[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 23 09:12:11 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04633fab by security tracker role at 2023-05-23T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-31996 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection ...)
+	TODO: check
+CVE-2023-31995 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Script ...)
+	TODO: check
+CVE-2023-31994 (Certain Hanwha products are vulnerable to Denial of Service (DoS). ck  ...)
+	TODO: check
+CVE-2023-31826 (Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security ch ...)
+	TODO: check
+CVE-2023-31816 (IT Sourcecode Content Management System Project In PHP and MySQL With  ...)
+	TODO: check
+CVE-2023-31814 (D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to Fil ...)
+	TODO: check
+CVE-2023-31741 (There is a command injection vulnerability in the Linksys E2000 router ...)
+	TODO: check
+CVE-2023-31740 (There is a command injection vulnerability in the Linksys E2000 router ...)
+	TODO: check
+CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers ...)
+	TODO: check
+CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and ...)
+	TODO: check
+CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authenticatio ...)
+	TODO: check
+CVE-2023-2845 (Improper Access Control in GitHub repository cloudexplorer-dev/cloudex ...)
+	TODO: check
+CVE-2023-2844 (Missing Authorization in GitHub repository cloudexplorer-dev/cloudexpl ...)
+	TODO: check
+CVE-2023-2505 (The affected products have a CSRF vulnerability that could allow an at ...)
+	TODO: check
+CVE-2023-2504 (Files present on firmware images could allow an attacker to gain unaut ...)
+	TODO: check
+CVE-2023-27388 (Improper authentication vulnerability in T&D Corporation and ESPEC MIC ...)
+	TODO: check
+CVE-2023-27387 (Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC COR ...)
+	TODO: check
+CVE-2023-23545 (Missing authentication for critical function exists in T&D Corporation ...)
+	TODO: check
+CVE-2023-22654 (Client-side enforcement of server-side security issue exists in T&D Co ...)
+	TODO: check
 CVE-2023-33294 (An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwe ...)
 	NOT-FOR-US: KaiOS
 CVE-2023-33293 (An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios ...)
@@ -1561,8 +1599,8 @@ CVE-2023-28412 (When supplied with a random MAC address, Snap One OvrC cloud ser
 	NOT-FOR-US: Snap One
 CVE-2023-28386 (Snap One OvrC Pro devices versions 7.2 and prior do not validate firmw ...)
 	NOT-FOR-US: Snap One
-CVE-2023-25183
-	RESERVED
+CVE-2023-25183 (In Snap One OvrC Pro versions prior to 7.2, when logged into the super ...)
+	TODO: check
 CVE-2023-2319 (It was discovered that an update for PCS package in RHBA-2023:2151 err ...)
 	NOT-FOR-US: ed Hat Enterprise Linux 9.2 specific security regression from CVE-2023-28154
 CVE-2023-2318
@@ -1684,8 +1722,8 @@ CVE-2023-2297 (The Profile Builder \u2013 User Profile & User Registration Forms
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2296
 	RESERVED
-CVE-2022-4945
-	RESERVED
+CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...)
+	TODO: check
 CVE-2022-48480
 	RESERVED
 CVE-2022-48479
@@ -4202,8 +4240,8 @@ CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub repos
 	NOT-FOR-US: answer
 CVE-2023-1974 (Exposure of Sensitive Information Through Metadata in GitHub repositor ...)
 	NOT-FOR-US: answer
-CVE-2023-30469
-	RESERVED
+CVE-2023-30469 (Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hit ...)
+	TODO: check
 CVE-2023-30468
 	RESERVED
 CVE-2023-1973
@@ -5400,8 +5438,8 @@ CVE-2023-29921 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via th
 	NOT-FOR-US: PowerJob
 CVE-2023-29920
 	RESERVED
-CVE-2023-29919
-	RESERVED
+CVE-2023-29919 (SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any fi ...)
+	TODO: check
 CVE-2023-29918 (RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Modul ...)
 	NOT-FOR-US: RosarioSIS
 CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain a stack  ...)
@@ -7934,7 +7972,7 @@ CVE-2023-1733 (A denial of service condition exists in the Prometheus server bun
 	- gitlab <unfixed>
 CVE-2023-1732 (When sampling randomness for a shared secret, the implementation of Ky ...)
 	NOT-FOR-US: Cloudflare CIRCL
-CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file upload fun ...)
+CVE-2023-1731 (In Meinbergs LTOS versions prior to V7.06.013, the configuration file  ...)
 	NOT-FOR-US: LTOS
 CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
@@ -10161,38 +10199,38 @@ CVE-2023-28415
 	RESERVED
 CVE-2023-28414 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apex ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-28413
-	RESERVED
-CVE-2023-28409
-	RESERVED
-CVE-2023-28408
-	RESERVED
-CVE-2023-28394
-	RESERVED
-CVE-2023-28392
-	RESERVED
-CVE-2023-28390
-	RESERVED
+CVE-2023-28413 (Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 ...)
+	TODO: check
+CVE-2023-28409 (Unrestricted upload of file with dangerous type exists in MW WP Form v ...)
+	TODO: check
+CVE-2023-28408 (Directory traversal vulnerability in MW WP Form versions v4.4.2 and ea ...)
+	TODO: check
+CVE-2023-28394 (Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated ...)
+	TODO: check
+CVE-2023-28392 (Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B ...)
+	TODO: check
+CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) a ...)
+	TODO: check
 CVE-2023-28387
 	RESERVED
 CVE-2023-28382
 	RESERVED
 CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...)
 	NOT-FOR-US: Brother
-CVE-2023-28367
-	RESERVED
-CVE-2023-27926
-	RESERVED
-CVE-2023-27925
-	RESERVED
-CVE-2023-27923
-	RESERVED
-CVE-2023-27922
-	RESERVED
-CVE-2023-27921
-	RESERVED
-CVE-2023-27920
-	RESERVED
+CVE-2023-28367 (Cross-site scripting vulnerability in CTA post function of VK All in O ...)
+	TODO: check
+CVE-2023-27926 (Cross-site scripting vulnerability in Profile setting function of VK A ...)
+	TODO: check
+CVE-2023-27925 (Cross-site scripting vulnerability in Post function of VK Blocks 1.53. ...)
+	TODO: check
+CVE-2023-27923 (Cross-site scripting vulnerability in Tag edit function of VK Blocks 1 ...)
+	TODO: check
+CVE-2023-27922 (Cross-site scripting vulnerability in Newsletter versions prior to 7.6 ...)
+	TODO: check
+CVE-2023-27921 (JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cr ...)
+	TODO: check
+CVE-2023-27920 (Improper access control vulnerability in the system date/time setting  ...)
+	TODO: check
 CVE-2023-27919 (Authentication bypass vulnerability in NEXT ENGINE Integration Plugin  ...)
 	NOT-FOR-US: NEXT ENGINE Integration Plugin
 CVE-2023-27918 (Cross-site scripting vulnerability in Appointment and Event Booking Ca ...)
@@ -10203,46 +10241,46 @@ CVE-2023-27888 (Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and ea
 	NOT-FOR-US: Joruri Gw
 CVE-2023-27527 (Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML extern ...)
 	NOT-FOR-US: Shinseiyo Sogo Soft
-CVE-2023-27521
-	RESERVED
-CVE-2023-27518
-	RESERVED
-CVE-2023-27514
-	RESERVED
-CVE-2023-27512
-	RESERVED
+CVE-2023-27521 (OS command injection vulnerability in the mail setting page of SolarVi ...)
+	TODO: check
+CVE-2023-27518 (Buffer overflow vulnerability in the multiple setting pages of SolarVi ...)
+	TODO: check
+CVE-2023-27514 (OS command injection vulnerability in the download page of SolarView C ...)
+	TODO: check
+CVE-2023-27512 (Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 ...)
+	TODO: check
 CVE-2023-27510 (JB Inquiry form contains an exposure of private personal information t ...)
 	NOT-FOR-US: JB Inquiry form
-CVE-2023-27507
-	RESERVED
-CVE-2023-27397
-	RESERVED
+CVE-2023-27507 (MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal  ...)
+	TODO: check
+CVE-2023-27397 (Unrestricted upload of file with dangerous type exists in MicroEngine  ...)
+	TODO: check
 CVE-2023-27396
 	RESERVED
 CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...)
 	NOT-FOR-US: CX-Drive All
-CVE-2023-27384
-	RESERVED
-CVE-2023-27304
-	RESERVED
-CVE-2023-26595
-	RESERVED
+CVE-2023-27384 (Operation restriction bypass vulnerability in MultiReport of Cybozu Ga ...)
+	TODO: check
+CVE-2023-27304 (Operation restriction bypass vulnerability in Message and Bulletin of  ...)
+	TODO: check
+CVE-2023-26595 (Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10 ...)
+	TODO: check
 CVE-2023-26593 (CENTUM series provided by Yokogawa Electric Corporation are vulnerable ...)
 	NOT-FOR-US: Yokogawa
 CVE-2023-25955 (National land numerical information data conversion tool all versions  ...)
 	NOT-FOR-US: National land numerical information data conversion tool
 CVE-2023-25954 (KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' ...)
 	NOT-FOR-US: KYOCERA
-CVE-2023-25953
-	RESERVED
+CVE-2023-25953 (Code injection vulnerability in Drive Explorer for macOS versions 3.5. ...)
+	TODO: check
 CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ...)
 	- haproxy 2.6.8-1
 	[bullseye] - haproxy <not-affected> (Vulnerable code not present)
 	[buster] - haproxy <not-affected> (Vulnerable code not present)
 	NOTE: https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46 (v2.7.1)
 	NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=22b44d5f2c7ce1ed0e4b62c639991d5abbd42a50 (v2.6.8)
-CVE-2023-25946
-	RESERVED
+CVE-2023-25946 (Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware vers ...)
+	TODO: check
 CVE-2023-25755 (Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerabl ...)
 	NOT-FOR-US: Screen Creator Advance
 CVE-2023-25184 (Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpi ...)
@@ -14362,8 +14400,8 @@ CVE-2023-27070 (A stored cross-site scripting (XSS) vulnerability in TotalJS Ope
 	NOT-FOR-US: TotalJS OpenPlatform
 CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...)
 	NOT-FOR-US: TotalJS OpenPlatform
-CVE-2023-27068
-	RESERVED
+CVE-2023-27068 (Deserialization of Untrusted Data in Sitecore Experience Platform thro ...)
+	TODO: check
 CVE-2023-27067 (Directory Traversal vulnerability in Sitecore Experience Platform thro ...)
 	NOT-FOR-US: Sitecore
 CVE-2023-27066 (Directory Traversal vulnerability in Site Core Experience Platform 10. ...)
@@ -19085,8 +19123,8 @@ CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25441
 	RESERVED
-CVE-2023-25440
-	RESERVED
+CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...)
+	TODO: check
 CVE-2023-25439
 	RESERVED
 CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...)
@@ -24023,10 +24061,10 @@ CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, co
 	NOT-FOR-US: Dell
 CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken ...)
 	NOT-FOR-US: Dell
-CVE-2023-23694
-	RESERVED
-CVE-2023-23693
-	RESERVED
+CVE-2023-23694 (Dell VxRail versions earlier than 7.0.450, contain(s) an OS command in ...)
+	TODO: check
+CVE-2023-23693 (Dell VxRail, versions prior to 7.0.450, contains an OS command injecti ...)
+	TODO: check
 CVE-2023-23692 (Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection  ...)
 	NOT-FOR-US: EMC
 CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Clie ...)
@@ -29863,16 +29901,16 @@ CVE-2022-47891
 	RESERVED
 CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up  ...)
 	NOT-FOR-US: Sewio
-CVE-2022-47320
-	RESERVED
-CVE-2022-47311
-	RESERVED
-CVE-2022-46738
-	RESERVED
+CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in initial de ...)
+	TODO: check
+CVE-2022-47311 (A proprietary protocol for iBoot devices is used for control and keepa ...)
+	TODO: check
+CVE-2022-46738 (The affected product exposes multiple sensitive data fields of the aff ...)
+	TODO: check
 CVE-2022-46733 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up  ...)
 	NOT-FOR-US: Sewio
-CVE-2022-46658
-	RESERVED
+CVE-2022-46658 (The affected product is vulnerable to a stack-based buffer overflow wh ...)
+	TODO: check
 CVE-2022-4634 (All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34  ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-4633 (A vulnerability was found in Auto Upload Images up to 3.3.0 and classi ...)
@@ -211128,8 +211166,8 @@ CVE-2020-20014
 	RESERVED
 CVE-2020-20013
 	RESERVED
-CVE-2020-20012
-	RESERVED
+CVE-2020-20012 (WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.)
+	TODO: check
 CVE-2020-20011
 	RESERVED
 CVE-2020-20010



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04633fabbc58041484f77f88044617f363bac58c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04633fabbc58041484f77f88044617f363bac58c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230523/a6586ee7/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list