[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 15 Jun 2023 01:12:32 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6acdb4c5 by security tracker role at 2023-06-15T08:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2023-3193 (Cross-site scripting (XSS) vulnerability in the Layout module's 
SEO co ...)
+       TODO: check
+CVE-2023-35030 (Cross-site request forgery (CSRF) vulnerability in the Layout 
module's ...)
+       TODO: check
+CVE-2023-35029 (Open redirect vulnerability in the Layout module's SEO 
configuration i ...)
+       TODO: check
+CVE-2023-34565 (Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in 
the "Creat ...)
+       TODO: check
+CVE-2023-34452 (Grav is a flat-file content management system. In versions 
1.7.42 and  ...)
+       TODO: check
+CVE-2023-34449 (ink! is an embedded domain specific language to write smart 
contracts  ...)
+       TODO: check
+CVE-2023-34448 (Grav is a flat-file content management system. Prior to 
version 1.7.42 ...)
+       TODO: check
+CVE-2023-34253 (Grav is a flat-file content management system. Prior to 
version 1.7.42 ...)
+       TODO: check
+CVE-2023-34252 (Grav is a flat-file content management system. Prior to 
version 1.7.42 ...)
+       TODO: check
+CVE-2023-34251 (Grav is a flat-file content management system. Versions prior 
to 1.7.4 ...)
+       TODO: check
+CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site 
Scriptin ...)
+       TODO: check
+CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 
router  ...)
+       TODO: check
+CVE-2023-2847 (During internal security analysis, a local privilege escalation 
vulner ...)
+       TODO: check
+CVE-2023-2820 (An information disclosure vulnerability in thefaye endpoint in 
Proofpo ...)
+       TODO: check
+CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI 
in Proof ...)
+       TODO: check
 CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as 
proble ...)
        NOT-FOR-US: OTCMS
 CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and 
classified as p ...)
@@ -4554,8 +4584,8 @@ CVE-2023-27881 (A user could use the \u201cUpload 
Resource\u201d functionality t
        NOT-FOR-US: Vuforia
 CVE-2023-24476 (An attacker with local access to the machine could record the 
traffic, ...)
        NOT-FOR-US: Vuforia
-CVE-2023-2270
-       RESERVED
+CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges 
accepts  ...)
+       TODO: check
 CVE-2023-2269 (A denial of service problem was found, due to a possible 
recursive loc ...)
        - linux 6.3.7-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
@@ -7491,8 +7521,8 @@ CVE-2023-30152
        RESERVED
 CVE-2023-30151
        RESERVED
-CVE-2023-30150
-       RESERVED
+CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL 
Injection ...)
+       TODO: check
 CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete 
(cityautocomplete ...)
        NOT-FOR-US: PrestaShop module
 CVE-2023-30148
@@ -10653,7 +10683,7 @@ CVE-2023-29022 (A cross site scripting vulnerability 
was discovered in Rockwell
        NOT-FOR-US: Rockwell Automation
 CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab 
affecting a ...)
        - gitlab 15.10.8+ds1-2
-CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while 
parsing ...)
+CVE-2023-1709 (Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a 
stack- ...)
        NOT-FOR-US: Siemens
 CVE-2023-29021
        RESERVED
@@ -14216,8 +14246,8 @@ CVE-2023-1331 (The Redirection WordPress plugin before 
1.1.5 does not have CSRF
        NOT-FOR-US: WordPress plugin
 CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add 
nonce verif ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-1329
-       RESERVED
+CVE-2023-1329 (A potential security vulnerability has been identified for 
certain HP  ...)
+       TODO: check
 CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been 
classifie ...)
        NOT-FOR-US: Guizhou 115cms
 CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected 
by an  ...)
@@ -21020,8 +21050,8 @@ CVE-2023-25685
        RESERVED
 CVE-2023-25684 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 
4.1, and  ...)
        NOT-FOR-US: IBM
-CVE-2023-25683
-       RESERVED
+CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 
through FW ...)
+       TODO: check
 CVE-2023-25682
        RESERVED
 CVE-2023-25681
@@ -39359,8 +39389,8 @@ CVE-2022-4151 (The Contest Gallery WordPress plugin 
before 19.1.5.1, Contest Gal
        NOT-FOR-US: WordPress plugin
 CVE-2022-4150 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest 
Gallery  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-4149
-       RESERVED
+CVE-2022-4149 (The Netskope client service (prior to R96) on Windows runs as 
NT AUTHO ...)
+       TODO: check
 CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin 
before 4.3 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with 
invalid O ...)
@@ -64312,7 +64342,7 @@ CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 
the private SSH key could
        NOT-FOR-US: JetBrains TeamCity
 CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while 
Registr ...)
        NOT-FOR-US: Linksys
-CVE-2022-38131 (RStudio Connect is affected by an Open Redirect issue. The 
vulnerabili ...)
+CVE-2022-38131 (RStudio Connect prior to 2023.01.0 is affected by an Open 
Redirect iss ...)
        NOT-FOR-US: RStudio Connect
 CVE-2022-38130 (The 
com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...)
        NOT-FOR-US: Keysight Sensor Management Server
@@ -77668,26 +77698,26 @@ CVE-2022-33170
        RESERVED
 CVE-2022-33169 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is 
vulnerabl ...)
        NOT-FOR-US: IBM
-CVE-2022-33168
-       RESERVED
+CVE-2022-33168 (IBM Security Directory Suite VA 8.0.1 could allow an attacker 
to cause ...)
+       TODO: check
 CVE-2022-33167
        RESERVED
-CVE-2022-33166
-       RESERVED
+CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could 
allow a p ...)
+       TODO: check
 CVE-2022-33165
        RESERVED
 CVE-2022-33164
        RESERVED
-CVE-2022-33163
-       RESERVED
+CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions 
for a secu ...)
+       TODO: check
 CVE-2022-33162
        RESERVED
 CVE-2022-33161
        RESERVED
 CVE-2022-33160
        RESERVED
-CVE-2022-33159
-       RESERVED
+CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores 
user cre ...)
+       TODO: check
 CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains 
a vulner ...)
        NOT-FOR-US: Trend Micro
 CVE-2022-33157 (The libconnect extension before 7.0.8 and 8.x before 8.1.0 for 
TYPO3 a ...)
@@ -78684,8 +78714,8 @@ CVE-2022-32759
        RESERVED
 CVE-2022-32758
        RESERVED
-CVE-2022-32757
-       RESERVED
+CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an 
inadequ ...)
+       TODO: check
 CVE-2022-32756
        RESERVED
 CVE-2022-32755
@@ -78694,8 +78724,8 @@ CVE-2022-32754
        RESERVED
 CVE-2022-32753
        RESERVED
-CVE-2022-32752
-       RESERVED
+CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could 
allow a r ...)
+       TODO: check
 CVE-2022-32751
        RESERVED
 CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 
through 10.0 ...)
@@ -111325,8 +111355,8 @@ CVE-2022-22309 (The POWER systems FSP is vulnerable 
to unauthenticated logins th
        NOT-FOR-US: IBM
 CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File 
Include (RFI ...)
        NOT-FOR-US: IBM
-CVE-2022-22307
-       RESERVED
+CVE-2022-22307 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local 
user to ...)
+       TODO: check
 CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input 
During Web  ...)
        NOT-FOR-US: KeystoneJS
 CVE-2021-46130



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acdb4c51a9459dcb5e6989c9c3c87aa7262664c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6acdb4c51a9459dcb5e6989c9c3c87aa7262664c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to