[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 21 20:10:41 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7768f7e2 by security tracker role at 2023-03-21T20:10:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,68 @@
-CVE-2023-28686
+CVE-2023-28709
+ RESERVED
+CVE-2023-28708
+ RESERVED
+CVE-2023-28707
+ RESERVED
+CVE-2023-28706
+ RESERVED
+CVE-2023-28705
+ RESERVED
+CVE-2023-28704
+ RESERVED
+CVE-2023-28703
+ RESERVED
+CVE-2023-28702
+ RESERVED
+CVE-2023-28701
+ RESERVED
+CVE-2023-28700
+ RESERVED
+CVE-2023-28699
+ RESERVED
+CVE-2023-28698
+ RESERVED
+CVE-2023-28697
+ RESERVED
+CVE-2023-28696
+ RESERVED
+CVE-2023-28695
+ RESERVED
+CVE-2023-28694
+ RESERVED
+CVE-2023-28693
+ RESERVED
+CVE-2023-28692
+ RESERVED
+CVE-2023-28691
+ RESERVED
+CVE-2023-28690
+ RESERVED
+CVE-2023-28689
+ RESERVED
+CVE-2023-28688
+ RESERVED
+CVE-2023-28687
+ RESERVED
+CVE-2023-1551
+ RESERVED
+CVE-2023-1550
+ RESERVED
+CVE-2023-1549
+ RESERVED
+CVE-2023-1548
RESERVED
-CVE-2023-28685
+CVE-2023-1547
RESERVED
+CVE-2023-1546
+ RESERVED
+CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
+ TODO: check
+CVE-2023-1544
+ RESERVED
+CVE-2023-28686
+ RESERVED
+CVE-2023-28685 (Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-28684
RESERVED
@@ -230,10 +291,10 @@ CVE-2023-1502 (A vulnerability was found in SourceCodester Alphaware Simple E-Co
NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System
CVE-2019-25136
RESERVED
-CVE-2018-25082
- RESERVED
-CVE-2016-15029
- RESERVED
+CVE-2018-25082 (A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classi ...)
+ TODO: check
+CVE-2016-15029 (A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and class ...)
+ TODO: check
CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2. It has been c ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...)
@@ -594,8 +655,8 @@ CVE-2023-1464 (A vulnerability, which was classified as critical, was found in S
NOT-FOR-US: SourceCodester Medicine Tracker System
CVE-2023-1463 (Improper Authorization in GitHub repository nilsteampassnet/teampass p ...)
- teampass <itp> (bug #730180)
-CVE-2023-1462
- RESERVED
+CVE-2023-1462 (Authorization Bypass Through User-Controlled Key vulnerability in Vadi ...)
+ TODO: check
CVE-2023-1461 (A vulnerability was found in SourceCodester Canteen Management System ...)
NOT-FOR-US: SourceCodester Canteen Management System
CVE-2023-1460 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...)
@@ -2184,8 +2245,8 @@ CVE-2023-1316 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket
NOT-FOR-US: osTicket
CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...)
NOT-FOR-US: osTicket
-CVE-2023-1314
- RESERVED
+CVE-2023-1314 (A vulnerability has been discovered in cloudflared's installer (<= ...)
+ TODO: check
CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-1312 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
@@ -2244,12 +2305,12 @@ CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Enc
NOT-FOR-US: Trend Micro
CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...)
- froxlor <itp> (bug #581792)
-CVE-2023-1306
- RESERVED
-CVE-2023-1305
- RESERVED
-CVE-2023-1304
- RESERVED
+CVE-2023-1306 (An authenticated attacker can leverage an exposed resource.db() access ...)
+ TODO: check
+CVE-2023-1305 (An authenticated attacker can leverage an exposed “box” ob ...)
+ TODO: check
+CVE-2023-1304 (An authenticated attacker can leverage an exposed getattr() method via ...)
+ TODO: check
CVE-2023-1303 (A vulnerability was found in UCMS 1.6 and classified as critical. This ...)
NOT-FOR-US: UCMS
CVE-2023-1302 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -2330,22 +2391,22 @@ CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2023-1285
RESERVED
-CVE-2023-27984
- RESERVED
-CVE-2023-27983
- RESERVED
-CVE-2023-27982
- RESERVED
-CVE-2023-27981
- RESERVED
+CVE-2023-27984 (A CWE-20: Improper Input Validation vulnerability exists in Custom Rep ...)
+ TODO: check
+CVE-2023-27983 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ TODO: check
+CVE-2023-27982 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
+ TODO: check
+CVE-2023-27981 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
CVE-2023-27980 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
TODO: check
-CVE-2023-27979
- RESERVED
-CVE-2023-27978
- RESERVED
-CVE-2023-27977
- RESERVED
+CVE-2023-27979 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
+ TODO: check
+CVE-2023-27978 (A CWE-502: Deserialization of Untrusted Data vulnerability exists in t ...)
+ TODO: check
+CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...)
+ TODO: check
CVE-2023-27976
RESERVED
CVE-2023-27975
@@ -2658,14 +2719,14 @@ CVE-2023-27876
RESERVED
CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other user's cred ...)
NOT-FOR-US: IBM
-CVE-2023-27874
- RESERVED
-CVE-2023-27873
- RESERVED
+CVE-2023-27874 (IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity inject ...)
+ TODO: check
+CVE-2023-27873 (IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to ...)
+ TODO: check
CVE-2023-27872
RESERVED
-CVE-2023-27871
- RESERVED
+CVE-2023-27871 (IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensit ...)
+ TODO: check
CVE-2023-27870
RESERVED
CVE-2023-27869
@@ -2921,8 +2982,8 @@ CVE-2023-27844
RESERVED
CVE-2023-27843
RESERVED
-CVE-2023-27842
- RESERVED
+CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File manager eXt ...)
+ TODO: check
CVE-2023-27841
RESERVED
CVE-2023-27840
@@ -3539,10 +3600,10 @@ CVE-2023-27572
RESERVED
CVE-2023-27571
RESERVED
-CVE-2023-27570
- RESERVED
-CVE-2023-27569
- RESERVED
+CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL injection ...)
+ TODO: check
+CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL injection v ...)
+ TODO: check
CVE-2023-27568
RESERVED
CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf ...)
@@ -3775,10 +3836,10 @@ CVE-2023-23567
RESERVED
CVE-2023-1155 (The Cost Calculator plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: Cost Calculator plugin for WordPress
-CVE-2023-1154
- RESERVED
-CVE-2023-1153
- RESERVED
+CVE-2023-1154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-1153 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-1152 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Persolus
CVE-2023-27520
@@ -7874,8 +7935,8 @@ CVE-2023-25925
RESERVED
CVE-2023-25924
RESERVED
-CVE-2023-25923
- RESERVED
+CVE-2023-25923 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
+ TODO: check
CVE-2023-25922
RESERVED
CVE-2023-25921
@@ -8774,18 +8835,18 @@ CVE-2023-0784 (A vulnerability classified as critical has been found in SourceCo
NOT-FOR-US: SourceCodester Best Online News Portal
CVE-2022-4905 (A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has ...)
NOT-FOR-US: UDX Stateless Media Plugin
-CVE-2023-25689
- RESERVED
+CVE-2023-25689 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and ...)
+ TODO: check
CVE-2023-25688
RESERVED
-CVE-2023-25687
- RESERVED
-CVE-2023-25686
- RESERVED
+CVE-2023-25687 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
+ TODO: check
+CVE-2023-25686 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
+ TODO: check
CVE-2023-25685
RESERVED
-CVE-2023-25684
- RESERVED
+CVE-2023-25684 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...)
+ TODO: check
CVE-2023-25683
RESERVED
CVE-2023-25682
@@ -10317,8 +10378,8 @@ CVE-2023-25137
RESERVED
CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker t ...)
NOT-FOR-US: vBulletin
-CVE-2023-25134
- RESERVED
+CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an adversary (with ...)
+ TODO: check
CVE-2023-25133
RESERVED
CVE-2023-25132
@@ -12538,7 +12599,7 @@ CVE-2023-24370
RESERVED
CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows atta ...)
NOT-FOR-US: UJCMS
-CVE-2023-24368 (Incorrect access control in Temenos T24 Release 20 allows attackers to ...)
+CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 20 allo ...)
NOT-FOR-US: Temenos
CVE-2023-24367
RESERVED
@@ -27737,12 +27798,12 @@ CVE-2022-45639 (** DISPUTED ** OS Command injection vulnerability in sleuthkit f
NOTE: sanitised in the calling application
CVE-2022-45638
RESERVED
-CVE-2022-45637
- RESERVED
-CVE-2022-45636
- RESERVED
-CVE-2022-45635
- RESERVED
+CVE-2022-45637 (An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Ap ...)
+ TODO: check
+CVE-2022-45636 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & ...)
+ TODO: check
+CVE-2022-45635 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & ...)
+ TODO: check
CVE-2022-45634
RESERVED
CVE-2022-45633
@@ -39867,26 +39928,22 @@ CVE-2022-42336
RESERVED
CVE-2022-42335
RESERVED
-CVE-2022-42334 [x86/HVM pinned cache attributes mis-handling]
- RESERVED
+CVE-2022-42334 (x86/HVM pinned cache attributes mis-handling T[his CNA information rec ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2
NOTE: https://xenbits.xen.org/xsa/advisory-428.html
-CVE-2022-42333 [x86/HVM pinned cache attributes mis-handling]
- RESERVED
+CVE-2022-42333 (x86/HVM pinned cache attributes mis-handling T[his CNA information rec ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2
NOTE: https://xenbits.xen.org/xsa/advisory-428.html
-CVE-2022-42332 [x86 shadow plus log-dirty mode use-after-free]
- RESERVED
+CVE-2022-42332 (x86 shadow plus log-dirty mode use-after-free In environments where ho ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/1
NOTE: https://xenbits.xen.org/xsa/advisory-427.html
-CVE-2022-42331 [x86: speculative vulnerability in 32bit SYSCALL path]
- RESERVED
+CVE-2022-42331 (x86: speculative vulnerability in 32bit SYSCALL path Due to an oversig ...)
- xen <unfixed>
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/3
@@ -49457,16 +49514,16 @@ CVE-2022-38706
RESERVED
CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker t ...)
NOT-FOR-US: IBM
-CVE-2022-38458
- RESERVED
+CVE-2022-38458 (A cleartext transmission vulnerability exists in the Remote Management ...)
+ TODO: check
CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...)
NOT-FOR-US: CentreCOM AR260S
CVE-2022-38094 (OS command injection vulnerability in the telnet function of CentreCOM ...)
NOT-FOR-US: CentreCOM AR260S
-CVE-2022-37337
- RESERVED
-CVE-2022-36429
- RESERVED
+CVE-2022-37337 (A command execution vulnerability exists in the access control functio ...)
+ TODO: check
+CVE-2022-36429 (A command execution vulnerability exists in the ubus backend communica ...)
+ TODO: check
CVE-2022-35273 (OS command injection vulnerability in GUI setting page of CentreCOM AR ...)
NOT-FOR-US: CentreCOM AR260S
CVE-2022-34869 (Undocumented hidden command that can be executed from the telnet funct ...)
@@ -50148,8 +50205,8 @@ CVE-2022-38472 (An attacker could have abused XSLT error handling to associate a
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38472
CVE-2022-38471
RESERVED
-CVE-2022-38452
- RESERVED
+CVE-2022-38452 (A command execution vulnerability exists in the hidden telnet service ...)
+ TODO: check
CVE-2022-2920
RESERVED
CVE-2022-2919
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7768f7e276be277bdf7e95b7b6ff5f243e66d234
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7768f7e276be277bdf7e95b7b6ff5f243e66d234
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230321/a26924cd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list