automatic update

author: security tracker role <sectracker@soriano.debian.org> 2023-03-27 08:10:15 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2023-03-27 08:10:15 +0000
commit: eb20bb951812091e37f395be3a4a3e9f95a27e03 (patch)
tree: 006062028ef01db611b8e5c1482d2381fa20aeb3 /data
parent: 90a6b2ec34d9364f235c5981c8731094eaf173ec (diff)
1 files changed, 132 insertions, 39 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 2f5a928794..2c78693e77 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,8 +1,97 @@
+CVE-2023-28892
+	RESERVED
+CVE-2023-28891
+	RESERVED
+CVE-2023-28890
+	RESERVED
+CVE-2023-28889
+	RESERVED
+CVE-2023-28888
+	RESERVED
+CVE-2023-28887
+	RESERVED
+CVE-2023-28886
+	RESERVED
+CVE-2023-28885 (The MyLink infotainment system (build 2021.3.26) in General Motors Che ...)
+	TODO: check
+CVE-2023-28884 (In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in  ...)
+	TODO: check
+CVE-2023-28883 (In Cerebrate 1.13, a blind SQL injection exists in the searchAll API e ...)
+	TODO: check
+CVE-2023-28882
+	RESERVED
+CVE-2023-28881
+	RESERVED
+CVE-2023-28880
+	RESERVED
+CVE-2023-28879
+	RESERVED
+CVE-2023-28878
+	RESERVED
+CVE-2023-28877
+	RESERVED
+CVE-2023-28876
+	RESERVED
+CVE-2023-28875
+	RESERVED
+CVE-2023-28874
+	RESERVED
+CVE-2023-28873
+	RESERVED
+CVE-2023-28872
+	RESERVED
+CVE-2023-28871
+	RESERVED
+CVE-2023-28870
+	RESERVED
+CVE-2023-28869
+	RESERVED
+CVE-2023-28868
+	RESERVED
+CVE-2023-28867 (In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a ...)
+	TODO: check
+CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out ...)
+	TODO: check
+CVE-2023-28865
+	RESERVED
+CVE-2023-28864
+	RESERVED
+CVE-2023-28863
+	RESERVED
+CVE-2023-28862
+	RESERVED
+CVE-2023-28861
+	RESERVED
+CVE-2023-28860
+	RESERVED
+CVE-2023-1647 (Improper Access Control in GitHub repository calcom/cal.com prior to 2 ...)
+	TODO: check
+CVE-2023-1646 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...)
+	TODO: check
+CVE-2023-1645 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...)
+	TODO: check
+CVE-2023-1644 (A vulnerability was found in IObit Malware Fighter 9.4.0.776 and class ...)
+	TODO: check
+CVE-2023-1643 (A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and  ...)
+	TODO: check
+CVE-2023-1642 (A vulnerability, which was classified as problematic, was found in IOb ...)
+	TODO: check
+CVE-2023-1641 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-1640 (A vulnerability classified as problematic was found in IObit Malware F ...)
+	TODO: check
+CVE-2023-1639 (A vulnerability classified as problematic has been found in IObit Malw ...)
+	TODO: check
+CVE-2023-1638 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...)
+	TODO: check
+CVE-2018-25083 (The pullit package before 1.4.0 for Node.js allows OS Command Injectio ...)
+	TODO: check
 CVE-2023-28859 (redis-py through 4.5.3 leaves a connection open after canceling an asy ...)
 	TODO: check
 CVE-2023-28858 (redis-py before 4.5.3, as used in ChatGPT and other products, leaves a ...)
 	TODO: check
 CVE-2023-1637 [x86/speculation: Restore speculation related MSRs during S3 resume]
+	RESERVED
 	- linux 5.17.3-1
 	[bullseye] - linux 5.10.113-1
 	[buster] - linux 4.19.249-1
@@ -3588,8 +3677,8 @@ CVE-2023-27798
 	RESERVED
 CVE-2023-27797
 	RESERVED
-CVE-2023-27796
-	RESERVED
+CVE-2023-27796 (RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wire ...)
+	TODO: check
 CVE-2023-27795
 	RESERVED
 CVE-2023-27794
@@ -6081,12 +6170,12 @@ CVE-2023-26804
 	RESERVED
 CVE-2023-26803
 	RESERVED
-CVE-2023-26802
-	RESERVED
-CVE-2023-26801
-	RESERVED
-CVE-2023-26800
-	RESERVED
+CVE-2023-26802 (An issue in the component /network_config/nsg_masq.cgi of DCN (Digital ...)
+	TODO: check
+CVE-2023-26801 (LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 ...)
+	TODO: check
+CVE-2023-26800 (Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discov ...)
+	TODO: check
 CVE-2023-26799
 	RESERVED
 CVE-2023-26798
@@ -8537,8 +8626,8 @@ CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.3
 	NOT-FOR-US: Mapos
 CVE-2021-46874
 	RESERVED
-CVE-2023-25909
-	RESERVED
+CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload of fil ...)
+	TODO: check
 CVE-2023-25908
 	RESERVED
 CVE-2023-25907
@@ -11190,10 +11279,10 @@ CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability
 	NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3522
 	NOTE: Introduced by: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
 	NOTE: https://www.openwall.com/lists/oss-security/2023/02/13/1
-CVE-2023-25018
-	RESERVED
-CVE-2023-25017
-	RESERVED
+CVE-2023-25018 (RIFARTEK IOT Wall transportation function has insufficient filtering f ...)
+	TODO: check
+CVE-2023-25017 (RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An a ...)
+	TODO: check
 CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...)
 	NOT-FOR-US: Couchbase Server
 CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...)
@@ -11641,24 +11730,24 @@ CVE-2023-24844
 	RESERVED
 CVE-2023-24843
 	RESERVED
-CVE-2023-24842
-	RESERVED
-CVE-2023-24841
-	RESERVED
-CVE-2023-24840
-	RESERVED
-CVE-2023-24839
-	RESERVED
-CVE-2023-24838
-	RESERVED
-CVE-2023-24837
-	RESERVED
+CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...)
+	TODO: check
+CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...)
+	TODO: check
+CVE-2023-24840 (HGiga MailSherlock mail query function has vulnerability of insufficie ...)
+	TODO: check
+CVE-2023-24839 (HGiga MailSherlock&#8217;s specific function has insufficient filterin ...)
+	TODO: check
+CVE-2023-24838 (HGiga PowerStation has a vulnerability of Information Leakage. An unau ...)
+	TODO: check
+CVE-2023-24837 (HGiga PowerStation remote management function has insufficient filteri ...)
+	TODO: check
 CVE-2023-24836
 	RESERVED
-CVE-2023-24835
-	RESERVED
-CVE-2023-24834
-	RESERVED
+CVE-2023-24835 (Softnext Technologies Corp.&#8217;s SPAM SQR has a vulnerability of Co ...)
+	TODO: check
+CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...)
+	TODO: check
 CVE-2023-0600
 	RESERVED
 CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...)
@@ -17261,8 +17350,8 @@ CVE-2023-22904
 	RESERVED
 CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect access c ...)
 	NOT-FOR-US: LibrePhotos
-CVE-2023-22902
-	RESERVED
+CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient filtering f ...)
+	TODO: check
 CVE-2023-22901
 	RESERVED
 CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...)
@@ -27932,8 +28021,8 @@ CVE-2022-4128 (A NULL pointer dereference issue was discovered in the Linux kern
 CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux kernel in ...)
 	- linux <not-affected> (Vulnerable code only in 5.19-rcX versions)
 	NOTE: https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6)
-CVE-2022-4126
-	RESERVED
+CVE-2022-4126 (Use of Default Password vulnerability in ABB RCCMD on Windows, Linux,  ...)
+	TODO: check
 CVE-2022-4125 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4124 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...)
@@ -46282,7 +46371,7 @@ CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly san
 CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser integration  ...)
-	{DSA-5252-1}
+	{DSA-5252-1 DLA-3368-1}
 	- libreoffice 1:7.4.1~rc2-3
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140
 CVE-2022-3139 (The We&#8217;re Open! WordPress plugin before 1.42 does not sanitise a ...)
@@ -48962,8 +49051,8 @@ CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program
 	{DSA-5257-1 DLA-3173-1}
 	- linux 5.18.2-1
 	NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
-CVE-2022-39043
-	RESERVED
+CVE-2022-39043 (Juiker app stores debug logs which contains sensitive information to m ...)
+	TODO: check
 CVE-2022-39042 (aEnrich a+HRD has improper validation for login function. An unauthent ...)
 	NOT-FOR-US: aEnrich a+HRD
 CVE-2022-39041 (aEnrich a+HRD has insufficient user input validation for specific API  ...)
@@ -67877,8 +67966,8 @@ CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check
 	NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069
 	NOTE: https://github.com/davea42/libdwarf-code/issues/116
 	NOTE: https://www.prevanders.net/dwarfbug.html#DW202205-001
-CVE-2022-32199
-	RESERVED
+CVE-2022-32199 (db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrar ...)
+	TODO: check
 CVE-2022-32198
 	RESERVED
 CVE-2022-32197
@@ -85383,14 +85472,17 @@ CVE-2022-26309 (Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk
 CVE-2022-26308 (Pandora FMS v7.0NG.760 and below allows an improper access control in  ...)
 	NOT-FOR-US: Pandora FMS
 CVE-2022-26307 (LibreOffice supports the storage of passwords for web connections in t ...)
+	{DLA-3368-1}
 	- libreoffice 1:7.3.3~rc1-2
 	[bullseye] - libreoffice 1:7.0.4-4+deb11u2
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
 CVE-2022-26306 (LibreOffice supports the storage of passwords for web connections in t ...)
+	{DLA-3368-1}
 	- libreoffice 1:7.3.3~rc1-2
 	[bullseye] - libreoffice 1:7.0.4-4+deb11u2
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306
 CVE-2022-26305 (An Improper Certificate Validation vulnerability in LibreOffice existe ...)
+	{DLA-3368-1}
 	- libreoffice 1:7.3.2~rc2-1
 	[bullseye] - libreoffice 1:7.0.4-4+deb11u2
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305
@@ -157240,6 +157332,7 @@ CVE-2021-25638
 CVE-2021-25637
 	RESERVED
 CVE-2021-25636 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
+	{DLA-3368-1}
 	- libreoffice 1:7.3.0-1
 	[bullseye] - libreoffice 1:7.0.4-4+deb11u2
 	[stretch] - libreoffice <postponed> (Minor issue)
author	security tracker role <sectracker@soriano.debian.org>	2023-03-27 08:10:15 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2023-03-27 08:10:15 +0000
commit	eb20bb951812091e37f395be3a4a3e9f95a27e03 (patch)
tree	006062028ef01db611b8e5c1482d2381fa20aeb3 /data
parent	90a6b2ec34d9364f235c5981c8731094eaf173ec (diff)