[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 10 09:12:20 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7085e240 by security tracker role at 2023-05-10T08:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x thro ...)
+ TODO: check
+CVE-2023-32570 (VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ...)
+ TODO: check
+CVE-2023-32569 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
+ TODO: check
+CVE-2023-32568 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...)
+ TODO: check
+CVE-2023-31478 (An issue was discovered on GL.iNet devices before 3.216. An API endpoi ...)
+ TODO: check
+CVE-2023-2619 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-2618 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-2617 (A vulnerability classified as problematic was found in OpenCV wechat_q ...)
+ TODO: check
+CVE-2023-2616 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...)
+ TODO: check
+CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
+ TODO: check
+CVE-2023-2614 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...)
+ TODO: check
+CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
+ TODO: check
CVE-2023-32216
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216
@@ -974,7 +998,7 @@ CVE-2023-2262
RESERVED
CVE-2023-2261
RESERVED
-CVE-2023-2260 (Improper Authorization of Index Containing Sensitive Information in Gi ...)
+CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: Alf.io
CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template Engine ...)
NOT-FOR-US: Alf.io
@@ -1907,8 +1931,7 @@ CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user imperso
NOT-FOR-US: Code Dx
CVE-2023-2157
RESERVED
-CVE-2023-2156
- RESERVED
+CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/
@@ -2026,8 +2049,8 @@ CVE-2023-30779
RESERVED
CVE-2023-30778
RESERVED
-CVE-2023-30777
- RESERVED
+CVE-2023-30777 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engin ...)
+ TODO: check
CVE-2023-30776 (An authenticated user with specific data permissions could access data ...)
NOT-FOR-US: Apache Superset
CVE-2023-2129
@@ -4042,10 +4065,10 @@ CVE-2023-30059
RESERVED
CVE-2023-30058
RESERVED
-CVE-2023-30057
- RESERVED
-CVE-2023-30056
- RESERVED
+CVE-2023-30057 (Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Ori ...)
+ TODO: check
+CVE-2023-30056 (A session takeover vulnerability exists in FICO Origination Manager De ...)
+ TODO: check
CVE-2023-30055
RESERVED
CVE-2023-30054 (TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnera ...)
@@ -6639,8 +6662,8 @@ CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7 C
NOT-FOR-US: Siemens
CVE-2023-29102
RESERVED
-CVE-2023-29101
- RESERVED
+CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...)
+ TODO: check
CVE-2023-29100
RESERVED
CVE-2023-29099
@@ -7277,8 +7300,8 @@ CVE-2023-28934
RESERVED
CVE-2023-28933
RESERVED
-CVE-2023-28932
- RESERVED
+CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
+ TODO: check
CVE-2023-28931
RESERVED
CVE-2023-28930
@@ -8440,6 +8463,7 @@ CVE-2023-2491
- emacs <not-affected> (Red Hat specific security regression from CVE-2023-28617 patches)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2192873
CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...)
+ {DLA-3416-1}
- org-mode <unfixed> (bug #1033341)
[bullseye] - org-mode <no-dsa> (Minor issue)
[buster] - org-mode <no-dsa> (Minor issue)
@@ -9133,16 +9157,16 @@ CVE-2023-27921
RESERVED
CVE-2023-27920
RESERVED
-CVE-2023-27919
- RESERVED
-CVE-2023-27918
- RESERVED
-CVE-2023-27889
- RESERVED
-CVE-2023-27888
- RESERVED
-CVE-2023-27527
- RESERVED
+CVE-2023-27919 (Authentication bypass vulnerability in NEXT ENGINE Integration Plugin ...)
+ TODO: check
+CVE-2023-27918 (Cross-site scripting vulnerability in Appointment and Event Booking Ca ...)
+ TODO: check
+CVE-2023-27889 (Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLO ...)
+ TODO: check
+CVE-2023-27888 (Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier ...)
+ TODO: check
+CVE-2023-27527 (Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML extern ...)
+ TODO: check
CVE-2023-27521
RESERVED
CVE-2023-27518
@@ -9151,16 +9175,16 @@ CVE-2023-27514
RESERVED
CVE-2023-27512
RESERVED
-CVE-2023-27510
- RESERVED
+CVE-2023-27510 (JB Inquiry form contains an exposure of private personal information t ...)
+ TODO: check
CVE-2023-27507
RESERVED
CVE-2023-27397
RESERVED
CVE-2023-27396
RESERVED
-CVE-2023-27385
- RESERVED
+CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...)
+ TODO: check
CVE-2023-27384
RESERVED
CVE-2023-27304
@@ -9185,24 +9209,24 @@ CVE-2023-25946
RESERVED
CVE-2023-25755 (Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerabl ...)
NOT-FOR-US: Screen Creator Advance
-CVE-2023-25184
- RESERVED
-CVE-2023-25072
- RESERVED
-CVE-2023-25070
- RESERVED
-CVE-2023-24586
- RESERVED
-CVE-2023-23906
- RESERVED
-CVE-2023-23901
- RESERVED
-CVE-2023-23578
- RESERVED
-CVE-2023-22441
- RESERVED
-CVE-2023-22361
- RESERVED
+CVE-2023-25184 (Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpi ...)
+ TODO: check
+CVE-2023-25072 (Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. ...)
+ TODO: check
+CVE-2023-25070 (Cleartext transmission of sensitive information exists in SkyBridge MB ...)
+ TODO: check
+CVE-2023-24586 (Cleartext storage of sensitive information exists in SkyBridge MB-A100 ...)
+ TODO: check
+CVE-2023-23906 (Missing authentication for critical function exists in SkyBridge MB-A1 ...)
+ TODO: check
+CVE-2023-23901 (Improper following of a certificate's chain of trust exists in SkyBrid ...)
+ TODO: check
+CVE-2023-23578 (Improper access control vulnerability in SkyBridge MB-A200 firmware Ve ...)
+ TODO: check
+CVE-2023-22441 (Missing authentication for critical function exists in Seiko Solutions ...)
+ TODO: check
+CVE-2023-22361 (Improper privilege management vulnerability in SkyBridge MB-A100/110 f ...)
+ TODO: check
CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...)
NOT-FOR-US: WAB-MAT
CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro W ...)
@@ -9510,12 +9534,12 @@ CVE-2023-28320
RESERVED
CVE-2023-28319
RESERVED
-CVE-2023-28318
- RESERVED
-CVE-2023-28317
- RESERVED
-CVE-2023-28316
- RESERVED
+CVE-2023-28318 (A vulnerability has been discovered in Rocket.Chat, where messages can ...)
+ TODO: check
+CVE-2023-28317 (A vulnerability has been discovered in Rocket.Chat, where editing mess ...)
+ TODO: check
+CVE-2023-28316 (A security vulnerability has been discovered in the implementation of ...)
+ TODO: check
CVE-2023-28315
RESERVED
CVE-2023-28314 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
@@ -10150,14 +10174,14 @@ CVE-2023-28130
RESERVED
CVE-2023-28129
RESERVED
-CVE-2023-28128
- RESERVED
-CVE-2023-28127
- RESERVED
-CVE-2023-28126
- RESERVED
-CVE-2023-28125
- RESERVED
+CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...)
+ TODO: check
+CVE-2023-28127 (A path traversal vulnerability exists in Avalanche version 6.3.x and b ...)
+ TODO: check
+CVE-2023-28126 (An authentication bypass vulnerability exists in Avalanche versions 6. ...)
+ TODO: check
+CVE-2023-28125 (An improper authentication vulnerability exists in Avalanche Premise v ...)
+ TODO: check
CVE-2023-28124 (Improper usage of symmetric encryption in UI Desktop for Windows (Vers ...)
NOT-FOR-US: UI Desktop for Windows
CVE-2023-28123 (A permission misconfiguration in UI Desktop for Windows (Version 0.59. ...)
@@ -15465,7 +15489,7 @@ CVE-2022-48332
CVE-2022-48331
RESERVED
CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...)
- {DSA-5360-1}
+ {DSA-5360-1 DLA-3416-1}
- emacs 1:28.2+1-11 (bug #1031730)
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60295
@@ -15477,7 +15501,7 @@ CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.
NOTE: Introduced by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=27f5627104a073762c3b1d21e55822ec2d2e0347 (emacs-27.0.90)
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...)
- {DSA-5360-1}
+ {DSA-5360-1 DLA-3416-1}
- emacs 1:28.2+1-11 (bug #1031730)
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817
@@ -15659,8 +15683,8 @@ CVE-2023-26128
RESERVED
CVE-2023-26127
RESERVED
-CVE-2023-26126
- RESERVED
+CVE-2023-26126 (All versions of the package m.static are vulnerable to Directory Trave ...)
+ TODO: check
CVE-2023-26125 (Versions of the package github.com/gin-gonic/gin before 1.9.0 are vuln ...)
- golang-github-gin-gonic-gin <unfixed> (bug #1035498)
NOTE: https://github.com/gin-gonic/gin/pull/3500
@@ -16514,12 +16538,12 @@ CVE-2023-25835
RESERVED
CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...)
NOT-FOR-US: Esri
-CVE-2023-25833
- RESERVED
-CVE-2023-25832
- RESERVED
-CVE-2023-25831
- RESERVED
+CVE-2023-25833 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...)
+ TODO: check
+CVE-2023-25832 (There is a cross-site-request forgery vulnerability in Esri Portal for ...)
+ TODO: check
+CVE-2023-25831 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
+ TODO: check
CVE-2023-25830 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...)
NOT-FOR-US: Esri
CVE-2023-25829 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...)
@@ -20960,8 +20984,8 @@ CVE-2023-24420
RESERVED
CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24418
- RESERVED
+CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
CVE-2023-24417
RESERVED
CVE-2023-24416
@@ -20984,8 +21008,8 @@ CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-24407
RESERVED
-CVE-2023-24406
- RESERVED
+CVE-2023-24406 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...)
+ TODO: check
CVE-2023-24405
RESERVED
CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketi ...)
@@ -21012,8 +21036,8 @@ CVE-2023-24394
RESERVED
CVE-2023-24393
RESERVED
-CVE-2023-24392
- RESERVED
+CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
+ TODO: check
CVE-2023-24391
RESERVED
CVE-2023-24390
@@ -22490,8 +22514,8 @@ CVE-2023-23814
RESERVED
CVE-2023-23813
RESERVED
-CVE-2023-23812
- RESERVED
+CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joos ...)
+ TODO: check
CVE-2023-23811
RESERVED
CVE-2023-23810
@@ -22536,14 +22560,14 @@ CVE-2023-23791
RESERVED
CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23789
- RESERVED
-CVE-2023-23788
- RESERVED
+CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prem ...)
+ TODO: check
+CVE-2023-23788 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flor ...)
+ TODO: check
CVE-2023-23787
RESERVED
-CVE-2023-23786
- RESERVED
+CVE-2023-23786 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Chr ...)
+ TODO: check
CVE-2023-23785 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23784 (A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7 ...)
@@ -22866,8 +22890,8 @@ CVE-2023-23703
RESERVED
CVE-2023-23702
RESERVED
-CVE-2023-23701
- RESERVED
+CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23700
RESERVED
CVE-2023-23699
@@ -26245,8 +26269,8 @@ CVE-2023-22713 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22711
- RESERVED
+CVE-2023-22711 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22709
@@ -37228,8 +37252,8 @@ CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not sani
NOT-FOR-US: WordPress plugin
CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a user to in ...)
NOT-FOR-US: Octopus Deploy
-CVE-2022-4008
- RESERVED
+CVE-2022-4008 (In affected versions of Octopus Deploy it is possible to upload a zipb ...)
+ TODO: check
CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...)
- gitlab <unfixed>
CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -64990,8 +65014,8 @@ CVE-2022-36332
RESERVED
CVE-2022-36331
RESERVED
-CVE-2022-36330
- RESERVED
+CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware version val ...)
+ TODO: check
CVE-2022-36329
RESERVED
CVE-2022-36328
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7085e24088b1dd6db6ac3c9692df8c2cc2360d2e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7085e24088b1dd6db6ac3c9692df8c2cc2360d2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230510/56b9380c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list