[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 4 21:12:34 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1e017f6b by security tracker role at 2023-05-04T20:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,31 +1,55 @@
+CVE-2023-2524 (A vulnerability classified as critical has been found in Control iD RH ...)
+ TODO: check
+CVE-2023-2523 (A vulnerability was found in Weaver E-Office 9.5. It has been rated as ...)
+ TODO: check
+CVE-2023-2522 (A vulnerability was found in Chengdu VEC40G 3.0. It has been declared ...)
+ TODO: check
+CVE-2023-2521 (A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been class ...)
+ TODO: check
+CVE-2023-2520 (A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031 ...)
+ TODO: check
+CVE-2023-2519 (A vulnerability has been found in Caton CTP Relay Server 1.2.9 and cla ...)
+ TODO: check
+CVE-2017-20184 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
CVE-2023-2468 (Inappropriate implementation in PictureInPicture in Google Chrome prio ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2467 (Inappropriate implementation in Prompts in Google Chrome on Android pr ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2466 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2465 (Inappropriate implementation in CORS in Google Chrome prior to 113.0.5 ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2464 (Inappropriate implementation in PictureInPicture in Google Chrome prio ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2463 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2462 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2461 (Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113. ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2460 (Insufficient validation of untrusted input in Extensions in Google Chr ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2459 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...)
+ {DSA-5398-1}
- chromium 113.0.5672.63-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-32007 (** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibi ...)
@@ -273,8 +297,8 @@ CVE-2023-31286 (An issue was discovered in Serenity Serene (and StartSharp) befo
NOT-FOR-US: Serenity
CVE-2023-31285 (An XSS issue was discovered in Serenity Serene (and StartSharp) before ...)
NOT-FOR-US: Serenity
-CVE-2023-31284
- RESERVED
+CVE-2023-31284 (illumos illumos-gate before 676abcb has a stack buffer overflow in /de ...)
+ TODO: check
CVE-2023-31283
RESERVED
CVE-2023-31282
@@ -2214,8 +2238,8 @@ CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular
NOT-FOR-US: Gipsy
CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers build AI sol ...)
NOT-FOR-US: mindsdb
-CVE-2023-30619
- RESERVED
+CVE-2023-30619 (Tuleap Open ALM is a Libre and Open Source tool for end to end traceab ...)
+ TODO: check
CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...)
NOT-FOR-US: Kitchen-Terraform
CVE-2023-30617
@@ -2586,8 +2610,8 @@ CVE-2023-30552 (Archery is an open source SQL audit platform. The Archery projec
NOT-FOR-US: Archery
CVE-2023-30551
RESERVED
-CVE-2023-30550
- RESERVED
+CVE-2023-30550 (MeterSphere is an open source continuous testing platform, covering fu ...)
+ TODO: check
CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an ...)
- singularity-container <unfixed> (bug #1035026)
NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg
@@ -3340,16 +3364,16 @@ CVE-2023-30270
RESERVED
CVE-2023-30269 (CLTPHP <=6.0 is vulnerable to Improper Input Validation via applicatio ...)
NOT-FOR-US: CLTPHP
-CVE-2023-30268
- RESERVED
+CVE-2023-30268 (CLTPHP <=6.0 is vulnerable to Improper Input Validation.)
+ TODO: check
CVE-2023-30267 (CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via applicati ...)
NOT-FOR-US: CLTPHP
CVE-2023-30266 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangero ...)
NOT-FOR-US: CLTPHP
CVE-2023-30265 (CLTPHP <=6.0 is vulnerable to Directory Traversal.)
NOT-FOR-US: CLTPHP
-CVE-2023-30264
- RESERVED
+CVE-2023-30264 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangero ...)
+ TODO: check
CVE-2023-30263
RESERVED
CVE-2023-30262
@@ -3470,8 +3494,8 @@ CVE-2023-30205 (A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7
NOT-FOR-US: DouPHP
CVE-2023-30204 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Judging Management System
-CVE-2023-30203
- RESERVED
+CVE-2023-30203 (Judging Management System v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
CVE-2023-30202
RESERVED
CVE-2023-30201
@@ -3508,8 +3532,8 @@ CVE-2023-30186
RESERVED
CVE-2023-30185
RESERVED
-CVE-2023-30184
- RESERVED
+CVE-2023-30184 (A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 al ...)
+ TODO: check
CVE-2023-30183
REJECTED
NOT-FOR-US: Wangmarket CMS
@@ -3683,14 +3707,14 @@ CVE-2023-30099
RESERVED
CVE-2023-30098
RESERVED
-CVE-2023-30097
- RESERVED
-CVE-2023-30096
- RESERVED
-CVE-2023-30095
- RESERVED
-CVE-2023-30094
- RESERVED
+CVE-2023-30097 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...)
+ TODO: check
+CVE-2023-30096 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...)
+ TODO: check
+CVE-2023-30095 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...)
+ TODO: check
+CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 ...)
+ TODO: check
CVE-2023-30093
RESERVED
CVE-2023-30092
@@ -3885,12 +3909,12 @@ CVE-2023-29998
RESERVED
CVE-2023-29997
RESERVED
-CVE-2023-29996
- RESERVED
-CVE-2023-29995
- RESERVED
-CVE-2023-29994
- RESERVED
+CVE-2023-29996 (In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occur ...)
+ TODO: check
+CVE-2023-29995 (In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function ...)
+ TODO: check
+CVE-2023-29994 (In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqt ...)
+ TODO: check
CVE-2023-29993
RESERVED
CVE-2023-29992
@@ -4226,8 +4250,8 @@ CVE-2023-29829
RESERVED
CVE-2023-29828
RESERVED
-CVE-2023-29827
- RESERVED
+CVE-2023-29827 (ejs v3.1.9 is vulnerable to server-side template injection. If the ejs ...)
+ TODO: check
CVE-2023-29826
RESERVED
CVE-2023-29825
@@ -15686,20 +15710,20 @@ CVE-2023-26018
RESERVED
CVE-2023-26017 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blue ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26016
- RESERVED
+CVE-2023-26016 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauh ...)
+ TODO: check
CVE-2023-26015
RESERVED
CVE-2023-26014
RESERVED
CVE-2023-26013
RESERVED
-CVE-2023-26012
- RESERVED
+CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denz ...)
+ TODO: check
CVE-2023-26011
RESERVED
-CVE-2023-26010
- RESERVED
+CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
+ TODO: check
CVE-2023-26009
RESERVED
CVE-2023-26008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...)
@@ -15754,8 +15778,8 @@ CVE-2023-25984
RESERVED
CVE-2023-25983
RESERVED
-CVE-2023-25982
- RESERVED
+CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-25981
RESERVED
CVE-2023-25980
@@ -15764,8 +15788,8 @@ CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25978
RESERVED
-CVE-2023-25977
- RESERVED
+CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...)
+ TODO: check
CVE-2023-25976
RESERVED
CVE-2023-25975
@@ -15794,10 +15818,10 @@ CVE-2023-25964
RESERVED
CVE-2023-25963
RESERVED
-CVE-2023-25962
- RESERVED
-CVE-2023-25961
- RESERVED
+CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...)
+ TODO: check
+CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Th ...)
+ TODO: check
CVE-2023-25960
RESERVED
CVE-2023-25959
@@ -17605,8 +17629,8 @@ CVE-2023-25460
RESERVED
CVE-2023-25459
RESERVED
-CVE-2023-25458
- RESERVED
+CVE-2023-25458 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO ...)
+ TODO: check
CVE-2023-25457
RESERVED
CVE-2023-25456 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klav ...)
@@ -18873,8 +18897,8 @@ CVE-2023-24960 (IBM InfoSphere Information Server 11.7 could allow a remote atta
NOT-FOR-US: IBM
CVE-2023-24959
RESERVED
-CVE-2023-24958
- RESERVED
+CVE-2023-24958 (A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52 ...)
+ TODO: check
CVE-2023-24957
RESERVED
CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
@@ -23381,8 +23405,8 @@ CVE-2023-23472
RESERVED
CVE-2023-23471
RESERVED
-CVE-2023-23470
- RESERVED
+CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged a ...)
+ TODO: check
CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0. ...)
NOT-FOR-US: IBM
CVE-2023-23468
@@ -24381,8 +24405,8 @@ CVE-2023-23061
RESERVED
CVE-2023-23060
RESERVED
-CVE-2023-23059
- RESERVED
+CVE-2023-23059 (An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 ...)
+ TODO: check
CVE-2023-23058
RESERVED
CVE-2023-23057
@@ -34274,8 +34298,8 @@ CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to
NOT-FOR-US: Rapid7 Nexpose and InsightVM
CVE-2022-4260 (The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4259
- RESERVED
+CVE-2022-4259 (Due to improper input validation in the Alerts controller, a SQL injec ...)
+ TODO: check
CVE-2022-4258 (In multiple versions of HIMA PC based Software an unquoted Windows sea ...)
NOT-FOR-US: HIMA
CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It has been ...)
@@ -35806,8 +35830,8 @@ CVE-2022-45820 (SQL Injection (SQLi) vulnerability inLearnPress \u2013 WordPress
NOT-FOR-US: WordPress plugin
CVE-2022-45819
RESERVED
-CVE-2022-45818
- RESERVED
+CVE-2022-45818 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2022-45817 (Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inGD bbPress Att ...)
@@ -43573,8 +43597,8 @@ CVE-2023-20128 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2023-20127 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2023-20126
- RESERVED
+CVE-2023-20126 (A vulnerability in the web-based management interface of Cisco SPA112 ...)
+ TODO: check
CVE-2023-20125
RESERVED
CVE-2023-20124 (A vulnerability in the web-based management interface of Cisco Small B ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e017f6b9bb1b219979f2e083dc31eb4133afbf2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e017f6b9bb1b219979f2e083dc31eb4133afbf2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230504/1d5c800a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list