[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 14 21:10:46 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
59994f03 by security tracker role at 2023-04-14T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,597 @@
+CVE-2023-30770
+ RESERVED
+CVE-2023-30769
+ RESERVED
+CVE-2023-30757
+ RESERVED
+CVE-2023-30756
+ RESERVED
+CVE-2023-30755
+ RESERVED
+CVE-2023-30754
+ RESERVED
+CVE-2023-30753
+ RESERVED
+CVE-2023-30752
+ RESERVED
+CVE-2023-30751
+ RESERVED
+CVE-2023-30750
+ RESERVED
+CVE-2023-30749
+ RESERVED
+CVE-2023-30748
+ RESERVED
+CVE-2023-30747
+ RESERVED
+CVE-2023-30746
+ RESERVED
+CVE-2023-30745
+ RESERVED
+CVE-2023-30744
+ RESERVED
+CVE-2023-30743
+ RESERVED
+CVE-2023-30742
+ RESERVED
+CVE-2023-30741
+ RESERVED
+CVE-2023-30740
+ RESERVED
+CVE-2023-30739
+ RESERVED
+CVE-2023-30738
+ RESERVED
+CVE-2023-30737
+ RESERVED
+CVE-2023-30736
+ RESERVED
+CVE-2023-30735
+ RESERVED
+CVE-2023-30734
+ RESERVED
+CVE-2023-30733
+ RESERVED
+CVE-2023-30732
+ RESERVED
+CVE-2023-30731
+ RESERVED
+CVE-2023-30730
+ RESERVED
+CVE-2023-30729
+ RESERVED
+CVE-2023-30728
+ RESERVED
+CVE-2023-30727
+ RESERVED
+CVE-2023-30726
+ RESERVED
+CVE-2023-30725
+ RESERVED
+CVE-2023-30724
+ RESERVED
+CVE-2023-30723
+ RESERVED
+CVE-2023-30722
+ RESERVED
+CVE-2023-30721
+ RESERVED
+CVE-2023-30720
+ RESERVED
+CVE-2023-30719
+ RESERVED
+CVE-2023-30718
+ RESERVED
+CVE-2023-30717
+ RESERVED
+CVE-2023-30716
+ RESERVED
+CVE-2023-30715
+ RESERVED
+CVE-2023-30714
+ RESERVED
+CVE-2023-30713
+ RESERVED
+CVE-2023-30712
+ RESERVED
+CVE-2023-30711
+ RESERVED
+CVE-2023-30710
+ RESERVED
+CVE-2023-30709
+ RESERVED
+CVE-2023-30708
+ RESERVED
+CVE-2023-30707
+ RESERVED
+CVE-2023-30706
+ RESERVED
+CVE-2023-30705
+ RESERVED
+CVE-2023-30704
+ RESERVED
+CVE-2023-30703
+ RESERVED
+CVE-2023-30702
+ RESERVED
+CVE-2023-30701
+ RESERVED
+CVE-2023-30700
+ RESERVED
+CVE-2023-30699
+ RESERVED
+CVE-2023-30698
+ RESERVED
+CVE-2023-30697
+ RESERVED
+CVE-2023-30696
+ RESERVED
+CVE-2023-30695
+ RESERVED
+CVE-2023-30694
+ RESERVED
+CVE-2023-30693
+ RESERVED
+CVE-2023-30692
+ RESERVED
+CVE-2023-30691
+ RESERVED
+CVE-2023-30690
+ RESERVED
+CVE-2023-30689
+ RESERVED
+CVE-2023-30688
+ RESERVED
+CVE-2023-30687
+ RESERVED
+CVE-2023-30686
+ RESERVED
+CVE-2023-30685
+ RESERVED
+CVE-2023-30684
+ RESERVED
+CVE-2023-30683
+ RESERVED
+CVE-2023-30682
+ RESERVED
+CVE-2023-30681
+ RESERVED
+CVE-2023-30680
+ RESERVED
+CVE-2023-30679
+ RESERVED
+CVE-2023-30678
+ RESERVED
+CVE-2023-30677
+ RESERVED
+CVE-2023-30676
+ RESERVED
+CVE-2023-30675
+ RESERVED
+CVE-2023-30674
+ RESERVED
+CVE-2023-30673
+ RESERVED
+CVE-2023-30672
+ RESERVED
+CVE-2023-30671
+ RESERVED
+CVE-2023-30670
+ RESERVED
+CVE-2023-30669
+ RESERVED
+CVE-2023-30668
+ RESERVED
+CVE-2023-30667
+ RESERVED
+CVE-2023-30666
+ RESERVED
+CVE-2023-30665
+ RESERVED
+CVE-2023-30664
+ RESERVED
+CVE-2023-30663
+ RESERVED
+CVE-2023-30662
+ RESERVED
+CVE-2023-30661
+ RESERVED
+CVE-2023-30660
+ RESERVED
+CVE-2023-30659
+ RESERVED
+CVE-2023-30658
+ RESERVED
+CVE-2023-30657
+ RESERVED
+CVE-2023-30656
+ RESERVED
+CVE-2023-30655
+ RESERVED
+CVE-2023-30654
+ RESERVED
+CVE-2023-30653
+ RESERVED
+CVE-2023-30652
+ RESERVED
+CVE-2023-30651
+ RESERVED
+CVE-2023-30650
+ RESERVED
+CVE-2023-30649
+ RESERVED
+CVE-2023-30648
+ RESERVED
+CVE-2023-30647
+ RESERVED
+CVE-2023-30646
+ RESERVED
+CVE-2023-30645
+ RESERVED
+CVE-2023-30644
+ RESERVED
+CVE-2023-30643
+ RESERVED
+CVE-2023-30642
+ RESERVED
+CVE-2023-30641
+ RESERVED
+CVE-2023-30640
+ RESERVED
+CVE-2023-30639
+ RESERVED
+CVE-2023-30638 (Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 befor ...)
+ TODO: check
+CVE-2023-30637 (Baidu braft 1.1.2 has a memory leak related to use of the new operator ...)
+ TODO: check
+CVE-2023-30636 (TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal ...)
+ TODO: check
+CVE-2023-30635 (TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal ...)
+ TODO: check
+CVE-2023-30634
+ RESERVED
+CVE-2023-30633
+ RESERVED
+CVE-2023-30632
+ RESERVED
+CVE-2023-30631
+ RESERVED
+CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This ...)
+ TODO: check
+CVE-2023-30629
+ RESERVED
+CVE-2023-30628
+ RESERVED
+CVE-2023-30627
+ RESERVED
+CVE-2023-30626
+ RESERVED
+CVE-2023-30625
+ RESERVED
+CVE-2023-30624
+ RESERVED
+CVE-2023-30623
+ RESERVED
+CVE-2023-30622
+ RESERVED
+CVE-2023-30621
+ RESERVED
+CVE-2023-30620
+ RESERVED
+CVE-2023-30619
+ RESERVED
+CVE-2023-30618
+ RESERVED
+CVE-2023-30617
+ RESERVED
+CVE-2023-30616
+ RESERVED
+CVE-2023-30615
+ RESERVED
+CVE-2023-30614
+ RESERVED
+CVE-2023-30613
+ RESERVED
+CVE-2023-30612
+ RESERVED
+CVE-2023-30611
+ RESERVED
+CVE-2023-30610
+ RESERVED
+CVE-2023-30609
+ RESERVED
+CVE-2023-30608
+ RESERVED
+CVE-2023-30607
+ RESERVED
+CVE-2023-30606
+ RESERVED
+CVE-2023-30605
+ RESERVED
+CVE-2023-30604
+ RESERVED
+CVE-2023-30603
+ RESERVED
+CVE-2023-30602
+ RESERVED
+CVE-2023-30601
+ RESERVED
+CVE-2023-30600
+ RESERVED
+CVE-2023-30599
+ RESERVED
+CVE-2023-30598
+ RESERVED
+CVE-2023-30597
+ RESERVED
+CVE-2023-30596
+ RESERVED
+CVE-2023-30595
+ RESERVED
+CVE-2023-30594
+ RESERVED
+CVE-2023-30593
+ RESERVED
+CVE-2023-30592
+ RESERVED
+CVE-2023-30591
+ RESERVED
+CVE-2023-30590
+ RESERVED
+CVE-2023-30589
+ RESERVED
+CVE-2023-30588
+ RESERVED
+CVE-2023-30587
+ RESERVED
+CVE-2023-30586
+ RESERVED
+CVE-2023-30585
+ RESERVED
+CVE-2023-30584
+ RESERVED
+CVE-2023-30583
+ RESERVED
+CVE-2023-30582
+ RESERVED
+CVE-2023-30581
+ RESERVED
+CVE-2023-30580
+ RESERVED
+CVE-2023-30579
+ RESERVED
+CVE-2023-30578
+ RESERVED
+CVE-2023-30577
+ RESERVED
+CVE-2023-30576
+ RESERVED
+CVE-2023-30575
+ RESERVED
+CVE-2023-30574
+ RESERVED
+CVE-2023-30573
+ RESERVED
+CVE-2023-30572
+ RESERVED
+CVE-2023-30571
+ RESERVED
+CVE-2023-29504
+ RESERVED
+CVE-2023-29500
+ RESERVED
+CVE-2023-29162
+ RESERVED
+CVE-2023-28740
+ RESERVED
+CVE-2023-28722
+ RESERVED
+CVE-2023-28407
+ RESERVED
+CVE-2023-28388
+ RESERVED
+CVE-2023-27885
+ RESERVED
+CVE-2023-27880
+ RESERVED
+CVE-2023-27513
+ RESERVED
+CVE-2023-25774
+ RESERVED
+CVE-2023-2077
+ RESERVED
+CVE-2023-2076
+ RESERVED
+CVE-2023-2075
+ RESERVED
+CVE-2023-2074 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...)
+ TODO: check
+CVE-2023-2073 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...)
+ TODO: check
+CVE-2023-2072
+ RESERVED
+CVE-2023-2071
+ RESERVED
+CVE-2023-2070
+ RESERVED
+CVE-2023-2069
+ RESERVED
+CVE-2023-2068
+ RESERVED
+CVE-2023-2067
+ RESERVED
+CVE-2023-2066
+ RESERVED
+CVE-2023-2065
+ RESERVED
+CVE-2023-2064
+ RESERVED
+CVE-2023-2063
+ RESERVED
+CVE-2023-2062
+ RESERVED
+CVE-2023-2061
+ RESERVED
+CVE-2023-2060
+ RESERVED
+CVE-2023-2059 (A vulnerability was found in DedeCMS 5.7.87. It has been rated as prob ...)
+ TODO: check
+CVE-2023-2058 (A vulnerability was found in EyouCms up to 1.6.2. It has been declared ...)
+ TODO: check
+CVE-2023-2057 (A vulnerability was found in EyouCms 1.5.4. It has been classified as ...)
+ TODO: check
+CVE-2023-2056 (A vulnerability was found in DedeCMS up to 5.7.87 and classified as cr ...)
+ TODO: check
+CVE-2023-2055 (A vulnerability has been found in Campcodes Advanced Online Voting Sys ...)
+ TODO: check
+CVE-2023-2054 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2023-2053 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2023-2052 (A vulnerability classified as critical was found in Campcodes Advanced ...)
+ TODO: check
+CVE-2023-2051 (A vulnerability classified as critical has been found in Campcodes Adv ...)
+ TODO: check
+CVE-2023-2050 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...)
+ TODO: check
+CVE-2023-2049 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...)
+ TODO: check
+CVE-2023-2048 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...)
+ TODO: check
+CVE-2023-2047 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...)
+ TODO: check
+CVE-2023-2046
+ RESERVED
+CVE-2023-2045
+ RESERVED
+CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1 and cla ...)
+ TODO: check
+CVE-2023-2043 (A vulnerability, which was classified as problematic, was found in Con ...)
+ TODO: check
+CVE-2023-2042 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-2041 (A vulnerability classified as critical was found in novel-plus 3.6.2. ...)
+ TODO: check
+CVE-2023-2040 (A vulnerability classified as critical has been found in novel-plus 3. ...)
+ TODO: check
+CVE-2023-2039 (A vulnerability was found in novel-plus 3.6.2. It has been rated as cr ...)
+ TODO: check
+CVE-2023-2038 (A vulnerability was found in Campcodes Video Sharing Website 1.0. It h ...)
+ TODO: check
+CVE-2023-2037 (A vulnerability was found in Campcodes Video Sharing Website 1.0. It h ...)
+ TODO: check
+CVE-2023-2036 (A vulnerability was found in Campcodes Video Sharing Website 1.0 and c ...)
+ TODO: check
+CVE-2023-2035 (A vulnerability has been found in Campcodes Video Sharing Website 1.0 ...)
+ TODO: check
+CVE-2023-2034 (Unrestricted Upload of File with Dangerous Type in GitHub repository f ...)
+ TODO: check
+CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed ...)
+ TODO: check
+CVE-2023-2032
+ RESERVED
+CVE-2023-2031
+ RESERVED
+CVE-2023-2030
+ RESERVED
+CVE-2023-2029
+ RESERVED
+CVE-2023-2028
+ RESERVED
+CVE-2023-2027
+ RESERVED
+CVE-2023-2026
+ RESERVED
+CVE-2023-2025
+ RESERVED
+CVE-2023-2024
+ RESERVED
+CVE-2023-2023
+ RESERVED
+CVE-2023-2022
+ RESERVED
+CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
+ TODO: check
+CVE-2023-2020
+ RESERVED
+CVE-2023-2019
+ RESERVED
+CVE-2023-2018
+ RESERVED
+CVE-2023-2017
+ RESERVED
+CVE-2023-2016
+ RESERVED
+CVE-2023-2015
+ RESERVED
+CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository microweber/m ...)
+ TODO: check
+CVE-2023-2013
+ RESERVED
+CVE-2023-2012
+ RESERVED
+CVE-2022-48468 (protobuf-c before 1.4.1 has an unsigned integer overflow in parse_requ ...)
+ TODO: check
+CVE-2022-48467
+ RESERVED
+CVE-2022-48466
+ RESERVED
+CVE-2022-48465
+ RESERVED
+CVE-2022-48464
+ RESERVED
+CVE-2022-48463
+ RESERVED
+CVE-2022-48462
+ RESERVED
+CVE-2022-48461
+ RESERVED
+CVE-2022-48460
+ RESERVED
+CVE-2022-48459
+ RESERVED
+CVE-2022-48458
+ RESERVED
+CVE-2022-48457
+ RESERVED
+CVE-2022-48456
+ RESERVED
+CVE-2022-48455
+ RESERVED
+CVE-2022-48454
+ RESERVED
+CVE-2022-48453
+ RESERVED
+CVE-2022-48452
+ RESERVED
+CVE-2022-48451
+ RESERVED
+CVE-2022-48450
+ RESERVED
+CVE-2022-48449
+ RESERVED
+CVE-2022-48448
+ RESERVED
+CVE-2022-48447
+ RESERVED
+CVE-2022-48446
+ RESERVED
+CVE-2022-48445
+ RESERVED
+CVE-2022-48444
+ RESERVED
+CVE-2022-48443
+ RESERVED
+CVE-2022-48442
+ RESERVED
+CVE-2022-48441
+ RESERVED
+CVE-2022-48440
+ RESERVED
+CVE-2022-48439
+ RESERVED
+CVE-2022-48438
+ RESERVED
CVE-2023-30570
RESERVED
CVE-2023-30569
@@ -175,12 +769,12 @@ CVE-2023-1998
NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
CVE-2023-1995
RESERVED
-CVE-2023-1994
- RESERVED
-CVE-2023-1993
- RESERVED
-CVE-2023-1992
- RESERVED
+CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...)
+ TODO: check
+CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...)
+ TODO: check
+CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...)
+ TODO: check
CVE-2023-1991
RESERVED
CVE-2022-48437 (An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1 ...)
@@ -247,8 +841,7 @@ CVE-2023-30471
RESERVED
CVE-2023-30470
RESERVED
-CVE-2023-1990
- RESERVED
+CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...)
- linux <unfixed> (unimportant)
NOTE: https://git.kernel.org/linus/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6 (6.3-rc3)
NOTE: STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C, NFC_ST_NCI_SPI) not
@@ -328,8 +921,8 @@ CVE-2023-30461
RESERVED
CVE-2023-30460
RESERVED
-CVE-2023-30459
- RESERVED
+CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker ...)
+ TODO: check
CVE-2023-30458
RESERVED
CVE-2023-30457
@@ -1563,14 +2156,14 @@ CVE-2023-29852
RESERVED
CVE-2023-29851
RESERVED
-CVE-2023-29850
- RESERVED
+CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip ...)
+ TODO: check
CVE-2023-29849
RESERVED
CVE-2023-29848
RESERVED
-CVE-2023-29847
- RESERVED
+CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored cross-site sc ...)
+ TODO: check
CVE-2023-29846
RESERVED
CVE-2023-29845
@@ -1653,22 +2246,22 @@ CVE-2023-29807
RESERVED
CVE-2023-29806
RESERVED
-CVE-2023-29805
- RESERVED
-CVE-2023-29804
- RESERVED
-CVE-2023-29803
- RESERVED
-CVE-2023-29802
- RESERVED
-CVE-2023-29801
- RESERVED
-CVE-2023-29800
- RESERVED
-CVE-2023-29799
- RESERVED
-CVE-2023-29798
- RESERVED
+CVE-2023-29805 (WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerab ...)
+ TODO: check
+CVE-2023-29804 (WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerab ...)
+ TODO: check
+CVE-2023-29803 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...)
+ TODO: check
+CVE-2023-29802 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...)
+ TODO: check
+CVE-2023-29801 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multipl ...)
+ TODO: check
+CVE-2023-29800 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...)
+ TODO: check
+CVE-2023-29799 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...)
+ TODO: check
+CVE-2023-29798 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...)
+ TODO: check
CVE-2023-29797
RESERVED
CVE-2023-29796
@@ -2009,20 +2602,20 @@ CVE-2023-29629
RESERVED
CVE-2023-29628
RESERVED
-CVE-2023-29627
- RESERVED
-CVE-2023-29626
- RESERVED
-CVE-2023-29625
- RESERVED
+CVE-2023-29627 (Online Pizza Ordering v1.0 was discovered to contain an arbitrary file ...)
+ TODO: check
+CVE-2023-29626 (Yoga Class Registration System 1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2023-29625 (Employee Performance Evaluation System v1.0 was discovered to contain ...)
+ TODO: check
CVE-2023-29624
RESERVED
-CVE-2023-29623
- RESERVED
-CVE-2023-29622
- RESERVED
-CVE-2023-29621
- RESERVED
+CVE-2023-29623 (Purchase Order Management v1.0 was discovered to contain a reflected c ...)
+ TODO: check
+CVE-2023-29622 (Purchase Order Management v1.0 was discovered to contain a SQL injecti ...)
+ TODO: check
+CVE-2023-29621 (Purchase Order Management v1.0 was discovered to contain an arbitrary ...)
+ TODO: check
CVE-2023-29620
RESERVED
CVE-2023-29619
@@ -2067,10 +2660,10 @@ CVE-2023-29600
RESERVED
CVE-2023-29599
RESERVED
-CVE-2023-29598
- RESERVED
-CVE-2023-29597
- RESERVED
+CVE-2023-29598 (lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability ...)
+ TODO: check
+CVE-2023-29597 (bloofox v0.5.2 was discovered to contain a SQL injection vulnerability ...)
+ TODO: check
CVE-2023-29596
RESERVED
CVE-2023-29595
@@ -2095,8 +2688,8 @@ CVE-2023-29586
RESERVED
CVE-2023-29585
RESERVED
-CVE-2023-29584
- RESERVED
+CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...)
+ TODO: check
CVE-2023-29583
RESERVED
CVE-2023-29582
@@ -2121,16 +2714,16 @@ CVE-2023-29575
RESERVED
CVE-2023-29574 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
NOT-FOR-US: Bento4
-CVE-2023-29573
- RESERVED
+CVE-2023-29573 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...)
+ TODO: check
CVE-2023-29572
RESERVED
CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
NOT-FOR-US: Cesenta MJS
CVE-2023-29570
RESERVED
-CVE-2023-29569
- RESERVED
+CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ TODO: check
CVE-2023-29568
RESERVED
CVE-2023-29567
@@ -2352,8 +2945,8 @@ CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It
NOT-FOR-US: WordPress plugin
CVE-2023-29530
RESERVED
-CVE-2023-29529
- RESERVED
+CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...)
+ TODO: check
CVE-2023-29528
RESERVED
CVE-2023-29527
@@ -2428,8 +3021,7 @@ CVE-2023-29493
RESERVED
CVE-2023-29492 (Novi Survey before 8.9.43676 allows remote attackers to execute arbitr ...)
NOT-FOR-US: Novi Survey
-CVE-2023-29491
- RESERVED
+CVE-2023-29491 (ncurses before 6.4 20230408, when used by a setuid application, allows ...)
- ncurses <unfixed> (bug #1034372)
NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20230408
NOTE: http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
@@ -2662,8 +3254,7 @@ CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile Compari
NOT-FOR-US: SourceCodester Simple Mobile Comparison Website
CVE-2023-1907
RESERVED
-CVE-2023-1906
- RESERVED
+CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick's Imp ...)
- imagemagick <unfixed> (bug #1034373)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d (ImageMagick 6.9.12-84)
@@ -2862,8 +3453,8 @@ CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorize
NOT-FOR-US: YourChannel plugin for WordPress
CVE-2023-1864
RESERVED
-CVE-2023-1863
- RESERVED
+CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-1862
RESERVED
CVE-2023-1861
@@ -3151,7 +3742,7 @@ CVE-2023-1844
CVE-2023-1843
RESERVED
CVE-2023-1842
- RESERVED
+ REJECTED
CVE-2023-1841
RESERVED
CVE-2023-29272
@@ -3239,8 +3830,8 @@ CVE-2023-1835
RESERVED
CVE-2023-1834
RESERVED
-CVE-2023-1833
- RESERVED
+CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS Electro ...)
+ TODO: check
CVE-2023-1832
RESERVED
CVE-2023-1831
@@ -3401,8 +3992,8 @@ CVE-2023-29201
RESERVED
CVE-2023-29200
RESERVED
-CVE-2023-29199
- RESERVED
+CVE-2023-29199 (There exists a vulnerability in source code transformer (exception san ...)
+ TODO: check
CVE-2023-29198
RESERVED
CVE-2023-29197
@@ -3411,10 +4002,10 @@ CVE-2023-29196
RESERVED
CVE-2023-29195
RESERVED
-CVE-2023-29194
- RESERVED
-CVE-2023-29193
- RESERVED
+CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling of MySQL ...)
+ TODO: check
+CVE-2023-29193 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...)
+ TODO: check
CVE-2023-29192 (SilverwareGames.io versions before 1.2.19 allow users with access to t ...)
NOT-FOR-US: SilverwareGames.io
CVE-2023-29191
@@ -3469,8 +4060,8 @@ CVE-2023-1805
RESERVED
CVE-2023-1804
RESERVED
-CVE-2023-1803
- RESERVED
+CVE-2023-1803 (Authentication Bypass by Alternate Name vulnerability in DTS Electroni ...)
+ TODO: check
CVE-2023-1802 (In Docker Desktop 4.17.x the Artifactory Integration falls back to sen ...)
NOT-FOR-US: Docker Desktop
CVE-2023-1801 (The SMB protocol decoder in tcpdump version 4.99.3 can perform an out- ...)
@@ -3575,8 +4166,7 @@ CVE-2023-29134
CVE-2023-29133
RESERVED
NOT-FOR-US: Cargo MediaWiki extension
-CVE-2023-29132 [Irssi SA-2023-03 / Use after free in printing routine]
- RESERVED
+CVE-2023-29132 (Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use ...)
- irssi 1.4.3-2 (bug #1033785)
[bullseye] - irssi <not-affected> (Vulnerable code introduced later)
[buster] - irssi <not-affected> (Vulnerable code introduced later)
@@ -3716,8 +4306,8 @@ CVE-2023-29086
RESERVED
CVE-2023-29085
RESERVED
-CVE-2023-29084
- RESERVED
+CVE-2023-29084 (Zoho ManageEngine ADManager Plus through 7180 allows for authenticated ...)
+ TODO: check
CVE-2023-29083
RESERVED
CVE-2023-29082
@@ -3750,8 +4340,8 @@ CVE-2023-29069
RESERVED
CVE-2023-29068
RESERVED
-CVE-2023-29067
- RESERVED
+CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk® Auto ...)
+ TODO: check
CVE-2023-29066
RESERVED
CVE-2023-29065
@@ -3960,8 +4550,8 @@ CVE-2023-29020
RESERVED
CVE-2023-29019
RESERVED
-CVE-2023-29018
- RESERVED
+CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags to appli ...)
+ TODO: check
CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
NOT-FOR-US: Node vm2
CVE-2023-29016 (The Goobi viewer is a web application that allows digitised material t ...)
@@ -3970,8 +4560,8 @@ CVE-2023-29015 (The Goobi viewer is a web application that allows digitised mate
NOT-FOR-US: Goobi viewer
CVE-2023-29014 (The Goobi viewer is a web application that allows digitised material t ...)
NOT-FOR-US: Goobi viewer
-CVE-2023-29013
- RESERVED
+CVE-2023-29013 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...)
+ TODO: check
CVE-2023-29012
RESERVED
CVE-2023-29011
@@ -4116,8 +4706,8 @@ CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions fr
- gitlab <unfixed>
CVE-2023-1707
RESERVED
-CVE-2023-1706
- RESERVED
+CVE-2023-1706 (This candidate is unused by its CNA. ...)
+ TODO: check
CVE-2023-1705
RESERVED
CVE-2023-1704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -4673,8 +5263,8 @@ CVE-2023-1619
RESERVED
CVE-2023-1618
RESERVED
-CVE-2023-1617
- RESERVED
+CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation ...)
+ TODO: check
CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has bee ...)
NOT-FOR-US: XiaoBingBy TeaCMS
CVE-2020-36691 (An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c a ...)
@@ -6127,8 +6717,8 @@ CVE-2023-26593 (CENTUM series provided by Yokogawa Electric Corporation are vuln
NOT-FOR-US: Yokogawa
CVE-2023-25955 (National land numerical information data conversion tool all versions ...)
NOT-FOR-US: National land numerical information data conversion tool
-CVE-2023-25954
- RESERVED
+CVE-2023-25954 (KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' ...)
+ TODO: check
CVE-2023-25953
RESERVED
CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ...)
@@ -7115,10 +7705,11 @@ CVE-2023-28123
RESERVED
CVE-2023-28122
RESERVED
-CVE-2023-28121
- RESERVED
+CVE-2023-28121 (An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 ...)
+ TODO: check
CVE-2023-28120
RESERVED
+ {DSA-5389-1}
- rails 2:6.1.7.3+dfsg-1 (bug #1033262)
NOTE: https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 (v6.1.7.3)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469
@@ -7193,8 +7784,8 @@ CVE-2023-28093 (A user with a compromised configuration can start an unsigned bi
NOT-FOR-US: Pegasystems
CVE-2023-28092
RESERVED
-CVE-2023-28091
- RESERVED
+CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option may exp ...)
+ TODO: check
CVE-2023-28090
RESERVED
CVE-2023-28089
@@ -7205,8 +7796,8 @@ CVE-2023-28087
RESERVED
CVE-2023-28086
RESERVED
-CVE-2023-28085
- RESERVED
+CVE-2023-28085 (An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD ...)
+ TODO: check
CVE-2023-28084
RESERVED
CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...)
@@ -7365,8 +7956,8 @@ CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been clas
NOT-FOR-US: Guizhou 115cms
CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an ...)
NOT-FOR-US: Netgear
-CVE-2023-1326
- RESERVED
+CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and earli ...)
+ TODO: check
CVE-2023-1325
RESERVED
CVE-2023-1324
@@ -7533,8 +8124,8 @@ CVE-2023-1287 (An XSL template vulnerability in ENOVIA Live Collaboration V6R201
NOT-FOR-US: ENOVIA Live Collaboration V6R2013xE
CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2023-1285
- RESERVED
+CVE-2023-1285 (Signal Handler Race Condition vulnerability in Mitsubishi Electric Ind ...)
+ TODO: check
CVE-2023-27984 (A CWE-20: Improper Input Validation vulnerability exists in Custom Rep ...)
NOT-FOR-US: Schneider Electric
CVE-2023-27983 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
@@ -7686,8 +8277,8 @@ CVE-2023-1273
RESERVED
CVE-2023-1272
RESERVED
-CVE-2023-1271
- RESERVED
+CVE-2023-1271 (Duplicate. Please use CVE-2023-24421. ...)
+ TODO: check
CVE-2023-1270 (Command Injection in GitHub repository btcpayserver/btcpayserver prior ...)
NOT-FOR-US: btcpayserver
CVE-2023-1269 (Use of Hard-coded Credentials in GitHub repository alextselegidis/easy ...)
@@ -7717,14 +8308,14 @@ CVE-2023-XXXX [RUSTSEC-2023-0018]
[buster] - rust-remove-dir-all <postponed> (Minor issue, no in-place fix: old API deprecated + new API introduced)
NOTE: https://github.com/advisories/GHSA-mc8h-8q98-g5hr
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0018.html
-CVE-2023-27915
- RESERVED
-CVE-2023-27914
- RESERVED
-CVE-2023-27913
- RESERVED
-CVE-2023-27912
- RESERVED
+CVE-2023-27915 (A maliciously crafted X_B file when parsed through Autodesk® Auto ...)
+ TODO: check
+CVE-2023-27914 (A maliciously crafted X_B file when parsed through Autodesk® Auto ...)
+ TODO: check
+CVE-2023-27913 (A maliciously crafted X_B file when parsed through Autodesk® Auto ...)
+ TODO: check
+CVE-2023-27912 (A maliciously crafted X_B file when parsed through Autodesk® Auto ...)
+ TODO: check
CVE-2023-27911
RESERVED
CVE-2023-27910
@@ -7858,8 +8449,8 @@ CVE-2023-27892
RESERVED
CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application authorization fr ...)
NOT-FOR-US: rami.io
-CVE-2023-27890
- RESERVED
+CVE-2023-27890 (** UNSUPPORTED WHEN ASSIGNED ** The Export User plugin through 2.0 for ...)
+ TODO: check
CVE-2023-27878
RESERVED
CVE-2023-27877
@@ -8196,8 +8787,8 @@ CVE-2023-27814
RESERVED
CVE-2023-27813
RESERVED
-CVE-2023-27812
- RESERVED
+CVE-2023-27812 (bloofox v0.5.2 was discovered to contain an arbitrary file deletion vu ...)
+ TODO: check
CVE-2023-27811
RESERVED
CVE-2023-27810 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...)
@@ -8282,8 +8873,8 @@ CVE-2023-27781 (jpegoptim v1.5.2 was discovered to contain a heap overflow in th
NOTE: Crash in CLI tool, no security impact
CVE-2023-27780
RESERVED
-CVE-2023-27779
- RESERVED
+CVE-2023-27779 (AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerab ...)
+ TODO: check
CVE-2023-27778
RESERVED
CVE-2023-27777
@@ -8296,8 +8887,8 @@ CVE-2023-27774
RESERVED
CVE-2023-27773
RESERVED
-CVE-2023-27772
- RESERVED
+CVE-2023-27772 (libiec61850 v1.5.1 was discovered to contain a segmentation violation ...)
+ TODO: check
CVE-2023-27771 (An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1. ...)
NOT-FOR-US: Wondershare
CVE-2023-27770 (An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 al ...)
@@ -8344,12 +8935,12 @@ CVE-2023-27750
RESERVED
CVE-2023-27749
RESERVED
-CVE-2023-27748
- RESERVED
-CVE-2023-27747
- RESERVED
-CVE-2023-27746
- RESERVED
+CVE-2023-27748 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity ...)
+ TODO: check
+CVE-2023-27747 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticati ...)
+ TODO: check
+CVE-2023-27746 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a ...)
+ TODO: check
CVE-2023-27745
RESERVED
CVE-2023-27744
@@ -8506,10 +9097,10 @@ CVE-2023-27669
RESERVED
CVE-2023-27668
RESERVED
-CVE-2023-27667
- RESERVED
-CVE-2023-27666
- RESERVED
+CVE-2023-27667 (Auto Dealer Management System v1.0 was discovered to contain a SQL inj ...)
+ TODO: check
+CVE-2023-27666 (Auto Dealer Management System v1.0 was discovered to contain a cross-s ...)
+ TODO: check
CVE-2023-27665
RESERVED
CVE-2023-27664
@@ -8534,18 +9125,18 @@ CVE-2023-27655 (xpdf v4.04 was discovered to contain a stack overflow in the com
TODO: check
CVE-2023-27654
RESERVED
-CVE-2023-27653
- RESERVED
+CVE-2023-27653 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...)
+ TODO: check
CVE-2023-27652
RESERVED
-CVE-2023-27651
- RESERVED
+CVE-2023-27651 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...)
+ TODO: check
CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...)
NOT-FOR-US: APUS Group Launcher
-CVE-2023-27649
- RESERVED
-CVE-2023-27648
- RESERVED
+CVE-2023-27649 (SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0. ...)
+ TODO: check
+CVE-2023-27648 (Directory Traversal vulnerability found in T-ME Studios Change Color o ...)
+ TODO: check
CVE-2023-27647
RESERVED
CVE-2023-27646
@@ -8554,8 +9145,8 @@ CVE-2023-27645 (An issue found in POWERAMP audioplayer build 925 bundle play and
NOT-FOR-US: POWERAMP audioplayer
CVE-2023-27644
RESERVED
-CVE-2023-27643
- RESERVED
+CVE-2023-27643 (An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows ...)
+ TODO: check
CVE-2023-27642
RESERVED
CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...)
@@ -9918,8 +10509,8 @@ CVE-2023-27195
RESERVED
CVE-2023-27194
RESERVED
-CVE-2023-27193
- RESERVED
+CVE-2023-27193 (An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain pr ...)
+ TODO: check
CVE-2023-27192 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...)
NOT-FOR-US: DUALSPACE Super Secuirty
CVE-2023-27191 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...)
@@ -10367,8 +10958,8 @@ CVE-2023-26982 (Trudesk v1.2.6 was discovered to contain a stored cross-site scr
NOT-FOR-US: Trudesk
CVE-2023-26981
RESERVED
-CVE-2023-26980
- RESERVED
+CVE-2023-26980 (PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition ...)
+ TODO: check
CVE-2023-26979
RESERVED
CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
@@ -10389,8 +10980,8 @@ CVE-2023-26971
RESERVED
CVE-2023-26970
RESERVED
-CVE-2023-26969
- RESERVED
+CVE-2023-26969 (Atropim 1.5.26 is vulnerable to Directory Traversal. ...)
+ TODO: check
CVE-2023-26968 (In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyph ...)
NOT-FOR-US: Atrocore
CVE-2023-26967
@@ -10500,8 +11091,8 @@ CVE-2023-26920
RESERVED
CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...)
NOT-FOR-US: delight-nashorn-sandbox
-CVE-2023-26918
- RESERVED
+CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...)
+ TODO: check
CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
- libyang2 <unfixed>
[bullseye] - libyang2 <no-dsa> (Minor issue)
@@ -10844,8 +11435,8 @@ CVE-2023-26758 (Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary
NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406
CVE-2023-26757
RESERVED
-CVE-2023-26756
- RESERVED
+CVE-2023-26756 (The login page of Revive Adserver v5.4.1 is vulnerable to brute force ...)
+ TODO: check
CVE-2023-26755
RESERVED
CVE-2023-26754
@@ -11229,8 +11820,8 @@ CVE-2023-26561
RESERVED
CVE-2023-26560
RESERVED
-CVE-2023-26559
- RESERVED
+CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author before 25 ...)
+ TODO: check
CVE-2023-26558
RESERVED
CVE-2023-26557
@@ -11761,116 +12352,116 @@ CVE-2023-26427
RESERVED
CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
NOT-FOR-US: Adobe
-CVE-2023-26425
- RESERVED
-CVE-2023-26424
- RESERVED
-CVE-2023-26423
- RESERVED
-CVE-2023-26422
- RESERVED
-CVE-2023-26421
- RESERVED
-CVE-2023-26420
- RESERVED
-CVE-2023-26419
- RESERVED
-CVE-2023-26418
- RESERVED
-CVE-2023-26417
- RESERVED
-CVE-2023-26416
- RESERVED
-CVE-2023-26415
- RESERVED
-CVE-2023-26414
- RESERVED
-CVE-2023-26413
- RESERVED
-CVE-2023-26412
- RESERVED
-CVE-2023-26411
- RESERVED
-CVE-2023-26410
- RESERVED
-CVE-2023-26409
- RESERVED
-CVE-2023-26408
- RESERVED
-CVE-2023-26407
- RESERVED
-CVE-2023-26406
- RESERVED
-CVE-2023-26405
- RESERVED
-CVE-2023-26404
- RESERVED
-CVE-2023-26403
- RESERVED
-CVE-2023-26402
- RESERVED
-CVE-2023-26401
- RESERVED
-CVE-2023-26400
- RESERVED
+CVE-2023-26425 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26424 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26423 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26422 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26421 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26420 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26419 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26418 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26417 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26416 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26415 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26414 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26413 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26412 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26411 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26410 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26409 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26408 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26407 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26406 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26405 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26404 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26403 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26402 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26401 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26400 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
CVE-2023-26399
RESERVED
-CVE-2023-26398
- RESERVED
-CVE-2023-26397
- RESERVED
-CVE-2023-26396
- RESERVED
-CVE-2023-26395
- RESERVED
-CVE-2023-26394
- RESERVED
-CVE-2023-26393
- RESERVED
-CVE-2023-26392
- RESERVED
-CVE-2023-26391
- RESERVED
-CVE-2023-26390
- RESERVED
-CVE-2023-26389
- RESERVED
-CVE-2023-26388
- RESERVED
-CVE-2023-26387
- RESERVED
-CVE-2023-26386
- RESERVED
-CVE-2023-26385
- RESERVED
-CVE-2023-26384
- RESERVED
-CVE-2023-26383
- RESERVED
-CVE-2023-26382
- RESERVED
-CVE-2023-26381
- RESERVED
-CVE-2023-26380
- RESERVED
-CVE-2023-26379
- RESERVED
-CVE-2023-26378
- RESERVED
-CVE-2023-26377
- RESERVED
-CVE-2023-26376
- RESERVED
-CVE-2023-26375
- RESERVED
-CVE-2023-26374
- RESERVED
-CVE-2023-26373
- RESERVED
-CVE-2023-26372
- RESERVED
-CVE-2023-26371
- RESERVED
+CVE-2023-26398 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...)
+ TODO: check
+CVE-2023-26397 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26396 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26395 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-26394 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26393 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26392 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26391 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26390 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26389 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26388 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26387 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26386 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26385 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26384 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26383 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...)
+ TODO: check
+CVE-2023-26382 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26381 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26380 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26379 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26378 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26377 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26376 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26375 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26374 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26373 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26372 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-26371 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...)
+ TODO: check
CVE-2023-26370
RESERVED
CVE-2023-26369
@@ -11961,7 +12552,7 @@ CVE-2023-26327 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an o
NOT-FOR-US: Adobe
CVE-2023-26326 (The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affec ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin version ...)
+CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin, is affe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26324
RESERVED
@@ -12192,10 +12783,10 @@ CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working di
NOTE: https://github.com/AFLplusplus/AFLplusplus/commit/673a0a3866783bf28e31d14fbd7a9009c7816ec3
CVE-2023-26265 (The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sa ...)
- backdrop <itp> (bug #914257)
-CVE-2023-26264
- RESERVED
-CVE-2023-26263
- RESERVED
+CVE-2023-26264 (All versions of Talend Data Catalog before 8.0-20220907 are potentiall ...)
+ TODO: check
+CVE-2023-26263 (All versions of Talend Data Catalog before 8.0-20230110 are potentiall ...)
+ TODO: check
CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Si ...)
NOT-FOR-US: Sitecore
CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection lead ...)
@@ -12550,8 +13141,8 @@ CVE-2023-26125
RESERVED
CVE-2023-26124
RESERVED
-CVE-2023-26123
- RESERVED
+CVE-2023-26123 (Versions of the package raysan5/raylib before 4.5.0 are vulnerable to ...)
+ TODO: check
CVE-2023-26122 (All versions of the package safe-eval are vulnerable to Sandbox Bypass ...)
NOT-FOR-US: Node safe-eval
CVE-2023-26121 (All versions of the package safe-eval are vulnerable to Prototype Poll ...)
@@ -17266,8 +17857,8 @@ CVE-2023-24547
RESERVED
CVE-2023-24546
RESERVED
-CVE-2023-24545
- RESERVED
+CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the Software ...)
+ TODO: check
CVE-2023-0517
RESERVED
CVE-2023-0516 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
@@ -17449,16 +18040,16 @@ CVE-2023-0494 (A vulnerability was found in X.Org. This issue occurs due to a da
NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/0ba6d8c37071131a49790243cdac55392ecf71ec
CVE-2022-4897 (The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24513
- RESERVED
+CVE-2023-24513 (On affected platforms running Arista CloudEOS an issue in the Software ...)
+ TODO: check
CVE-2023-24512
RESERVED
-CVE-2023-24511
- RESERVED
+CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured, a speci ...)
+ TODO: check
CVE-2023-24510
RESERVED
-CVE-2023-24509
- RESERVED
+CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with both re ...)
+ TODO: check
CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 ...)
NOT-FOR-US: Baicells
CVE-2023-24507
@@ -18847,7 +19438,7 @@ CVE-2023-0418
CVE-2022-4894
RESERVED
CVE-2022-4893
- RESERVED
+ REJECTED
CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...)
{DLA-3283-1}
- modsecurity-apache 2.9.6-1
@@ -19033,6 +19624,7 @@ CVE-2023-23914 (A cleartext transmission of sensitive information vulnerability
NOTE: https://github.com/curl/curl/pull/10138
CVE-2023-23913
RESERVED
+ {DSA-5389-1}
- rails 2:6.1.7.3+dfsg-1 (bug #1033263)
NOTE: https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd (v6.1.7.3)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
@@ -21770,14 +22362,14 @@ CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be a
NOT-FOR-US: ExpressionEngine
CVE-2023-22952 (In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject cu ...)
NOT-FOR-US: SugarCRM
-CVE-2023-22951
- RESERVED
-CVE-2023-22950
- RESERVED
-CVE-2023-22949
- RESERVED
-CVE-2023-22948
- RESERVED
+CVE-2023-22951 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It ...)
+ TODO: check
+CVE-2023-22950 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Dat ...)
+ TODO: check
+CVE-2023-22949 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. The ...)
+ TODO: check
+CVE-2023-22948 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. The ...)
+ TODO: check
CVE-2023-22947 (** DISPUTED ** Insecure folder permissions in the Windows installation ...)
- shibboleth-sp <not-affected> (Windows-specific)
CVE-2023-22946
@@ -22275,8 +22867,8 @@ CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, doe
NOTE: https://github.com/srikanth-lingala/zip4j/commit/597b31afb473a40e8252de5b5def1876bab198d3
CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 a ...)
NOT-FOR-US: Pandora
-CVE-2023-22897
- RESERVED
+CVE-2023-22897 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...)
+ TODO: check
CVE-2023-22896
RESERVED
CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...)
@@ -23348,8 +23940,8 @@ CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits t
- wordpress <not-affected> (Not an issue for packaged WordPress)
CVE-2023-22621
RESERVED
-CVE-2023-22620
- RESERVED
+CVE-2023-22620 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...)
+ TODO: check
CVE-2023-22619
RESERVED
CVE-2023-0076 (The Download Attachments WordPress plugin through 1.2.24 does not vali ...)
@@ -23569,7 +24161,7 @@ CVE-2023-22577
RESERVED
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...)
NOT-FOR-US: AsyncHTTPClient
-CVE-2023-0039 (The User Post Gallery - UPG plugin for WordPress is vulnerable to auth ...)
+CVE-2023-0039 (Duplicate. Please use CVE-2022-4060 instead. ...)
NOT-FOR-US: User Post Gallery - UPG plugin for WordPress
CVE-2023-0038 (The "Survey Maker – Best WordPress Survey Plugin" plugin for Wor ...)
NOT-FOR-US: "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress
@@ -24558,7 +25150,7 @@ CVE-2022-48012 (Opencats v0.9.7 was discovered to contain a reflected cross-site
NOT-FOR-US: Opencats
CVE-2022-48011 (Opencats v0.9.7 was discovered to contain a SQL injection vulnerabilit ...)
NOT-FOR-US: Opencats
-CVE-2022-48010 (LimeSurvey v5.4.15 was discovered to contain a stored cross-site scrip ...)
+CVE-2022-48010 (** DISPUTED ** LimeSurvey v5.4.15 was discovered to contain a stored c ...)
- limesurvey <itp> (bug #472802)
CVE-2022-48009
RESERVED
@@ -26385,8 +26977,8 @@ CVE-2023-22237 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier)
NOT-FOR-US: Adobe
CVE-2023-22236 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
NOT-FOR-US: Adobe
-CVE-2023-22235
- RESERVED
+CVE-2023-22235 (InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by ...)
+ TODO: check
CVE-2023-22234 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-b ...)
NOT-FOR-US: Adobe
CVE-2023-22233 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...)
@@ -27793,8 +28385,7 @@ CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of Un
NOT-FOR-US: SolarWinds
CVE-2022-47502 (Apache OpenOffice documents can contain links that call internal macro ...)
NOT-FOR-US: Apache OpenOffice
-CVE-2022-47501
- RESERVED
+CVE-2022-47501 (Arbitrary file reading vulnerability in Apache Software Foundation Apa ...)
NOT-FOR-US: Apache OFBiz
CVE-2022-47500 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
NOT-FOR-US: Apache Helix
@@ -28274,8 +28865,8 @@ CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not vali
NOT-FOR-US: WordPress plugin
CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4463
- RESERVED
+CVE-2022-4463 (This candidate is unused by its CNA. ...)
+ TODO: check
CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2022-4461
@@ -29199,8 +29790,8 @@ CVE-2022-47029
RESERVED
CVE-2022-47028
RESERVED
-CVE-2022-47027
- RESERVED
+CVE-2022-47027 (Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized app ...)
+ TODO: check
CVE-2022-47026
RESERVED
CVE-2022-47025
@@ -31252,8 +31843,8 @@ CVE-2023-21584 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are a
NOT-FOR-US: FrameMaker
CVE-2023-21583 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...)
NOT-FOR-US: Adobe
-CVE-2023-21582
- RESERVED
+CVE-2023-21582 (Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected ...)
+ TODO: check
CVE-2023-21581 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...)
NOT-FOR-US: Adobe
CVE-2023-21580
@@ -34469,8 +35060,8 @@ CVE-2022-45360
RESERVED
CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift C ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45358
- RESERVED
+CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2022-45357
RESERVED
CVE-2022-45356
@@ -34935,28 +35526,28 @@ CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the m
NOT-FOR-US: Pi-Star_DV_Dash (for Pi-Star DV)
CVE-2022-45181
RESERVED
-CVE-2022-45180
- RESERVED
+CVE-2022-45180 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...)
+ TODO: check
CVE-2022-45179
RESERVED
-CVE-2022-45178
- RESERVED
+CVE-2022-45178 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...)
+ TODO: check
CVE-2022-45177
RESERVED
CVE-2022-45176
RESERVED
-CVE-2022-45175
- RESERVED
-CVE-2022-45174
- RESERVED
-CVE-2022-45173
- RESERVED
+CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
+ TODO: check
+CVE-2022-45174 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
+ TODO: check
+CVE-2022-45173 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
+ TODO: check
CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before v018. Br ...)
NOT-FOR-US: LIVEBOX Collaboration vDesk
CVE-2022-45171
RESERVED
-CVE-2022-45170
- RESERVED
+CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...)
+ TODO: check
CVE-2022-45169
RESERVED
CVE-2022-45168
@@ -35260,8 +35851,7 @@ CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSw
NOT-FOR-US: WordPress plugin
CVE-2022-45065
RESERVED
-CVE-2022-45064
- RESERVED
+CVE-2022-45064 (The SlingRequestDispatcher doesn't correctly implement the RequestDisp ...)
NOT-FOR-US: Apache Sling
CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
@@ -37487,8 +38077,8 @@ CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Si
NOT-FOR-US: WordPress plugin
CVE-2022-44626
RESERVED
-CVE-2022-44625
- RESERVED
+CVE-2022-44625 (Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou ...)
+ TODO: check
CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password parameters coul ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2022-44623 (In JetBrains TeamCity version before 2022.10, Project Viewer could see ...)
@@ -37666,14 +38256,14 @@ CVE-2023-20868
RESERVED
CVE-2023-20867
RESERVED
-CVE-2023-20866
- RESERVED
+CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...)
+ TODO: check
CVE-2023-20865
RESERVED
CVE-2023-20864
RESERVED
-CVE-2023-20863
- RESERVED
+CVE-2023-20863 (In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ...)
+ TODO: check
CVE-2023-20862
RESERVED
CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...)
@@ -39140,8 +39730,8 @@ CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post w
NOT-FOR-US: WordPress plugin
CVE-2022-3749
RESERVED
-CVE-2022-3748
- RESERVED
+CVE-2022-3748 (Improper Authorization vulnerability in ForgeRock Inc. Access Manageme ...)
+ TODO: check
CVE-2022-3747 (The Becustom plugin for WordPress is vulnerable to Cross-Site Request ...)
NOT-FOR-US: Becustom plugin for WordPress
CVE-2022-3746
@@ -40691,8 +41281,8 @@ CVE-2023-20120
RESERVED
CVE-2023-20119
RESERVED
-CVE-2023-20118
- RESERVED
+CVE-2023-20118 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
CVE-2023-20117 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20116
@@ -45949,8 +46539,8 @@ CVE-2022-3406
RESERVED
CVE-2022-3405
RESERVED
-CVE-2022-3404
- RESERVED
+CVE-2022-3404 (This candidate is unused by its CNA. ...)
+ TODO: check
CVE-2022-3403
RESERVED
CVE-2022-3402 (The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cro ...)
@@ -62918,8 +63508,8 @@ CVE-2022-35244 (A format string injection vulnerability exists in the XCMD getVa
NOT-FOR-US: Abode Systems
CVE-2022-2446
RESERVED
-CVE-2022-2445
- RESERVED
+CVE-2022-2445 (Incorrectly assigned CVE. Not a valid issue. ...)
+ TODO: check
CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Si ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59994f0311c8e5aa0b393e272b47819b551395a6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59994f0311c8e5aa0b393e272b47819b551395a6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230414/ad29bfaa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list