[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 5 09:12:29 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6cc767d by security tracker role at 2023-05-05T08:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary files wi ...)
+ TODO: check
+CVE-2023-31415 (Kibana version 8.7.0 contains an arbitrary code execution flaw. An att ...)
+ TODO: check
+CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code executio ...)
+ TODO: check
+CVE-2023-31413 (Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson inp ...)
+ TODO: check
+CVE-2023-2535 (Sensitive information exposure in the Web Frontend of KNIME Business H ...)
+ TODO: check
+CVE-2023-2531 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
+ TODO: check
+CVE-2017-20183 (A vulnerability was found in External Media without Import Plugin up t ...)
+ TODO: check
CVE-2023-2524 (A vulnerability classified as critical has been found in Control iD RH ...)
NOT-FOR-US: Control iD RHiD
CVE-2023-2523 (A vulnerability was found in Weaver E-Office 9.5. It has been rated as ...)
@@ -3106,8 +3120,8 @@ CVE-2023-30401
RESERVED
CVE-2023-30400
RESERVED
-CVE-2023-30399
- RESERVED
+CVE-2023-30399 (Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC ...)
+ TODO: check
CVE-2023-30398
RESERVED
CVE-2023-30397
@@ -3248,8 +3262,8 @@ CVE-2023-30330
RESERVED
CVE-2023-30329
RESERVED
-CVE-2023-30328
- RESERVED
+CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for ma ...)
+ TODO: check
CVE-2023-30327
RESERVED
CVE-2023-30326
@@ -3343,8 +3357,8 @@ CVE-2023-30284
RESERVED
CVE-2023-30283
RESERVED
-CVE-2023-30282
- RESERVED
+CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Acces ...)
+ TODO: check
CVE-2023-30281
RESERVED
CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700 ...)
@@ -3475,8 +3489,8 @@ CVE-2023-30218
RESERVED
CVE-2023-30217
RESERVED
-CVE-2023-30216
- RESERVED
+CVE-2023-30216 (Insecure permissions in the updateUserInfo function of newbee-mall bef ...)
+ TODO: check
CVE-2023-30215
RESERVED
CVE-2023-30214
@@ -3638,8 +3652,8 @@ CVE-2023-30137
RESERVED
CVE-2023-30136
RESERVED
-CVE-2023-30135
- RESERVED
+CVE-2023-30135 (Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command ...)
+ TODO: check
CVE-2023-30134
RESERVED
CVE-2023-30133
@@ -3664,8 +3678,8 @@ CVE-2023-30124
RESERVED
CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Mem ...)
NOT-FOR-US: wuzhicms
-CVE-2023-30122
- RESERVED
+CVE-2023-30122 (An arbitrary file upload vulnerability in the component /admin/ajax.ph ...)
+ TODO: check
CVE-2023-30121
RESERVED
CVE-2023-30120
@@ -3722,14 +3736,14 @@ CVE-2023-30095 (A stored cross-site scripting (XSS) vulnerability in TotalJS mes
NOT-FOR-US: TotalJS
CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 ...)
NOT-FOR-US: TotalJS
-CVE-2023-30093
- RESERVED
+CVE-2023-30093 (An arbitrary file upload vulnerability in Open Networking Foundation O ...)
+ TODO: check
CVE-2023-30092
RESERVED
CVE-2023-30091
RESERVED
-CVE-2023-30090
- RESERVED
+CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vu ...)
+ TODO: check
CVE-2023-30089
RESERVED
CVE-2023-30088
@@ -5434,8 +5448,7 @@ CVE-2023-1896
RESERVED
CVE-2023-1895
RESERVED
-CVE-2023-1894
- RESERVED
+CVE-2023-1894 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...)
- puppet <not-affected> (Limit to Puppet Server 7)
- puppetserver <unfixed>
NOTE: https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos
@@ -9979,8 +9992,8 @@ CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prio
NOT-FOR-US: Alienware
CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...)
NOT-FOR-US: Dell
-CVE-2023-28068
- RESERVED
+CVE-2023-28068 (Dell Command Monitor, versions 10.9 and prior, contains an improper fo ...)
+ TODO: check
CVE-2023-28067
RESERVED
CVE-2023-28066
@@ -17998,8 +18011,8 @@ CVE-2023-25291
RESERVED
CVE-2023-25290
RESERVED
-CVE-2023-25289
- RESERVED
+CVE-2023-25289 (Directory Traversal vulnerability in virtualreception Digital Receptie ...)
+ TODO: check
CVE-2023-25288
RESERVED
CVE-2023-25287
@@ -29064,7 +29077,7 @@ CVE-2022-47650
RESERVED
CVE-2022-47649
RESERVED
-CVE-2022-47648 (Bosch Security Systems B420 firmware 02.02.0001 employs IP based autho ...)
+CVE-2022-47648 (An Improper Access Control vulnerability allows an attacker to access ...)
NOT-FOR-US: Bosch Security Systems B420 firmware
CVE-2022-47647
RESERVED
@@ -30868,8 +30881,8 @@ CVE-2022-38469 (An unauthorized user with network access and the decryption key
NOT-FOR-US: GE Digital
CVE-2021-4245 (A vulnerability classified as problematic has been found in chbrown rf ...)
NOT-FOR-US: rfc6902
-CVE-2022-47449
- RESERVED
+CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme ...)
+ TODO: check
CVE-2022-47448
RESERVED
CVE-2022-47447
@@ -30898,8 +30911,8 @@ CVE-2022-47436
RESERVED
CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47434
- RESERVED
+CVE-2022-47434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB S ...)
+ TODO: check
CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47432
@@ -37008,62 +37021,62 @@ CVE-2023-21513
RESERVED
CVE-2023-21512
RESERVED
-CVE-2023-21511
- RESERVED
-CVE-2023-21510
- RESERVED
-CVE-2023-21509
- RESERVED
-CVE-2023-21508
- RESERVED
-CVE-2023-21507
- RESERVED
-CVE-2023-21506
- RESERVED
-CVE-2023-21505
- RESERVED
-CVE-2023-21504
- RESERVED
-CVE-2023-21503
- RESERVED
-CVE-2023-21502
- RESERVED
-CVE-2023-21501
- RESERVED
-CVE-2023-21500
- RESERVED
-CVE-2023-21499
- RESERVED
-CVE-2023-21498
- RESERVED
-CVE-2023-21497
- RESERVED
-CVE-2023-21496
- RESERVED
-CVE-2023-21495
- RESERVED
-CVE-2023-21494
- RESERVED
-CVE-2023-21493
- RESERVED
-CVE-2023-21492
- RESERVED
-CVE-2023-21491
- RESERVED
-CVE-2023-21490
- RESERVED
-CVE-2023-21489
- RESERVED
-CVE-2023-21488
- RESERVED
-CVE-2023-21487
- RESERVED
-CVE-2023-21486
- RESERVED
-CVE-2023-21485
- RESERVED
-CVE-2023-21484
- RESERVED
+CVE-2023-21511 (Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_S ...)
+ TODO: check
+CVE-2023-21510 (Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SC ...)
+ TODO: check
+CVE-2023-21509 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_S ...)
+ TODO: check
+CVE-2023-21508 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RES ...)
+ TODO: check
+CVE-2023-21507 (Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESO ...)
+ TODO: check
+CVE-2023-21506 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RES ...)
+ TODO: check
+CVE-2023-21505 (Improper access control in Samsung Core Service prior to version 2.1.0 ...)
+ TODO: check
+CVE-2023-21504 (Potential buffer overflow vulnerability in mm_Plmncoordination.c in Sh ...)
+ TODO: check
+CVE-2023-21503 (Potential buffer overflow vulnerability in mm_LteInterRatManagement.c ...)
+ TODO: check
+CVE-2023-21502 (Improper input validation vulnerability in FactoryTest application pri ...)
+ TODO: check
+CVE-2023-21501 (Improper input validation vulnerability in mPOS fiserve trustlet prior ...)
+ TODO: check
+CVE-2023-21500 (Double free validation vulnerability in setPinPadImages in mPOS TUI tr ...)
+ TODO: check
+CVE-2023-21499 (Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin ...)
+ TODO: check
+CVE-2023-21498 (Improper input validation vulnerability in setPartnerTAInfo in mPOS TU ...)
+ TODO: check
+CVE-2023-21497 (Use of externally-controlled format string vulnerability in mPOS TUI t ...)
+ TODO: check
+CVE-2023-21496 (Active Debug Code vulnerability in ActivityManagerService prior to SMR ...)
+ TODO: check
+CVE-2023-21495 (Improper access control vulnerability in Knox Enrollment Service prior ...)
+ TODO: check
+CVE-2023-21494 (Potential buffer overflow vulnerability in auth api in mm_Authenticati ...)
+ TODO: check
+CVE-2023-21493 (Improper access control vulnerability in SemShareFileProvider prior to ...)
+ TODO: check
+CVE-2023-21492 (Kernel pointers are printed in the log file prior to SMR May-2023 Rele ...)
+ TODO: check
+CVE-2023-21491 (Improper access control vulnerability in ThemeManager prior to SMR May ...)
+ TODO: check
+CVE-2023-21490 (Improper access control in GearManagerStub prior to SMR May-2023 Relea ...)
+ TODO: check
+CVE-2023-21489 (Heap out-of-bounds write vulnerability in bootloader prior to SMR May- ...)
+ TODO: check
+CVE-2023-21488 (Improper access control vulnerablility in Tips prior to SMR May-2023 R ...)
+ TODO: check
+CVE-2023-21487 (Improper access control vulnerability in Telephony framework prior to ...)
+ TODO: check
+CVE-2023-21486 (Improper export of android application components vulnerability in Ima ...)
+ TODO: check
+CVE-2023-21485 (Improper export of android application components vulnerability in Vid ...)
+ TODO: check
+CVE-2023-21484 (Improper access control vulnerability in AppLock prior to SMR May-2023 ...)
+ TODO: check
CVE-2023-21483
RESERVED
CVE-2023-21482
@@ -38311,8 +38324,8 @@ CVE-2022-45050 (A reflected XSS vulnerability has been found in Axiell Iguana CM
NOT-FOR-US: Axiell Iguana CMS
CVE-2022-45049 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...)
NOT-FOR-US: Axiell Iguana CMS
-CVE-2022-45048
- RESERVED
+CVE-2022-45048 (Authenticated users with appropriate privileges can create policies ha ...)
+ TODO: check
CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...)
NOT-FOR-US: Apache Mina SSHD
CVE-2022-45046
@@ -127871,8 +127884,8 @@ CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF))
CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...)
NOT-FOR-US: Node immer
NOTE: https://github.com/immerjs/immer
-CVE-2021-40331
- RESERVED
+CVE-2021-40331 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ TODO: check
CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow)
- libmysofa 1.2.1~dfsg0-1
[bullseye] - libmysofa <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6cc767d5074bd4a9aa7c1efd20ddcf9e15b7758
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6cc767d5074bd4a9aa7c1efd20ddcf9e15b7758
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230505/e6cd0f33/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list