[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 26 Jun 2023 01:12:28 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
29cb2e3b by security tracker role at 2023-06-26T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x 
through 1. ...)
+       TODO: check
+CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. 
list-preamble.foil.php, page ...)
+       TODO: check
+CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission 
validation f ...)
+       TODO: check
+CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 
4.6.5 allows ...)
+       TODO: check
+CVE-2023-36662 (The TechTime User Management components for Atlassian products 
allow s ...)
+       TODO: check
+CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and 
Shibboleth ...)
+       TODO: check
+CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows 
memory  ...)
+       TODO: check
 CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online 
Store 1. ...)
        NOT-FOR-US: Campcodes Retro Cellphone Online Store
 CVE-2023-36632 (The legacy email.utils.parseaddr function in Python through 
3.11.4 all ...)
@@ -3592,7 +3606,7 @@ CVE-2023-2587 (Teltonika\u2019s Remote Management System 
versions prior to 4.10.
 CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is 
vulnerabl ...)
        NOT-FOR-US: Teltonika
 CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is 
vulnerable to de ...)
-       {DSA-5419-1}
+       {DSA-5419-1 DLA-3471-1}
        [experimental] - c-ares 1.19.1-1
        - c-ares 1.18.1-3
        NOTE: 
https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
@@ -5576,7 +5590,7 @@ CVE-2023-31132
 CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse 
based on Po ...)
        NOT-FOR-US: Greenplum Database
 CVE-2023-31130 (c-ares is an asynchronous resolver library. 
ares_inet_net_pton() is vu ...)
-       {DSA-5419-1}
+       {DSA-5419-1 DLA-3471-1}
        [experimental] - c-ares 1.19.1-1
        - c-ares 1.18.1-3
        NOTE: 
https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
@@ -10337,10 +10351,10 @@ CVE-2023-29426
        RESERVED
 CVE-2023-29425
        RESERVED
-CVE-2023-29424
-       RESERVED
-CVE-2023-29423
-       RESERVED
+CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Plai ...)
+       TODO: check
+CVE-2023-29423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in PI W ...)
+       TODO: check
 CVE-2023-29422
        RESERVED
 CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the 
libtiff pac ...)
@@ -11464,8 +11478,8 @@ CVE-2023-29095
        RESERVED
 CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability 
in PI W ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-29093
-       RESERVED
+CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
 CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to 
remotely obt ...)
        TODO: check
 CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 
allow  ...)
@@ -11846,16 +11860,16 @@ CVE-2023-28994
        RESERVED
 CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Ignazio  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-28992
-       RESERVED
-CVE-2023-28991
-       RESERVED
+CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Elliot S ...)
+       TODO: check
+CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in PI W ...)
+       TODO: check
 CVE-2023-28990
        RESERVED
 CVE-2023-28989
        RESERVED
-CVE-2023-28988
-       RESERVED
+CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in PI W ...)
+       TODO: check
 CVE-2023-28987
        RESERVED
 CVE-2023-28986
@@ -12518,10 +12532,10 @@ CVE-2023-1622
        REJECTED
 CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        TODO: check
-CVE-2023-1620
-       RESERVED
-CVE-2023-1619
-       RESERVED
+CVE-2023-1620 (Multiple WAGO devices in multiple versions may allow an 
authenticated  ...)
+       TODO: check
+CVE-2023-1619 (Multiple WAGO devices in multiple versions may allow an 
authenticated  ...)
+       TODO: check
 CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric 
Corporation MEL ...)
        NOT-FOR-US: Mitsubishi
 CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial 
Automation B&R ...)
@@ -17054,8 +17068,8 @@ CVE-2023-23572 (Cross-site scripting vulnerability in 
SEIKO EPSON printers/netwo
        NOT-FOR-US: Epson
 CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical 
Records ...)
        NOT-FOR-US: SourceCodester Electronic Medical Records System
-CVE-2023-1150
-       RESERVED
+CVE-2023-1150 (Uncontrolled resource consumption in Series WAGO 750-3x/-8x 
products m ...)
+       TODO: check
 CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in 
GitHub repos ...)
        NOT-FOR-US: btcpayserver
 CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository 
flatpressblog ...)
@@ -27618,8 +27632,8 @@ CVE-2023-23549
        RESERVED
 CVE-2023-23548
        RESERVED
-CVE-2023-22359
-       RESERVED
+CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated 
attacker ...)
+       TODO: check
 CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk 
versions < ...)
        - check-mk <removed>
 CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance 
before 1.6.5 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29cb2e3bb7566f7a4638b34ce3ba40e52c5dc8d1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29cb2e3bb7566f7a4638b34ce3ba40e52c5dc8d1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to