[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 18 09:10:39 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e527d6ed by security tracker role at 2023-04-18T08:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-30794
+ RESERVED
+CVE-2023-30793
+ RESERVED
+CVE-2023-2138 (Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-mod ...)
+ TODO: check
+CVE-2023-2137
+ RESERVED
+CVE-2023-2136
+ RESERVED
+CVE-2023-2135
+ RESERVED
+CVE-2023-2134
+ RESERVED
+CVE-2023-2133
+ RESERVED
+CVE-2023-2132
+ RESERVED
+CVE-2023-2131
+ RESERVED
+CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
CVE-2023-30792
RESERVED
CVE-2023-30791
@@ -50,10 +72,10 @@ CVE-2023-2122
RESERVED
CVE-2023-2121
RESERVED
-CVE-2023-2120
- RESERVED
-CVE-2023-2119
- RESERVED
+CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...)
+ TODO: check
CVE-2023-2118
RESERVED
CVE-2023-2117
@@ -184,8 +206,8 @@ CVE-2023-30772 (The Linux kernel before 6.2.9 has a race condition and resultant
NOTE: CONFIG_CHARGER_DA9150 not enabled in Debian.
CVE-2023-30770 (A stack-based buffer overflow vulnerability was found in the ASUSTOR D ...)
NOT-FOR-US: ASUSTOR Data Master (ADM)
-CVE-2023-30769
- RESERVED
+CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) communic ...)
+ TODO: check
CVE-2023-30757
RESERVED
CVE-2023-30756
@@ -834,32 +856,32 @@ CVE-2023-30550
RESERVED
CVE-2023-30549
RESERVED
-CVE-2023-30548
- RESERVED
-CVE-2023-30547
- RESERVED
+CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which exposes ...)
+ TODO: check
+CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...)
+ TODO: check
CVE-2023-30546
RESERVED
CVE-2023-30545
RESERVED
CVE-2023-30544
RESERVED
-CVE-2023-30543
- RESERVED
+CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...)
+ TODO: check
CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin
-CVE-2023-30541
- RESERVED
-CVE-2023-30540
- RESERVED
-CVE-2023-30539
- RESERVED
+CVE-2023-30541 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
+ TODO: check
+CVE-2023-30540 (Nextcloud Talk is a chat, video & audio call extension for Nextclo ...)
+ TODO: check
+CVE-2023-30539 (Nextcloud is a personal home server system. Depending on the set up ta ...)
+ TODO: check
CVE-2023-30538
RESERVED
CVE-2023-30537 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
-CVE-2023-30536
- RESERVED
+CVE-2023-30536 (slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions p ...)
+ TODO: check
CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...)
NOT-FOR-US: Snowflake JDBC
CVE-2023-30534
@@ -4195,8 +4217,8 @@ CVE-2023-29215 (In Apache Linkis <=1.3.1, due to the lack of effective filter
NOT-FOR-US: Apache Linkis
CVE-2023-29214 (XWiki Commons are technical libraries common to several other top leve ...)
NOT-FOR-US: XWiki
-CVE-2023-29213
- RESERVED
+CVE-2023-29213 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
CVE-2023-29212 (XWiki Commons are technical libraries common to several other top leve ...)
NOT-FOR-US: XWiki
CVE-2023-29211 (XWiki Commons are technical libraries common to several other top leve ...)
@@ -4227,8 +4249,8 @@ CVE-2023-29199 (There exists a vulnerability in source code transformer (excepti
NOT-FOR-US: Node vm2
CVE-2023-29198
RESERVED
-CVE-2023-29197
- RESERVED
+CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...)
+ TODO: check
CVE-2023-29196
RESERVED
CVE-2023-29195
@@ -4860,79 +4882,57 @@ CVE-2023-28986
RESERVED
CVE-2023-28985
RESERVED
-CVE-2023-28984
- RESERVED
+CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning Manager ...)
NOT-FOR-US: Juniper
-CVE-2023-28983
- RESERVED
+CVE-2023-28983 (An OS Command Injection vulnerability in gRPC Network Operations Inter ...)
NOT-FOR-US: Juniper
-CVE-2023-28982
- RESERVED
+CVE-2023-28982 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2023-28981
- RESERVED
+CVE-2023-28981 (An Improper Input Validation vulnerability in the kernel of Juniper Ne ...)
NOT-FOR-US: Juniper
-CVE-2023-28980
- RESERVED
+CVE-2023-28980 (A Use After Free vulnerability in the routing protocol daemon of Junip ...)
NOT-FOR-US: Juniper
-CVE-2023-28979
- RESERVED
+CVE-2023-28979 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2023-28978
- RESERVED
+CVE-2023-28978 (An Insecure Default Initialization of Resource vulnerability in Junipe ...)
NOT-FOR-US: Juniper
CVE-2023-28977
RESERVED
-CVE-2023-28976
- RESERVED
+CVE-2023-28976 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2023-28975
- RESERVED
+CVE-2023-28975 (An Unexpected Status Code or Return Value vulnerability in the kernel ...)
NOT-FOR-US: Juniper
-CVE-2023-28974
- RESERVED
+CVE-2023-28974 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2023-28973
- RESERVED
+CVE-2023-28973 (An Improper Authorization vulnerability in the 'sysmanctl' shell comma ...)
NOT-FOR-US: Juniper
-CVE-2023-28972
- RESERVED
+CVE-2023-28972 (An Improper Link Resolution Before File Access vulnerability in consol ...)
NOT-FOR-US: Juniper
-CVE-2023-28971
- RESERVED
+CVE-2023-28971 (An Improper Restriction of Communication Channel to Intended Endpoints ...)
NOT-FOR-US: Juniper
-CVE-2023-28970
- RESERVED
+CVE-2023-28970 (An Improper Check or Handling of Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
CVE-2023-28969
RESERVED
-CVE-2023-28968
- RESERVED
+CVE-2023-28968 (An Improperly Controlled Sequential Memory Allocation vulnerability in ...)
NOT-FOR-US: Juniper
-CVE-2023-28967
- RESERVED
+CVE-2023-28967 (A Use of Uninitialized Resource vulnerability in the Border Gateway Pr ...)
NOT-FOR-US: Juniper
-CVE-2023-28966
- RESERVED
+CVE-2023-28966 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...)
NOT-FOR-US: Juniper
-CVE-2023-28965
- RESERVED
+CVE-2023-28965 (An Improper Check or Handling of Exceptional Conditions within the sto ...)
NOT-FOR-US: Juniper
-CVE-2023-28964
- RESERVED
+CVE-2023-28964 (An Improper Handling of Length Parameter Inconsistency vulnerability i ...)
NOT-FOR-US: Juniper
-CVE-2023-28963
- RESERVED
-CVE-2023-28962
- RESERVED
-CVE-2023-28961
- RESERVED
+CVE-2023-28963 (An Improper Authentication vulnerability in cert-mgmt.php, used by the ...)
+ TODO: check
+CVE-2023-28962 (An Improper Authentication vulnerability in upload-file.php, used by t ...)
+ TODO: check
+CVE-2023-28961 (An Improper Handling of Unexpected Data Type vulnerability in IPv6 fir ...)
NOT-FOR-US: Juniper
-CVE-2023-28960
- RESERVED
+CVE-2023-28960 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2023-28959
- RESERVED
+CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions vulnerability ...)
NOT-FOR-US: Juniper
CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...)
- gitlab <unfixed>
@@ -4956,8 +4956,7 @@ CVE-2023-1699 (Rapid7 Nexpose versions 6.6.186 and below suffer from a forced br
NOT-FOR-US: Rapid7 Nexpose
CVE-2023-1698
RESERVED
-CVE-2023-1697
- RESERVED
+CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the Packet For ...)
NOT-FOR-US: Juniper
CVE-2023-1696
RESERVED
@@ -8560,18 +8559,18 @@ CVE-2023-27913 (A maliciously crafted X_B file when parsed through Autodesk®
NOT-FOR-US: Autodesk
CVE-2023-27912 (A maliciously crafted X_B file when parsed through Autodesk® Auto ...)
NOT-FOR-US: Autodesk
-CVE-2023-27911
- RESERVED
-CVE-2023-27910
- RESERVED
-CVE-2023-27909
- RESERVED
+CVE-2023-27911 (A user may be tricked into opening a malicious FBX file that may explo ...)
+ TODO: check
+CVE-2023-27910 (A user may be tricked into opening a malicious FBX file that may explo ...)
+ TODO: check
+CVE-2023-27909 (An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK v ...)
+ TODO: check
CVE-2023-27908
RESERVED
-CVE-2023-27907
- RESERVED
-CVE-2023-27906
- RESERVED
+CVE-2023-27907 (A malicious actor may convince a victim to open a malicious USD file t ...)
+ TODO: check
+CVE-2023-27906 (A malicious actor may convince a victim to open a malicious USD file t ...)
+ TODO: check
CVE-2023-27884
RESERVED
CVE-2023-27879
@@ -16753,8 +16752,8 @@ CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_re
NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22 ...)
NOT-FOR-US: PC settings tool
-CVE-2023-25010
- RESERVED
+CVE-2023-25010 (A malicious actor may convince a victim to open a malicious USD file t ...)
+ TODO: check
CVE-2023-25009
RESERVED
CVE-2023-25008
@@ -18315,16 +18314,16 @@ CVE-2023-24506
RESERVED
CVE-2023-24505
RESERVED
-CVE-2023-24504
- RESERVED
-CVE-2023-24503
- RESERVED
-CVE-2023-24502
- RESERVED
-CVE-2023-24501
- RESERVED
-CVE-2023-24500
- RESERVED
+CVE-2023-24504 (Electra Central AC unit – Adjacent attacker may cause the unit t ...)
+ TODO: check
+CVE-2023-24503 (Electra Central AC unit – Adjacent attacker may cause the unit t ...)
+ TODO: check
+CVE-2023-24502 (Electra Central AC unit – The unit opens an AP with an easily ca ...)
+ TODO: check
+CVE-2023-24501 (Electra Central AC unit – Hardcoded Credentials in unspecified c ...)
+ TODO: check
+CVE-2023-24500 (Electra Central AC unit – Adjacent attacker may cause the unit t ...)
+ TODO: check
CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's device. ...)
NOT-FOR-US: Butterfly Button plugin
CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...)
@@ -31944,8 +31943,8 @@ CVE-2022-46391 (AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to
NOTE: Fixed by: https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965
CVE-2022-46390
RESERVED
-CVE-2022-46389
- RESERVED
+CVE-2022-46389 (There exists a reflected XSS within the logout functionality of Servic ...)
+ TODO: check
CVE-2022-46388
RESERVED
CVE-2022-46387 (ConEmu through 220807 and Cmder before 1.3.21 report the title of the ...)
@@ -54946,7 +54945,7 @@ CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and
NOT-FOR-US: WordPress plugin
CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...)
- octoprint <itp> (bug #718591)
-CVE-2022-39048 (ServiceNow Tokyo allows XSS. ...)
+CVE-2022-39048 (A XSS vulnerability was identified in the ServiceNow UI page assessmen ...)
NOT-FOR-US: ServiceNow Tokyo
CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...)
- glibc <not-affected> (Vulnerable code introduced later)
@@ -74860,6 +74859,7 @@ CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071
NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043)
CVE-2022-1941 (A parsing vulnerability for the MessageSet type in the ProtocolBuffers ...)
+ {DLA-3393-1}
[experimental] - protobuf 3.20.2-1
- protobuf 3.21.9-3
[bullseye] - protobuf <no-dsa> (Minor issue)
@@ -141889,8 +141889,8 @@ CVE-2021-33799
RESERVED
CVE-2021-33798
RESERVED
-CVE-2021-33797
- RESERVED
+CVE-2021-33797 (Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1 ...)
+ TODO: check
CVE-2021-33796
RESERVED
CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...)
@@ -170505,6 +170505,7 @@ CVE-2021-22572 (On unix-like systems, the system temporary directory is shared b
CVE-2021-22571 (A local attacker could read files from some other users' SA360 reports ...)
NOT-FOR-US: SA360 reports
CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
+ {DLA-3393-1}
[experimental] - protobuf 3.17.1-1
- protobuf 3.21.9-3
[bullseye] - protobuf <no-dsa> (Minor issue)
@@ -170513,6 +170514,7 @@ CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbo
NOTE: Fixed in merge commit https://github.com/protocolbuffers/protobuf/a00125024e9231d76746bd394fef8876f5cc15e2
NOTE: in src/google/protobuf/descriptor.cc
CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...)
+ {DLA-3393-1}
[experimental] - protobuf 3.19.3-1
- protobuf 3.21.9-3
[bullseye] - protobuf <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e527d6ed408c9c455e9dc8e8b4beae8e809aec37
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e527d6ed408c9c455e9dc8e8b4beae8e809aec37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230418/cd6cda01/attachment.htm>
More information about the debian-security-tracker-commits
mailing list