[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71803f1d by security tracker role at 2023-10-14T20:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2023-5582 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-5581 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2023-5580 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2023-5579 (A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as ...)
+	TODO: check
+CVE-2023-5578 (A vulnerability was found in Port\xe1bilis i-Educar up to 2.7.5. It ha ...)
+	TODO: check
+CVE-2023-45176 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...)
+	TODO: check
+CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...)
+	TODO: check
+CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1,  ...)
+	TODO: check
 CVE-2023-41914
 	- slurm-wlm 23.02.6-1
 	- slurm-wlm-contrib 23.02.6-1
@@ -118,13 +134,13 @@ CVE-2023-32973 (A buffer copy without checking size of input vulnerability has b
 	NOT-FOR-US: QNAP
 CVE-2023-32970 (A NULL pointer dereference vulnerability has been reported to affect s ...)
 	NOT-FOR-US: QNAP
-CVE-2023-42663
+CVE-2023-42663 (Apache Airflow, versions before 2.7.2, has a vulnerability that allows ...)
 	- airflow <itp> (bug #819700)
-CVE-2023-42792
+CVE-2023-42792 (Apache Airflow, in versions prior to 2.7.2, contains a security vulner ...)
 	- airflow <itp> (bug #819700)
-CVE-2023-45348
+CVE-2023-45348 (Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerabili ...)
 	- airflow <itp> (bug #819700)
-CVE-2023-42780
+CVE-2023-42780 (Apache Airflow, versions prior to 2.7.2, contains a security vulnerabi ...)
 	- airflow <itp> (bug #819700)
 CVE-2023-5564 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...)
 	- froxlor <itp> (bug #581792)
@@ -21788,8 +21804,8 @@ CVE-2023-30996
 	RESERVED
 CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow  ...)
 	NOT-FOR-US: IBM
-CVE-2023-30994
-	RESERVED
+CVE-2023-30994 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...)
+	TODO: check
 CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow  ...)
 	NOT-FOR-US: IBM
 CVE-2023-30992
@@ -31782,8 +31798,8 @@ CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and
 	NOT-FOR-US: WI-SUN
 CVE-2023-1260 (An authentication bypass vulnerability was discovered in kube-apiserve ...)
 	NOT-FOR-US: OpenShift
-CVE-2023-1259
-	RESERVED
+CVE-2023-1259 (The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
 CVE-2023-27905 (Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core ...)
 	- jenkins <removed>
 CVE-2023-27904 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...)
@@ -66080,8 +66096,8 @@ CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3
 	NOT-FOR-US: IBM
 CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...)
 	NOT-FOR-US: IBM
-CVE-2022-43868
-	RESERVED
+CVE-2022-43868 (IBM Security Verify Access OIDC Provider could disclose directory info ...)
+	TODO: check
 CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...)
 	NOT-FOR-US: IBM
 CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross ...)
@@ -66400,8 +66416,8 @@ CVE-2022-43742
 	RESERVED
 CVE-2022-43741
 	RESERVED
-CVE-2022-43740
-	RESERVED
+CVE-2022-43740 (IBM Security Verify Access OIDC Provider could allow a remote user to  ...)
+	TODO: check
 CVE-2022-43739
 	RESERVED
 CVE-2022-43738
@@ -95500,16 +95516,16 @@ CVE-2022-33167
 	RESERVED
 CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...)
 	NOT-FOR-US: IBM
-CVE-2022-33165
-	RESERVED
+CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...)
+	TODO: check
 CVE-2022-33164 (IBM Security Directory Server 7.2.0 could allow a remote attacker to t ...)
 	NOT-FOR-US: IBM
 CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...)
 	NOT-FOR-US: IBM
 CVE-2022-33162
 	RESERVED
-CVE-2022-33161
-	RESERVED
+CVE-2022-33161 (IBM Security Directory Server 6.4.0 could allow a remote attacker to o ...)
+	TODO: check
 CVE-2022-33160 (IBM Security Directory Suite 8.0.1 uses weaker than expected cryptogra ...)
 	NOT-FOR-US: IBM
 CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...)
@@ -96522,8 +96538,8 @@ CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an i
 	NOT-FOR-US: IBM
 CVE-2022-32756
 	RESERVED
-CVE-2022-32755
-	RESERVED
+CVE-2022-32755 (IBM Security Directory Server 6.4.0 is vulnerable to an XML External E ...)
+	TODO: check
 CVE-2022-32754
 	RESERVED
 CVE-2022-32753



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71803f1dcc0e14054a2f7a5f1755cef0f58498af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71803f1dcc0e14054a2f7a5f1755cef0f58498af
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231014/d83f8f5d/attachment.htm>