[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 29 09:12:10 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8dd16750 by security tracker role at 2023-05-29T08:11:58+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2023-33291 (In ebankIT 6, the public endpoints /public/token/Email/generate and /p ...)
+	TODO: check
+CVE-2023-31874 (Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafte ...)
+	TODO: check
+CVE-2023-31873 (Gin 0.7.4 allows execution of arbitrary code when a crafted file is op ...)
+	TODO: check
+CVE-2023-2955 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2023-2954 (Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/ ...)
+	TODO: check
+CVE-2021-4336 (A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. ...)
+	TODO: check
 CVE-2023-33931 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu You ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-33926 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...)
@@ -724,7 +736,7 @@ CVE-2023-2757 (The Waiting: One-click countdowns plugin for WordPress is vulnera
 	NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress
 CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Exe ...)
 	NOT-FOR-US: Umbraco CMS
-CVE-2023-32763
+CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...)
 	- qt6-base 6.4.2+dfsg-8
 	- qtbase-opensource-src 5.15.8+dfsg-10
 	- qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702)
@@ -733,7 +745,7 @@ CVE-2023-32763
 	NOTE: https://download.qt.io/official_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/476490
 	NOTE: https://bugreports.qt.io/browse/QTBUG-113337
-CVE-2023-32762
+CVE-2023-32762 (An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6. ...)
 	- qt6-base 6.4.2+dfsg-9
 	- qtbase-opensource-src 5.15.8+dfsg-10
 	- qtbase-opensource-src-gles <not-affected> (Not built in GLES variant)
@@ -4434,8 +4446,7 @@ CVE-2022-48439
 	RESERVED
 CVE-2022-48438
 	RESERVED
-CVE-2023-30570 [Incorrect aggressive mode interaction causes the pluto daemon to crash]
-	RESERVED
+CVE-2023-30570 (pluto in Libreswan before 4.11 allows a denial of service (responder S ...)
 	- libreswan <unfixed> (bug #1035542)
 	NOTE: https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt
 	NOTE: https://github.com/libreswan/libreswan/issues/1039
@@ -5079,8 +5090,8 @@ CVE-2023-30352 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was
 	NOT-FOR-US: Tenda
 CVE-2023-30351 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discov ...)
 	NOT-FOR-US: Tenda
-CVE-2023-30350
-	RESERVED
+CVE-2023-30350 (FS S3900-24T4S devices allow authenticated attackers with guest access ...)
+	TODO: check
 CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code execution (R ...)
 	NOT-FOR-US: JFinal CMS
 CVE-2023-30348
@@ -7512,8 +7523,7 @@ CVE-2023-29382
 	RESERVED
 CVE-2023-29381
 	RESERVED
-CVE-2023-29380
-	RESERVED
+CVE-2023-29380 (Warpinator before 1.6.0 allows remote file deletion via directory trav ...)
 	NOT-FOR-US: Warpinator
 CVE-2023-29379
 	RESERVED
@@ -8367,9 +8377,9 @@ CVE-2023-29081
 CVE-2023-29080
 	RESERVED
 CVE-2023-29079
-	RESERVED
+	REJECTED
 CVE-2023-29078
-	RESERVED
+	REJECTED
 CVE-2023-29077
 	RESERVED
 CVE-2023-29076
@@ -11776,8 +11786,8 @@ CVE-2023-1358 (A vulnerability, which was classified as critical, was found in S
 	NOT-FOR-US: SourceCodester Gadget Works Online Ordering System
 CVE-2023-1357 (A vulnerability, which was classified as critical, has been found in S ...)
 	NOT-FOR-US: SourceCodester Simple Bakery Shop Management System
-CVE-2023-28153
-	RESERVED
+CVE-2023-28153 (An issue was discovered in the Kiddoware Kids Place Parental Control a ...)
+	TODO: check
 CVE-2023-28152 (An issue was discovered in Independentsoft JWord before 1.1.110. The A ...)
 	NOT-FOR-US: Independentsoft JWord
 CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 1.1.110 ...)
@@ -21956,24 +21966,24 @@ CVE-2023-24607 (Qt before 6.4.3 allows a denial of service via a crafted string
 	NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff
 CVE-2023-24606
 	RESERVED
-CVE-2023-24605
-	RESERVED
-CVE-2023-24604
-	RESERVED
-CVE-2023-24603
-	RESERVED
-CVE-2023-24602
-	RESERVED
-CVE-2023-24601
-	RESERVED
-CVE-2023-24600
-	RESERVED
-CVE-2023-24599
-	RESERVED
-CVE-2023-24598
-	RESERVED
-CVE-2023-24597
-	RESERVED
+CVE-2023-24605 (OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all  ...)
+	TODO: check
+CVE-2023-24604 (OX App Suite before backend 7.10.6-rev37 does not check HTTP header le ...)
+	TODO: check
+CVE-2023-24603 (OX App Suite before backend 7.10.6-rev37 does not check size limits wh ...)
+	TODO: check
+CVE-2023-24602 (OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the T ...)
+	TODO: check
+CVE-2023-24601 (OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app dee ...)
+	TODO: check
+CVE-2023-24600 (OX App Suite before backend 7.10.6-rev37 allows authenticated users to ...)
+	TODO: check
+CVE-2023-24599 (OX App Suite before backend 7.10.6-rev37 allows authenticated users to ...)
+	TODO: check
+CVE-2023-24598 (OX App Suite before backend 7.10.6-rev37 has an information leak in th ...)
+	TODO: check
+CVE-2023-24597 (OX App Suite before frontend 7.10.6-rev24 allows the loading (without  ...)
+	TODO: check
 CVE-2023-0566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-0565 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...)
@@ -39527,8 +39537,8 @@ CVE-2022-45374
 	RESERVED
 CVE-2022-45373
 	RESERVED
-CVE-2022-45372
-	RESERVED
+CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Ga ...)
+	TODO: check
 CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45370
@@ -70951,8 +70961,8 @@ CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Serve
 	NOT-FOR-US: WordPress plugin
 CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-33974
-	RESERVED
+CVE-2022-33974 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custo ...)
+	TODO: check
 CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osama ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-33961 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wasp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd167502790737d84f4063c7dc6eab7936f2d54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd167502790737d84f4063c7dc6eab7936f2d54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230529/4cca31ba/attachment.htm>

More information about the debian-security-tracker-commits mailing list