[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 19 21:12:04 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
00aae374 by security tracker role at 2023-05-19T20:11:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-32679 (Craft CMS is an open source content management system. In affected ver ...)
+ TODO: check
+CVE-2023-32675 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...)
+ TODO: check
+CVE-2023-31862 (jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The conte ...)
+ TODO: check
+CVE-2023-31757 (DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parame ...)
+ TODO: check
+CVE-2023-31756 (A command injection vulnerability exists in the administrative web por ...)
+ TODO: check
+CVE-2023-31707 (SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.)
+ TODO: check
+CVE-2023-2815 (A vulnerability classified as critical was found in SourceCodester Onl ...)
+ TODO: check
+CVE-2023-2814 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2023-2806 (A vulnerability classified as problematic was found in Weaver e-cology ...)
+ TODO: check
CVE-2023-33240 (Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1 ...)
NOT-FOR-US: Foxit
CVE-2023-32680 (Metabase is an open source business analytics engine. To edit SQL Snip ...)
@@ -2913,14 +2931,12 @@ CVE-2023-2111
RESERVED
CVE-2023-2110
RESERVED
-CVE-2023-30775
- RESERVED
+CVE-2023-30775 (A vulnerability was found in the libtiff library. This security flaw c ...)
- tiff 4.5.0-2 (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/464
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afd7086090dafd3949afd172822cbcec4ed17d56 (v4.5.0rc1)
NOTE: Crash in CLI tool, no security impact
-CVE-2023-30774
- RESERVED
+CVE-2023-30774 (A vulnerability was found in the libtiff library. This flaw causes a h ...)
- tiff 4.5.0-2
[bullseye] - tiff <no-dsa> (Minor issue)
[buster] - tiff <no-dsa> (Minor issue)
@@ -3800,8 +3816,8 @@ CVE-2023-1999
NOTE: https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129
CVE-2023-1997
RESERVED
-CVE-2023-1996
- RESERVED
+CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R ...)
+ TODO: check
CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 and earli ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-30531 (Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the ...)
@@ -4607,8 +4623,8 @@ CVE-2023-30201
RESERVED
CVE-2023-30200
RESERVED
-CVE-2023-30199
- RESERVED
+CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access ...)
+ TODO: check
CVE-2023-30198
RESERVED
CVE-2023-30197
@@ -8029,8 +8045,8 @@ CVE-2023-28952
RESERVED
CVE-2023-28951
RESERVED
-CVE-2023-28950
- RESERVED
+CVE-2023-28950 (IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user infor ...)
+ TODO: check
CVE-2023-28949
RESERVED
CVE-2023-28948
@@ -9538,8 +9554,8 @@ CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent w
[buster] - openssh <not-affected> (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9)
CVE-2023-28530
RESERVED
-CVE-2023-28529
- RESERVED
+CVE-2023-28529 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...)
+ TODO: check
CVE-2023-28528 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
NOT-FOR-US: IBM
CVE-2023-28527
@@ -9568,8 +9584,8 @@ CVE-2023-28516
RESERVED
CVE-2023-28515
RESERVED
-CVE-2023-28514
- RESERVED
+CVE-2023-28514 (IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive ...)
+ TODO: check
CVE-2023-28513
RESERVED
CVE-2023-28512
@@ -11224,8 +11240,8 @@ CVE-2023-28047 (Dell Display Manager, versions 2.1.0 and prior, contains an arbi
NOT-FOR-US: Dell
CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...)
NOT-FOR-US: Dell
-CVE-2023-28045
- RESERVED
+CVE-2023-28045 (Dell CloudIQ Collector version 1.10.2 contains a missing encryption of ...)
+ TODO: check
CVE-2023-28044
RESERVED
CVE-2023-28043
@@ -14693,8 +14709,8 @@ CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal vulner
NOT-FOR-US: siteproxy
CVE-2023-26819
RESERVED
-CVE-2023-26818
- RESERVED
+CVE-2023-26818 (Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, ...)
+ TODO: check
CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a r ...)
NOT-FOR-US: codefever
CVE-2023-26816
@@ -26554,8 +26570,8 @@ CVE-2023-22880 (Zoom for Windows clients before version 5.13.3, Zoom Rooms for W
NOT-FOR-US: Zoom
CVE-2023-22879
RESERVED
-CVE-2023-22878
- RESERVED
+CVE-2023-22878 (IBM InfoSphere Information Server 11.7 stores user credentials in plai ...)
+ TODO: check
CVE-2023-22877
RESERVED
CVE-2023-22876 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...)
@@ -28815,8 +28831,8 @@ CVE-2022-47986 (IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a
NOT-FOR-US: IBM
CVE-2022-47985
RESERVED
-CVE-2022-47984
- RESERVED
+CVE-2022-47984 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
+ TODO: check
CVE-2022-47983 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
NOT-FOR-US: IBM
CVE-2022-47982
@@ -41809,8 +41825,8 @@ CVE-2023-20883
RESERVED
CVE-2023-20882
RESERVED
-CVE-2023-20881
- RESERVED
+CVE-2023-20881 (Cloud foundry instances having CAPI version between 1.140 and 1.152.0 ...)
+ TODO: check
CVE-2023-20880 (VMware Aria Operations contains a privilege escalation vulnerability. ...)
NOT-FOR-US: VMware
CVE-2023-20879 (VMware Aria Operations contains a Local privilege escalation vulnerabi ...)
@@ -53176,7 +53192,7 @@ CVE-2022-41130
RESERVED
CVE-2022-41129
RESERVED
-CVE-2022-41128 (Windows Scripting Languages Remote Code Execution Vulnerability. This ...)
+CVE-2022-41128 (Windows Scripting Languages Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41127 (Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On ...)
NOT-FOR-US: Microsoft
@@ -83556,8 +83572,8 @@ CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does not sani
NOT-FOR-US: WordPress plugin
CVE-2022-1546 (The WooCommerce - Product Importer WordPress plugin through 1.5.2 does ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-30114
- RESERVED
+CVE-2022-30114 (A heap-based buffer overflow in a network service in Fastweb FASTGate ...)
+ TODO: check
CVE-2022-30113 (Electronic mall system 1.0_build20200203 is affected vulnerable to SQL ...)
NOT-FOR-US: Electronic mall system
CVE-2022-30112
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00aae3746635995bad921dc8fb1e57fa3f568a8d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00aae3746635995bad921dc8fb1e57fa3f568a8d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230519/7c854f82/attachment.htm>
More information about the debian-security-tracker-commits
mailing list