[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 23 20:10:33 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bcbf43fd by security tracker role at 2023-03-23T20:10:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,141 @@
+CVE-2023-28807
+	RESERVED
+CVE-2023-28806
+	RESERVED
+CVE-2023-28805
+	RESERVED
+CVE-2023-28804
+	RESERVED
+CVE-2023-28803
+	RESERVED
+CVE-2023-28802
+	RESERVED
+CVE-2023-28801
+	RESERVED
+CVE-2023-28800
+	RESERVED
+CVE-2023-28799
+	RESERVED
+CVE-2023-28798
+	RESERVED
+CVE-2023-28797
+	RESERVED
+CVE-2023-28796
+	RESERVED
+CVE-2023-28795
+	RESERVED
+CVE-2023-28794
+	RESERVED
+CVE-2023-28793
+	RESERVED
+CVE-2023-28792
+	RESERVED
+CVE-2023-28791
+	RESERVED
+CVE-2023-28790
+	RESERVED
+CVE-2023-28789
+	RESERVED
+CVE-2023-28788
+	RESERVED
+CVE-2023-28787
+	RESERVED
+CVE-2023-28786
+	RESERVED
+CVE-2023-28785
+	RESERVED
+CVE-2023-28784
+	RESERVED
+CVE-2023-28783
+	RESERVED
+CVE-2023-28782
+	RESERVED
+CVE-2023-28781
+	RESERVED
+CVE-2023-28780
+	RESERVED
+CVE-2023-28779
+	RESERVED
+CVE-2023-28778
+	RESERVED
+CVE-2023-28777
+	RESERVED
+CVE-2023-28776
+	RESERVED
+CVE-2023-28775
+	RESERVED
+CVE-2023-28774
+	RESERVED
+CVE-2023-28773
+	RESERVED
+CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf ...)
+	TODO: check
+CVE-2023-28771
+	RESERVED
+CVE-2023-28770
+	RESERVED
+CVE-2023-28769
+	RESERVED
+CVE-2023-28768
+	RESERVED
+CVE-2023-28767
+	RESERVED
+CVE-2023-28766
+	RESERVED
+CVE-2023-25180
+	RESERVED
+CVE-2023-24593
+	RESERVED
+CVE-2023-1613
+	RESERVED
+CVE-2023-1612
+	RESERVED
+CVE-2023-1611
+	RESERVED
+CVE-2023-1610
+	RESERVED
+CVE-2023-1609
+	RESERVED
+CVE-2023-1608
+	RESERVED
+CVE-2023-1607
+	RESERVED
+CVE-2023-1606 (A vulnerability was found in novel-plus 3.6.2 and classified as critic ...)
+	TODO: check
+CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.8. ...)
+	TODO: check
+CVE-2023-1604
+	RESERVED
+CVE-2023-1603 (Permission bypass when importing or synchronizing entries in User vaul ...)
+	TODO: check
+CVE-2023-1602
+	RESERVED
+CVE-2023-1601
+	RESERVED
+CVE-2023-1600
+	RESERVED
+CVE-2023-1599
+	RESERVED
+CVE-2023-1598
+	RESERVED
+CVE-2023-1597
+	RESERVED
+CVE-2023-1596
+	RESERVED
+CVE-2023-1595 (A vulnerability has been found in novel-plus 3.6.2 and classified as c ...)
+	TODO: check
+CVE-2023-1594 (A vulnerability, which was classified as critical, was found in novel- ...)
+	TODO: check
+CVE-2023-1593 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-1592 (A vulnerability classified as critical was found in SourceCodester Aut ...)
+	TODO: check
+CVE-2023-1591 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2023-1590 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
+	TODO: check
+CVE-2023-1589 (A vulnerability has been found in SourceCodester Online Tours & Tr ...)
+	TODO: check
 CVE-2023-XXXX [RUSTSEC-2022-0092]
 	- rust-rmp-serde 1.1.1-1
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0092.html
@@ -250,56 +388,39 @@ CVE-2023-28686 [Insufficient message sender validation in Dino]
 	NOTE: Fixed by: https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec
 CVE-2023-28685 (Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28684
-	RESERVED
+CVE-2023-28684 (Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not conf ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28683
-	RESERVED
+CVE-2023-28683 (Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not con ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28682
-	RESERVED
+CVE-2023-28682 (Jenkins Performance Publisher Plugin 8.09 and earlier does not configu ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28681
-	RESERVED
+CVE-2023-28681 (Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not con ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28680
-	RESERVED
+CVE-2023-28680 (Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parse ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28679
-	RESERVED
+CVE-2023-28679 (Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28678
-	RESERVED
+CVE-2023-28678 (Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names fr ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28677
-	RESERVED
+CVE-2023-28677 (Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string c ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28676
-	RESERVED
+CVE-2023-28676 (A cross-site request forgery (CSRF) vulnerability in Jenkins Convert T ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28675
-	RESERVED
+CVE-2023-28675 (A missing permission check in Jenkins OctoPerf Load Testing Plugin Plu ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28674
-	RESERVED
+CVE-2023-28674 (A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28673
-	RESERVED
+CVE-2023-28673 (A missing permission check in Jenkins OctoPerf Load Testing Plugin Plu ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28672
-	RESERVED
+CVE-2023-28672 (Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28671
-	RESERVED
+CVE-2023-28671 (A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28670
-	RESERVED
+CVE-2023-28670 (Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not esca ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28669
-	RESERVED
+CVE-2023-28669 (Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and meth ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-28668
-	RESERVED
+CVE-2023-28668 (Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 an ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-28667 (The Lead Generated WordPress Plugin, version <= 1.23, was affected  ...)
 	NOT-FOR-US: WordPress plugin
@@ -338,24 +459,31 @@ CVE-2023-1536 (Cross-site Scripting (XSS) - Stored in GitHub repository answerde
 CVE-2023-1535 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
 	NOT-FOR-US: answer
 CVE-2023-1534 (Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 a ...)
+	{DSA-5377-1}
 	- chromium 111.0.5563.110-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-1533 (Use after free in WebProtect in Google Chrome prior to 111.0.5563.110  ...)
+	{DSA-5377-1}
 	- chromium 111.0.5563.110-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-1532 (Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.1 ...)
+	{DSA-5377-1}
 	- chromium 111.0.5563.110-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-1531 (Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allow ...)
+	{DSA-5377-1}
 	- chromium 111.0.5563.110-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-1530 (Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed ...)
+	{DSA-5377-1}
 	- chromium 111.0.5563.110-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-1529 (Out of bounds memory access in WebHID in Google Chrome prior to 111.0. ...)
+	{DSA-5377-1}
 	- chromium 111.0.5563.110-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-1528 (Use after free in Passwords in Google Chrome prior to 111.0.5563.110 a ...)
+	{DSA-5377-1}
 	- chromium 111.0.5563.110-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/cor ...)
@@ -524,8 +652,8 @@ CVE-2023-28612
 	RESERVED
 CVE-2023-28611
 	RESERVED
-CVE-2023-28610
-	RESERVED
+CVE-2023-28610 (The update process in OMICRON StationGuard and OMICRON StationScout be ...)
+	TODO: check
 CVE-2023-28609 (api/auth.go in Ansible Semaphore before 2.8.89 mishandles authenticati ...)
 	NOT-FOR-US: Ansible Semaphore
 CVE-2023-1495 (A vulnerability classified as critical was found in Rebuild up to 3.2. ...)
@@ -1097,8 +1225,8 @@ CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versi
 	TODO: check
 CVE-2023-28427
 	RESERVED
-CVE-2023-28426 (savg-sanitizer is a PHP SVG/XML Sanitizer. A bypass has been found in  ...)
-	TODO: check
+CVE-2023-28426
+	REJECTED
 CVE-2023-28425 (Redis is an in-memory database that persists on disk. Starting in vers ...)
 	- redis <unfixed> (bug #1033340)
 	[bullseye] - redis <not-affected> (Vulnerable code not present)
@@ -1109,8 +1237,8 @@ CVE-2023-28424 (Soko if the code that powers packages.gentoo.org. Prior to versi
 	NOT-FOR-US: Soko
 CVE-2023-28423
 	RESERVED
-CVE-2023-28422
-	RESERVED
+CVE-2023-28422 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Mage ...)
+	TODO: check
 CVE-2023-28421
 	RESERVED
 CVE-2023-28420
@@ -1247,8 +1375,8 @@ CVE-2023-1412
 	RESERVED
 CVE-2023-1411
 	RESERVED
-CVE-2023-1410
-	RESERVED
+CVE-2023-1410 (Grafana is an open-source platform for monitoring and observability. G ...)
+	TODO: check
 CVE-2023-1409
 	RESERVED
 CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfr ...)
@@ -3113,8 +3241,8 @@ CVE-2023-1204
 	RESERVED
 CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...)
 	NOT-FOR-US: Devolutions
-CVE-2023-1202
-	RESERVED
+CVE-2023-1202 (Permission bypass when importing or synchronizing entries in User vaul ...)
+	TODO: check
 CVE-2023-1201 (Improper access control in the secure messages feature in Devolutions  ...)
 	NOT-FOR-US: Devolutions
 CVE-2023-1200 (A vulnerability was found in ehuacui bbs. It has been declared as prob ...)
@@ -3578,8 +3706,8 @@ CVE-2023-27657
 	RESERVED
 CVE-2023-27656
 	RESERVED
-CVE-2023-27655
-	RESERVED
+CVE-2023-27655 (xpdf v4.04 was discovered to contain a stack overflow in the component ...)
+	TODO: check
 CVE-2023-27654
 	RESERVED
 CVE-2023-27653
@@ -5081,8 +5209,8 @@ CVE-2023-27137
 	RESERVED
 CVE-2023-27136
 	RESERVED
-CVE-2023-27135
-	RESERVED
+CVE-2023-27135 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+	TODO: check
 CVE-2023-27134
 	RESERVED
 CVE-2023-27133
@@ -5182,8 +5310,8 @@ CVE-2023-27096
 	RESERVED
 CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3  ...)
 	NOT-FOR-US: Hippo4j
-CVE-2023-27094
-	RESERVED
+CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escala ...)
+	TODO: check
 CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...)
 	NOT-FOR-US: My-Blog
 CVE-2023-27092
@@ -5212,12 +5340,12 @@ CVE-2023-27081
 	RESERVED
 CVE-2023-27080
 	RESERVED
-CVE-2023-27079
-	RESERVED
-CVE-2023-27078
-	RESERVED
-CVE-2023-27077
-	RESERVED
+CVE-2023-27079 (Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an ...)
+	TODO: check
+CVE-2023-27078 (A command injection issue was found in TP-Link MR3020 v.1_150921 that  ...)
+	TODO: check
+CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote attacke ...)
+	TODO: check
 CVE-2023-27076
 	RESERVED
 CVE-2023-27075
@@ -7918,8 +8046,8 @@ CVE-2023-26010
 	RESERVED
 CVE-2023-26009
 	RESERVED
-CVE-2023-26008
-	RESERVED
+CVE-2023-26008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...)
+	TODO: check
 CVE-2023-26007
 	RESERVED
 CVE-2023-26006
@@ -7950,8 +8078,8 @@ CVE-2023-25994
 	RESERVED
 CVE-2023-25993
 	RESERVED
-CVE-2023-25992
-	RESERVED
+CVE-2023-25992 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...)
+	TODO: check
 CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25990
@@ -9796,8 +9924,8 @@ CVE-2023-25458
 	RESERVED
 CVE-2023-25457
 	RESERVED
-CVE-2023-25456
-	RESERVED
+CVE-2023-25456 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klav ...)
+	TODO: check
 CVE-2023-25455
 	RESERVED
 CVE-2023-25454
@@ -13997,8 +14125,8 @@ CVE-2023-23866
 	RESERVED
 CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins St ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23864
-	RESERVED
+CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Micha ...)
+	TODO: check
 CVE-2023-23863
 	RESERVED
 CVE-2023-23862
@@ -14481,8 +14609,8 @@ CVE-2023-23730
 	RESERVED
 CVE-2023-23729
 	RESERVED
-CVE-2023-23728
-	RESERVED
+CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwa ...)
+	TODO: check
 CVE-2023-23727
 	RESERVED
 CVE-2023-23726
@@ -14493,8 +14621,8 @@ CVE-2023-23724
 	RESERVED
 CVE-2023-23723
 	RESERVED
-CVE-2023-23722
-	RESERVED
+CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
+	TODO: check
 CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...)
 	NOT-FOR-US: David Gwyer Admin Log
 CVE-2023-23720
@@ -14523,8 +14651,8 @@ CVE-2023-23709
 	RESERVED
 CVE-2023-23708
 	RESERVED
-CVE-2023-23707
-	RESERVED
+CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
 CVE-2023-23706
 	RESERVED
 CVE-2023-23705
@@ -14684,8 +14812,8 @@ CVE-2023-23652
 	RESERVED
 CVE-2023-23651
 	RESERVED
-CVE-2023-23650
-	RESERVED
+CVE-2023-23650 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2023-23649
 	RESERVED
 CVE-2023-23648
@@ -17691,16 +17819,16 @@ CVE-2023-22718
 	RESERVED
 CVE-2023-22717
 	RESERVED
-CVE-2023-22716
-	RESERVED
-CVE-2023-22715
-	RESERVED
+CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam A ...)
+	TODO: check
+CVE-2023-22715 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaM ...)
+	TODO: check
 CVE-2023-22714
 	RESERVED
 CVE-2023-22713
 	RESERVED
-CVE-2023-22712
-	RESERVED
+CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-22711
 	RESERVED
 CVE-2023-22710
@@ -17715,12 +17843,12 @@ CVE-2023-22706
 	RESERVED
 CVE-2023-22705
 	RESERVED
-CVE-2023-22704
-	RESERVED
+CVE-2023-22704 (Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler  ...)
+	TODO: check
 CVE-2023-22703
 	RESERVED
-CVE-2023-22702
-	RESERVED
+CVE-2023-22702 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMob ...)
+	TODO: check
 CVE-2023-22701
 	RESERVED
 CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...)
@@ -20918,8 +21046,8 @@ CVE-2022-47591 (Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Au
 	TODO: check
 CVE-2022-47590
 	RESERVED
-CVE-2022-47589
-	RESERVED
+CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this ...)
+	TODO: check
 CVE-2022-47588
 	RESERVED
 CVE-2022-47587
@@ -22625,8 +22753,8 @@ CVE-2022-47433
 	RESERVED
 CVE-2022-47432
 	RESERVED
-CVE-2022-47431
-	RESERVED
+CVE-2022-47431 (Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor inter ...)
+	TODO: check
 CVE-2022-47430
 	RESERVED
 CVE-2022-47429
@@ -23523,8 +23651,8 @@ CVE-2022-47175
 	RESERVED
 CVE-2022-47174
 	RESERVED
-CVE-2022-47173
-	RESERVED
+CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...)
+	TODO: check
 CVE-2022-47172
 	RESERVED
 CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -23579,8 +23707,8 @@ CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technol
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47146
 	RESERVED
-CVE-2022-47145
-	RESERVED
+CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...)
+	TODO: check
 CVE-2022-47144
 	RESERVED
 CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple  ...)
@@ -24750,8 +24878,8 @@ CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 unseriali
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2018-25048
-	RESERVED
+CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote low p ...)
+	TODO: check
 CVE-2023-21673
 	RESERVED
 CVE-2023-21672
@@ -26173,8 +26301,8 @@ CVE-2022-46340 (A vulnerability was found in X.Org. This security flaw occurs be
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63
 CVE-2022-46339
 	RESERVED
-CVE-2022-4224
-	RESERVED
+CVE-2022-4224 (In multiple products of CODESYS v3 in multiple versions a remote low p ...)
+	TODO: check
 CVE-2022-4223 (The pgAdmin server includes an HTTP API that is intended to be used to ...)
 	- pgadmin4 <itp> (bug #834129)
 CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...)
@@ -27510,8 +27638,8 @@ CVE-2022-45845
 	RESERVED
 CVE-2022-45844
 	RESERVED
-CVE-2022-45843
-	RESERVED
+CVE-2022-45843 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Next ...)
+	TODO: check
 CVE-2022-45842 (Unauth. Race Condition vulnerability in WP ULike Plugin <= 4.6.4 on ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45841
@@ -30748,8 +30876,8 @@ CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. T
 	NOT-FOR-US: Acronis
 CVE-2022-44743
 	RESERVED
-CVE-2022-44742
-	RESERVED
+CVE-2022-44742 (Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Le ...)
+	TODO: check
 CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative ...)
@@ -34441,10 +34569,10 @@ CVE-2023-20561
 	RESERVED
 CVE-2023-20560
 	RESERVED
-CVE-2023-20559
-	RESERVED
-CVE-2023-20558
-	RESERVED
+CVE-2023-20559 (Insufficient control flow management in AmdCpmGpioInitSmm may allow a  ...)
+	TODO: check
+CVE-2023-20558 (Insufficient control flow management in AmdCpmOemSmm may allow a privi ...)
+	TODO: check
 CVE-2023-20557
 	RESERVED
 CVE-2023-20556
@@ -35333,10 +35461,10 @@ CVE-2023-20115
 	RESERVED
 CVE-2023-20114
 	RESERVED
-CVE-2023-20113
-	RESERVED
-CVE-2023-20112
-	RESERVED
+CVE-2023-20113 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
+	TODO: check
+CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow an una ...)
+	TODO: check
 CVE-2023-20111
 	RESERVED
 CVE-2023-20110
@@ -35345,8 +35473,8 @@ CVE-2023-20109
 	RESERVED
 CVE-2023-20108
 	RESERVED
-CVE-2023-20107
-	RESERVED
+CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG), also ...)
+	TODO: check
 CVE-2023-20106
 	RESERVED
 CVE-2023-20105
@@ -35359,14 +35487,14 @@ CVE-2023-20102
 	RESERVED
 CVE-2023-20101
 	RESERVED
-CVE-2023-20100
-	RESERVED
+CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the Contro ...)
+	TODO: check
 CVE-2023-20099
 	RESERVED
 CVE-2023-20098
 	RESERVED
-CVE-2023-20097
-	RESERVED
+CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could allow an au ...)
+	TODO: check
 CVE-2023-20096
 	RESERVED
 CVE-2023-20095
@@ -35395,12 +35523,12 @@ CVE-2023-20084
 	RESERVED
 CVE-2023-20083
 	RESERVED
-CVE-2023-20082
-	RESERVED
-CVE-2023-20081
-	RESERVED
-CVE-2023-20080
-	RESERVED
+CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Serie ...)
+	TODO: check
+CVE-2023-20081 (A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adapt ...)
+	TODO: check
+CVE-2023-20080 (A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server f ...)
+	TODO: check
 CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface of cert ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...)
@@ -35415,8 +35543,8 @@ CVE-2023-20074
 	RESERVED
 CVE-2023-20073
 	RESERVED
-CVE-2023-20072
-	RESERVED
+CVE-2023-20072 (A vulnerability in the fragmentation handling code of tunnel protocol  ...)
+	TODO: check
 CVE-2023-20071
 	RESERVED
 CVE-2023-20070
@@ -35425,12 +35553,12 @@ CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco P
 	NOT-FOR-US: Cisco
 CVE-2023-20068
 	RESERVED
-CVE-2023-20067
-	RESERVED
-CVE-2023-20066
-	RESERVED
-CVE-2023-20065
-	RESERVED
+CVE-2023-20067 (A vulnerability in the HTTP-based client profiling feature of Cisco IO ...)
+	TODO: check
+CVE-2023-20066 (A vulnerability in the web UI of Cisco IOS XE Software could allow an  ...)
+	TODO: check
+CVE-2023-20065 (A vulnerability in the Cisco IOx application hosting subsystem of Cisc ...)
+	TODO: check
 CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS X ...)
 	NOT-FOR-US: Cisco's use of GRUB
 CVE-2023-20063
@@ -35441,16 +35569,16 @@ CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center co
 	NOT-FOR-US: Cisco
 CVE-2023-20060
 	RESERVED
-CVE-2023-20059
-	RESERVED
+CVE-2023-20059 (A vulnerability in the implementation of the Cisco Network Plug-and-Pl ...)
+	TODO: check
 CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20057 (A vulnerability in the URL filtering mechanism of Cisco AsyncOS Softwa ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20056
-	RESERVED
-CVE-2023-20055
-	RESERVED
+CVE-2023-20056 (A vulnerability in the management CLI of Cisco access point (AP) softw ...)
+	TODO: check
+CVE-2023-20055 (A vulnerability in the management API of Cisco DNA Center could allow  ...)
+	TODO: check
 CVE-2023-20054
 	RESERVED
 CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco Nexus D ...)
@@ -35492,8 +35620,8 @@ CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could allow
 	NOT-FOR-US: Cisco
 CVE-2023-20036
 	RESERVED
-CVE-2023-20035
-	RESERVED
+CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+	TODO: check
 CVE-2023-20034
 	RESERVED
 CVE-2023-20033
@@ -35508,12 +35636,12 @@ CVE-2023-20031
 	RESERVED
 CVE-2023-20030
 	RESERVED
-CVE-2023-20029
-	RESERVED
+CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS XE Softw ...)
+	TODO: check
 CVE-2023-20028
 	RESERVED
-CVE-2023-20027
-	RESERVED
+CVE-2023-20027 (A vulnerability in the implementation of the IPv4 Virtual Fragmentatio ...)
+	TODO: check
 CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco Small B ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco Small B ...)
@@ -78543,20 +78671,20 @@ CVE-2022-28499
 	RESERVED
 CVE-2022-28498
 	RESERVED
-CVE-2022-28497
-	RESERVED
-CVE-2022-28496
-	RESERVED
+CVE-2022-28497 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...)
+	TODO: check
+CVE-2022-28496 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a ...)
+	TODO: check
 CVE-2022-28495
 	RESERVED
 CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...)
 	TODO: check
-CVE-2022-28493
-	RESERVED
-CVE-2022-28492
-	RESERVED
-CVE-2022-28491
-	RESERVED
+CVE-2022-28493 (A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start  ...)
+	TODO: check
+CVE-2022-28492 (TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attacke ...)
+	TODO: check
+CVE-2022-28491 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command inje ...)
+	TODO: check
 CVE-2022-28490
 	RESERVED
 CVE-2022-28489



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcbf43fdffa6fba8afc6a02fa36e7dd0927d7129

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcbf43fdffa6fba8afc6a02fa36e7dd0927d7129
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230323/8be3e343/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list