[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 17 09:11:54 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e765e42 by security tracker role at 2023-10-17T08:11:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability. ...)
+ TODO: check
+CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensitive in ...)
+ TODO: check
+CVE-2023-4089 (On affected Wago products an remote attacker with administrative privi ...)
+ TODO: check
+CVE-2023-45807 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...)
+ TODO: check
+CVE-2023-45659 (Engelsystem is a shift planning system for chaos events. If a users' ...)
+ TODO: check
+CVE-2023-45542 (Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote ...)
+ TODO: check
+CVE-2023-45540 (An issue in Jorani Leave Management System 1.0.3 allows a remote attac ...)
+ TODO: check
+CVE-2023-45386 (In the module extratabspro before version 2.2.8 from MyPresta.eu for P ...)
+ TODO: check
+CVE-2023-45375 (In the module "PireosPay" (pireospay) before version 1.7.10 from 01gen ...)
+ TODO: check
+CVE-2023-45358 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored ...)
+ TODO: check
+CVE-2023-45357 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensiti ...)
+ TODO: check
+CVE-2023-45152 (Engelsystem is a shift planning system for chaos events. A Blind SSRF ...)
+ TODO: check
+CVE-2023-45147 (Discourse is an open source community platform. In affected versions a ...)
+ TODO: check
+CVE-2023-45144 (com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in buil ...)
+ TODO: check
+CVE-2023-45141 (Fiber is an express inspired web framework written in Go. A Cross-Site ...)
+ TODO: check
+CVE-2023-45131 (Discourse is an open source platform for community discussion. New cha ...)
+ TODO: check
+CVE-2023-45128 (Fiber is an express inspired web framework written in Go. A Cross-Site ...)
+ TODO: check
+CVE-2023-44694 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerab ...)
+ TODO: check
+CVE-2023-44693 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerab ...)
+ TODO: check
+CVE-2023-44394 (MantisBT is an open source bug tracker. Due to insufficient access-lev ...)
+ TODO: check
+CVE-2023-44391 (Discourse is an open source platform for community discussion. User su ...)
+ TODO: check
+CVE-2023-44388 (Discourse is an open source platform for community discussion. A malic ...)
+ TODO: check
+CVE-2023-43814 (Discourse is an open source platform for community discussion. Attacke ...)
+ TODO: check
+CVE-2023-43659 (Discourse is an open source platform for community discussion. Imprope ...)
+ TODO: check
+CVE-2023-43658 (dicourse-calendar is a plugin for the Discourse messaging platform whi ...)
+ TODO: check
+CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the Export for T ...)
+ TODO: check
+CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
+ TODO: check
+CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-40852 (SQL Injection vulnerability in Phpgurukul User Registration & Login an ...)
+ TODO: check
+CVE-2023-40851 (Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registrati ...)
+ TODO: check
+CVE-2023-40374 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2023-40373 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...)
+ TODO: check
+CVE-2023-40372 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2023-39456 (Improper Input Validation vulnerability in Apache Traffic Server with ...)
+ TODO: check
+CVE-2023-38740 (IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11. ...)
+ TODO: check
+CVE-2023-38728 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2023-38720 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2023-38719 (IBM Db2 11.5 could allow a local user with special privileges to cause ...)
+ TODO: check
+CVE-2023-34210 (SQL Injection in create customer group function in EasyUse MailHunter ...)
+ TODO: check
+CVE-2023-34209 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2023-34208 (Path Traversal in create template function in EasyUse MailHunter Ultim ...)
+ TODO: check
+CVE-2023-34207 (Unrestricted upload of file with dangerous type vulnerability in creat ...)
+ TODO: check
+CVE-2012-10016 (A vulnerability classified as problematic has been found in Halulu sim ...)
+ TODO: check
+CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. ...)
+ TODO: check
CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.)
TODO: check
CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...)
@@ -3892,7 +3980,7 @@ CVE-2023-41867 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ac
NOT-FOR-US: WordPress plugin
CVE-2023-41863 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-41419 (An issue in Gevent Gevent before version 23.9.1 allows a remote attack ...)
+CVE-2023-41419 (An issue in Gevent before version 23.9.0 allows a remote attacker to e ...)
NOT-FOR-US: Gevent Gevent
CVE-2023-41303 (Command injection vulnerability in the distributed file system module. ...)
NOT-FOR-US: Huawei
@@ -22111,16 +22199,16 @@ CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could
NOT-FOR-US: IBM
CVE-2023-30992
RESERVED
-CVE-2023-30991
- RESERVED
+CVE-2023-30991 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
+ TODO: check
CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute ...)
NOT-FOR-US: IBM
CVE-2023-30989 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local pr ...)
NOT-FOR-US: IBM
CVE-2023-30988 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...)
NOT-FOR-US: IBM
-CVE-2023-30987
- RESERVED
+CVE-2023-30987 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
CVE-2023-30986 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
NOT-FOR-US: Siemens
CVE-2023-30985 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
@@ -66347,16 +66435,16 @@ CVE-2022-43895
RESERVED
CVE-2022-43894
RESERVED
-CVE-2022-43893
- RESERVED
-CVE-2022-43892
- RESERVED
-CVE-2022-43891
- RESERVED
+CVE-2022-43893 (IBM Security Verify Privilege On-Premises 11.5 could allow a privilege ...)
+ TODO: check
+CVE-2022-43892 (IBM Security Verify Privilege On-Premises 11.5 does not validate, or i ...)
+ TODO: check
+CVE-2022-43891 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...)
+ TODO: check
CVE-2022-43890
RESERVED
-CVE-2022-43889
- RESERVED
+CVE-2022-43889 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...)
+ TODO: check
CVE-2022-43888
RESERVED
CVE-2022-43887 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to ...)
@@ -129437,30 +129525,30 @@ CVE-2022-22388
RESERVED
CVE-2022-22387 (IBM Application Gateway is vulnerable to cross-site scripting. This vu ...)
NOT-FOR-US: IBM
-CVE-2022-22386
- RESERVED
-CVE-2022-22385
- RESERVED
-CVE-2022-22384
- RESERVED
+CVE-2022-22386 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...)
+ TODO: check
+CVE-2022-22385 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...)
+ TODO: check
+CVE-2022-22384 (IBM Security Verify Privilege On-Premises 11.5 could allow an attacker ...)
+ TODO: check
CVE-2022-22383
RESERVED
CVE-2022-22382
RESERVED
CVE-2022-22381
RESERVED
-CVE-2022-22380
- RESERVED
+CVE-2022-22380 (IBM Security Verify Privilege On-Premises 11.5 could allow an attacker ...)
+ TODO: check
CVE-2022-22379
RESERVED
CVE-2022-22378
RESERVED
-CVE-2022-22377
- RESERVED
+CVE-2022-22377 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...)
+ TODO: check
CVE-2022-22376
RESERVED
-CVE-2022-22375
- RESERVED
+CVE-2022-22375 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote au ...)
+ TODO: check
CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subj ...)
NOT-FOR-US: IBM
CVE-2022-22373 (An improper validation vulnerability in IBM InfoSphere Information Ser ...)
@@ -154193,8 +154281,8 @@ CVE-2021-38861
RESERVED
CVE-2021-38860
RESERVED
-CVE-2021-38859
- RESERVED
+CVE-2021-38859 (IBM Security Verify Privilege On-Premises 11.5 could allow a user to o ...)
+ TODO: check
CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...)
{DSA-4963-1 DLA-2774-1 DLA-2766-1}
- openssl 1.1.1l-1
@@ -177514,8 +177602,8 @@ CVE-2021-29915
RESERVED
CVE-2021-29914
RESERVED
-CVE-2021-29913
- RESERVED
+CVE-2021-29913 (IBM Security Verify Privilege On-Premise 11.5 could allow an authentic ...)
+ TODO: check
CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site ...)
NOT-FOR-US: IBM
CVE-2021-29911
@@ -201922,8 +202010,8 @@ CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66
NOT-FOR-US: IBM
CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive information in ...)
NOT-FOR-US: IBM
-CVE-2021-20581
- RESERVED
+CVE-2021-20581 (IBM Security Verify Privilege On-Premises 11.5 could allow a user to o ...)
+ TODO: check
CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site request f ...)
NOT-FOR-US: IBM
CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e765e427f818c75a86b7603a6004ea4baf6137a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e765e427f818c75a86b7603a6004ea4baf6137a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231017/98c754ed/attachment.htm>
More information about the debian-security-tracker-commits
mailing list