From eb20bb951812091e37f395be3a4a3e9f95a27e03 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 27 Mar 2023 08:10:15 +0000 Subject: automatic update --- data/CVE/list | 171 ++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 132 insertions(+), 39 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 2f5a928794..2c78693e77 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,8 +1,97 @@ +CVE-2023-28892 + RESERVED +CVE-2023-28891 + RESERVED +CVE-2023-28890 + RESERVED +CVE-2023-28889 + RESERVED +CVE-2023-28888 + RESERVED +CVE-2023-28887 + RESERVED +CVE-2023-28886 + RESERVED +CVE-2023-28885 (The MyLink infotainment system (build 2021.3.26) in General Motors Che ...) + TODO: check +CVE-2023-28884 (In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in ...) + TODO: check +CVE-2023-28883 (In Cerebrate 1.13, a blind SQL injection exists in the searchAll API e ...) + TODO: check +CVE-2023-28882 + RESERVED +CVE-2023-28881 + RESERVED +CVE-2023-28880 + RESERVED +CVE-2023-28879 + RESERVED +CVE-2023-28878 + RESERVED +CVE-2023-28877 + RESERVED +CVE-2023-28876 + RESERVED +CVE-2023-28875 + RESERVED +CVE-2023-28874 + RESERVED +CVE-2023-28873 + RESERVED +CVE-2023-28872 + RESERVED +CVE-2023-28871 + RESERVED +CVE-2023-28870 + RESERVED +CVE-2023-28869 + RESERVED +CVE-2023-28868 + RESERVED +CVE-2023-28867 (In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a ...) + TODO: check +CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out ...) + TODO: check +CVE-2023-28865 + RESERVED +CVE-2023-28864 + RESERVED +CVE-2023-28863 + RESERVED +CVE-2023-28862 + RESERVED +CVE-2023-28861 + RESERVED +CVE-2023-28860 + RESERVED +CVE-2023-1647 (Improper Access Control in GitHub repository calcom/cal.com prior to 2 ...) + TODO: check +CVE-2023-1646 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) + TODO: check +CVE-2023-1645 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) + TODO: check +CVE-2023-1644 (A vulnerability was found in IObit Malware Fighter 9.4.0.776 and class ...) + TODO: check +CVE-2023-1643 (A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and ...) + TODO: check +CVE-2023-1642 (A vulnerability, which was classified as problematic, was found in IOb ...) + TODO: check +CVE-2023-1641 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-1640 (A vulnerability classified as problematic was found in IObit Malware F ...) + TODO: check +CVE-2023-1639 (A vulnerability classified as problematic has been found in IObit Malw ...) + TODO: check +CVE-2023-1638 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) + TODO: check +CVE-2018-25083 (The pullit package before 1.4.0 for Node.js allows OS Command Injectio ...) + TODO: check CVE-2023-28859 (redis-py through 4.5.3 leaves a connection open after canceling an asy ...) TODO: check CVE-2023-28858 (redis-py before 4.5.3, as used in ChatGPT and other products, leaves a ...) TODO: check CVE-2023-1637 [x86/speculation: Restore speculation related MSRs during S3 resume] + RESERVED - linux 5.17.3-1 [bullseye] - linux 5.10.113-1 [buster] - linux 4.19.249-1 @@ -3588,8 +3677,8 @@ CVE-2023-27798 RESERVED CVE-2023-27797 RESERVED -CVE-2023-27796 - RESERVED +CVE-2023-27796 (RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wire ...) + TODO: check CVE-2023-27795 RESERVED CVE-2023-27794 @@ -6081,12 +6170,12 @@ CVE-2023-26804 RESERVED CVE-2023-26803 RESERVED -CVE-2023-26802 - RESERVED -CVE-2023-26801 - RESERVED -CVE-2023-26800 - RESERVED +CVE-2023-26802 (An issue in the component /network_config/nsg_masq.cgi of DCN (Digital ...) + TODO: check +CVE-2023-26801 (LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 ...) + TODO: check +CVE-2023-26800 (Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discov ...) + TODO: check CVE-2023-26799 RESERVED CVE-2023-26798 @@ -8537,8 +8626,8 @@ CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.3 NOT-FOR-US: Mapos CVE-2021-46874 RESERVED -CVE-2023-25909 - RESERVED +CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload of fil ...) + TODO: check CVE-2023-25908 RESERVED CVE-2023-25907 @@ -11190,10 +11279,10 @@ CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3522 NOTE: Introduced by: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 NOTE: https://www.openwall.com/lists/oss-security/2023/02/13/1 -CVE-2023-25018 - RESERVED -CVE-2023-25017 - RESERVED +CVE-2023-25018 (RIFARTEK IOT Wall transportation function has insufficient filtering f ...) + TODO: check +CVE-2023-25017 (RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An a ...) + TODO: check CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...) NOT-FOR-US: Couchbase Server CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...) @@ -11641,24 +11730,24 @@ CVE-2023-24844 RESERVED CVE-2023-24843 RESERVED -CVE-2023-24842 - RESERVED -CVE-2023-24841 - RESERVED -CVE-2023-24840 - RESERVED -CVE-2023-24839 - RESERVED -CVE-2023-24838 - RESERVED -CVE-2023-24837 - RESERVED +CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...) + TODO: check +CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...) + TODO: check +CVE-2023-24840 (HGiga MailSherlock mail query function has vulnerability of insufficie ...) + TODO: check +CVE-2023-24839 (HGiga MailSherlock’s specific function has insufficient filterin ...) + TODO: check +CVE-2023-24838 (HGiga PowerStation has a vulnerability of Information Leakage. An unau ...) + TODO: check +CVE-2023-24837 (HGiga PowerStation remote management function has insufficient filteri ...) + TODO: check CVE-2023-24836 RESERVED -CVE-2023-24835 - RESERVED -CVE-2023-24834 - RESERVED +CVE-2023-24835 (Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Co ...) + TODO: check +CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...) + TODO: check CVE-2023-0600 RESERVED CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...) @@ -17261,8 +17350,8 @@ CVE-2023-22904 RESERVED CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect access c ...) NOT-FOR-US: LibrePhotos -CVE-2023-22902 - RESERVED +CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient filtering f ...) + TODO: check CVE-2023-22901 RESERVED CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...) @@ -27932,8 +28021,8 @@ CVE-2022-4128 (A NULL pointer dereference issue was discovered in the Linux kern CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux kernel in ...) - linux (Vulnerable code only in 5.19-rcX versions) NOTE: https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6) -CVE-2022-4126 - RESERVED +CVE-2022-4126 (Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, ...) + TODO: check CVE-2022-4125 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...) NOT-FOR-US: WordPress plugin CVE-2022-4124 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...) @@ -46282,7 +46371,7 @@ CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly san CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...) NOT-FOR-US: WordPress plugin CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser integration ...) - {DSA-5252-1} + {DSA-5252-1 DLA-3368-1} - libreoffice 1:7.4.1~rc2-3 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140 CVE-2022-3139 (The We’re Open! WordPress plugin before 1.42 does not sanitise a ...) @@ -48962,8 +49051,8 @@ CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program {DSA-5257-1 DLA-3173-1} - linux 5.18.2-1 NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5) -CVE-2022-39043 - RESERVED +CVE-2022-39043 (Juiker app stores debug logs which contains sensitive information to m ...) + TODO: check CVE-2022-39042 (aEnrich a+HRD has improper validation for login function. An unauthent ...) NOT-FOR-US: aEnrich a+HRD CVE-2022-39041 (aEnrich a+HRD has insufficient user input validation for specific API ...) @@ -67877,8 +67966,8 @@ CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069 NOTE: https://github.com/davea42/libdwarf-code/issues/116 NOTE: https://www.prevanders.net/dwarfbug.html#DW202205-001 -CVE-2022-32199 - RESERVED +CVE-2022-32199 (db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrar ...) + TODO: check CVE-2022-32198 RESERVED CVE-2022-32197 @@ -85383,14 +85472,17 @@ CVE-2022-26309 (Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk CVE-2022-26308 (Pandora FMS v7.0NG.760 and below allows an improper access control in ...) NOT-FOR-US: Pandora FMS CVE-2022-26307 (LibreOffice supports the storage of passwords for web connections in t ...) + {DLA-3368-1} - libreoffice 1:7.3.3~rc1-2 [bullseye] - libreoffice 1:7.0.4-4+deb11u2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307 CVE-2022-26306 (LibreOffice supports the storage of passwords for web connections in t ...) + {DLA-3368-1} - libreoffice 1:7.3.3~rc1-2 [bullseye] - libreoffice 1:7.0.4-4+deb11u2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306 CVE-2022-26305 (An Improper Certificate Validation vulnerability in LibreOffice existe ...) + {DLA-3368-1} - libreoffice 1:7.3.2~rc2-1 [bullseye] - libreoffice 1:7.0.4-4+deb11u2 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305 @@ -157240,6 +157332,7 @@ CVE-2021-25638 CVE-2021-25637 RESERVED CVE-2021-25636 (LibreOffice supports digital signatures of ODF documents and macros wi ...) + {DLA-3368-1} - libreoffice 1:7.3.0-1 [bullseye] - libreoffice 1:7.0.4-4+deb11u2 [stretch] - libreoffice (Minor issue) -- cgit v1.2.3