[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 18 21:12:37 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f4b6e219 by security tracker role at 2023-05-18T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
+ TODO: check
+CVE-2023-32322 (Ombi is an open source application which allows users to request speci ...)
+ TODO: check
+CVE-2023-32100 (Compiler removal of buffer clearing in sli_se_driver_mac_compute in ...)
+ TODO: check
+CVE-2023-32099 (Compiler removal of buffer clearing in sli_se_sign_hashin Sili ...)
+ TODO: check
+CVE-2023-32098 (Compiler removal of buffer clearing in sli_se_sign_message ...)
+ TODO: check
+CVE-2023-32097 (Compiler removal of buffer clearing in sli_crypto_transparent_ae ...)
+ TODO: check
+CVE-2023-32096 (Compiler removal of buffer clearing in sli_crypto_transparent_ae ...)
+ TODO: check
+CVE-2023-31871 (OpenText Documentum Content Server before 23.2 has a flaw that allows ...)
+ TODO: check
+CVE-2023-31655 (redis-7.0.10 was discovered to contain a segmentation violation.)
+ TODO: check
+CVE-2023-31597 (An issue in Zammad v5.4.0 allows attackers to bypass e-mail verificati ...)
+ TODO: check
+CVE-2023-2800 (Insecure Temporary File in GitHub repository huggingface/transformers ...)
+ TODO: check
+CVE-2023-2799 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-2790 (A vulnerability classified as problematic has been found in TOTOLINK N ...)
+ TODO: check
+CVE-2023-2789 (A vulnerability was found in GNU cflow 1.7. It has been rated as probl ...)
+ TODO: check
+CVE-2023-2782 (Sensitive information disclosure due to improper authorization. The fo ...)
+ TODO: check
+CVE-2023-2481 (Compiler removal of buffer clearing in sli_se_opaque_import_key ...)
+ TODO: check
CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer overflow in che ...)
- sysstat <unfixed> (bug #1036294)
[bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377 not applied)
@@ -1391,8 +1423,8 @@ CVE-2023-31235
RESERVED
CVE-2023-31234
RESERVED
-CVE-2023-31233
- RESERVED
+CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...)
+ TODO: check
CVE-2023-31232
RESERVED
CVE-2023-31231
@@ -2453,8 +2485,8 @@ CVE-2023-30870
RESERVED
CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30868
- RESERVED
+CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Chri ...)
+ TODO: check
CVE-2023-30867
RESERVED
CVE-2023-30866
@@ -2803,8 +2835,8 @@ CVE-2023-30782
RESERVED
CVE-2023-30781
RESERVED
-CVE-2023-30780
- RESERVED
+CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-30779
RESERVED
CVE-2023-30778
@@ -3868,8 +3900,8 @@ CVE-2023-30489
RESERVED
CVE-2023-30488
RESERVED
-CVE-2023-30487
- RESERVED
+CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPres ...)
+ TODO: check
CVE-2023-30486
RESERVED
CVE-2023-30485
@@ -4278,8 +4310,8 @@ CVE-2023-30335
RESERVED
CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site scripting ( ...)
NOT-FOR-US: AsmBB
-CVE-2023-30333
- RESERVED
+CVE-2023-30333 (An arbitrary file upload vulnerability in the component /admin/ThemeCo ...)
+ TODO: check
CVE-2023-30332
RESERVED
CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows attackers to e ...)
@@ -5555,8 +5587,8 @@ CVE-2023-29722
RESERVED
CVE-2023-29721
RESERVED
-CVE-2023-29720
- RESERVED
+CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...)
+ TODO: check
CVE-2023-29719
RESERVED
CVE-2023-29718
@@ -9145,7 +9177,7 @@ CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In
CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...)
NOT-FOR-US: comrak
CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module for the ...)
- {DLA-3409-1}
+ {DSA-5405-1 DLA-3409-1}
- libapache2-mod-auth-openidc 2.4.12.3-2 (bug #1033916)
NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4389182239c0f60cfa4873f9980c826a70047cc4 (v2.4.13.2)
NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr
@@ -9918,8 +9950,8 @@ CVE-2023-28387
RESERVED
CVE-2023-28382
RESERVED
-CVE-2023-28369
- RESERVED
+CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
+ TODO: check
CVE-2023-28367
RESERVED
CVE-2023-27926
@@ -12969,8 +13001,8 @@ CVE-2023-1134 (Delta Electronics InfraSuite Device Master versions prior to 1.0.
NOT-FOR-US: Delta Electronics
CVE-2023-1133 (Delta Electronics InfraSuite Device Master versions prior to 1.0.5 con ...)
NOT-FOR-US: Delta Electronics
-CVE-2023-1132
- RESERVED
+CVE-2023-1132 (Compiler removal of buffer clearing in sli_se_driver_key_agreement ...)
+ TODO: check
CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts Sales ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2023-1130 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -13116,8 +13148,8 @@ CVE-2023-27432
RESERVED
CVE-2023-27431
RESERVED
-CVE-2023-27430
- RESERVED
+CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass ...)
+ TODO: check
CVE-2023-27429
RESERVED
CVE-2023-27428
@@ -13130,8 +13162,8 @@ CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-27424
RESERVED
-CVE-2023-27423
- RESERVED
+CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto ...)
+ TODO: check
CVE-2023-27422
RESERVED
CVE-2023-27421
@@ -15948,8 +15980,8 @@ CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with normal
NOT-FOR-US: Bhima
CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...)
NOT-FOR-US: SourceCodester Online Eyewear Shop
-CVE-2023-0965
- RESERVED
+CVE-2023-0965 (Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_a ...)
+ TODO: check
CVE-2023-0964 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-0963 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...)
@@ -17851,8 +17883,8 @@ CVE-2023-25700
RESERVED
CVE-2023-25699
RESERVED
-CVE-2023-25698
- RESERVED
+CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shopp ...)
+ TODO: check
CVE-2023-25697
RESERVED
CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow Hive Pro ...)
@@ -22778,8 +22810,8 @@ CVE-2023-24001 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24000
RESERVED
-CVE-2023-23999
- RESERVED
+CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23997
@@ -23810,8 +23842,8 @@ CVE-2023-23669
RESERVED
CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23667
- RESERVED
+CVE-2023-23667 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23666
RESERVED
CVE-2023-23665
@@ -33011,8 +33043,8 @@ CVE-2022-47159
RESERVED
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47157
- RESERVED
+CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don ...)
+ TODO: check
CVE-2022-47156
RESERVED
CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...)
@@ -33583,8 +33615,8 @@ CVE-2022-4420
RESERVED
CVE-2022-4419
RESERVED
-CVE-2022-4418
- RESERVED
+CVE-2022-4418 (Local privilege escalation due to unrestricted loading of unsigned lib ...)
+ TODO: check
CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...)
@@ -37201,7 +37233,7 @@ CVE-2022-45772
RESERVED
CVE-2022-45771 (An issue in the /api/audits component of Pwndoc v0.5.3 allows attacker ...)
NOT-FOR-US: Pwndoc
-CVE-2022-45770 (Improper input validation in driver adgnetworkwfpdrv.sys in Adguard Fo ...)
+CVE-2022-45770 (Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windo ...)
NOT-FOR-US: Adguard
CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 a ...)
NOT-FOR-US: ClicShopping_V3
@@ -37996,26 +38028,26 @@ CVE-2022-4038
RESERVED
CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
- gitlab <unfixed>
-CVE-2022-45459
- RESERVED
-CVE-2022-45458
- RESERVED
-CVE-2022-45457
- RESERVED
+CVE-2022-45459 (Sensitive information disclosure due to insecure registry permissions. ...)
+ TODO: check
+CVE-2022-45458 (Sensitive information disclosure and manipulation due to improper cert ...)
+ TODO: check
+CVE-2022-45457 (Sensitive information disclosure and manipulation due to improper cert ...)
+ TODO: check
CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The following p ...)
NOT-FOR-US: Acronis
CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...)
NOT-FOR-US: Acronis
CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...)
NOT-FOR-US: Acronis
-CVE-2022-45453
- RESERVED
-CVE-2022-45452
- RESERVED
+CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are affecte ...)
+ TODO: check
+CVE-2022-45452 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ TODO: check
CVE-2022-45451
RESERVED
-CVE-2022-45450
- RESERVED
+CVE-2022-45450 (Sensitive information disclosure and manipulation due to improper auth ...)
+ TODO: check
CVE-2022-45449
RESERVED
CVE-2022-45448
@@ -65866,12 +65898,12 @@ CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware versi
NOT-FOR-US: Western Digital
CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...)
NOT-FOR-US: Western Digital
-CVE-2022-36328
- RESERVED
-CVE-2022-36327
- RESERVED
-CVE-2022-36326
- RESERVED
+CVE-2022-36328 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2022-36327 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2022-36326 (An uncontrolled resource consumption vulnerability issue that could ar ...)
+ TODO: check
CVE-2022-36325 (Affected devices do not properly sanitize data introduced by an user w ...)
NOT-FOR-US: Siemens
CVE-2022-36324 (Affected devices do not properly handle the renegotiation of SSL/TLS p ...)
@@ -107047,7 +107079,7 @@ CVE-2022-22713 (Windows Hyper-V Denial of Service Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability.)
NOT-FOR-US: Microsoft
-CVE-2022-22711 (Windows BitLocker Information Disclosure Vulnerability.)
+CVE-2022-22711 (Windows BitLocker Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability.)
NOT-FOR-US: Microsoft
@@ -112414,7 +112446,7 @@ CVE-2022-21847 (Windows Hyper-V Denial of Service Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
NOT-FOR-US: Microsoft
-CVE-2022-21845 (Windows Kernel Information Disclosure Vulnerability.)
+CVE-2022-21845 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
NOT-FOR-US: Microsoft
@@ -168897,7 +168929,7 @@ CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-24706 (The Qwizcards \u2013 online quizzes and flashcards WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24705 (The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF checks ...)
+CVE-2021-24705 (The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24704 (In the Orange Form WordPress plugin through 1.0, the process_bulk_acti ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4b6e219da906dcd331abdfece21304914614a8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4b6e219da906dcd331abdfece21304914614a8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230518/0ab3e32f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list