[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 19 21:10:48 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c3ce7ff by security tracker role at 2023-04-19T20:10:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2023-30896
+ RESERVED
+CVE-2023-30895
+ RESERVED
+CVE-2023-30894
+ RESERVED
+CVE-2023-30893
+ RESERVED
+CVE-2023-30892
+ RESERVED
+CVE-2023-30891
+ RESERVED
+CVE-2023-30890
+ RESERVED
+CVE-2023-30889
+ RESERVED
+CVE-2023-30888
+ RESERVED
+CVE-2023-30887
+ RESERVED
+CVE-2023-30886
+ RESERVED
+CVE-2023-30885
+ RESERVED
+CVE-2023-30884
+ RESERVED
+CVE-2023-30883
+ RESERVED
+CVE-2023-30882
+ RESERVED
+CVE-2023-30881
+ RESERVED
+CVE-2023-30880
+ RESERVED
+CVE-2023-30879
+ RESERVED
+CVE-2023-30878
+ RESERVED
+CVE-2023-30877
+ RESERVED
+CVE-2023-30876
+ RESERVED
+CVE-2023-30875
+ RESERVED
+CVE-2023-30874
+ RESERVED
+CVE-2023-30873
+ RESERVED
+CVE-2023-30872
+ RESERVED
+CVE-2023-30871
+ RESERVED
+CVE-2023-30870
+ RESERVED
+CVE-2023-30869
+ RESERVED
+CVE-2023-30868
+ RESERVED
+CVE-2023-30867
+ RESERVED
+CVE-2023-30866
+ RESERVED
+CVE-2023-30865
+ RESERVED
+CVE-2023-30864
+ RESERVED
+CVE-2023-30863
+ RESERVED
+CVE-2023-30862
+ RESERVED
+CVE-2023-2187
+ RESERVED
+CVE-2023-2186
+ RESERVED
+CVE-2023-2185
+ RESERVED
+CVE-2023-2184
+ RESERVED
+CVE-2023-2183
+ RESERVED
+CVE-2023-2182
+ RESERVED
+CVE-2023-2181
+ RESERVED
+CVE-2023-2180
+ RESERVED
+CVE-2023-2179
+ RESERVED
+CVE-2023-2178
+ RESERVED
+CVE-2023-2177
+ RESERVED
+CVE-2023-2176
+ RESERVED
+CVE-2022-4943
+ RESERVED
CVE-2023-2175
RESERVED
CVE-2023-2174
@@ -8,12 +104,12 @@ CVE-2023-2172
RESERVED
CVE-2023-2171
RESERVED
-CVE-2023-2170
- RESERVED
-CVE-2023-2169
- RESERVED
-CVE-2023-2168
- RESERVED
+CVE-2023-2170 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-2169 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2023-2168 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
CVE-2023-2167
RESERVED
CVE-2023-30861
@@ -744,16 +840,16 @@ CVE-2023-30616
RESERVED
CVE-2023-30615
RESERVED
-CVE-2023-30614
- RESERVED
+CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
+ TODO: check
CVE-2023-30613
RESERVED
-CVE-2023-30612
- RESERVED
-CVE-2023-30611
- RESERVED
-CVE-2023-30610
- RESERVED
+CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...)
+ TODO: check
+CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...)
+ TODO: check
+CVE-2023-30610 (aws-sigv4 is a rust library for low level request signing in the aws c ...)
+ TODO: check
CVE-2023-30609
RESERVED
CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In affected ...)
@@ -1403,8 +1499,8 @@ CVE-2023-1965
RESERVED
CVE-2023-30464
RESERVED
-CVE-2023-30463
- RESERVED
+CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and subsequent ...)
+ TODO: check
CVE-2023-30462
RESERVED
CVE-2023-30461
@@ -2500,12 +2596,12 @@ CVE-2023-29925
RESERVED
CVE-2023-29924
RESERVED
-CVE-2023-29923
- RESERVED
-CVE-2023-29922
- RESERVED
-CVE-2023-29921
- RESERVED
+CVE-2023-29923 (PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list jo ...)
+ TODO: check
+CVE-2023-29922 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...)
+ TODO: check
+CVE-2023-29921 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...)
+ TODO: check
CVE-2023-29920
RESERVED
CVE-2023-29919
@@ -3174,8 +3270,8 @@ CVE-2023-29588
RESERVED
CVE-2023-29587
RESERVED
-CVE-2023-29586
- RESERVED
+CVE-2023-29586 (Code Sector TeraCopy 3.9.7 does not perform proper access validation o ...)
+ TODO: check
CVE-2023-29585
RESERVED
CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...)
@@ -3839,8 +3935,8 @@ CVE-2023-1902
RESERVED
CVE-2023-1901
RESERVED
-CVE-2023-1900
- RESERVED
+CVE-2023-1900 (A vulnerability within the Avira network protection feature allowed an ...)
+ TODO: check
CVE-2023-1899
RESERVED
CVE-2023-1898
@@ -5990,12 +6086,12 @@ CVE-2023-28752
RESERVED
CVE-2023-1588
RESERVED
-CVE-2023-1587
- RESERVED
-CVE-2023-1586
- RESERVED
-CVE-2023-1585
- RESERVED
+CVE-2023-1587 (Avast and AVG Antivirus for Windows were susceptible to a NULL pointer ...)
+ TODO: check
+CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...)
+ TODO: check
+CVE-2023-1585 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...)
+ TODO: check
CVE-2023-1584
RESERVED
NOT-FOR-US: Quarkus
@@ -9376,10 +9472,10 @@ CVE-2023-27779 (AM Presencia v3.7.3 was discovered to contain a SQL injection vu
NOT-FOR-US: AM Presencia
CVE-2023-27778
RESERVED
-CVE-2023-27777
- RESERVED
-CVE-2023-27776
- RESERVED
+CVE-2023-27777 (Cross-site scripting (XSS) vulnerability was discovered in Online Jewe ...)
+ TODO: check
+CVE-2023-27776 (A stored cross-site scripting (XSS) vulnerability in /index.php?page=c ...)
+ TODO: check
CVE-2023-27775 (A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 all ...)
NOT-FOR-US: LiveAction LiveSP
CVE-2023-27774
@@ -12267,8 +12363,8 @@ CVE-2023-26601 (Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer
NOT-FOR-US: Zoho ManageEngine
CVE-2023-26600 (ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP thro ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2023-26599
- RESERVED
+CVE-2023-26599 (XSS vulnerability in TripleSign in Tripleplay Platform releases prior ...)
+ TODO: check
CVE-2023-26598
RESERVED
CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network devices ...)
@@ -14707,10 +14803,10 @@ CVE-2023-0824
RESERVED
CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25760
- RESERVED
-CVE-2023-25759
- RESERVED
+CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior to Cave ...)
+ TODO: check
+CVE-2023-25759 (OS Command Injection in TripleData Reporting Engine in Tripleplay Plat ...)
+ TODO: check
CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.1 ...)
NOT-FOR-US: Onekey
CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001) contai ...)
@@ -15343,10 +15439,10 @@ CVE-2023-25622
RESERVED
CVE-2023-25621 (Privilege Escalation vulnerability in Apache Software Foundation Apach ...)
NOT-FOR-US: Apache Sling
-CVE-2023-25620
- RESERVED
-CVE-2023-25619
- RESERVED
+CVE-2023-25620 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
+CVE-2023-25619 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ TODO: check
CVE-2023-25618 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...)
NOT-FOR-US: SAP
CVE-2023-25617 (SAP Business Object (Adaptive Job Server) - versions 420, 430, allows ...)
@@ -21136,8 +21232,8 @@ CVE-2023-0319 (An issue has been discovered in GitLab affecting all versions sta
- gitlab <unfixed>
CVE-2023-0318
RESERVED
-CVE-2023-0317
- RESERVED
+CVE-2023-0317 (Unprotected Alternate Channel vulnerability in debug console of GateMa ...)
+ TODO: check
CVE-2022-4891 (A vulnerability has been found in Sisimai up to 4.25.14p11 and classif ...)
NOT-FOR-US: Sisimai
CVE-2017-20170 (A vulnerability was found in ollpu parontalli. It has been classified ...)
@@ -23414,10 +23510,10 @@ CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0004.html
NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86
NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4)
-CVE-2023-22894
- RESERVED
-CVE-2023-22893
- RESERVED
+CVE-2023-22894 (Strapi through 4.5.5 allows attackers (with access to the admin panel) ...)
+ TODO: check
+CVE-2023-22893 (Strapi through 4.5.5 does not verify the access or ID tokens issued du ...)
+ TODO: check
CVE-2023-22892 (There exists an information disclosure vulnerability in SmartBear Zeph ...)
NOT-FOR-US: SmartBear Zephyr Enterprise
CVE-2023-22891 (There exists a privilege escalation vulnerability in SmartBear Zephyr ...)
@@ -24346,8 +24442,8 @@ CVE-2023-22647
RESERVED
CVE-2023-22646
RESERVED
-CVE-2023-22645
- RESERVED
+CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...)
+ TODO: check
CVE-2023-22644
RESERVED
CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
@@ -24474,8 +24570,8 @@ CVE-2023-22623
RESERVED
CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits to caus ...)
- wordpress <not-affected> (Not an issue for packaged WordPress)
-CVE-2023-22621
- RESERVED
+CVE-2023-22621 (Strapi through 4.5.5 allows authenticated Server-Side Template Injecti ...)
+ TODO: check
CVE-2023-22620 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...)
NOT-FOR-US: SecurePoint UTM
CVE-2023-22619
@@ -31575,8 +31671,8 @@ CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not san
NOT-FOR-US: WordPress plugin
CVE-2022-4309 (The Subscribe2 WordPress plugin before 10.38 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4308
- RESERVED
+CVE-2022-4308 (Plaintext Storage of a Password vulnerability in Secomea GateManager ( ...)
+ TODO: check
CVE-2022-4307 (The پلاگین پرد&# ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not s ...)
@@ -58194,8 +58290,8 @@ CVE-2022-38127
REJECTED
CVE-2022-38126
REJECTED
-CVE-2022-38125
- RESERVED
+CVE-2022-38125 (Improper Restriction of Communication Channel to Intended Endpoints vu ...)
+ TODO: check
CVE-2022-38124 (Debug tool in Secomea SiteManager allows logged-in administrator to mo ...)
NOT-FOR-US: Secomea
CVE-2022-38123 (Improper Input Validation of plugin files in Administrator Interface o ...)
@@ -62762,8 +62858,8 @@ CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens becau
NOTE: https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2
CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal the ex ...)
NOT-FOR-US: Octopus Server
-CVE-2022-2507
- RESERVED
+CVE-2022-2507 (In affected versions of Octopus Deploy it is possible to render user s ...)
+ TODO: check
CVE-2022-2506
RESERVED
CVE-2022-36363 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
@@ -95658,7 +95754,7 @@ CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget pr
CVE-2022-24922
RESERVED
CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows st ...)
- {DLA-2986-1 DLA-2985-1}
+ {DLA-3395-1 DLA-2986-1 DLA-2985-1}
- golang-1.18 1.18~rc1-1
- golang-1.17 1.17.8-1
- golang-1.15 <removed>
@@ -99958,7 +100054,7 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b
NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)
NOTE: 2FA support is not packaged in Debian
CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...)
- {DLA-2986-1 DLA-2985-1}
+ {DLA-3395-1 DLA-2986-1 DLA-2985-1}
- golang-1.18 1.18~rc1-1
- golang-1.17 1.17.7-1
- golang-1.15 <removed>
@@ -100101,7 +100197,7 @@ CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinte
NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7)
CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...)
- {DLA-2986-1 DLA-2985-1}
+ {DLA-3395-1 DLA-2986-1 DLA-2985-1}
- golang-1.18 1.18~beta2-1
- golang-1.17 1.17.7-1
- golang-1.15 <removed>
@@ -110420,7 +110516,7 @@ CVE-2021-44718 (wolfSSL through 5.0.0 allows an attacker to cause a denial of se
[bullseye] - wolfssl 4.6.0+p1-0+deb11u1
NOTE: https://github.com/wolfSSL/wolfssl/pull/4629
CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...)
- {DLA-2892-1 DLA-2891-1}
+ {DLA-3395-1 DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
[bullseye] - golang-1.15 1.15.15-1~deb11u2
@@ -110432,7 +110528,7 @@ CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write
NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5)
NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12)
CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...)
- {DLA-2892-1 DLA-2891-1}
+ {DLA-3395-1 DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.5-1
- golang-1.15 1.15.15-5
[bullseye] - golang-1.15 1.15.15-1~deb11u2
@@ -113545,8 +113641,8 @@ CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is
- seafile-server <itp> (bug #865830)
NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
NOTE: https://github.com/haiwen/seafile-server/pull/520
-CVE-2021-43819
- RESERVED
+CVE-2021-43819 (Stargate-Bukkit is a mod for the minecraft video game which adds a por ...)
+ TODO: check
CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...)
{DSA-5043-1 DLA-2871-1}
- lxml 4.7.1-1 (bug #1001885)
@@ -122289,7 +122385,7 @@ CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip
NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3)
NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10)
CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...)
- {DLA-2892-1 DLA-2891-1}
+ {DLA-3395-1 DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.3-1
- golang-1.16 1.16.10-1
- golang-1.15 1.15.15-5
@@ -128531,7 +128627,7 @@ CVE-2021-23156
CVE-2021-39294
RESERVED
CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted ...)
- {DLA-2892-1 DLA-2891-1}
+ {DLA-3395-1 DLA-2892-1 DLA-2891-1}
- golang-1.17 1.17.1-1
- golang-1.16 1.16.8-1
- golang-1.15 1.15.15-2
@@ -131053,6 +131149,7 @@ CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Contr
CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XX ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...)
+ {DLA-3395-1}
- golang-1.17 1.17.2-1
- golang-1.16 1.16.9-1
- golang-1.15 1.15.15-5
@@ -136300,7 +136397,7 @@ CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center
NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007
CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
- {DLA-2892-1 DLA-2891-1}
+ {DLA-3395-1 DLA-2892-1 DLA-2891-1}
- golang-1.16 1.16.7-1
- golang-1.15 1.15.15-1 (bug #991961)
[bullseye] - golang-1.15 1.15.15-1~deb11u1
@@ -143747,7 +143844,7 @@ CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configuratio
NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15)
CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...)
- {DLA-2892-1 DLA-2891-1}
+ {DLA-3395-1 DLA-2892-1 DLA-2891-1}
- golang-1.16 1.16.5-1 (bug #989492)
- golang-1.15 1.15.9-4
- golang-1.11 <removed>
@@ -186212,7 +186309,7 @@ CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sens
[stretch] - xen <end-of-life> (DSA 4602-1)
NOTE: https://xenbits.xen.org/xsa/advisory-351.html
CVE-2020-28367 (Code injection in the go command with cgo before Go 1.14.12 and Go 1.1 ...)
- {DLA-2460-1}
+ {DLA-3395-1 DLA-2460-1}
- golang-1.15 1.15.5-1
- golang-1.11 <removed>
- golang-1.8 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c3ce7ff0c6bcd6f7db47f80a9b09792cf709e87
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c3ce7ff0c6bcd6f7db47f80a9b09792cf709e87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230419/c8a3ba9e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list