[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 21 08:10:21 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cf153774 by security tracker role at 2023-03-21T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2023-28686
+ RESERVED
+CVE-2023-28685
+ RESERVED
+CVE-2023-28684
+ RESERVED
+CVE-2023-28683
+ RESERVED
+CVE-2023-28682
+ RESERVED
+CVE-2023-28681
+ RESERVED
+CVE-2023-28680
+ RESERVED
+CVE-2023-28679
+ RESERVED
+CVE-2023-28678
+ RESERVED
+CVE-2023-28677
+ RESERVED
+CVE-2023-28676
+ RESERVED
+CVE-2023-28675
+ RESERVED
+CVE-2023-28674
+ RESERVED
+CVE-2023-28673
+ RESERVED
+CVE-2023-28672
+ RESERVED
+CVE-2023-28671
+ RESERVED
+CVE-2023-28670
+ RESERVED
+CVE-2023-28669
+ RESERVED
+CVE-2023-28668
+ RESERVED
+CVE-2023-28667
+ RESERVED
+CVE-2023-28666
+ RESERVED
+CVE-2023-28665
+ RESERVED
+CVE-2023-28664
+ RESERVED
+CVE-2023-28663
+ RESERVED
+CVE-2023-28662
+ RESERVED
+CVE-2023-28661
+ RESERVED
+CVE-2023-28660
+ RESERVED
+CVE-2023-28659
+ RESERVED
+CVE-2023-1543 (Insufficient Session Expiration in GitHub repository answerdev/answer ...)
+ TODO: check
+CVE-2023-1542 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...)
+ TODO: check
+CVE-2023-1541 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...)
+ TODO: check
+CVE-2023-1540 (Observable Response Discrepancy in GitHub repository answerdev/answer ...)
+ TODO: check
+CVE-2023-1539 (Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6 ...)
+ TODO: check
+CVE-2023-1538 (Observable Timing Discrepancy in GitHub repository answerdev/answer pr ...)
+ TODO: check
+CVE-2023-1537 (Authentication Bypass by Capture-replay in GitHub repository answerdev ...)
+ TODO: check
+CVE-2023-1536 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1535 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
+ TODO: check
+CVE-2023-1534
+ RESERVED
+CVE-2023-1533
+ RESERVED
+CVE-2023-1532
+ RESERVED
+CVE-2023-1531
+ RESERVED
+CVE-2023-1530
+ RESERVED
+CVE-2023-1529
+ RESERVED
+CVE-2023-1528
+ RESERVED
+CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/cor ...)
+ TODO: check
+CVE-2023-1526
+ RESERVED
+CVE-2023-1525
+ RESERVED
+CVE-2023-1524
+ RESERVED
CVE-2023-28655
RESERVED
CVE-2023-28652
@@ -120,8 +216,8 @@ CVE-2018-25082
RESERVED
CVE-2016-15029
RESERVED
-CVE-2012-10009
- RESERVED
+CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2. It has been c ...)
+ TODO: check
CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...)
NOT-FOR-US: RockOA
CVE-2023-1500 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -729,8 +825,8 @@ CVE-2023-28427
RESERVED
CVE-2023-28426 (savg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in ...)
TODO: check
-CVE-2023-28425
- RESERVED
+CVE-2023-28425 (Redis is an in-memory database that persists on disk. Starting in vers ...)
+ TODO: check
CVE-2023-28424 (Soko if the code that powers packages.gentoo.org. Prior to version 1.0 ...)
TODO: check
CVE-2023-28423
@@ -2217,8 +2313,8 @@ CVE-2023-27982
RESERVED
CVE-2023-27981
RESERVED
-CVE-2023-27980
- RESERVED
+CVE-2023-27980 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
CVE-2023-27979
RESERVED
CVE-2023-27978
@@ -2535,7 +2631,7 @@ CVE-2023-27877
RESERVED
CVE-2023-27876
RESERVED
-CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow an authenticated user to change ot ...)
+CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other user's cred ...)
NOT-FOR-US: IBM
CVE-2023-27874
RESERVED
@@ -3400,8 +3496,8 @@ CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for
NOT-FOR-US: CodeIgniter
CVE-2023-27579
RESERVED
-CVE-2023-27578
- RESERVED
+CVE-2023-27578 (Galaxy is an open-source platform for data analysis. All supported ver ...)
+ TODO: check
CVE-2023-27577 (flarum is a forum software package for building communities. In versio ...)
NOT-FOR-US: Flarum
CVE-2023-27576
@@ -25361,8 +25457,8 @@ CVE-2022-4273 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester Human Resource Management System
CVE-2022-4272 (A vulnerability, which was classified as critical, has been found in F ...)
NOT-FOR-US: FeMiner wms
-CVE-2022-45124
- RESERVED
+CVE-2022-45124 (An information disclosure vulnerability exists in the User authenticat ...)
+ TODO: check
CVE-2022-45115
RESERVED
CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...)
@@ -25959,8 +26055,8 @@ CVE-2022-44451
RESERVED
CVE-2022-43664
RESERVED
-CVE-2022-43663
- RESERVED
+CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll RecvPac ...)
+ TODO: check
CVE-2022-43503
REJECTED
CVE-2022-43467
@@ -36462,8 +36558,8 @@ CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge Connec
NOT-FOR-US: WordPress plugin
CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-42485
- RESERVED
+CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galax ...)
+ TODO: check
CVE-2022-42479
RESERVED
CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's ...)
@@ -36492,8 +36588,8 @@ CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce p
NOT-FOR-US: WordPress plugin
CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress plugin < ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41831
- RESERVED
+CVE-2022-41831 (Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett W ...)
+ TODO: check
CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooComm ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...)
@@ -36504,8 +36600,8 @@ CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress theme
CVE-2022-41786
RESERVED
-CVE-2022-41785
- RESERVED
+CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Gall ...)
+ TODO: check
CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin & ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41698
@@ -36588,7 +36684,6 @@ CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as
NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f (5.65)
NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6f02010ce0043ec2e17eb15f2a1dd42f6c64e223 (5.65)
CVE-2022-3636 (A vulnerability, which was classified as critical, was found in Linux ...)
- {DSA-5333-1}
- linux <not-affected> (No vulnerable code in any upstream or Debian released version)
NOTE: https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6
CVE-2022-3635 (A vulnerability, which was classified as critical, has been found in L ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf153774ce9d657944fa8e2bc84e96bfe239cb0c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf153774ce9d657944fa8e2bc84e96bfe239cb0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230321/96044b0d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list