[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 23 08:10:30 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
674a89c0 by security tracker role at 2023-03-23T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-28765
+ RESERVED
+CVE-2023-28764
+ RESERVED
+CVE-2023-28763
+ RESERVED
+CVE-2023-28762
+ RESERVED
+CVE-2023-28761
+ RESERVED
+CVE-2023-28760
+ RESERVED
+CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0. A vulnerabil ...)
+ TODO: check
+CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allo ...)
+ TODO: check
+CVE-2023-28757
+ RESERVED
+CVE-2023-28756
+ RESERVED
+CVE-2023-28755
+ RESERVED
+CVE-2023-28754
+ RESERVED
+CVE-2023-28753
+ RESERVED
+CVE-2023-28752
+ RESERVED
+CVE-2023-1588
+ RESERVED
+CVE-2023-1587
+ RESERVED
+CVE-2023-1586
+ RESERVED
+CVE-2023-1585
+ RESERVED
+CVE-2023-1584
+ RESERVED
CVE-2023-28751
RESERVED
CVE-2023-28750
@@ -257,24 +295,24 @@ CVE-2023-28669
CVE-2023-28668
RESERVED
NOT-FOR-US: Jenkins plugin
-CVE-2023-28667
- RESERVED
-CVE-2023-28666
- RESERVED
-CVE-2023-28665
- RESERVED
-CVE-2023-28664
- RESERVED
-CVE-2023-28663
- RESERVED
-CVE-2023-28662
- RESERVED
-CVE-2023-28661
- RESERVED
-CVE-2023-28660
- RESERVED
-CVE-2023-28659
- RESERVED
+CVE-2023-28667 (The Lead Generated WordPress Plugin, version <= 1.23, was affected ...)
+ TODO: check
+CVE-2023-28666 (The InPost Gallery WordPress plugin, in versions < 2.2.2, is affect ...)
+ TODO: check
+CVE-2023-28665 (The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is ...)
+ TODO: check
+CVE-2023-28664 (The Meta Data and Taxonomies Filter WordPress plugin, in versions < ...)
+ TODO: check
+CVE-2023-28663 (The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affecte ...)
+ TODO: check
+CVE-2023-28662 (The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version ...)
+ TODO: check
+CVE-2023-28661 (The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affecte ...)
+ TODO: check
+CVE-2023-28660 (The Events Made Easy WordPress Plugin, version <= 2.3.14 is affecte ...)
+ TODO: check
+CVE-2023-28659 (The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6. ...)
+ TODO: check
CVE-2023-1543 (Insufficient Session Expiration in GitHub repository answerdev/answer ...)
NOT-FOR-US: answer
CVE-2023-1542 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...)
@@ -933,8 +971,8 @@ CVE-2023-28472
RESERVED
CVE-2023-28471
RESERVED
-CVE-2023-28470
- RESERVED
+CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is ...)
+ TODO: check
CVE-2023-28469
RESERVED
CVE-2023-28468
@@ -1027,24 +1065,24 @@ CVE-2023-28441
RESERVED
CVE-2023-28440
RESERVED
-CVE-2023-28439
- RESERVED
-CVE-2023-28438
- RESERVED
+CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
+ TODO: check
+CVE-2023-28438 (Pimcore is an open source data and experience management platform. Pri ...)
+ TODO: check
CVE-2023-28437
RESERVED
CVE-2023-28436
RESERVED
CVE-2023-28435
RESERVED
-CVE-2023-28434
- RESERVED
-CVE-2023-28433
- RESERVED
-CVE-2023-28432
- RESERVED
-CVE-2023-28431
- RESERVED
+CVE-2023-28434 (Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023 ...)
+ TODO: check
+CVE-2023-28433 (Minio is a Multi-Cloud Object Storage framework. All users on Windows ...)
+ TODO: check
+CVE-2023-28432 (Minio is a Multi-Cloud Object Storage framework. In a cluster deployme ...)
+ TODO: check
+CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. Frontier's ...)
+ TODO: check
CVE-2023-28430
RESERVED
CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...)
@@ -2141,12 +2179,12 @@ CVE-2023-1348
RESERVED
CVE-2023-1347
RESERVED
-CVE-2023-28119
- RESERVED
+CVE-2023-28119 (The crewjam/saml go library contains a partial implementation of the S ...)
+ TODO: check
CVE-2023-28118 (kaml provides YAML support for kotlinx.serialization. Prior to version ...)
NOT-FOR-US: kaml
-CVE-2023-28117
- RESERVED
+CVE-2023-28117 (Sentry SDK is the official Python SDK for Sentry, real-time crash repo ...)
+ TODO: check
CVE-2023-28116 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
NOT-FOR-US: Contiki-NG
CVE-2023-28115 (Snappy is a PHP library allowing thumbnail, snapshot or PDF generation ...)
@@ -4771,10 +4809,10 @@ CVE-2023-1053 (A vulnerability was found in SourceCodester Music Gallery Site 1.
NOT-FOR-US: SourceCodester Music Gallery Site
CVE-2023-1052
RESERVED
-CVE-2023-1051
- RESERVED
-CVE-2023-1050
- RESERVED
+CVE-2023-1051 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-1050 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-1049
RESERVED
CVE-2023-XXXX [RUSTSEC-2023-0015]
@@ -4809,8 +4847,8 @@ CVE-2023-27251
RESERVED
CVE-2023-27250 (Online Book Store Project v1.0 is vulnerable to SQL Injection via /boo ...)
NOT-FOR-US: Online Book Store Project
-CVE-2023-27249
- RESERVED
+CVE-2023-27249 (swfdump v0.9.2 was discovered to contain a heap buffer overflow in the ...)
+ TODO: check
CVE-2023-27248
RESERVED
CVE-2023-27247
@@ -4859,8 +4897,8 @@ CVE-2023-27226
RESERVED
CVE-2023-27225
RESERVED
-CVE-2023-27224
- RESERVED
+CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an attacker to exe ...)
+ TODO: check
CVE-2023-27223
RESERVED
CVE-2023-27222
@@ -5126,8 +5164,8 @@ CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation violat
NOTE: https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1
CVE-2023-27101
RESERVED
-CVE-2023-27100
- RESERVED
+CVE-2023-27100 (Improper restriction of excessive authentication attempts in the SSHGu ...)
+ TODO: check
CVE-2023-27099
RESERVED
CVE-2023-27098
@@ -5206,8 +5244,8 @@ CVE-2023-27062 (Tenda V15V1.0 was discovered to contain a buffer overflow vulner
NOT-FOR-US: Tenda
CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...)
NOT-FOR-US: Tenda
-CVE-2023-27060
- RESERVED
+CVE-2023-27060 (LightCMS v1.3.7 was discovered to contain a remote code execution (RCE ...)
+ TODO: check
CVE-2023-27059 (A cross-site scripting (XSS) vulnerability in the Edit Group function ...)
NOT-FOR-US: ChurchCRM
CVE-2023-27058
@@ -5218,8 +5256,8 @@ CVE-2023-27056
RESERVED
CVE-2023-27055
RESERVED
-CVE-2023-27054
- RESERVED
+CVE-2023-27054 (A cross-site scripting (XSS) vulnerability in MiroTalk P2P before comm ...)
+ TODO: check
CVE-2023-27053
RESERVED
CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL injection vulner ...)
@@ -6500,12 +6538,12 @@ CVE-2023-26500
RESERVED
CVE-2023-26499
RESERVED
-CVE-2023-26498
- RESERVED
+CVE-2023-26498 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
+ TODO: check
CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
NOT-FOR-US: Samsung
-CVE-2023-26496
- RESERVED
+CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
+ TODO: check
CVE-2023-26495
RESERVED
CVE-2023-26494
@@ -7526,8 +7564,8 @@ CVE-2023-26116
RESERVED
CVE-2023-26115
RESERVED
-CVE-2023-26114
- RESERVED
+CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable to Mi ...)
+ TODO: check
CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...)
TODO: check
CVE-2023-26112
@@ -7593,8 +7631,8 @@ CVE-2023-26090
RESERVED
CVE-2023-26089
RESERVED
-CVE-2023-26088
- RESERVED
+CVE-2023-26088 (In Malwarebytes before 4.5.23, a symbolic link may be used delete any ...)
+ TODO: check
CVE-2023-26087
RESERVED
CVE-2023-26086
@@ -11749,8 +11787,8 @@ CVE-2023-24657 (phpipam v1.6 was discovered to contain a reflected cross-site sc
- phpipam <itp> (bug #731713)
CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was discovered to ...)
NOT-FOR-US: Simple Customer Relationship Management System
-CVE-2023-24655
- RESERVED
+CVE-2023-24655 (Simple Customer Relationship Management System v1.0 was discovered to ...)
+ TODO: check
CVE-2023-24654 (Simple Customer Relationship Management System v1.0 was discovered to ...)
NOT-FOR-US: Simple Customer Relationship Management System
CVE-2023-24653 (Simple Customer Relationship Management System v1.0 was discovered to ...)
@@ -12763,8 +12801,8 @@ CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allow
NOT-FOR-US: UJCMS
CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 20 allo ...)
NOT-FOR-US: Temenos
-CVE-2023-24367
- RESERVED
+CVE-2023-24367 (Temenos T24 Release 20 was discovered to contain a reflected cross-sit ...)
+ TODO: check
CVE-2023-24366
RESERVED
CVE-2023-24365
@@ -14222,8 +14260,7 @@ CVE-2023-0388
RESERVED
CVE-2023-0387
RESERVED
-CVE-2023-0386
- RESERVED
+CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...)
- linux 6.1.11-1
NOTE: https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 (6.2-rc6)
CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Re ...)
@@ -16016,8 +16053,8 @@ CVE-2023-23194
RESERVED
CVE-2023-23193
RESERVED
-CVE-2023-23192
- RESERVED
+CVE-2023-23192 (IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass ...)
+ TODO: check
CVE-2023-23191
RESERVED
CVE-2023-23190
@@ -30139,10 +30176,10 @@ CVE-2022-45006
RESERVED
CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...)
NOT-FOR-US: IP-COM EW9
-CVE-2022-45004
- RESERVED
-CVE-2022-45003
- RESERVED
+CVE-2022-45004 (Gophish through 0.12.1 was discovered to contain a cross-site scriptin ...)
+ TODO: check
+CVE-2022-45003 (Gophish through 0.12.1 allows attackers to cause a Denial of Service ( ...)
+ TODO: check
CVE-2022-45002
RESERVED
CVE-2022-45001
@@ -35793,8 +35830,8 @@ CVE-2022-43865
RESERVED
CVE-2022-43864 (IBM Business Automation Workflow 22.0.2 could allow a remote attacker ...)
NOT-FOR-US: IBM
-CVE-2022-43863
- RESERVED
+CVE-2022-43863 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, all ...)
+ TODO: check
CVE-2022-43862
RESERVED
CVE-2022-43861
@@ -73980,8 +74017,8 @@ CVE-2022-30039
RESERVED
CVE-2022-30038
RESERVED
-CVE-2022-30037
- RESERVED
+CVE-2022-30037 (XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP fi ...)
+ TODO: check
CVE-2022-30036 (MA Lighting grandMA2 Light has a password of root for the root account ...)
NOT-FOR-US: MA Lighting grandMA2 Light
CVE-2022-30035
@@ -78506,8 +78543,8 @@ CVE-2022-28496
RESERVED
CVE-2022-28495
RESERVED
-CVE-2022-28494
- RESERVED
+CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...)
+ TODO: check
CVE-2022-28493
RESERVED
CVE-2022-28492
@@ -98037,8 +98074,8 @@ CVE-2022-22514 (An authenticated, remote attacker can gain access to a dereferen
NOT-FOR-US: CODESYS
CVE-2022-22513 (An authenticated remote attacker can cause a null pointer dereference ...)
NOT-FOR-US: CODESYS
-CVE-2022-22512
- RESERVED
+CVE-2022-22512 (Hard-coded credentials in Web-UI of multiple VARTA Storage products in ...)
+ TODO: check
CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected ...)
NOT-FOR-US: VDE
CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
@@ -313553,7 +313590,7 @@ CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ..
NOT-FOR-US: Zoho
CVE-2018-18261 (In waimai Super Cms 20150505, there is an XSS vulnerability via the /a ...)
NOT-FOR-US: waimai Super Cms
-CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Th ...)
+CVE-2018-18260 (** DISPUTED ** In the 2.4 version of Camaleon CMS, Stored XSS has been ...)
NOT-FOR-US: Camaleon CMS
CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA CMS softw ...)
NOT-FOR-US: LUYA CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/674a89c0b832ef098fb1e1c3394128902b1b0e64
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/674a89c0b832ef098fb1e1c3394128902b1b0e64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230323/5287af82/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list