[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 20 Dec 2023 00:12:21 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cf9c9eac by security tracker role at 2023-12-20T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2023-6977 (This vulnerability enables malicious users to read sensitive 
files on  ...)
+       TODO: check
+CVE-2023-6976 (This vulnerability is capable of writing arbitrary files into 
arbitrar ...)
+       TODO: check
+CVE-2023-6975 (A malicious user could use this issue to get command execution 
on the  ...)
+       TODO: check
+CVE-2023-6974 (A malicious user could use this issue to access internal 
HTTP(s) serve ...)
+       TODO: check
+CVE-2023-6930 (EuroTel ETL3100 versions v01c01 and v01x37 suffer from an 
unauthentica ...)
+       TODO: check
+CVE-2023-6929 (EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to 
insecure  ...)
+       TODO: check
+CVE-2023-6928 (EuroTel ETL3100 versions v01c01 and v01x37 does not limit the 
number o ...)
+       TODO: check
+CVE-2023-6689 (A successful CSRF attack could force the user to perform state 
changin ...)
+       TODO: check
+CVE-2023-50835 (Cross-Site Request Forgery (CSRF) vulnerability in Praveen 
Goswami Adv ...)
+       TODO: check
+CVE-2023-50707 (Through the exploitation of active user sessions, an attacker 
could se ...)
+       TODO: check
+CVE-2023-50706 (A user without administrator permissions with access to the 
UC500 wind ...)
+       TODO: check
+CVE-2023-50705 (An attacker could create malicious requests to obtain 
sensitive inform ...)
+       TODO: check
+CVE-2023-50704 (An attacker could construct a URL within the application that 
causes a ...)
+       TODO: check
+CVE-2023-50703 (An attacker with network access could perform a 
man-in-the-middle (Mit ...)
+       TODO: check
+CVE-2023-50466 (An authenticated command injection vulnerability in Weintek 
cMT2078X e ...)
+       TODO: check
+CVE-2023-49812 (Authorization Bypass Through User-Controlled Key vulnerability 
in J.N. ...)
+       TODO: check
+CVE-2023-49764 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-49750 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-49164 (Cross-Site Request Forgery (CSRF) vulnerability in OceanWP 
Ocean Extra ...)
+       TODO: check
+CVE-2023-49147 (An issue was discovered in PDF24 Creator 11.14.0. The 
configuration of ...)
+       TODO: check
+CVE-2023-49004 (An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote 
attacker t ...)
+       TODO: check
+CVE-2023-48764 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-48741 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-48738 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-48327 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-47707 (IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable 
to cross ...)
+       TODO: check
+CVE-2023-47706 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an 
authent ...)
+       TODO: check
+CVE-2023-47705 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an 
authent ...)
+       TODO: check
+CVE-2023-47704 (IBM Security Guardium Key Lifecycle Manager 4.3 contains plain 
text ha ...)
+       TODO: check
+CVE-2023-47703 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a 
remote a ...)
+       TODO: check
+CVE-2023-47702 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a 
remote a ...)
+       TODO: check
+CVE-2023-47267 (An issue discovered in TheGreenBow Windows Enterprise 
Certified VPN Cl ...)
+       TODO: check
+CVE-2023-47161 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 
7.2.3.7,  ...)
+       TODO: check
+CVE-2023-47146 (IBM Qradar SIEM 7.5 could allow a privileged user to obtain 
sensitive  ...)
+       TODO: check
+CVE-2023-46624 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in P ...)
+       TODO: check
+CVE-2023-45887 (DS Wireless Communication (DWC) with DWC_VERSION_3 and 
DWC_VERSION_11  ...)
+       TODO: check
+CVE-2023-45172 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged 
local user ...)
+       TODO: check
+CVE-2023-42940 (A session rendering issue was addressed with improved session 
tracking ...)
+       TODO: check
+CVE-2023-42013 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 
7.2.3.7,  ...)
+       TODO: check
+CVE-2023-42012 (An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 
through 7.3 ...)
+       TODO: check
+CVE-2023-38126 (Softing edgeAggregator Restore Configuration Directory 
Traversal Remot ...)
+       TODO: check
+CVE-2023-37982 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in C ...)
+       TODO: check
+CVE-2023-35883 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in M ...)
+       TODO: check
 CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student 
Manage ...)
        NOT-FOR-US: SourceCodester Online Student Management System
 CVE-2023-6944
@@ -4993,7 +5079,7 @@ CVE-2023-48706 (Vim is a UNIX editor that, prior to 
version 9.0.2121, has a heap
        NOTE: https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf8 (v9.0.2121)
        NOTE: Crash in CLI tool, no security impact
-CVE-2023-6265 (Draytek Vigor2960 v1.5.1.4 and v1.5.1.5 are vulnerable to 
directory tr ...)
+CVE-2023-6265 (** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and 
v1.5.1. ...)
        NOT-FOR-US: Draytek Vigor2960
 CVE-2023-6264 (Information leak in Content-Security-Policy header in 
Devolutions Serv ...)
        NOT-FOR-US: Devolutions Server
@@ -46118,8 +46204,8 @@ CVE-2023-27174
        RESERVED
 CVE-2023-27173
        RESERVED
-CVE-2023-27172
-       RESERVED
+CVE-2023-27172 (Xpand IT Write-back Manager v2.3.1 uses weak secret keys to 
sign JWT t ...)
+       TODO: check
 CVE-2023-27171
        REJECTED
 CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform 
a direc ...)
@@ -65586,8 +65672,8 @@ CVE-2022-41834
        RESERVED
 CVE-2020-36611 (Incorrect Default Permissions vulnerability in Hitachi Tuning 
Manager  ...)
        NOT-FOR-US: Hitachi
-CVE-2023-0011
-       RESERVED
+CVE-2023-0011 (A flaw in the input validation in TOBY-L2 allows a user to 
execute arb ...)
+       TODO: check
 CVE-2022-47193
        RESERVED
 CVE-2022-47192 (Generex UPS CS141 below 2.06 version, could allow a remote 
attacker to ...)
@@ -79256,8 +79342,8 @@ CVE-2022-43458 (Auth. (contributor+) Cross-Site 
Scripting (XSS) vulnerability in
        NOT-FOR-US: WordPress plugin
 CVE-2022-43453
        RESERVED
-CVE-2022-43450
-       RESERVED
+CVE-2022-43450 (Authorization Bypass Through User-Controlled Key vulnerability 
in XWP  ...)
+       TODO: check
 CVE-2022-43445
        RESERVED
 CVE-2022-43441 (A code execution vulnerability exists in the Statement 
Bindings functi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf9c9eac862b9c1ea597ba6556f47f9cf556a575

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf9c9eac862b9c1ea597ba6556f47f9cf556a575
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to