Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4b6e219 by security tracker role at 2023-05-18T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Matt ...)
+ TODO: check
+CVE-2023-32322 (Ombi is an open source application which allows users to
request speci ...)
+ TODO: check
+CVE-2023-32100 (Compiler removal of buffer clearing in
sli_se_driver_mac_compute in ...)
+ TODO: check
+CVE-2023-32099 (Compiler removal of buffer clearing in
sli_se_sign_hashin Sili ...)
+ TODO: check
+CVE-2023-32098 (Compiler removal of buffer clearing in
sli_se_sign_message ...)
+ TODO: check
+CVE-2023-32097 (Compiler removal of buffer clearing in
sli_crypto_transparent_ae ...)
+ TODO: check
+CVE-2023-32096 (Compiler removal of buffer clearing in
sli_crypto_transparent_ae ...)
+ TODO: check
+CVE-2023-31871 (OpenText Documentum Content Server before 23.2 has a flaw that
allows ...)
+ TODO: check
+CVE-2023-31655 (redis-7.0.10 was discovered to contain a segmentation
violation.)
+ TODO: check
+CVE-2023-31597 (An issue in Zammad v5.4.0 allows attackers to bypass e-mail
verificati ...)
+ TODO: check
+CVE-2023-2800 (Insecure Temporary File in GitHub repository
huggingface/transformers ...)
+ TODO: check
+CVE-2023-2799 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-2790 (A vulnerability classified as problematic has been found in
TOTOLINK N ...)
+ TODO: check
+CVE-2023-2789 (A vulnerability was found in GNU cflow 1.7. It has been rated
as probl ...)
+ TODO: check
+CVE-2023-2782 (Sensitive information disclosure due to improper authorization.
The fo ...)
+ TODO: check
+CVE-2023-2481 (Compiler removal of buffer clearing in
sli_se_opaque_import_key ...)
+ TODO: check
CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer
overflow in che ...)
- sysstat <unfixed> (bug #1036294)
[bullseye] - sysstat <not-affected> (Incomplete fix for CVE-2022-39377
not applied)
@@ -1391,8 +1423,8 @@ CVE-2023-31235
RESERVED
CVE-2023-31234
RESERVED
-CVE-2023-31233
- RESERVED
+CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Haoq ...)
+ TODO: check
CVE-2023-31232
RESERVED
CVE-2023-31231
@@ -2453,8 +2485,8 @@ CVE-2023-30870
RESERVED
CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital
Downloads plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30868
- RESERVED
+CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Jon Chri ...)
+ TODO: check
CVE-2023-30867
RESERVED
CVE-2023-30866
@@ -2803,8 +2835,8 @@ CVE-2023-30782
RESERVED
CVE-2023-30781
RESERVED
-CVE-2023-30780
- RESERVED
+CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-30779
RESERVED
CVE-2023-30778
@@ -3868,8 +3900,8 @@ CVE-2023-30489
RESERVED
CVE-2023-30488
RESERVED
-CVE-2023-30487
- RESERVED
+CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ThimPres ...)
+ TODO: check
CVE-2023-30486
RESERVED
CVE-2023-30485
@@ -4278,8 +4310,8 @@ CVE-2023-30335
RESERVED
CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site
scripting ( ...)
NOT-FOR-US: AsmBB
-CVE-2023-30333
- RESERVED
+CVE-2023-30333 (An arbitrary file upload vulnerability in the component
/admin/ThemeCo ...)
+ TODO: check
CVE-2023-30332
RESERVED
CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows
attackers to e ...)
@@ -5555,8 +5587,8 @@ CVE-2023-29722
RESERVED
CVE-2023-29721
RESERVED
-CVE-2023-29720
- RESERVED
+CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS)
via index ...)
+ TODO: check
CVE-2023-29719
RESERVED
CVE-2023-29718
@@ -9145,7 +9177,7 @@ CVE-2023-28627 (pymedusa is an automatic video library
manager for TV Shows. In
CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and
renderer w ...)
NOT-FOR-US: comrak
CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module
for the ...)
- {DLA-3409-1}
+ {DSA-5405-1 DLA-3409-1}
- libapache2-mod-auth-openidc 2.4.12.3-2 (bug #1033916)
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/commit/4389182239c0f60cfa4873f9980c826a70047cc4
(v2.4.13.2)
NOTE:
https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr
@@ -9918,8 +9950,8 @@ CVE-2023-28387
RESERVED
CVE-2023-28382
RESERVED
-CVE-2023-28369
- RESERVED
+CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper
access co ...)
+ TODO: check
CVE-2023-28367
RESERVED
CVE-2023-27926
@@ -12969,8 +13001,8 @@ CVE-2023-1134 (Delta Electronics InfraSuite Device
Master versions prior to 1.0.
NOT-FOR-US: Delta Electronics
CVE-2023-1133 (Delta Electronics InfraSuite Device Master versions prior to
1.0.5 con ...)
NOT-FOR-US: Delta Electronics
-CVE-2023-1132
- RESERVED
+CVE-2023-1132 (Compiler removal of buffer clearing in
sli_se_driver_key_agreement ...)
+ TODO: check
CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts
Sales ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2023-1130 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -13116,8 +13148,8 @@ CVE-2023-27432
RESERVED
CVE-2023-27431
RESERVED
-CVE-2023-27430
- RESERVED
+CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon
Fincken Mass ...)
+ TODO: check
CVE-2023-27429
RESERVED
CVE-2023-27428
@@ -13130,8 +13162,8 @@ CVE-2023-27425 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-27424
RESERVED
-CVE-2023-27423
- RESERVED
+CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon
Fincken Auto ...)
+ TODO: check
CVE-2023-27422
RESERVED
CVE-2023-27421
@@ -15948,8 +15980,8 @@ CVE-2023-0967 (Bhima version 1.27.0 allows an attacker
authenticated with normal
NOT-FOR-US: Bhima
CVE-2023-0966 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: SourceCodester Online Eyewear Shop
-CVE-2023-0965
- RESERVED
+CVE-2023-0965 (Compiler removal of buffer clearing in
sli_cryptoacc_transparent_key_a ...)
+ TODO: check
CVE-2023-0964 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-0963 (A vulnerability was found in SourceCodester Music Gallery Site
1.0. It ...)
@@ -17851,8 +17883,8 @@ CVE-2023-25700
RESERVED
CVE-2023-25699
RESERVED
-CVE-2023-25698
- RESERVED
+CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio
Wombat Shopp ...)
+ TODO: check
CVE-2023-25697
RESERVED
CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow
Hive Pro ...)
@@ -22778,8 +22810,8 @@ CVE-2023-24001 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24000
RESERVED
-CVE-2023-23999
- RESERVED
+CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in E4J ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23997
@@ -23810,8 +23842,8 @@ CVE-2023-23669
RESERVED
CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23667
- RESERVED
+CVE-2023-23667 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23666
RESERVED
CVE-2023-23665
@@ -33011,8 +33043,8 @@ CVE-2022-47159
RESERVED
CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pakp ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47157
- RESERVED
+CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Don ...)
+ TODO: check
CVE-2022-47156
RESERVED
CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic
Slider by ...)
@@ -33583,8 +33615,8 @@ CVE-2022-4420
RESERVED
CVE-2022-4419
RESERVED
-CVE-2022-4418
- RESERVED
+CVE-2022-4418 (Local privilege escalation due to unrestricted loading of
unsigned lib ...)
+ TODO: check
CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress
plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4244 (A vulnerability classified as problematic has been found in
yikes-inc- ...)
@@ -37201,7 +37233,7 @@ CVE-2022-45772
RESERVED
CVE-2022-45771 (An issue in the /api/audits component of Pwndoc v0.5.3 allows
attacker ...)
NOT-FOR-US: Pwndoc
-CVE-2022-45770 (Improper input validation in driver adgnetworkwfpdrv.sys in
Adguard Fo ...)
+CVE-2022-45770 (Improper input validation in adgnetworkwfpdrv.sys in Adguard
For Windo ...)
NOT-FOR-US: Adguard
CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3
v3.402 a ...)
NOT-FOR-US: ClicShopping_V3
@@ -37996,26 +38028,26 @@ CVE-2022-4038
RESERVED
CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
- gitlab <unfixed>
-CVE-2022-45459
- RESERVED
-CVE-2022-45458
- RESERVED
-CVE-2022-45457
- RESERVED
+CVE-2022-45459 (Sensitive information disclosure due to insecure registry
permissions. ...)
+ TODO: check
+CVE-2022-45458 (Sensitive information disclosure and manipulation due to
improper cert ...)
+ TODO: check
+CVE-2022-45457 (Sensitive information disclosure and manipulation due to
improper cert ...)
+ TODO: check
CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The
following p ...)
NOT-FOR-US: Acronis
CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation
cleanup. T ...)
NOT-FOR-US: Acronis
CVE-2022-45454 (Sensitive information disclosure due to insecure folder
permissions. T ...)
NOT-FOR-US: Acronis
-CVE-2022-45453
- RESERVED
-CVE-2022-45452
- RESERVED
+CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are
affecte ...)
+ TODO: check
+CVE-2022-45452 (Local privilege escalation due to insecure folder permissions.
The fol ...)
+ TODO: check
CVE-2022-45451
RESERVED
-CVE-2022-45450
- RESERVED
+CVE-2022-45450 (Sensitive information disclosure and manipulation due to
improper auth ...)
+ TODO: check
CVE-2022-45449
RESERVED
CVE-2022-45448
@@ -65866,12 +65898,12 @@ CVE-2022-36330 (A buffer overflow vulnerability was
discovered on firmware versi
NOT-FOR-US: Western Digital
CVE-2022-36329 (An improper privilege management issue that could allow an
attacker to ...)
NOT-FOR-US: Western Digital
-CVE-2022-36328
- RESERVED
-CVE-2022-36327
- RESERVED
-CVE-2022-36326
- RESERVED
+CVE-2022-36328 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2022-36327 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2022-36326 (An uncontrolled resource consumption vulnerability issue that
could ar ...)
+ TODO: check
CVE-2022-36325 (Affected devices do not properly sanitize data introduced by
an user w ...)
NOT-FOR-US: Siemens
CVE-2022-36324 (Affected devices do not properly handle the renegotiation of
SSL/TLS p ...)
@@ -107047,7 +107079,7 @@ CVE-2022-22713 (Windows Hyper-V Denial of Service
Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability.)
NOT-FOR-US: Microsoft
-CVE-2022-22711 (Windows BitLocker Information Disclosure Vulnerability.)
+CVE-2022-22711 (Windows BitLocker Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-22710 (Windows Common Log File System Driver Denial of Service
Vulnerability.)
NOT-FOR-US: Microsoft
@@ -112414,7 +112446,7 @@ CVE-2022-21847 (Windows Hyper-V Denial of Service
Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability.
This CV ...)
NOT-FOR-US: Microsoft
-CVE-2022-21845 (Windows Kernel Information Disclosure Vulnerability.)
+CVE-2022-21845 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability.
This CVE ID ...)
NOT-FOR-US: Microsoft
@@ -168897,7 +168929,7 @@ CVE-2021-24707 (The Learning Courses WordPress plugin
before 5.0 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-24706 (The Qwizcards \u2013 online quizzes and flashcards WordPress
plugin be ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24705 (The NEX-Forms WordPress plugin before 8.3.3 does not have CSRF
checks ...)
+CVE-2021-24705 (The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF
checks ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24704 (In the Orange Form WordPress plugin through 1.0, the
process_bulk_acti ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4b6e219da906dcd331abdfece21304914614a8e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4b6e219da906dcd331abdfece21304914614a8e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
