Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11df1906 by security tracker role at 2023-03-07T20:10:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-27905
+ RESERVED
+CVE-2023-27904
+ RESERVED
+CVE-2023-27903
+ RESERVED
+CVE-2023-27902
+ RESERVED
+CVE-2023-27901
+ RESERVED
+CVE-2023-27900
+ RESERVED
+CVE-2023-27899
+ RESERVED
+CVE-2023-27898
+ RESERVED
+CVE-2023-27897
+ RESERVED
+CVE-2023-27896
+ RESERVED
+CVE-2023-27895
+ RESERVED
+CVE-2023-27894
+ RESERVED
+CVE-2023-27893
+ RESERVED
+CVE-2023-1258
+ RESERVED
+CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series
device ...)
+ TODO: check
+CVE-2023-1256
+ RESERVED
+CVE-2023-1255
+ RESERVED
+CVE-2023-1254 (A vulnerability has been found in SourceCodester Health Center
Patient ...)
+ TODO: check
+CVE-2023-1253 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-1252
+ RESERVED
+CVE-2023-1251
+ RESERVED
+CVE-2023-1250
+ RESERVED
+CVE-2023-1249
+ RESERVED
+CVE-2023-1248
+ RESERVED
+CVE-2023-1247 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
+ TODO: check
+CVE-2022-4932 (The Total Upkeep plugin for WordPress is vulnerable to
information dis ...)
+ TODO: check
+CVE-2022-4931 (The BackupWordPress plugin for WordPress is vulnerable to
information ...)
+ TODO: check
+CVE-2021-4333 (The WP Statistics plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2021-4332 (The Plus Addons for Elementor plugin for WordPress is
vulnerable to ar ...)
+ TODO: check
+CVE-2021-4331 (The Plus Addons for Elementor plugin for WordPress is
vulnerable to pr ...)
+ TODO: check
+CVE-2021-4330 (The Envato Elements & Download and Template Kit –
Import plu ...)
+ TODO: check
+CVE-2020-36670 (The NEX-Forms. plugin for WordPress is vulnerable to
unauthorized disc ...)
+ TODO: check
+CVE-2020-36669 (The JetBackup – WP Backup, Migrate & Restore plugin
for Word ...)
+ TODO: check
+CVE-2020-36668 (The JetBackup – WP Backup, Migrate & Restore plugin
for Word ...)
+ TODO: check
+CVE-2020-36667 (The JetBackup – WP Backup, Migrate & Restore plugin
for Word ...)
+ TODO: check
CVE-2023-27892
RESERVED
CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application
authorization fr ...)
@@ -62,24 +132,24 @@ CVE-2023-24465
RESERVED
CVE-2023-1246
RESERVED
-CVE-2023-1245
- RESERVED
-CVE-2023-1244
- RESERVED
-CVE-2023-1243
- RESERVED
-CVE-2023-1242
- RESERVED
-CVE-2023-1241
- RESERVED
-CVE-2023-1240
- RESERVED
-CVE-2023-1239
- RESERVED
-CVE-2023-1238
- RESERVED
-CVE-2023-1237
- RESERVED
+CVE-2023-1245 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
+CVE-2023-1244 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
+CVE-2023-1243 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
+CVE-2023-1242 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
+CVE-2023-1241 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
+CVE-2023-1240 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
+CVE-2023-1239 (Cross-site Scripting (XSS) - Reflected in GitHub repository
answerdev/ ...)
+ TODO: check
+CVE-2023-1238 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
+CVE-2023-1237 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
+ TODO: check
CVE-2023-1236
RESERVED
CVE-2023-1235
@@ -1002,8 +1072,7 @@ CVE-2023-27524
RESERVED
CVE-2023-27523
RESERVED
-CVE-2023-27522
- RESERVED
+CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server
via mod_pr ...)
- apache2 <unfixed> (bug #1032476)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/2
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-27522
@@ -1132,14 +1201,14 @@ CVE-2023-27480
RESERVED
CVE-2023-27479
RESERVED
-CVE-2023-27478
- RESERVED
+CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library
and tools ...)
+ TODO: check
CVE-2023-27477
RESERVED
CVE-2023-27476
RESERVED
-CVE-2023-27475
- RESERVED
+CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the
go langu ...)
+ TODO: check
CVE-2023-27474 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
NOT-FOR-US: Directus
CVE-2023-27473
@@ -2406,12 +2475,12 @@ CVE-2023-26957
RESERVED
CVE-2023-26956
RESERVED
-CVE-2023-26955
- RESERVED
-CVE-2023-26954
- RESERVED
-CVE-2023-26953
- RESERVED
+CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored
cross-site scrip ...)
+ TODO: check
+CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored
cross-site scrip ...)
+ TODO: check
+CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored
cross-site scrip ...)
+ TODO: check
CVE-2023-26952
RESERVED
CVE-2023-26951
@@ -3290,8 +3359,8 @@ CVE-2022-48346
RESERVED
CVE-2020-36662
RESERVED
-CVE-2015-10087
- RESERVED
+CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found
in UpTh ...)
+ TODO: check
CVE-2015-10086 (A vulnerability, which was classified as critical, was found
in OpenCy ...)
NOT-FOR-US: OpenCycleCompass
CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in
net/mpls/ ...)
@@ -5908,8 +5977,7 @@ CVE-2021-4316
RESERVED
CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has
been rat ...)
NOT-FOR-US: juju2143 WalrusIRC
-CVE-2023-25690
- RESERVED
+CVE-2023-25690 (Some mod_proxy configurations on Apache HTTP Server versions
2.4.0 thr ...)
- apache2 <unfixed> (bug #1032476)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690
@@ -6200,8 +6268,8 @@ CVE-2023-0754 (The affected products are vulnerable to an
integer overflow or wr
NOT-FOR-US: PTC
CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It
has bee ...)
NOT-FOR-US: dimtion Shaarlier
-CVE-2023-25611
- RESERVED
+CVE-2023-25611 (A improper neutralization of formula elements in a CSV file
vulnerabil ...)
+ TODO: check
CVE-2023-25610
RESERVED
CVE-2023-25609
@@ -6212,8 +6280,8 @@ CVE-2023-25607
RESERVED
CVE-2023-25606
RESERVED
-CVE-2023-25605
- RESERVED
+CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR
7.3.0 - ...)
+ TODO: check
CVE-2023-25604
RESERVED
CVE-2023-25603
@@ -7163,8 +7231,8 @@ CVE-2023-25232
RESERVED
CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer
Overflow in f ...)
NOT-FOR-US: Tenda
-CVE-2023-25230
- RESERVED
+CVE-2023-25230 (loonflow r2.0.14 is vulnerable to server-side request forgery
(SSRF). ...)
+ TODO: check
CVE-2023-25229
RESERVED
CVE-2023-25228
@@ -7177,8 +7245,8 @@ CVE-2023-25225
RESERVED
CVE-2023-25224
RESERVED
-CVE-2023-25223
- RESERVED
+CVE-2023-25223 (CRMEB <=1.3.4 is vulnerable to SQL Injection via
/api/admin/user/li ...)
+ TODO: check
CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU
LibreDWG v0.12 ...)
- libredwg <itp> (bug #595191)
CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a
heap-buffer-overflow vuln ...)
@@ -8419,8 +8487,8 @@ CVE-2023-24783
RESERVED
CVE-2023-24782
RESERVED
-CVE-2023-24781
- RESERVED
+CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
CVE-2023-24780
RESERVED
CVE-2023-24779
@@ -8431,8 +8499,8 @@ CVE-2023-24777
RESERVED
CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code
execution (RCE ...)
NOT-FOR-US: Funadmin
-CVE-2023-24775
- RESERVED
+CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
CVE-2023-24774
RESERVED
CVE-2023-24773
@@ -11111,8 +11179,8 @@ CVE-2023-23778 (A relative path traversal vulnerability
[CWE-23] in FortiWeb ver
NOT-FOR-US: FortiGuard
CVE-2023-23777
RESERVED
-CVE-2023-23776
- RESERVED
+CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor
[CWE-200 ...)
+ TODO: check
CVE-2023-23775
RESERVED
CVE-2023-23549
@@ -23355,8 +23423,8 @@ CVE-2022-46259
RESERVED
CVE-2022-46258 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
NOT-FOR-US: GitHub Enterprise Server
-CVE-2022-46257
- RESERVED
+CVE-2022-46257 (An information disclosure vulnerability was identified in
GitHub Enter ...)
+ TODO: check
CVE-2022-46256 (A path traversal vulnerability was identified in GitHub
Enterprise Ser ...)
NOT-FOR-US: GitHub Enterprise Server
CVE-2022-46255 (An improper limitation of a pathname to a restricted directory
vulnera ...)
@@ -24323,8 +24391,8 @@ CVE-2022-45863
RESERVED
CVE-2022-45862
RESERVED
-CVE-2022-45861
- RESERVED
+CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in
the SSL ...)
+ TODO: check
CVE-2022-45860
RESERVED
CVE-2022-45859
@@ -29668,8 +29736,8 @@ CVE-2022-44420
RESERVED
CVE-2022-44419
RESERVED
-CVE-2022-3760
- RESERVED
+CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-3758
@@ -36589,8 +36657,8 @@ CVE-2022-42478
RESERVED
CVE-2022-42477
RESERVED
-CVE-2022-42476
- RESERVED
+CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet
FortiOS v ...)
+ TODO: check
CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122] in
FortiOS SSL-VP ...)
NOT-FOR-US: FortiOS SSL-VPN
CVE-2022-42474
@@ -39742,18 +39810,18 @@ CVE-2022-41335 (A relative path traversal
vulnerability [CWE-23] in Fortinet For
NOT-FOR-US: Fortinet
CVE-2022-41334 (An improper neutralization of input during web page generation
[CWE-79 ...)
NOT-FOR-US: Fortinet
-CVE-2022-41333
- RESERVED
+CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400]
in FortiR ...)
+ TODO: check
CVE-2022-41332
RESERVED
CVE-2022-41331
RESERVED
CVE-2022-41330
RESERVED
-CVE-2022-41329
- RESERVED
-CVE-2022-41328
- RESERVED
+CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
+ TODO: check
+CVE-2022-41328 (A improper limitation of a pathname to a restricted directory
vulnerab ...)
+ TODO: check
CVE-2022-41327
RESERVED
CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all
versions fr ...)
@@ -41320,8 +41388,8 @@ CVE-2022-40678 (An insufficiently protected credentials
in Fortinet FortiNAC ver
NOT-FOR-US: Fortinet
CVE-2022-40677 (A improper neutralization of argument delimiters in a command
('argume ...)
NOT-FOR-US: Fortinet
-CVE-2022-40676
- RESERVED
+CVE-2022-40676 (A improper neutralization of input during web page generation
('cross- ...)
+ TODO: check
CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0
through ...)
NOT-FOR-US: Fortinet
CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS)
vulnerability ...)
@@ -43159,12 +43227,12 @@ CVE-2022-39955 (The OWASP ModSecurity Core Rule Set
(CRS) is affected by a parti
NOTE:
https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
CVE-2022-39954 (An improper restriction of xml external entity reference in
Fortinet F ...)
NOT-FOR-US: Fortinet
-CVE-2022-39953
- RESERVED
+CVE-2022-39953 (A improper privilege management in Fortinet FortiNAC version
9.4.0 thr ...)
+ TODO: check
CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC
versions ...)
NOT-FOR-US: Fortinet
-CVE-2022-39951
- RESERVED
+CVE-2022-39951 (A improper neutralization of special elements used in an os
command (' ...)
+ TODO: check
CVE-2022-39950 (An improper neutralization of input during web page generation
vulnera ...)
NOT-FOR-US: FortiGuard
CVE-2022-39949 (An improper control of a resource through its lifetime
vulnerability [ ...)
@@ -78340,8 +78408,8 @@ CVE-2022-27492 (An integer underflow in WhatsApp could
have caused remote code e
NOT-FOR-US: WhatsApp
CVE-2022-27491 (A improper verification of source of a communication channel
in Fortin ...)
NOT-FOR-US: FortiGuard
-CVE-2022-27490
- RESERVED
+CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor
in Fortin ...)
+ TODO: check
CVE-2022-27489 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-27488
@@ -95295,8 +95363,8 @@ CVE-2022-22299 (A format string vulnerability [CWE-134]
in the command line inte
NOT-FOR-US: FortiNet
CVE-2022-22298
RESERVED
-CVE-2022-22297
- RESERVED
+CVE-2022-22297 (An incomplete filtering of one or more instances of special
elements v ...)
+ TODO: check
CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System
1.0 is vul ...)
NOT-FOR-US: Sourcecodester
CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection
vulnerability ...)
@@ -102287,10 +102355,10 @@ CVE-2021-44199 (DLL hijacking could lead to denial
of service. The following pro
NOT-FOR-US: Acronis
CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The
following ...)
NOT-FOR-US: Acronis
-CVE-2021-44197
- RESERVED
-CVE-2021-44196
- RESERVED
+CVE-2021-44197 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2021-44196 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an
improper ...)
NOT-FOR-US: Rapid7 Insight Agent
CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11df1906e1d62624c205aa5fb2c175bf36f3452a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11df1906e1d62624c205aa5fb2c175bf36f3452a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
