[Git][security-tracker-team/security-tracker][master] automatic update

Tue Oct 10 09:12:17 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c044e7c8 by security tracker role at 2023-10-10T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-5471 (A vulnerability, which was classified as critical, was found in codepr ...)
+	TODO: check
+CVE-2023-5468 (The Slick Contact Forms plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2023-5467 (The GEO my WordPress plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2023-5463 (A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been r ...)
+	TODO: check
+CVE-2023-5462 (A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been decl ...)
+	TODO: check
+CVE-2023-45208 (A command injection in the parsing_xml_stasurvey function inside libcg ...)
+	TODO: check
+CVE-2023-44959 (An issue found in D-Link DSL-3782 v.1.03 and before allows remote auth ...)
+	TODO: check
+CVE-2023-44848 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...)
+	TODO: check
+CVE-2023-44847 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...)
+	TODO: check
+CVE-2023-44846 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...)
+	TODO: check
+CVE-2023-44827 (An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8 ...)
+	TODO: check
+CVE-2023-44826 (Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local  ...)
+	TODO: check
+CVE-2023-44813 (Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a ...)
+	TODO: check
+CVE-2023-43899 (hansun CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+	TODO: check
+CVE-2023-43271 (Incorrect access control in 70mai a500s v1.2.119 allows attackers to d ...)
+	TODO: check
+CVE-2023-42477 (SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50,allo ...)
+	TODO: check
+CVE-2023-42475 (The Statutory Reporting application has a vulnerable file storage loca ...)
+	TODO: check
+CVE-2023-42474 (SAP BusinessObjects Web Intelligence - version 420, has a URL with par ...)
+	TODO: check
+CVE-2023-42473 (S/4HANA Manage (Withholding Tax Items) - version 106,does not perform  ...)
+	TODO: check
+CVE-2023-42189 (Insecure Permissions vulnerability in Connectivity Standards Alliance  ...)
+	TODO: check
+CVE-2023-41730 (Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newslette ...)
+	TODO: check
+CVE-2023-41697 (Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP ...)
+	TODO: check
+CVE-2023-41694 (Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbi ...)
+	TODO: check
+CVE-2023-41684 (Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS H ...)
+	TODO: check
+CVE-2023-41365 (SAP Business One (B1i) - version 10.0, allows an authorized attacker t ...)
+	TODO: check
+CVE-2023-40310 (SAP PowerDesignerClient- version 16.7, does not sufficiently validate  ...)
+	TODO: check
 CVE-2023-45360
 	- mediawiki 1:1.39.5-1
 	NOTE: https://phabricator.wikimedia.org/T340221
@@ -115,7 +167,7 @@ CVE-2023-39189 (A flaw was found in the Netfilter subsystem in the Linux kernel.
 	NOTE: https://git.kernel.org/linus/f4f8a7803119005e87b716874bec07c751efafec (6.6-rc1)
 CVE-2023-36820 (Micronaut Security is a security solution for applications. Prior to v ...)
 	NOT-FOR-US: Micronaut Security
-CVE-2023-43641
+CVE-2023-43641 (libcue provides an API for parsing and extracting data from CUE sheets ...)
 	- libcue <unfixed>
 	NOTE: https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/09/3
@@ -47513,10 +47565,10 @@ CVE-2022-48185
 	RESERVED
 CVE-2022-48184
 	RESERVED
-CVE-2022-48183
-	RESERVED
-CVE-2022-48182
-	RESERVED
+CVE-2022-48183 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that  ...)
+	TODO: check
+CVE-2022-48182 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that  ...)
+	TODO: check
 CVE-2022-48181 (An ErrorMessage driver stack-based buffer overflow vulnerability in BI ...)
 	NOT-FOR-US: Lenovo
 CVE-2022-48180
@@ -63365,8 +63417,8 @@ CVE-2022-3730 (A vulnerability, which was classified as critical, was found in s
 	NOT-FOR-US: seccome Ehoney
 CVE-2022-3729 (A vulnerability, which was classified as critical, has been found in s ...)
 	NOT-FOR-US: seccome Ehoney
-CVE-2022-3728
-	RESERVED
+CVE-2022-3728 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that  ...)
+	TODO: check
 CVE-2023-20601
 	RESERVED
 CVE-2023-20600
@@ -85945,8 +85997,8 @@ CVE-2022-36230
 	RESERVED
 CVE-2022-36229
 	RESERVED
-CVE-2022-36228
-	RESERVED
+CVE-2022-36228 (Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Perm ...)
+	TODO: check
 CVE-2022-36227 (In libarchive before 3.6.2, the software does not check for an error a ...)
 	{DLA-3294-1}
 	- libarchive 3.6.2-1 (bug #1024669)
@@ -234728,8 +234780,8 @@ CVE-2020-18338
 	RESERVED
 CVE-2020-18337
 	RESERVED
-CVE-2020-18336
-	RESERVED
+CVE-2020-18336 (Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allo ...)
+	TODO: check
 CVE-2020-18335
 	RESERVED
 CVE-2020-18334



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c044e7c8b37b59c3617593fbe33a3b91a54d6484

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c044e7c8b37b59c3617593fbe33a3b91a54d6484
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231010/05cf5849/attachment-0001.htm>
