[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 20 21:10:36 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0d550a4e by security tracker role at 2023-04-20T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2023-30912
+ RESERVED
+CVE-2023-30911
+ RESERVED
+CVE-2023-30910
+ RESERVED
+CVE-2023-30909
+ RESERVED
+CVE-2023-30908
+ RESERVED
+CVE-2023-30907
+ RESERVED
+CVE-2023-30906
+ RESERVED
+CVE-2023-30905
+ RESERVED
+CVE-2023-30904
+ RESERVED
+CVE-2023-30903
+ RESERVED
+CVE-2023-30902
+ RESERVED
+CVE-2023-30901
+ RESERVED
+CVE-2023-30900
+ RESERVED
+CVE-2023-30899
+ RESERVED
+CVE-2023-30898
+ RESERVED
+CVE-2023-2197
+ RESERVED
+CVE-2023-2196
+ RESERVED
+CVE-2023-2195
+ RESERVED
+CVE-2023-2194
+ RESERVED
+CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...)
+ TODO: check
CVE-2023-30897
RESERVED
CVE-2023-2192
@@ -443,8 +483,8 @@ CVE-2023-2114
RESERVED
CVE-2023-2113
RESERVED
-CVE-2023-2112
- RESERVED
+CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...)
+ TODO: check
CVE-2023-2111
RESERVED
CVE-2023-2110
@@ -855,8 +895,8 @@ CVE-2023-30618
RESERVED
CVE-2023-30617
RESERVED
-CVE-2023-30616
- RESERVED
+CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...)
+ TODO: check
CVE-2023-30615
RESERVED
CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
@@ -2309,8 +2349,8 @@ CVE-2023-30078
RESERVED
CVE-2023-30077
RESERVED
-CVE-2023-30076
- RESERVED
+CVE-2023-30076 (Sourcecodester Judging Management System v1.0 is vulnerable to SQL Inj ...)
+ TODO: check
CVE-2023-30075
RESERVED
CVE-2023-30074
@@ -2609,8 +2649,8 @@ CVE-2023-29928
RESERVED
CVE-2023-29927
RESERVED
-CVE-2023-29926
- RESERVED
+CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote code exe ...)
+ TODO: check
CVE-2023-29925
RESERVED
CVE-2023-29924
@@ -3553,8 +3593,8 @@ CVE-2023-29530
RESERVED
CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...)
NOT-FOR-US: matrix-js-sdk
-CVE-2023-29528
- RESERVED
+CVE-2023-29528 (XWiki Commons are technical libraries common to several other top leve ...)
+ TODO: check
CVE-2023-29527 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2023-29526 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
@@ -4910,8 +4950,8 @@ CVE-2023-1769 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator
CVE-2023-1768 (Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= ...)
- check-mk <removed>
-CVE-2023-1767
- RESERVED
+CVE-2023-1767 (The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to ...)
+ TODO: check
CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Akbim Computer Panon
CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -9013,8 +9053,7 @@ CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series d
NOT-FOR-US: Moxa UC Series devices
CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server ar ...)
NOT-FOR-US: AVEVA Plant SCADA and AVEVA Telemetry Server
-CVE-2023-1255 [Input buffer over-read in AES-XTS implementation on 64 bit ARM]
- RESERVED
+CVE-2023-1255 (Issue summary: The AES-XTS cipher decryption implementation for 64 bit ...)
- openssl <unfixed>
[bullseye] - openssl <not-affected> (Vulnerable code not present)
[buster] - openssl <not-affected> (Vulnerable code not present)
@@ -9745,8 +9784,8 @@ CVE-2023-27654 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an atta
NOT-FOR-US: WHO
CVE-2023-27653 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...)
NOT-FOR-US: WHO
-CVE-2023-27652
- RESERVED
+CVE-2023-27652 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...)
+ TODO: check
CVE-2023-27651 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...)
NOT-FOR-US: Ego Studio SuperClean
CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...)
@@ -10291,8 +10330,8 @@ CVE-2023-1130 (A vulnerability, which was classified as critical, was found in S
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
CVE-2023-27496 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
-CVE-2023-27495
- RESERVED
+CVE-2023-27495 (@fastify/csrf-protection is a plugin which helps protect Fastify serve ...)
+ TODO: check
CVE-2023-27494 (Streamlit, software for turning data scripts into web applications, ha ...)
NOT-FOR-US: Streamlit
CVE-2023-27493 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
@@ -10683,10 +10722,10 @@ CVE-2023-27353
RESERVED
CVE-2023-27352
RESERVED
-CVE-2023-27351
- RESERVED
-CVE-2023-27350
- RESERVED
+CVE-2023-27351 (This vulnerability allows remote attackers to bypass authentication on ...)
+ TODO: check
+CVE-2023-27350 (This vulnerability allows remote attackers to bypass authentication on ...)
+ TODO: check
CVE-2023-27349
RESERVED
CVE-2023-27348
@@ -15571,8 +15610,8 @@ CVE-2023-25603
RESERVED
CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...)
NOT-FOR-US: FortiGuard
-CVE-2023-25601
- RESERVED
+CVE-2023-25601 (On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gatew ...)
+ TODO: check
CVE-2023-0753
RESERVED
CVE-2023-0752
@@ -19108,16 +19147,16 @@ CVE-2023-24373
RESERVED
CVE-2023-24372
RESERVED
-CVE-2023-23579
- RESERVED
-CVE-2023-22846
- RESERVED
-CVE-2023-22354
- RESERVED
-CVE-2023-22321
- RESERVED
-CVE-2023-22295
- RESERVED
+CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the ...)
+ TODO: check
+CVE-2023-22846 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...)
+ TODO: check
+CVE-2023-22354 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...)
+ TODO: check
+CVE-2023-22321 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...)
+ TODO: check
+CVE-2023-22295 (Datakit CrossCadWare_x64.dll contains an out of bounds read past the e ...)
+ TODO: check
CVE-2023-0452 (All versions of Econolite EOS traffic control software are vulnerable ...)
NOT-FOR-US: Econolite EOS traffic control software
CVE-2023-0451 (All versions of Econolite EOS traffic control software are vulnerable ...)
@@ -20183,8 +20222,8 @@ CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart c
NOT-FOR-US: OpenZeppelin Contracts
CVE-2023-23939 (Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vu ...)
NOT-FOR-US: Azure/setup-kubectl
-CVE-2023-23938
- RESERVED
+CVE-2023-23938 (Tuleap is a Free & Source tool for end to end traceability of appl ...)
+ TODO: check
CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: P ...)
NOT-FOR-US: Pimcore
CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 ...)
@@ -20608,8 +20647,8 @@ CVE-2023-22348
RESERVED
CVE-2023-22318
RESERVED
-CVE-2023-22309
- RESERVED
+CVE-2023-22309 (Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Applianc ...)
+ TODO: check
CVE-2023-22307 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...)
- check-mk <removed>
CVE-2023-22294 (Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows ...)
@@ -20634,10 +20673,10 @@ CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access t
NOTE: https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 (6.2-rc6)
CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Re ...)
NOT-FOR-US: Custom 404 Pro plugin for WordPress
-CVE-2023-0384
- RESERVED
-CVE-2023-0383
- RESERVED
+CVE-2023-0384 (User-controlled operations could have allowed Denial of Service in M-F ...)
+ TODO: check
+CVE-2023-0383 (User-controlled operations could have allowed Denial of Service in M-F ...)
+ TODO: check
CVE-2023-0382 (User-controlled operations could have allowed Denial of Service in M-F ...)
NOT-FOR-US: M-Files Server
CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate and esc ...)
@@ -20676,8 +20715,8 @@ CVE-2022-46836 (PHP code injection in watolib auth.php and hosttags.php in Tribe
- check-mk <removed>
CVE-2022-46303 (Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p ...)
- check-mk <removed>
-CVE-2022-46302
- RESERVED
+CVE-2022-46302 (Broad access controls could allow site users to directly interact with ...)
+ TODO: check
CVE-2022-43440 (Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk b ...)
- check-mk <removed>
CVE-2021-4314 (It is possible to manipulate the JWT token without the knowledge of th ...)
@@ -22080,7 +22119,7 @@ CVE-2023-23357
RESERVED
CVE-2023-23356
RESERVED
-CVE-2023-23355 (A vulnerability has been reported to affect multiple QNAP operating sy ...)
+CVE-2023-23355 (A vulnerability has been reported to affect QNAP operating systems. If ...)
NOT-FOR-US: QNAP
CVE-2023-23354
RESERVED
@@ -57312,8 +57351,8 @@ CVE-2022-37408
RESERVED
CVE-2022-37343
RESERVED
-CVE-2022-36788
- RESERVED
+CVE-2022-36788 (A heap-based buffer overflow vulnerability exists in the TriangleMesh ...)
+ TODO: check
CVE-2022-36420
RESERVED
CVE-2022-36419
@@ -80960,8 +80999,8 @@ CVE-2022-29946
RESERVED
CVE-2022-29945 (DJI drone devices sold in 2017 through 2022 broadcast unencrypted info ...)
NOT-FOR-US: DJI drone devices
-CVE-2022-29944
- RESERVED
+CVE-2022-29944 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...)
+ TODO: check
CVE-2022-29943 (Talend Administration Center has a vulnerability that allows an authen ...)
NOT-FOR-US: Talend Administration Center
CVE-2022-29942 (Talend Administration Center has a vulnerability that allows an authen ...)
@@ -82022,18 +82061,18 @@ CVE-2022-29611 (SAP NetWeaver Application Server for ABAP and ABAP Platform do n
NOT-FOR-US: SAP
CVE-2022-29610 (SAP NetWeaver Application Server ABAP allows an authenticated attacker ...)
NOT-FOR-US: SAP
-CVE-2022-29609
- RESERVED
-CVE-2022-29608
- RESERVED
-CVE-2022-29607
- RESERVED
-CVE-2022-29606
- RESERVED
-CVE-2022-29605
- RESERVED
-CVE-2022-29604
- RESERVED
+CVE-2022-29609 (An issue was discovered in ONOS 2.5.1. An intent with the same source ...)
+ TODO: check
+CVE-2022-29608 (An issue was discovered in ONOS 2.5.1. An intent with a port that is a ...)
+ TODO: check
+CVE-2022-29607 (An issue was discovered in ONOS 2.5.1. Modification of an existing int ...)
+ TODO: check
+CVE-2022-29606 (An issue was discovered in ONOS 2.5.1. An intent with a large port num ...)
+ TODO: check
+CVE-2022-29605 (An issue was discovered in ONOS 2.5.1. IntentManager attempts to insta ...)
+ TODO: check
+CVE-2022-29604 (An issue was discovered in ONOS 2.5.1. An intent with an uppercase let ...)
+ TODO: check
CVE-2022-29603 (A SQL Injection vulnerability exists in UniverSIS UniverSIS-API throug ...)
NOT-FOR-US: UniverSIS
CVE-2022-29602 (The gridelements (aka Grid Elements) extension through 7.6.1, 8.x thro ...)
@@ -88031,9 +88070,9 @@ CVE-2022-27600
RESERVED
CVE-2022-27599
RESERVED
-CVE-2022-27598 (A vulnerability have been reported to affect multiple QNAP operating s ...)
+CVE-2022-27598 (A vulnerability has been reported to affect QNAP operating systems. If ...)
NOT-FOR-US: QNAP
-CVE-2022-27597 (A vulnerability have been reported to affect multiple QNAP operating s ...)
+CVE-2022-27597 (A vulnerability has been reported to affect QNAP operating systems. If ...)
NOT-FOR-US: QNAP
CVE-2022-27596 (A vulnerability has been reported to affect QNAP device running QuTS h ...)
NOT-FOR-US: QNAP
@@ -98552,8 +98591,8 @@ CVE-2022-24111 (In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfol
- mahara <removed>
CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' ...)
NOT-FOR-US: Kiteworks managed file transfer
-CVE-2022-24109
- RESERVED
+CVE-2022-24109 (An issue was discovered in ONOS 2.5.1. To attack an intent installed b ...)
+ TODO: check
CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remot ...)
NOT-FOR-US: OpenCart plugin
CVE-2022-24107 (Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. ...)
@@ -98788,8 +98827,8 @@ CVE-2021-4216 (A Floating point exception (division-by-zero) flaw was found in M
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704834
NOTE: https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf (1.20.0-rc1)
NOTE: Negligible security impact, crash in CLI tool
-CVE-2022-24035
- RESERVED
+CVE-2022-24035 (An issue was discovered in ONOS 2.5.1. The purge-requested intent rema ...)
+ TODO: check
CVE-2022-24034
RESERVED
CVE-2022-24033
@@ -131020,10 +131059,10 @@ CVE-2021-3695 (A crafted 16-bit grayscale PNG image may lead to a out-of-bounds
CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...)
- opensysusers 0.6-3 (bug #992058)
[bullseye] - opensysusers <no-dsa> (Minor issue; if fixed upstream address via point release)
-CVE-2021-38364
- RESERVED
-CVE-2021-38363
- RESERVED
+CVE-2021-38364 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...)
+ TODO: check
+CVE-2021-38363 (An issue was discovered in ONOS 2.5.1. In IntentManager, the install-r ...)
+ TODO: check
CVE-2021-38362 (In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker ...)
NOT-FOR-US: RSA Archer
CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...)
@@ -166268,7 +166307,7 @@ CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 ha
NOT-FOR-US: WordPress plugin
CVE-2021-24511 (The fetch_product_ajax functionality in the Product Feed on WooCommerc ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24510 (The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or ...)
+CVE-2021-24510 (The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d550a4ef8678f976c522ab8f3e689c591ceab7a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d550a4ef8678f976c522ab8f3e689c591ceab7a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230420/b3424d9e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list