[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 29 Apr 2023 01:12:32 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
034b5e4b by security tracker role at 2023-04-29T08:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,42 @@
-CVE-2023-31486 [HTTP::Tiny insecure default TLS configuration]
+CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates 
when con ...)
+       TODO: check
+CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when 
downloading  ...)
+       TODO: check
+CVE-2023-31483 (tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 
has a di ...)
+       TODO: check
+CVE-2023-2425 (A vulnerability was found in SourceCodester Simple Student 
Information ...)
+       TODO: check
+CVE-2023-2424 (A vulnerability was found in DedeCMS 5.7.106 and classified as 
critica ...)
+       TODO: check
+CVE-2023-2421 (A vulnerability classified as problematic has been found in 
Control iD ...)
+       TODO: check
+CVE-2023-2420 (A vulnerability was found in MLECMS 3.0. It has been rated as 
critical ...)
+       TODO: check
+CVE-2023-2419 (A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has 
been decla ...)
+       TODO: check
+CVE-2023-2418 (A vulnerability was found in Konga 2.8.3 on Kong. It has been 
classifi ...)
+       TODO: check
+CVE-2023-2417 (A vulnerability was found in ks-soft Advanced Host Monitor up 
to 12.56 ...)
+       TODO: check
+CVE-2023-2413 (A vulnerability was found in SourceCodester AC Repair and 
Services Sys ...)
+       TODO: check
+CVE-2023-2412 (A vulnerability was found in SourceCodester AC Repair and 
Services Sys ...)
+       TODO: check
+CVE-2023-2411 (A vulnerability was found in SourceCodester AC Repair and 
Services Sys ...)
+       TODO: check
+CVE-2023-2410 (A vulnerability has been found in SourceCodester AC Repair and 
Service ...)
+       TODO: check
+CVE-2023-2409 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
+CVE-2023-2408 (A vulnerability, which was classified as critical, has been 
found in S ...)
+       TODO: check
+CVE-2023-2397 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2023-2396 (A vulnerability classified as problematic was found in Netgear 
SRX5308 ...)
+       TODO: check
+CVE-2023-2395 (A vulnerability classified as problematic has been found in 
Netgear SR ...)
+       TODO: check
+CVE-2023-31486 (HTTP::Tiny 0.082, a Perl core module since 5.13.9 and 
available standa ...)
        - libhttp-tiny-perl <unfixed> (bug #962407; unimportant)
        NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14
        NOTE: https://github.com/chansen/p5-http-tiny/issues/134
@@ -1576,8 +1614,8 @@ CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 
3.36 are vulnerable to
        NOT-FOR-US: INEA ME RTU firmware
 CVE-2023-2130 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
        NOT-FOR-US: SourceCodester Purchase Order Management System
-CVE-2023-30792
-       RESERVED
+CVE-2023-30792 (Anchor tag hrefs in Lexical prior to v0.10.0 would render 
javascript:  ...)
+       TODO: check
 CVE-2023-30791
        RESERVED
 CVE-2023-30790
@@ -2505,6 +2543,7 @@ CVE-2023-2000
        RESERVED
 CVE-2023-1999
        RESERVED
+       {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
        - firefox 112.0-1
        - firefox-esr 102.10.0esr-1
        - thunderbird 1:102.10.0-1
@@ -7352,7 +7391,7 @@ CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - 
version 7.50,an unauthentica
        NOT-FOR-US: SAP
 CVE-2023-28760
        RESERVED
-CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0. A 
vulnerabil ...)
+CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0 on 
Windows. A ...)
        NOT-FOR-US: Veritas
 CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. 
BPCD allo ...)
        NOT-FOR-US: Veritas
@@ -17281,10 +17320,10 @@ CVE-2023-25498
        RESERVED
 CVE-2023-25497
        RESERVED
-CVE-2023-25496
-       RESERVED
-CVE-2023-25495
-       RESERVED
+CVE-2023-25496 (A privilege escalation vulnerability was reported in Lenovo 
Drivers Ma ...)
+       TODO: check
+CVE-2023-25495 (A valid, authenticated administrative user can query a web 
interface A ...)
+       TODO: check
 CVE-2023-25494
        RESERVED
 CVE-2023-25493
@@ -36366,7 +36405,7 @@ CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in 
GitHub repository librenms
        NOT-FOR-US: LibreNMS
 CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been 
rated as p ...)
        - libonion <itp> (bug #744119)
-CVE-2022-4065 (A vulnerability was found in cbeust testng. It has been 
declared as cr ...)
+CVE-2022-4065 (A vulnerability was found in cbeust testng 
7.5.0/7.6.0/7.6.1/7.7.0. It ...)
        - testng <not-affected> (Vulnerable code introduced later)
        NOTE: https://github.com/cbeust/testng/pull/2806
        NOTE: 
https://github.com/cbeust/testng/commit/47afa2c8a29e2cf925238af1ad7c76fba282793f
@@ -43778,8 +43817,8 @@ CVE-2022-43873 (An authenticated user can exploit a 
vulnerability in the IBM Spe
        NOT-FOR-US: IBM
 CVE-2022-43872 (IBM Financial Transaction Manager 3.2.4 authorization checks 
are done  ...)
        NOT-FOR-US: IBM
-CVE-2022-43871
-       RESERVED
+CVE-2022-43871 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is 
vulnerab ...)
+       TODO: check
 CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose 
SNMPv3 server ...)
        NOT-FOR-US: IBM
 CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 
through 5.1.5. ...)
@@ -49868,8 +49907,8 @@ CVE-2022-41738
        RESERVED
 CVE-2022-41737
        RESERVED
-CVE-2022-41736
-       RESERVED
+CVE-2022-41736 (IBM Spectrum Scale Container Native Storage Access   5.1.2.1 
through 5 ...)
+       TODO: check
 CVE-2022-41735 (IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 
through ...)
        NOT-FOR-US: IBM
 CVE-2022-41734 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a 
remote a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/034b5e4bc3a7868ebd1c6f96ce533cc8c7f06c72

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/034b5e4bc3a7868ebd1c6f96ce533cc8c7f06c72
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to