[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 7 09:10:38 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e8d5dfc by security tracker role at 2023-04-07T08:10:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2023-29493
+	RESERVED
+CVE-2023-29492
+	RESERVED
+CVE-2023-29491
+	RESERVED
+CVE-2023-29490
+	RESERVED
+CVE-2023-29489
+	RESERVED
+CVE-2023-29488
+	RESERVED
+CVE-2023-29487
+	RESERVED
+CVE-2023-29486
+	RESERVED
+CVE-2023-29485
+	RESERVED
+CVE-2023-29484
+	RESERVED
+CVE-2023-29483
+	RESERVED
+CVE-2023-29482
+	RESERVED
+CVE-2023-29481
+	RESERVED
+CVE-2023-29480
+	RESERVED
+CVE-2023-29479
+	RESERVED
+CVE-2023-29478 (BiblioCraft before 2.4.6 does not sanitize path-traversal characters i ...)
+	TODO: check
+CVE-2023-29477
+	RESERVED
+CVE-2023-29476
+	RESERVED
+CVE-2023-29475 (inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Man ...)
+	TODO: check
+CVE-2023-29474 (inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Man ...)
+	TODO: check
+CVE-2023-29473 (webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Ma ...)
+	TODO: check
+CVE-2023-29472
+	RESERVED
+CVE-2023-29471
+	RESERVED
+CVE-2023-29470
+	RESERVED
+CVE-2023-29469
+	RESERVED
+CVE-2023-29468
+	RESERVED
+CVE-2023-29467
+	RESERVED
+CVE-2023-29466
+	RESERVED
+CVE-2023-29465 (SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world ...)
+	TODO: check
+CVE-2023-29244
+	RESERVED
+CVE-2023-29165
+	RESERVED
+CVE-2023-28823
+	RESERVED
+CVE-2023-28741
+	RESERVED
+CVE-2023-28715
+	RESERVED
+CVE-2023-28397
+	RESERVED
+CVE-2023-28396
+	RESERVED
+CVE-2023-27391
+	RESERVED
+CVE-2023-22313
+	RESERVED
+CVE-2023-22310
+	RESERVED
+CVE-2023-1936
+	RESERVED
+CVE-2023-1935
+	RESERVED
+CVE-2023-1934
+	RESERVED
+CVE-2023-1933
+	RESERVED
+CVE-2023-1932
+	RESERVED
+CVE-2023-1931 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1930 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1929 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1928 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1927 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1926 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1925 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1924 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1923 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1922 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1921 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1920 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1919 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1918 ([PUSHED PREMATURELY] Information temporarily redacted until it should  ...)
+	TODO: check
+CVE-2023-1917
+	RESERVED
+CVE-2022-48436
+	RESERVED
 CVE-2023-29464
 	RESERVED
 CVE-2023-29463
@@ -85,6 +205,7 @@ CVE-2023-29423
 CVE-2023-29422
 	RESERVED
 CVE-2023-1916 [out-of-bounds read in extractImageSection() in tools/tiffcrop.c]
+	RESERVED
 	- tiff <unfixed>
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/536
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/537
@@ -322,8 +443,8 @@ CVE-2021-4335
 	RESERVED
 CVE-2021-4334
 	RESERVED
-CVE-2014-125094
-	RESERVED
+CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniAdmin up ...)
+	TODO: check
 CVE-2023-29383
 	RESERVED
 CVE-2023-29382
@@ -1376,8 +1497,8 @@ CVE-2023-29019
 	RESERVED
 CVE-2023-29018
 	RESERVED
-CVE-2023-29017
-	RESERVED
+CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
+	TODO: check
 CVE-2023-29016 (The Goobi viewer is a web application that allows digitised material t ...)
 	NOT-FOR-US: Goobi viewer
 CVE-2023-29015 (The Goobi viewer is a web application that allows digitised material t ...)
@@ -3078,8 +3199,8 @@ CVE-2023-28502 (Rocket Software UniData versions prior to 8.2.4 build 3003 and U
 	NOT-FOR-US: Rocket Software UniData
 CVE-2023-28501 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
 	NOT-FOR-US: Rocket Software UniData
-CVE-2023-28500
-	RESERVED
+CVE-2023-28500 (** UNSUPPORTED WHEN ASSIGNED ** A Java insecure deserialization vulner ...)
+	TODO: check
 CVE-2023-28499
 	RESERVED
 CVE-2023-28498
@@ -7643,26 +7764,26 @@ CVE-2023-27023
 	RESERVED
 CVE-2023-27022
 	RESERVED
-CVE-2023-27021
-	RESERVED
-CVE-2023-27020
-	RESERVED
-CVE-2023-27019
-	RESERVED
-CVE-2023-27018
-	RESERVED
-CVE-2023-27017
-	RESERVED
-CVE-2023-27016
-	RESERVED
-CVE-2023-27015
-	RESERVED
-CVE-2023-27014
-	RESERVED
-CVE-2023-27013
-	RESERVED
-CVE-2023-27012
-	RESERVED
+CVE-2023-27021 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27020 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27019 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27018 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27017 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27016 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27015 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27014 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27013 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
+CVE-2023-27012 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
+	TODO: check
 CVE-2023-27011
 	RESERVED
 CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions ...)
@@ -7731,8 +7852,8 @@ CVE-2023-26980
 	RESERVED
 CVE-2023-26979
 	RESERVED
-CVE-2023-26978
-	RESERVED
+CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+	TODO: check
 CVE-2023-26977
 	RESERVED
 CVE-2023-26976 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...)
@@ -7997,8 +8118,8 @@ CVE-2023-26850
 	RESERVED
 CVE-2023-26849
 	RESERVED
-CVE-2023-26848
-	RESERVED
+CVE-2023-26848 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...)
+	TODO: check
 CVE-2023-26847
 	RESERVED
 CVE-2023-26846
@@ -8053,14 +8174,14 @@ CVE-2023-26822 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a comm
 	NOT-FOR-US: D-Link
 CVE-2023-26821
 	RESERVED
-CVE-2023-26820
-	RESERVED
+CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal vulnerabilit ...)
+	TODO: check
 CVE-2023-26819
 	RESERVED
 CVE-2023-26818
 	RESERVED
-CVE-2023-26817
-	RESERVED
+CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a r ...)
+	TODO: check
 CVE-2023-26816
 	RESERVED
 CVE-2023-26815
@@ -12626,28 +12747,28 @@ CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflo
 	- libde265 1.0.11-1
 	NOTE: https://github.com/strukturag/libde265/issues/388
 	NOTE: https://github.com/strukturag/libde265/commit/857290982330e82d9e25d9d39527c6737021aa7d (v1.0.11)
-CVE-2023-25220
-	RESERVED
-CVE-2023-25219
-	RESERVED
-CVE-2023-25218
-	RESERVED
-CVE-2023-25217
-	RESERVED
-CVE-2023-25216
-	RESERVED
-CVE-2023-25215
-	RESERVED
-CVE-2023-25214
-	RESERVED
-CVE-2023-25213
-	RESERVED
-CVE-2023-25212
-	RESERVED
-CVE-2023-25211
-	RESERVED
-CVE-2023-25210
-	RESERVED
+CVE-2023-25220 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25219 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25218 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25217 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25216 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25215 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25214 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25213 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25212 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25211 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
+CVE-2023-25210 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
+	TODO: check
 CVE-2023-25209
 	RESERVED
 CVE-2023-25208
@@ -13824,14 +13945,14 @@ CVE-2023-24802
 	RESERVED
 CVE-2023-24801
 	RESERVED
-CVE-2023-24800
-	RESERVED
-CVE-2023-24799
-	RESERVED
-CVE-2023-24798
-	RESERVED
-CVE-2023-24797
-	RESERVED
+CVE-2023-24800 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...)
+	TODO: check
+CVE-2023-24799 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...)
+	TODO: check
+CVE-2023-24798 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...)
+	TODO: check
+CVE-2023-24797 (D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack over ...)
+	TODO: check
 CVE-2023-24796
 	RESERVED
 CVE-2023-24795 (Command execution vulnerability was discovered in JHR-N916R router fir ...)
@@ -223550,8 +223671,7 @@ CVE-2020-11937 (In whoopsie, parse_report() from whoopsie.c allows a local attac
 	NOT-FOR-US: Whoopsie
 CVE-2020-11936
 	RESERVED
-CVE-2020-11935
-	RESERVED
+CVE-2020-11935 (It was discovered that aufs improperly managed inode reference counts  ...)
 	- aufs <unfixed> (bug #964748)
 	[buster] - aufs <no-dsa> (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release)
 	[stretch] - aufs <ignored> (Minor issue; too many other aufs issues open)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e8d5dfcce632bed53440e713f7c8985e426cad3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e8d5dfcce632bed53440e713f7c8985e426cad3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230407/64778505/attachment.htm>


More information about the debian-security-tracker-commits mailing list