[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 23 08:10:30 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
674a89c0 by security tracker role at 2023-03-23T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-28765
+	RESERVED
+CVE-2023-28764
+	RESERVED
+CVE-2023-28763
+	RESERVED
+CVE-2023-28762
+	RESERVED
+CVE-2023-28761
+	RESERVED
+CVE-2023-28760
+	RESERVED
+CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0. A vulnerabil ...)
+	TODO: check
+CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allo ...)
+	TODO: check
+CVE-2023-28757
+	RESERVED
+CVE-2023-28756
+	RESERVED
+CVE-2023-28755
+	RESERVED
+CVE-2023-28754
+	RESERVED
+CVE-2023-28753
+	RESERVED
+CVE-2023-28752
+	RESERVED
+CVE-2023-1588
+	RESERVED
+CVE-2023-1587
+	RESERVED
+CVE-2023-1586
+	RESERVED
+CVE-2023-1585
+	RESERVED
+CVE-2023-1584
+	RESERVED
 CVE-2023-28751
 	RESERVED
 CVE-2023-28750
@@ -257,24 +295,24 @@ CVE-2023-28669
 CVE-2023-28668
 	RESERVED
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28667
-	RESERVED
-CVE-2023-28666
-	RESERVED
-CVE-2023-28665
-	RESERVED
-CVE-2023-28664
-	RESERVED
-CVE-2023-28663
-	RESERVED
-CVE-2023-28662
-	RESERVED
-CVE-2023-28661
-	RESERVED
-CVE-2023-28660
-	RESERVED
-CVE-2023-28659
-	RESERVED
+CVE-2023-28667 (The Lead Generated WordPress Plugin, version <= 1.23, was affected  ...)
+	TODO: check
+CVE-2023-28666 (The InPost Gallery WordPress plugin, in versions < 2.2.2, is affect ...)
+	TODO: check
+CVE-2023-28665 (The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is ...)
+	TODO: check
+CVE-2023-28664 (The Meta Data and Taxonomies Filter WordPress plugin, in versions < ...)
+	TODO: check
+CVE-2023-28663 (The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affecte ...)
+	TODO: check
+CVE-2023-28662 (The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version  ...)
+	TODO: check
+CVE-2023-28661 (The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affecte ...)
+	TODO: check
+CVE-2023-28660 (The Events Made Easy WordPress Plugin, version <= 2.3.14 is affecte ...)
+	TODO: check
+CVE-2023-28659 (The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6. ...)
+	TODO: check
 CVE-2023-1543 (Insufficient Session Expiration in GitHub repository answerdev/answer  ...)
 	NOT-FOR-US: answer
 CVE-2023-1542 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...)
@@ -933,8 +971,8 @@ CVE-2023-28472
 	RESERVED
 CVE-2023-28471
 	RESERVED
-CVE-2023-28470
-	RESERVED
+CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is  ...)
+	TODO: check
 CVE-2023-28469
 	RESERVED
 CVE-2023-28468
@@ -1027,24 +1065,24 @@ CVE-2023-28441
 	RESERVED
 CVE-2023-28440
 	RESERVED
-CVE-2023-28439
-	RESERVED
-CVE-2023-28438
-	RESERVED
+CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
+	TODO: check
+CVE-2023-28438 (Pimcore is an open source data and experience management platform. Pri ...)
+	TODO: check
 CVE-2023-28437
 	RESERVED
 CVE-2023-28436
 	RESERVED
 CVE-2023-28435
 	RESERVED
-CVE-2023-28434
-	RESERVED
-CVE-2023-28433
-	RESERVED
-CVE-2023-28432
-	RESERVED
-CVE-2023-28431
-	RESERVED
+CVE-2023-28434 (Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023 ...)
+	TODO: check
+CVE-2023-28433 (Minio is a Multi-Cloud Object Storage framework. All users on Windows  ...)
+	TODO: check
+CVE-2023-28432 (Minio is a Multi-Cloud Object Storage framework. In a cluster deployme ...)
+	TODO: check
+CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. Frontier's  ...)
+	TODO: check
 CVE-2023-28430
 	RESERVED
 CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...)
@@ -2141,12 +2179,12 @@ CVE-2023-1348
 	RESERVED
 CVE-2023-1347
 	RESERVED
-CVE-2023-28119
-	RESERVED
+CVE-2023-28119 (The crewjam/saml go library contains a partial implementation of the S ...)
+	TODO: check
 CVE-2023-28118 (kaml provides YAML support for kotlinx.serialization. Prior to version ...)
 	NOT-FOR-US: kaml
-CVE-2023-28117
-	RESERVED
+CVE-2023-28117 (Sentry SDK is the official Python SDK for Sentry, real-time crash repo ...)
+	TODO: check
 CVE-2023-28116 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
 	NOT-FOR-US: Contiki-NG
 CVE-2023-28115 (Snappy is a PHP library allowing thumbnail, snapshot or PDF generation ...)
@@ -4771,10 +4809,10 @@ CVE-2023-1053 (A vulnerability was found in SourceCodester Music Gallery Site 1.
 	NOT-FOR-US: SourceCodester Music Gallery Site
 CVE-2023-1052
 	RESERVED
-CVE-2023-1051
-	RESERVED
-CVE-2023-1050
-	RESERVED
+CVE-2023-1051 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-1050 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
 CVE-2023-1049
 	RESERVED
 CVE-2023-XXXX [RUSTSEC-2023-0015]
@@ -4809,8 +4847,8 @@ CVE-2023-27251
 	RESERVED
 CVE-2023-27250 (Online Book Store Project v1.0 is vulnerable to SQL Injection via /boo ...)
 	NOT-FOR-US: Online Book Store Project
-CVE-2023-27249
-	RESERVED
+CVE-2023-27249 (swfdump v0.9.2 was discovered to contain a heap buffer overflow in the ...)
+	TODO: check
 CVE-2023-27248
 	RESERVED
 CVE-2023-27247
@@ -4859,8 +4897,8 @@ CVE-2023-27226
 	RESERVED
 CVE-2023-27225
 	RESERVED
-CVE-2023-27224
-	RESERVED
+CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an attacker to exe ...)
+	TODO: check
 CVE-2023-27223
 	RESERVED
 CVE-2023-27222
@@ -5126,8 +5164,8 @@ CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation violat
 	NOTE: https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1
 CVE-2023-27101
 	RESERVED
-CVE-2023-27100
-	RESERVED
+CVE-2023-27100 (Improper restriction of excessive authentication attempts in the SSHGu ...)
+	TODO: check
 CVE-2023-27099
 	RESERVED
 CVE-2023-27098
@@ -5206,8 +5244,8 @@ CVE-2023-27062 (Tenda V15V1.0 was discovered to contain a buffer overflow vulner
 	NOT-FOR-US: Tenda
 CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
 	NOT-FOR-US: Tenda
-CVE-2023-27060
-	RESERVED
+CVE-2023-27060 (LightCMS v1.3.7 was discovered to contain a remote code execution (RCE ...)
+	TODO: check
 CVE-2023-27059 (A cross-site scripting (XSS) vulnerability in the Edit Group function  ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2023-27058
@@ -5218,8 +5256,8 @@ CVE-2023-27056
 	RESERVED
 CVE-2023-27055
 	RESERVED
-CVE-2023-27054
-	RESERVED
+CVE-2023-27054 (A cross-site scripting (XSS) vulnerability in MiroTalk P2P before comm ...)
+	TODO: check
 CVE-2023-27053
 	RESERVED
 CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL injection vulner ...)
@@ -6500,12 +6538,12 @@ CVE-2023-26500
 	RESERVED
 CVE-2023-26499
 	RESERVED
-CVE-2023-26498
-	RESERVED
+CVE-2023-26498 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
+	TODO: check
 CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
 	NOT-FOR-US: Samsung
-CVE-2023-26496
-	RESERVED
+CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
+	TODO: check
 CVE-2023-26495
 	RESERVED
 CVE-2023-26494
@@ -7526,8 +7564,8 @@ CVE-2023-26116
 	RESERVED
 CVE-2023-26115
 	RESERVED
-CVE-2023-26114
-	RESERVED
+CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable to Mi ...)
+	TODO: check
 CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...)
 	TODO: check
 CVE-2023-26112
@@ -7593,8 +7631,8 @@ CVE-2023-26090
 	RESERVED
 CVE-2023-26089
 	RESERVED
-CVE-2023-26088
-	RESERVED
+CVE-2023-26088 (In Malwarebytes before 4.5.23, a symbolic link may be used delete any  ...)
+	TODO: check
 CVE-2023-26087
 	RESERVED
 CVE-2023-26086
@@ -11749,8 +11787,8 @@ CVE-2023-24657 (phpipam v1.6 was discovered to contain a reflected cross-site sc
 	- phpipam <itp> (bug #731713)
 CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was discovered to  ...)
 	NOT-FOR-US: Simple Customer Relationship Management System
-CVE-2023-24655
-	RESERVED
+CVE-2023-24655 (Simple Customer Relationship Management System v1.0 was discovered to  ...)
+	TODO: check
 CVE-2023-24654 (Simple Customer Relationship Management System v1.0 was discovered to  ...)
 	NOT-FOR-US: Simple Customer Relationship Management System
 CVE-2023-24653 (Simple Customer Relationship Management System v1.0 was discovered to  ...)
@@ -12763,8 +12801,8 @@ CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allow
 	NOT-FOR-US: UJCMS
 CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 20 allo ...)
 	NOT-FOR-US: Temenos
-CVE-2023-24367
-	RESERVED
+CVE-2023-24367 (Temenos T24 Release 20 was discovered to contain a reflected cross-sit ...)
+	TODO: check
 CVE-2023-24366
 	RESERVED
 CVE-2023-24365
@@ -14222,8 +14260,7 @@ CVE-2023-0388
 	RESERVED
 CVE-2023-0387
 	RESERVED
-CVE-2023-0386
-	RESERVED
+CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...)
 	- linux 6.1.11-1
 	NOTE: https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 (6.2-rc6)
 CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Re ...)
@@ -16016,8 +16053,8 @@ CVE-2023-23194
 	RESERVED
 CVE-2023-23193
 	RESERVED
-CVE-2023-23192
-	RESERVED
+CVE-2023-23192 (IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass ...)
+	TODO: check
 CVE-2023-23191
 	RESERVED
 CVE-2023-23190
@@ -30139,10 +30176,10 @@ CVE-2022-45006
 	RESERVED
 CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...)
 	NOT-FOR-US: IP-COM EW9
-CVE-2022-45004
-	RESERVED
-CVE-2022-45003
-	RESERVED
+CVE-2022-45004 (Gophish through 0.12.1 was discovered to contain a cross-site scriptin ...)
+	TODO: check
+CVE-2022-45003 (Gophish through 0.12.1 allows attackers to cause a Denial of Service ( ...)
+	TODO: check
 CVE-2022-45002
 	RESERVED
 CVE-2022-45001
@@ -35793,8 +35830,8 @@ CVE-2022-43865
 	RESERVED
 CVE-2022-43864 (IBM Business Automation Workflow 22.0.2 could allow a remote attacker  ...)
 	NOT-FOR-US: IBM
-CVE-2022-43863
-	RESERVED
+CVE-2022-43863 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, all ...)
+	TODO: check
 CVE-2022-43862
 	RESERVED
 CVE-2022-43861
@@ -73980,8 +74017,8 @@ CVE-2022-30039
 	RESERVED
 CVE-2022-30038
 	RESERVED
-CVE-2022-30037
-	RESERVED
+CVE-2022-30037 (XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP fi ...)
+	TODO: check
 CVE-2022-30036 (MA Lighting grandMA2 Light has a password of root for the root account ...)
 	NOT-FOR-US: MA Lighting grandMA2 Light
 CVE-2022-30035
@@ -78506,8 +78543,8 @@ CVE-2022-28496
 	RESERVED
 CVE-2022-28495
 	RESERVED
-CVE-2022-28494
-	RESERVED
+CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...)
+	TODO: check
 CVE-2022-28493
 	RESERVED
 CVE-2022-28492
@@ -98037,8 +98074,8 @@ CVE-2022-22514 (An authenticated, remote attacker can gain access to a dereferen
 	NOT-FOR-US: CODESYS
 CVE-2022-22513 (An authenticated remote attacker can cause a null pointer dereference  ...)
 	NOT-FOR-US: CODESYS
-CVE-2022-22512
-	RESERVED
+CVE-2022-22512 (Hard-coded credentials in Web-UI of multiple VARTA Storage products in ...)
+	TODO: check
 CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected  ...)
 	NOT-FOR-US: VDE
 CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
@@ -313553,7 +313590,7 @@ CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ..
 	NOT-FOR-US: Zoho
 CVE-2018-18261 (In waimai Super Cms 20150505, there is an XSS vulnerability via the /a ...)
 	NOT-FOR-US: waimai Super Cms
-CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Th ...)
+CVE-2018-18260 (** DISPUTED ** In the 2.4 version of Camaleon CMS, Stored XSS has been ...)
 	NOT-FOR-US: Camaleon CMS
 CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA CMS softw ...)
 	NOT-FOR-US: LUYA CMS



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/674a89c0b832ef098fb1e1c3394128902b1b0e64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/674a89c0b832ef098fb1e1c3394128902b1b0e64
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230323/5287af82/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list