[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 17 Oct 2023 01:12:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0e765e42 by security tracker role at 2023-10-17T08:11:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2023-4399 (Grafana is an open-source platform for monitoring and 
observability.   ...)
+       TODO: check
+CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of 
sensitive in ...)
+       TODO: check
+CVE-2023-4089 (On affected Wago products an remote attacker with 
administrative privi ...)
+       TODO: check
+CVE-2023-45807 (OpenSearch is a community-driven, open source fork of 
Elasticsearch an ...)
+       TODO: check
+CVE-2023-45659 (Engelsystem is a shift planning system for chaos events.  If a 
users'  ...)
+       TODO: check
+CVE-2023-45542 (Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a 
remote  ...)
+       TODO: check
+CVE-2023-45540 (An issue in Jorani Leave Management System 1.0.3 allows a 
remote attac ...)
+       TODO: check
+CVE-2023-45386 (In the module extratabspro before version 2.2.8 from 
MyPresta.eu for P ...)
+       TODO: check
+CVE-2023-45375 (In the module "PireosPay" (pireospay) before version 1.7.10 
from 01gen ...)
+       TODO: check
+CVE-2023-45358 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a 
stored  ...)
+       TODO: check
+CVE-2023-45357 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a 
sensiti ...)
+       TODO: check
+CVE-2023-45152 (Engelsystem is a shift planning system for chaos events. A 
Blind SSRF  ...)
+       TODO: check
+CVE-2023-45147 (Discourse is an open source community platform. In affected 
versions a ...)
+       TODO: check
+CVE-2023-45144 (com.xwiki.identity-oauth:identity-oauth-ui is a package to aid 
in buil ...)
+       TODO: check
+CVE-2023-45141 (Fiber is an express inspired web framework written in Go. A 
Cross-Site ...)
+       TODO: check
+CVE-2023-45131 (Discourse is an open source platform for community discussion. 
New cha ...)
+       TODO: check
+CVE-2023-45128 (Fiber is an express inspired web framework written in Go. A 
Cross-Site ...)
+       TODO: check
+CVE-2023-44694 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is 
vulnerab ...)
+       TODO: check
+CVE-2023-44693 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is 
vulnerab ...)
+       TODO: check
+CVE-2023-44394 (MantisBT is an open source bug tracker. Due to insufficient 
access-lev ...)
+       TODO: check
+CVE-2023-44391 (Discourse is an open source platform for community discussion. 
User su ...)
+       TODO: check
+CVE-2023-44388 (Discourse is an open source platform for community discussion. 
A malic ...)
+       TODO: check
+CVE-2023-43814 (Discourse is an open source platform for community discussion. 
Attacke ...)
+       TODO: check
+CVE-2023-43659 (Discourse is an open source platform for community discussion. 
Imprope ...)
+       TODO: check
+CVE-2023-43658 (dicourse-calendar is a plugin for the Discourse messaging 
platform whi ...)
+       TODO: check
+CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the 
Export for T ...)
+       TODO: check
+CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution 
Service ...)
+       TODO: check
+CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+       TODO: check
+CVE-2023-40852 (SQL Injection vulnerability in Phpgurukul User Registration & 
Login an ...)
+       TODO: check
+CVE-2023-40851 (Cross Site Scripting (XSS) vulnerability in Phpgurukul User 
Registrati ...)
+       TODO: check
+CVE-2023-40374 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 11.5 ...)
+       TODO: check
+CVE-2023-40373 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) is v ...)
+       TODO: check
+CVE-2023-40372 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 11.5 ...)
+       TODO: check
+CVE-2023-39456 (Improper Input Validation vulnerability in Apache Traffic 
Server with  ...)
+       TODO: check
+CVE-2023-38740 (IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect 
Server) 11. ...)
+       TODO: check
+CVE-2023-38728 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
+       TODO: check
+CVE-2023-38720 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 11.5 ...)
+       TODO: check
+CVE-2023-38719 (IBM Db2 11.5 could allow a local user with special privileges 
to cause ...)
+       TODO: check
+CVE-2023-34210 (SQL Injection in create customer group function in EasyUse 
MailHunter  ...)
+       TODO: check
+CVE-2023-34209 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
+       TODO: check
+CVE-2023-34208 (Path Traversal in create template function in EasyUse 
MailHunter Ultim ...)
+       TODO: check
+CVE-2023-34207 (Unrestricted upload of file with dangerous type vulnerability 
in creat ...)
+       TODO: check
+CVE-2012-10016 (A vulnerability classified as problematic has been found in 
Halulu sim ...)
+       TODO: check
+CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on 
WordPress.  ...)
+       TODO: check
 CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 
2.3.0-DEV.)
        TODO: check
 CVE-2023-5575 (Improper access control in the permission inheritance in 
Devolutions S ...)
@@ -3892,7 +3980,7 @@ CVE-2023-41867 (Unauth. Reflected Cross-Site Scripting 
(XSS) vulnerability in Ac
        NOT-FOR-US: WordPress plugin
 CVE-2023-41863 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 
Pepro Dev.  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-41419 (An issue in Gevent Gevent before version 23.9.1 allows a 
remote attack ...)
+CVE-2023-41419 (An issue in Gevent before version 23.9.0 allows a remote 
attacker to e ...)
        NOT-FOR-US: Gevent Gevent
 CVE-2023-41303 (Command injection vulnerability in the distributed file system 
module. ...)
        NOT-FOR-US: Huawei
@@ -22111,16 +22199,16 @@ CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 
1.9.0.0 through 1.9.2.0 could
        NOT-FOR-US: IBM
 CVE-2023-30992
        RESERVED
-CVE-2023-30991
-       RESERVED
+CVE-2023-30991 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 11.1 ...)
+       TODO: check
 CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to 
execute  ...)
        NOT-FOR-US: IBM
 CVE-2023-30989 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a 
local pr ...)
        NOT-FOR-US: IBM
 CVE-2023-30988 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for 
i conta ...)
        NOT-FOR-US: IBM
-CVE-2023-30987
-       RESERVED
+CVE-2023-30987 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 10.5 ...)
+       TODO: check
 CVE-2023-30986 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
        NOT-FOR-US: Siemens
 CVE-2023-30985 (A vulnerability has been identified in Solid Edge SE2023 (All 
versions ...)
@@ -66347,16 +66435,16 @@ CVE-2022-43895
        RESERVED
 CVE-2022-43894
        RESERVED
-CVE-2022-43893
-       RESERVED
-CVE-2022-43892
-       RESERVED
-CVE-2022-43891
-       RESERVED
+CVE-2022-43893 (IBM Security Verify Privilege On-Premises 11.5 could allow a 
privilege ...)
+       TODO: check
+CVE-2022-43892 (IBM Security Verify Privilege On-Premises 11.5 does not 
validate, or i ...)
+       TODO: check
+CVE-2022-43891 (IBM Security Verify Privilege On-Premises 11.5 could allow a 
remote at ...)
+       TODO: check
 CVE-2022-43890
        RESERVED
-CVE-2022-43889
-       RESERVED
+CVE-2022-43889 (IBM Security Verify Privilege On-Premises 11.5 could disclose 
sensitiv ...)
+       TODO: check
 CVE-2022-43888
        RESERVED
 CVE-2022-43887 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be 
vulnerable to ...)
@@ -129437,30 +129525,30 @@ CVE-2022-22388
        RESERVED
 CVE-2022-22387 (IBM Application Gateway is vulnerable to cross-site scripting. 
This vu ...)
        NOT-FOR-US: IBM
-CVE-2022-22386
-       RESERVED
-CVE-2022-22385
-       RESERVED
-CVE-2022-22384
-       RESERVED
+CVE-2022-22386 (IBM Security Verify Privilege On-Premises 11.5 could allow a 
remote at ...)
+       TODO: check
+CVE-2022-22385 (IBM Security Verify Privilege On-Premises 11.5 could disclose 
sensitiv ...)
+       TODO: check
+CVE-2022-22384 (IBM Security Verify Privilege On-Premises 11.5 could allow an 
attacker ...)
+       TODO: check
 CVE-2022-22383
        RESERVED
 CVE-2022-22382
        RESERVED
 CVE-2022-22381
        RESERVED
-CVE-2022-22380
-       RESERVED
+CVE-2022-22380 (IBM Security Verify Privilege On-Premises 11.5 could allow an 
attacker ...)
+       TODO: check
 CVE-2022-22379
        RESERVED
 CVE-2022-22378
        RESERVED
-CVE-2022-22377
-       RESERVED
+CVE-2022-22377 (IBM Security Verify Privilege On-Premises 11.5 could allow a 
remote at ...)
+       TODO: check
 CVE-2022-22376
        RESERVED
-CVE-2022-22375
-       RESERVED
+CVE-2022-22375 (IBM Security Verify Privilege On-Premises 11.5 could allow a 
remote au ...)
+       TODO: check
 CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may 
be subj ...)
        NOT-FOR-US: IBM
 CVE-2022-22373 (An improper validation vulnerability in IBM InfoSphere 
Information Ser ...)
@@ -154193,8 +154281,8 @@ CVE-2021-38861
        RESERVED
 CVE-2021-38860
        RESERVED
-CVE-2021-38859
-       RESERVED
+CVE-2021-38859 (IBM Security Verify Privilege On-Premises 11.5 could allow a 
user to o ...)
+       TODO: check
 CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an 
ASN1_STR ...)
        {DSA-4963-1 DLA-2774-1 DLA-2766-1}
        - openssl 1.1.1l-1
@@ -177514,8 +177602,8 @@ CVE-2021-29915
        RESERVED
 CVE-2021-29914
        RESERVED
-CVE-2021-29913
-       RESERVED
+CVE-2021-29913 (IBM Security Verify Privilege On-Premise 11.5 could allow an 
authentic ...)
+       TODO: check
 CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to 
cross-site  ...)
        NOT-FOR-US: IBM
 CVE-2021-29911
@@ -201922,8 +202010,8 @@ CVE-2021-20583 (IBM Security Verify (IBM Security 
Verify Privilege Vault 10.9.66
        NOT-FOR-US: IBM
 CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive 
information in  ...)
        NOT-FOR-US: IBM
-CVE-2021-20581
-       RESERVED
+CVE-2021-20581 (IBM Security Verify Privilege On-Premises 11.5 could allow a 
user to o ...)
+       TODO: check
 CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site 
request f ...)
        NOT-FOR-US: IBM
 CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) 9.7, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e765e427f818c75a86b7603a6004ea4baf6137a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e765e427f818c75a86b7603a6004ea4baf6137a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to