[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 4 09:12:45 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
602c8dd4 by security tracker role at 2023-05-04T08:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -801,8 +801,8 @@ CVE-2023-31101
RESERVED
CVE-2023-31100
RESERVED
-CVE-2023-31099
- RESERVED
+CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an authenticated use ...)
+ TODO: check
CVE-2023-31098
RESERVED
CVE-2023-31097
@@ -1437,8 +1437,8 @@ CVE-2023-2184
RESERVED
CVE-2023-2183
RESERVED
-CVE-2023-2182
- RESERVED
+CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
CVE-2023-2181
RESERVED
CVE-2023-2180
@@ -2354,8 +2354,8 @@ CVE-2023-2071
RESERVED
CVE-2023-2070
RESERVED
-CVE-2023-2069
- RESERVED
+CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2023-2068
RESERVED
CVE-2023-2067
@@ -2914,8 +2914,8 @@ CVE-2023-1967 (Keysight N8844A Data Analytics Web Service deserializes untrusted
NOT-FOR-US: Keysight N8844A Data Analytics Web Service
CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x contain ...)
NOT-FOR-US: Illumina
-CVE-2023-1965
- RESERVED
+CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
CVE-2023-30464
RESERVED
CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and subsequent ...)
@@ -3211,8 +3211,8 @@ CVE-2023-30333
RESERVED
CVE-2023-30332
RESERVED
-CVE-2023-30331
- RESERVED
+CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows attackers to e ...)
+ TODO: check
CVE-2023-30330
RESERVED
CVE-2023-30329
@@ -3463,10 +3463,10 @@ CVE-2023-30207
RESERVED
CVE-2023-30206
RESERVED
-CVE-2023-30205
- RESERVED
-CVE-2023-30204
- RESERVED
+CVE-2023-30205 (A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allow ...)
+ TODO: check
+CVE-2023-30204 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2023-30203
RESERVED
CVE-2023-30202
@@ -3720,8 +3720,8 @@ CVE-2023-30079
RESERVED
CVE-2023-30078
RESERVED
-CVE-2023-30077
- RESERVED
+CVE-2023-30077 (Judging Management System v1.0 by oretnom23 was discovered to vulnerab ...)
+ TODO: check
CVE-2023-30076 (Sourcecodester Judging Management System v1.0 is vulnerable to SQL Inj ...)
NOT-FOR-US: Sourcecodester Judging Management System
CVE-2023-30075
@@ -4191,8 +4191,8 @@ CVE-2023-29844
RESERVED
CVE-2023-29843
RESERVED
-CVE-2023-29842
- RESERVED
+CVE-2023-29842 (ChirchCRm 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQ ...)
+ TODO: check
CVE-2023-29841
RESERVED
CVE-2023-29840
@@ -5884,8 +5884,8 @@ CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drive
NOTE: https://git.kernel.org/linus/fb4554c2232e44d595920f4d5c66cf8f7d13f9bc (5.18)
CVE-2023-1837
RESERVED
-CVE-2023-1836
- RESERVED
+CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
+ TODO: check
CVE-2023-1835
RESERVED
CVE-2023-1834
@@ -10176,8 +10176,8 @@ CVE-2023-28001
RESERVED
CVE-2023-28000
RESERVED
-CVE-2023-27999
- RESERVED
+CVE-2023-27999 (An improper neutralization of special elements used in an OS command v ...)
+ TODO: check
CVE-2023-27998
RESERVED
CVE-2023-27997
@@ -10188,8 +10188,8 @@ CVE-2023-27995 (A improper neutralization of special elements used in a template
NOT-FOR-US: FortiGuard
CVE-2023-27994
RESERVED
-CVE-2023-27993
- RESERVED
+CVE-2023-27993 (A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 ...)
+ TODO: check
CVE-2023-27992
RESERVED
CVE-2023-27991 (The post-authentication command injection vulnerability in the CLI com ...)
@@ -10467,8 +10467,8 @@ CVE-2023-22434
RESERVED
CVE-2023-1266
RESERVED
-CVE-2023-1265
- RESERVED
+CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.139 ...)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
@@ -10772,8 +10772,8 @@ CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a fi
NOT-FOR-US: NETGEAR
CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cr ...)
NOT-FOR-US: NETGEAR
-CVE-2023-1204
- RESERVED
+CVE-2023-1204 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...)
NOT-FOR-US: Devolutions
CVE-2023-1202 (Permission bypass when importing or synchronizing entriesin User vault ...)
@@ -11364,8 +11364,8 @@ CVE-2023-27606
RESERVED
CVE-2023-27605
RESERVED
-CVE-2023-1178
- RESERVED
+CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ TODO: check
CVE-2023-27604
RESERVED
CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn materia ...)
@@ -11481,8 +11481,8 @@ CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL inje
NOT-FOR-US: PrestaShop
CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL injection v ...)
NOT-FOR-US: PrestaShop
-CVE-2023-27568
- RESERVED
+CVE-2023-27568 (SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for ...)
+ TODO: check
CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf ...)
NOT-FOR-US: OpenBSD
CVE-2023-27566 (Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write ...)
@@ -12915,8 +12915,8 @@ CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote a
NOT-FOR-US: 360 D901
CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows a ...)
NOT-FOR-US: Tenda
-CVE-2023-27075
- RESERVED
+CVE-2023-27075 (A cross-site scripting vulnerability (XSS) in the component microbin/s ...)
+ TODO: check
CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain a SQL i ...)
NOT-FOR-US: BP Monitoring Management System
CVE-2023-27073 (A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1. ...)
@@ -15154,8 +15154,8 @@ CVE-2023-26205
RESERVED
CVE-2023-26204
RESERVED
-CVE-2023-26203
- RESERVED
+CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F ...)
+ TODO: check
CVE-2023-26202
RESERVED
CVE-2023-26201
@@ -15310,8 +15310,8 @@ CVE-2023-26127
RESERVED
CVE-2023-26126
RESERVED
-CVE-2023-26125
- RESERVED
+CVE-2023-26125 (Versions of the package github.com/gin-gonic/gin before 1.9.0 are vuln ...)
+ TODO: check
CVE-2023-26124
RESERVED
CVE-2023-26123 (Versions of the package raysan5/raylib before 4.5.0 are vulnerable to ...)
@@ -15852,8 +15852,8 @@ CVE-2023-25936
RESERVED
CVE-2023-25935
RESERVED
-CVE-2023-25934
- RESERVED
+CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...)
+ TODO: check
CVE-2023-25933
RESERVED
CVE-2023-25756
@@ -16689,8 +16689,8 @@ CVE-2023-25692 (Improper Input Validation vulnerability in the Apache Airflow Go
NOT-FOR-US: Apache Airflow Google Provider
CVE-2023-25691 (Improper Input Validation vulnerability in the Apache Airflow Google P ...)
NOT-FOR-US: Apache Airflow Google Provider
-CVE-2023-0805
- RESERVED
+CVE-2023-0805 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
{DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
@@ -17091,8 +17091,8 @@ CVE-2023-25177
RESERVED
CVE-2023-24014
RESERVED
-CVE-2023-0756
- RESERVED
+CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...)
+ TODO: check
CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...)
NOT-FOR-US: PTC
CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wraparo ...)
@@ -17639,8 +17639,8 @@ CVE-2023-25440
RESERVED
CVE-2023-25439
RESERVED
-CVE-2023-25438
- RESERVED
+CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...)
+ TODO: check
CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H ...)
NOT-FOR-US: vTech
CVE-2023-25436
@@ -20319,8 +20319,8 @@ CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not pro
NOT-FOR-US: WordPress plugin
CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...)
NOT-FOR-US: VitalPBX
-CVE-2023-0485
- RESERVED
+CVE-2023-0485 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Block ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -25076,8 +25076,8 @@ CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does
NOT-FOR-US: WordPress plugin
CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0155
- RESERVED
+CVE-2023-0155 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
+ TODO: check
CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...)
@@ -26065,8 +26065,8 @@ CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena ve
NOTE: https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
CVE-2023-22652
RESERVED
-CVE-2023-22651
- RESERVED
+CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher allows Pri ...)
+ TODO: check
CVE-2023-22650
RESERVED
CVE-2023-22649
@@ -26087,14 +26087,14 @@ CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in Fo
NOT-FOR-US: Fortinet
CVE-2023-22641 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
NOT-FOR-US: Fortinet
-CVE-2023-22640
- RESERVED
+CVE-2023-22640 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...)
+ TODO: check
CVE-2023-22639
RESERVED
CVE-2023-22638 (Several improper neutralization of inputs during web page generation v ...)
NOT-FOR-US: FortiGuard
-CVE-2023-22637
- RESERVED
+CVE-2023-22637 (An improper neutralization of input during web page generation ('Cross ...)
+ TODO: check
CVE-2023-22636 (An unauthorized configuration download vulnerability in FortiWeb 6.3.6 ...)
NOT-FOR-US: Fortinet
CVE-2023-22635 (A download of code without Integrity check vulnerability [CWE-494] in ...)
@@ -28752,8 +28752,8 @@ CVE-2022-47759
RESERVED
CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allo ...)
NOT-FOR-US: Nanoleaf
-CVE-2022-47757
- RESERVED
+CVE-2022-47757 (In imo.im 2022.11.1051, a path traversal vulnerability delivered via a ...)
+ TODO: check
CVE-2022-47756
RESERVED
CVE-2022-47755
@@ -32685,8 +32685,8 @@ CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in
NOTE: https://lore.kernel.org/all/1670885411-10060-1-git-send-email-dai.ngo@oracle.com/
CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has been dec ...)
NOT-FOR-US: S-CMS
-CVE-2022-4376
- RESERVED
+CVE-2022-4376 (An issue has been discovered in GitLab affecting all versions before 1 ...)
+ TODO: check
CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem ...)
{DLA-3245-1 DLA-3244-1}
- linux 6.0.12-1
@@ -35716,12 +35716,12 @@ CVE-2022-45862
RESERVED
CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL ...)
NOT-FOR-US: Fortinet
-CVE-2022-45860
- RESERVED
-CVE-2022-45859
- RESERVED
-CVE-2022-45858
- RESERVED
+CVE-2022-45860 (A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7 ...)
+ TODO: check
+CVE-2022-45859 (An insufficiently protected credentials vulnerability [CWE-522] in For ...)
+ TODO: check
+CVE-2022-45858 (A use of a weak cryptographic algorithm vulnerability [CWE-327] in For ...)
+ TODO: check
CVE-2022-45857 (An incorrect user management vulnerability [CWE-286] in the FortiManag ...)
NOT-FOR-US: Fortinet
CVE-2022-45856
@@ -43862,8 +43862,8 @@ CVE-2022-43952 (An improper neutralization of input during web page generation (
NOT-FOR-US: Fortinet
CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
NOT-FOR-US: Fortinet
-CVE-2022-43950
- RESERVED
+CVE-2022-43950 (A URL redirection to untrusted site ('Open Redirect') vulnerability [C ...)
+ TODO: check
CVE-2022-43949
RESERVED
CVE-2022-43948 (A improper neutralization of special elements used in an os command (' ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/602c8dd42b71f940868f9f0abb911a344264799a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/602c8dd42b71f940868f9f0abb911a344264799a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230504/38161a7b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list