Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1cc6b5e7 by security tracker role at 2023-04-16T20:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-2108 (A vulnerability has been found in SourceCodester Judging
Management Sy ...)
+ TODO: check
CVE-2023-30773
RESERVED
CVE-2023-30771
@@ -589,6 +591,7 @@ CVE-2023-2035 (A vulnerability has been found in Campcodes
Video Sharing Website
CVE-2023-2034 (Unrestricted Upload of File with Dangerous Type in GitHub
repository f ...)
- froxlor <itp> (bug #581792)
CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121
allowed ...)
+ {DSA-5390-1}
- chromium 112.0.5615.121-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2032
@@ -756,8 +759,8 @@ CVE-2023-30544
RESERVED
CVE-2023-30543
RESERVED
-CVE-2023-30542
- RESERVED
+CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
+ TODO: check
CVE-2023-30541
RESERVED
CVE-2023-30540
@@ -766,8 +769,8 @@ CVE-2023-30539
RESERVED
CVE-2023-30538
RESERVED
-CVE-2023-30537
- RESERVED
+CVE-2023-30537 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
CVE-2023-30536
RESERVED
CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports
core functi ...)
@@ -955,8 +958,8 @@ CVE-2023-30476
RESERVED
CVE-2023-30475
RESERVED
-CVE-2023-30474
- RESERVED
+CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian
Evang Ultima ...)
+ TODO: check
CVE-2023-30473
RESERVED
CVE-2023-30472
@@ -3105,8 +3108,8 @@ CVE-2023-29513
RESERVED
CVE-2023-29512
RESERVED
-CVE-2023-29511
- RESERVED
+CVE-2023-29511 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
CVE-2023-29510
RESERVED
CVE-2023-29509 (XWiki Commons are technical libraries common to several other
top leve ...)
@@ -9365,8 +9368,8 @@ CVE-2023-27612
RESERVED
CVE-2023-27611
RESERVED
-CVE-2023-27610
- RESERVED
+CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in
TransbankDevelope ...)
+ TODO: check
CVE-2023-27609
RESERVED
CVE-2023-27608
@@ -16114,10 +16117,10 @@ CVE-2023-25196 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: Apache Fineract
CVE-2023-25195 (Server-Side Request Forgery (SSRF) vulnerability in Apache
Software Fo ...)
NOT-FOR-US: Apache Fineract
-CVE-2022-48314
- RESERVED
-CVE-2022-48313
- RESERVED
+CVE-2022-48314 (The Bluetooth module has a vulnerability of bypassing the user
confirm ...)
+ TODO: check
+CVE-2022-48313 (The Bluetooth module has a vulnerability of bypassing the user
confirm ...)
+ TODO: check
CVE-2022-48312 (The HwPCAssistant module has the out-of-bounds read/write
vulnerabilit ...)
NOT-FOR-US: Huawei
CVE-2023-25194 (A possible security vulnerability has been identified in
Apache Kafka ...)
@@ -23806,8 +23809,8 @@ CVE-2023-22689
RESERVED
CVE-2023-22688
RESERVED
-CVE-2023-22687
- RESERVED
+CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in
Jose Mortel ...)
+ TODO: check
CVE-2023-22686
RESERVED
CVE-2023-22685
@@ -33582,8 +33585,8 @@ CVE-2022-45851
RESERVED
CVE-2022-45850
RESERVED
-CVE-2022-45849
- RESERVED
+CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS)
vulnerability ...)
+ TODO: check
CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Contest Gal ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45847
@@ -36852,8 +36855,8 @@ CVE-2022-44736 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-44735
RESERVED
-CVE-2022-44734
- RESERVED
+CVE-2022-44734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Best ...)
+ TODO: check
CVE-2022-44733 (Local privilege escalation due to insecure folder permissions.
The fol ...)
NOT-FOR-US: Acronis
CVE-2022-44732 (Local privilege escalation due to insecure folder permissions.
The fol ...)
@@ -42179,7 +42182,7 @@ CVE-2022-3695 (Hitachi Vantara Pentaho Business
Analytics Server prior to versio
NOT-FOR-US: Hitachi
CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the
administrator toke ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3693 (The File Management System developed by FileOrbis before
version 10.6. ...)
+CVE-2022-3693 (Path Traversal vulnerability in Deytek Informatics FileOrbis
File Mana ...)
NOT-FOR-US: FileOrbis
CVE-2022-3692
REJECTED
@@ -42923,8 +42926,8 @@ CVE-2022-43482 (Missing Authorization vulnerability in
Appointment Booking Calen
NOT-FOR-US: WordPress plugin
CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Coupons fo ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-43480
- RESERVED
+CVE-2022-43480 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Magn ...)
+ TODO: check
CVE-2022-43479 (Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0
allows a r ...)
NOT-FOR-US: SHIRASAGI
CVE-2022-43476
@@ -42943,8 +42946,8 @@ CVE-2022-43461 (Stored Cross-Site Scripting (XSS)
vulnerability in John West Sli
NOT-FOR-US: WordPress plugin
CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by
CaptainFor ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-43458
- RESERVED
+CVE-2022-43458 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Code ...)
+ TODO: check
CVE-2022-43453
RESERVED
CVE-2022-43450
@@ -57569,9 +57572,9 @@ CVE-2022-38177 (By spoofing the target resolver with
responses that have a malfo
NOTE: https://kb.isc.org/docs/cve-2022-38177
NOTE: Fixed by (while refactoring):
https://gitlab.isc.org/isc-projects/bind9/-/commit/d4eb6e0a57a7eeb42328ff66865fa66688603c17
(v9_17_20)
NOTE: Fixed by:
https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590
(v9_16_33)
-CVE-2022-2808 (Algan Yazılım Prens Student Information System
product has a ...)
+CVE-2022-2808 (Authorization Bypass Through User-Controlled Key vulnerability
in Alga ...)
NOT-FOR-US: Algan
-CVE-2022-2807 (Algan Yazılım Prens Student Information System
product has a ...)
+CVE-2022-2807 (SQL Injection vulnerability in Algan Software Prens Student
Informatio ...)
NOT-FOR-US: Algan
CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects
the RHV a ...)
NOT-FOR-US: ovirt-log-collector
@@ -98200,11 +98203,11 @@ CVE-2022-24040 (A vulnerability has been identified
in Desigo DXR2 (All versions
NOT-FOR-US: Siemens
CVE-2022-24039 (A vulnerability has been identified in Desigo PXC4 (All
versions < ...)
NOT-FOR-US: Siemens
-CVE-2022-24038 (Karmasis informatics solutions Infraskope Security Event
Manager produ ...)
+CVE-2022-24038 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated
access vu ...)
NOT-FOR-US: Karmasis informatics solutions
-CVE-2022-24037 (Karmasis informatics solutions Infraskope Security Event
Manager produ ...)
+CVE-2022-24037 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated
access vu ...)
NOT-FOR-US: Karmasis informatics solutions
-CVE-2022-24036 (Karmasis informatics solutions Infraskope Security Event
Manager produ ...)
+CVE-2022-24036 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated
access vu ...)
NOT-FOR-US: Karmasis
CVE-2022-23921 (Exploitation of this vulnerability may result in local
privilege escal ...)
NOT-FOR-US: GE
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cc6b5e738b032d215296bb6bb948f0439baac9b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1cc6b5e738b032d215296bb6bb948f0439baac9b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
