been c ...)
+	TODO: check
 CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...)
 	NOT-FOR-US: RockOA
 CVE-2023-1500 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -729,8 +825,8 @@ CVE-2023-28427
 	RESERVED
 CVE-2023-28426 (savg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in  ...)
 	TODO: check
-CVE-2023-28425
-	RESERVED
+CVE-2023-28425 (Redis is an in-memory database that persists on disk. Starting in vers ...)
+	TODO: check
 CVE-2023-28424 (Soko if the code that powers packages.gentoo.org. Prior to version 1.0 ...)
 	TODO: check
 CVE-2023-28423
@@ -2217,8 +2313,8 @@ CVE-2023-27982
 	RESERVED
 CVE-2023-27981
 	RESERVED
-CVE-2023-27980
-	RESERVED
+CVE-2023-27980 (A CWE-306: Missing Authentication for Critical Function vulnerability  ...)
+	TODO: check
 CVE-2023-27979
 	RESERVED
 CVE-2023-27978
@@ -2535,7 +2631,7 @@ CVE-2023-27877
 	RESERVED
 CVE-2023-27876
 	RESERVED
-CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow an authenticated user to change ot ...)
+CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other user's cred ...)
 	NOT-FOR-US: IBM
 CVE-2023-27874
 	RESERVED
@@ -3400,8 +3496,8 @@ CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for
 	NOT-FOR-US: CodeIgniter
 CVE-2023-27579
 	RESERVED
-CVE-2023-27578
-	RESERVED
+CVE-2023-27578 (Galaxy is an open-source platform for data analysis. All supported ver ...)
+	TODO: check
 CVE-2023-27577 (flarum is a forum software package for building communities. In versio ...)
 	NOT-FOR-US: Flarum
 CVE-2023-27576
@@ -25361,8 +25457,8 @@ CVE-2022-4273 (A vulnerability, which was classified as critical, has been found
 	NOT-FOR-US: SourceCodester Human Resource Management System
 CVE-2022-4272 (A vulnerability, which was classified as critical, has been found in F ...)
 	NOT-FOR-US: FeMiner wms
-CVE-2022-45124
-	RESERVED
+CVE-2022-45124 (An information disclosure vulnerability exists in the User authenticat ...)
+	TODO: check
 CVE-2022-45115
 	RESERVED
 CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...)
@@ -25959,8 +26055,8 @@ CVE-2022-44451
 	RESERVED
 CVE-2022-43664
 	RESERVED
-CVE-2022-43663
-	RESERVED
+CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll RecvPac ...)
+	TODO: check
 CVE-2022-43503
 	REJECTED
 CVE-2022-43467
@@ -36462,8 +36558,8 @@ CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge Connec
 	NOT-FOR-US: WordPress plugin
 CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-42485
-	RESERVED
+CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galax ...)
+	TODO: check
 CVE-2022-42479
 	RESERVED
 CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's ...)
@@ -36492,8 +36588,8 @@ CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce p
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress plugin &lt ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-41831
-	RESERVED
+CVE-2022-41831 (Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett W ...)
+	TODO: check
 CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooComm ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin  ...)
@@ -36504,8 +36600,8 @@ CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in
 	NOT-FOR-US: WordPress theme
 CVE-2022-41786
 	RESERVED
-CVE-2022-41785
-	RESERVED
+CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Gall ...)
+	TODO: check
 CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin & ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-41698
@@ -36588,7 +36684,6 @@ CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as
 	NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f (5.65)
 	NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6f02010ce0043ec2e17eb15f2a1dd42f6c64e223 (5.65)
 CVE-2022-3636 (A vulnerability, which was classified as critical, was found in Linux  ...)
-	{DSA-5333-1}
 	- linux <not-affected> (No vulnerable code in any upstream or Debian released version)
 	NOTE: https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6
 CVE-2022-3635 (A vulnerability, which was classified as critical, has been found in L ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf153774ce9d657944fa8e2bc84e96bfe239cb0c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf153774ce9d657944fa8e2bc84e96bfe239cb0c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230321/96044b0d/attachment.htm>


More information about the debian-security-tracker-commits mailing list