[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 11 09:10:28 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2eff06c1 by security tracker role at 2023-04-11T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-30469
+ RESERVED
+CVE-2023-30468
+ RESERVED
+CVE-2023-1973
+ RESERVED
CVE-2023-30467
RESERVED
CVE-2023-30466
@@ -2027,8 +2033,8 @@ CVE-2012-10010 (A vulnerability was found in BestWebSoft Contact Form 3.21. It h
NOT-FOR-US: WordPress plugin
CVE-2023-29493
RESERVED
-CVE-2023-29492
- RESERVED
+CVE-2023-29492 (Novi Survey before 8.9.43676 allows remote attackers to execute arbitr ...)
+ TODO: check
CVE-2023-29491
RESERVED
CVE-2023-29490
@@ -2231,8 +2237,7 @@ CVE-2023-29423
RESERVED
CVE-2023-29422
RESERVED
-CVE-2023-1916 [out-of-bounds read in extractImageSection() in tools/tiffcrop.c]
- RESERVED
+CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtiff pac ...)
- tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/536
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/537
@@ -2333,8 +2338,8 @@ CVE-2023-29400
RESERVED
CVE-2023-1904
RESERVED
-CVE-2023-1903
- RESERVED
+CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...)
+ TODO: check
CVE-2023-1902
RESERVED
CVE-2023-1901
@@ -2422,7 +2427,8 @@ CVE-2023-1878 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
NOT-FOR-US: phpmyfaq
CVE-2023-1877 (Command Injection in GitHub repository microweber/microweber prior to ...)
NOT-FOR-US: microweber
-CVE-2023-1876 (Deserialization of Untrusted Data in GitHub repository microweber/micr ...)
+CVE-2023-1876
+ REJECTED
NOT-FOR-US: microweber
CVE-2023-1875
RESERVED
@@ -2985,22 +2991,22 @@ CVE-2023-29194
RESERVED
CVE-2023-29193
RESERVED
-CVE-2023-29192
- RESERVED
+CVE-2023-29192 (SilverwareGames.io versions before 1.2.19 allow users with access to t ...)
+ TODO: check
CVE-2023-29191
RESERVED
CVE-2023-29190
RESERVED
-CVE-2023-29189
- RESERVED
+CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, ...)
+ TODO: check
CVE-2023-29188
RESERVED
-CVE-2023-29187
- RESERVED
-CVE-2023-29186
- RESERVED
-CVE-2023-29185
- RESERVED
+CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL hijacki ...)
+ TODO: check
+CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an att ...)
+ TODO: check
+CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, ...)
+ TODO: check
CVE-2023-29184
RESERVED
CVE-2023-29183
@@ -3191,16 +3197,16 @@ CVE-2023-29114
RESERVED
CVE-2023-29113
RESERVED
-CVE-2023-29112
- RESERVED
-CVE-2023-29111
- RESERVED
-CVE-2023-29110
- RESERVED
-CVE-2023-29109
- RESERVED
-CVE-2023-29108
- RESERVED
+CVE-2023-29112 (The SAP Application Interface (Message Monitoring) - versions 600, 700 ...)
+ TODO: check
+CVE-2023-29111 (The SAP AIF (ODATA service) - versions 755, 756, discloses more detail ...)
+ TODO: check
+CVE-2023-29110 (The SAP Application Interface (Message Dashboard) - versions AIF 703, ...)
+ TODO: check
+CVE-2023-29109 (The SAP Application Interface Framework (Message Dashboard) - versions ...)
+ TODO: check
+CVE-2023-29108 (The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDI ...)
+ TODO: check
CVE-2023-29107
RESERVED
CVE-2023-29106
@@ -3556,8 +3562,8 @@ CVE-2023-29007
RESERVED
CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...)
NOT-FOR-US: GLPI plugin
-CVE-2023-29005
- RESERVED
+CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...)
+ TODO: check
CVE-2023-29004
RESERVED
CVE-2023-29003 (SvelteKit is a web development framework. The SvelteKit framework offe ...)
@@ -3840,8 +3846,7 @@ CVE-2023-28929
RESERVED
CVE-2023-28928
RESERVED
-CVE-2023-1668 [Remote traffic denial of service via crafted packets with IP proto 0]
- RESERVED
+CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP packet wi ...)
- openvswitch <unfixed> (bug #1034042)
NOTE: https://www.openwall.com/lists/oss-security/2023/04/06/1
NOTE: https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9 (v3.1.1)
@@ -4406,16 +4411,16 @@ CVE-2023-1589 (A vulnerability has been found in SourceCodester Online Tours &am
CVE-2023-XXXX [RUSTSEC-2022-0092]
- rust-rmp-serde 1.1.1-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0092.html
-CVE-2023-28765
- RESERVED
+CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects Business Inte ...)
+ TODO: check
CVE-2023-28764
RESERVED
-CVE-2023-28763
- RESERVED
+CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...)
+ TODO: check
CVE-2023-28762
RESERVED
-CVE-2023-28761
- RESERVED
+CVE-2023-28761 (In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated ...)
+ TODO: check
CVE-2023-28760
RESERVED
CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0. A vulnerabil ...)
@@ -5865,10 +5870,10 @@ CVE-2019-25116
RESERVED
CVE-2023-28342 (Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to cond ...)
NOT-FOR-US: Zoho
-CVE-2023-28341
- RESERVED
-CVE-2023-28340
- RESERVED
+CVE-2023-28341 (Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine A ...)
+ TODO: check
+CVE-2023-28340 (Zoho ManageEngine Applications Manager through 16320 allows the admin ...)
+ TODO: check
CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege es ...)
- doas <removed>
[bullseye] - doas <no-dsa> (Minor issue)
@@ -6723,8 +6728,8 @@ CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server implement
NOT-FOR-US: OpenSIPS
CVE-2023-28094
RESERVED
-CVE-2023-28093
- RESERVED
+CVE-2023-28093 (A user with a compromised configuration can start an unsigned binary a ...)
+ TODO: check
CVE-2023-28092
RESERVED
CVE-2023-28091
@@ -7325,8 +7330,8 @@ CVE-2023-27899 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a tem
- jenkins <removed>
CVE-2023-27898 (Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.37 ...)
- jenkins <removed>
-CVE-2023-27897
- RESERVED
+CVE-2023-27897 (In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is auth ...)
+ TODO: check
CVE-2023-27896 (In SAP BusinessObjects Business Intelligence Platform - version 420, 4 ...)
NOT-FOR-US: SAP
CVE-2023-27895 (SAP Authenticator for Android - version 1.3.0, allows the screen to be ...)
@@ -8540,12 +8545,12 @@ CVE-2023-27501 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701,
NOT-FOR-US: SAP
CVE-2023-27500 (An attacker with non-administrative authorizations can exploit a direc ...)
NOT-FOR-US: SAP
-CVE-2023-27499
- RESERVED
+CVE-2023-27499 (SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.547.77, 7.81, 7.85, 7 ...)
+ TODO: check
CVE-2023-27498 (SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated at ...)
NOT-FOR-US: SAP
-CVE-2023-27497
- RESERVED
+CVE-2023-27497 (Due to missing authentication and input sanitization of code the Event ...)
+ TODO: check
CVE-2023-27393
RESERVED
CVE-2023-27386
@@ -9210,8 +9215,8 @@ CVE-2023-27269 (SAP NetWeaver Application Server for ABAP and ABAP Platform - ve
NOT-FOR-US: SAP
CVE-2023-27268 (SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does ...)
NOT-FOR-US: SAP
-CVE-2023-27267
- RESERVED
+CVE-2023-27267 (Due to missing authentication and insufficient input validation, the O ...)
+ TODO: check
CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-27265 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...)
@@ -9448,8 +9453,8 @@ CVE-2023-27193
RESERVED
CVE-2023-27192
RESERVED
-CVE-2023-27191
- RESERVED
+CVE-2023-27191 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...)
+ TODO: check
CVE-2023-27190
RESERVED
CVE-2023-27189
@@ -9474,8 +9479,8 @@ CVE-2023-27180 (GDidees CMS v3.9.1 was discovered to contain a source code discl
NOT-FOR-US: GDidees CMS
CVE-2023-27179
RESERVED
-CVE-2023-27178
- RESERVED
+CVE-2023-27178 (An arbitrary file upload vulnerability in the upload function of GDide ...)
+ TODO: check
CVE-2023-27177
RESERVED
CVE-2023-27176
@@ -9699,8 +9704,8 @@ CVE-2023-27078 (A command injection issue was found in TP-Link MR3020 v.1_150921
NOT-FOR-US: TP-Link
CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote attacke ...)
NOT-FOR-US: 360 D901
-CVE-2023-27076
- RESERVED
+CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows a ...)
+ TODO: check
CVE-2023-27075
RESERVED
CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain a SQL i ...)
@@ -10307,7 +10312,7 @@ CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization
NOT-FOR-US: CleverStupidDog yf-exam
CVE-2023-26778
RESERVED
-CVE-2023-26777 (Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.1 ...)
+CVE-2023-26777 (Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1 ...)
NOT-FOR-US: Uptima Kuma
CVE-2023-26776 (Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a ...)
NOT-FOR-US: Monitorr
@@ -10315,8 +10320,8 @@ CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a rem
NOT-FOR-US: Monitorr
CVE-2023-26774 (An issue found in Sales Tracker Management System v.1.0 allows a remot ...)
TODO: check
-CVE-2023-26773
- RESERVED
+CVE-2023-26773 (Cross Site Scripting vulnerability found in Sales Tracker Management S ...)
+ TODO: check
CVE-2023-26772
RESERVED
CVE-2023-26771
@@ -11042,8 +11047,8 @@ CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for Ex
NOT-FOR-US: Samsung
CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...)
NOT-FOR-US: Samsung
-CVE-2023-26495
- RESERVED
+CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ TODO: check
CVE-2023-26494
RESERVED
CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real ...)
@@ -11111,10 +11116,10 @@ CVE-2023-26469
RESERVED
CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id during creat ...)
NOT-FOR-US: Cerebrate
-CVE-2023-26467
- RESERVED
-CVE-2023-26466
- RESERVED
+CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server in a co ...)
+ TODO: check
+CVE-2023-26466 (A user with non-Admin access can change a configuration file on the cl ...)
+ TODO: check
CVE-2023-26465
RESERVED
CVE-2023-25944
@@ -11203,8 +11208,8 @@ CVE-2023-26460 (Cache Management Service in SAP NetWeaver Application Server for
NOT-FOR-US: SAP
CVE-2023-26459 (Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP P ...)
NOT-FOR-US: SAP
-CVE-2023-26458
- RESERVED
+CVE-2023-26458 (An information disclosure vulnerability exists in SAP Landscape Manage ...)
+ TODO: check
CVE-2023-26457 (SAP Content Server - version 7.53, does not sufficiently encode user-c ...)
NOT-FOR-US: SAP
CVE-2023-26456
@@ -12061,10 +12066,10 @@ CVE-2023-26124
RESERVED
CVE-2023-26123
RESERVED
-CVE-2023-26122
- RESERVED
-CVE-2023-26121
- RESERVED
+CVE-2023-26122 (All versions of the package safe-eval are vulnerable to Sandbox Bypass ...)
+ TODO: check
+CVE-2023-26121 (All versions of the package safe-eval are vulnerable to Prototype Poll ...)
+ TODO: check
CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HTML upl ...)
NOT-FOR-US: com.xuxueli:xxl-job
CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...)
@@ -12189,22 +12194,22 @@ CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband M
NOT-FOR-US: Samsung
CVE-2023-26071 (An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An O ...)
NOT-FOR-US: MCUBO ICT
-CVE-2023-26070
- RESERVED
-CVE-2023-26069
- RESERVED
-CVE-2023-26068
- RESERVED
-CVE-2023-26067
- RESERVED
-CVE-2023-26066
- RESERVED
-CVE-2023-26065
- RESERVED
-CVE-2023-26064
- RESERVED
-CVE-2023-26063
- RESERVED
+CVE-2023-26070 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...)
+ TODO: check
+CVE-2023-26069 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...)
+ TODO: check
+CVE-2023-26068 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...)
+ TODO: check
+CVE-2023-26067 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...)
+ TODO: check
+CVE-2023-26066 (Certain Lexmark devices through 2023-02-19 have Improper Validation of ...)
+ TODO: check
+CVE-2023-26065 (Certain Lexmark devices through 2023-02-19 have an Integer Overflow. ...)
+ TODO: check
+CVE-2023-26064 (Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write ...)
+ TODO: check
+CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By Using ...)
+ TODO: check
CVE-2023-26062
RESERVED
CVE-2023-26061
@@ -16207,8 +16212,8 @@ CVE-2023-24723
RESERVED
CVE-2023-24722
RESERVED
-CVE-2023-24721
- RESERVED
+CVE-2023-24721 (A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1. ...)
+ TODO: check
CVE-2023-24720 (An arbitrary file upload vulnerability in readium-js v0.32.0 allows at ...)
NOT-FOR-US: readium-js
CVE-2023-24719
@@ -16887,8 +16892,8 @@ CVE-2023-24529 (Due to lack of proper input validation, BSP application (CRM_BSP
NOT-FOR-US: SAP
CVE-2023-24528 (SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - ...)
NOT-FOR-US: SAP
-CVE-2023-24527
- RESERVED
+CVE-2023-24527 (SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perfo ...)
+ TODO: check
CVE-2023-24526 (SAP NetWeaver Application Server Java for Classload Service - version ...)
NOT-FOR-US: SAP
CVE-2023-24525 (SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, ...)
@@ -17802,8 +17807,8 @@ CVE-2023-24184 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain
NOT-FOR-US: TOTOLINK
CVE-2023-24183
RESERVED
-CVE-2023-24182
- RESERVED
+CVE-2023-24182 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...)
+ TODO: check
CVE-2023-24181 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...)
TODO: check
CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...)
@@ -42392,8 +42397,8 @@ CVE-2022-43295 (XPDF v4.04 was discovered to contain a stack overflow via the fu
- xpdf <not-affected> (Debian uses poppler, which is not affected)
CVE-2022-43294 (Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was dis ...)
NOT-FOR-US: Tasmota
-CVE-2022-43293
- RESERVED
+CVE-2022-43293 (Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitra ...)
+ TODO: check
CVE-2022-43292 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
NOT-FOR-US: Canteen Management System
CVE-2022-43291 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...)
@@ -54981,8 +54986,8 @@ CVE-2022-38606 (Garage Management System v1.0 was discovered to contain a SQL in
NOT-FOR-US: Garage Management System
CVE-2022-38605 (Church Management System v1.0 was discovered to contain a SQL injectio ...)
NOT-FOR-US: Church Management System
-CVE-2022-38604
- RESERVED
+CVE-2022-38604 (Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain ...)
+ TODO: check
CVE-2022-38603
RESERVED
CVE-2022-38602
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eff06c108807407352adacad03ececa13f9fc28
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eff06c108807407352adacad03ececa13f9fc28
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230411/01d7658e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list