[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 24 09:10:22 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50ddda23 by security tracker role at 2023-04-24T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2023-31103
+ RESERVED
+CVE-2023-31102
+ RESERVED
+CVE-2023-31101
+ RESERVED
+CVE-2023-31100
+ RESERVED
+CVE-2023-31099
+ RESERVED
+CVE-2023-31098
+ RESERVED
+CVE-2023-31097
+ RESERVED
+CVE-2023-31096
+ RESERVED
+CVE-2023-31095
+ RESERVED
+CVE-2023-31094
+ RESERVED
+CVE-2023-31093
+ RESERVED
+CVE-2023-31092
+ RESERVED
+CVE-2023-31091
+ RESERVED
+CVE-2023-31090
+ RESERVED
+CVE-2023-31089
+ RESERVED
+CVE-2023-31088
+ RESERVED
+CVE-2023-31087
+ RESERVED
+CVE-2023-31086
+ RESERVED
+CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel ...)
+ TODO: check
+CVE-2023-31084 (An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in th ...)
+ TODO: check
+CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux ...)
+ TODO: check
+CVE-2023-31082 (An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2 ...)
+ TODO: check
+CVE-2023-31081 (An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_brid ...)
+ TODO: check
+CVE-2023-31080
+ RESERVED
+CVE-2023-31079
+ RESERVED
+CVE-2023-31078
+ RESERVED
+CVE-2023-31077
+ RESERVED
+CVE-2023-31076
+ RESERVED
+CVE-2023-31075
+ RESERVED
+CVE-2023-31074
+ RESERVED
+CVE-2023-31073
+ RESERVED
+CVE-2023-31072
+ RESERVED
+CVE-2023-31071
+ RESERVED
+CVE-2023-31070
+ RESERVED
+CVE-2023-31069
+ RESERVED
+CVE-2023-31068
+ RESERVED
+CVE-2023-31067
+ RESERVED
+CVE-2023-31066
+ RESERVED
+CVE-2023-31065
+ RESERVED
+CVE-2023-31064
+ RESERVED
+CVE-2023-31063
+ RESERVED
+CVE-2023-31062
+ RESERVED
+CVE-2023-31061 (Repetier Server through 1.4.10 does not have CSRF protection. ...)
+ TODO: check
+CVE-2023-31060 (Repetier Server through 1.4.10 executes as SYSTEM. This can be leverag ...)
+ TODO: check
+CVE-2023-31059 (Repetier Server through 1.4.10 allows ..%5c directory traversal for re ...)
+ TODO: check
+CVE-2023-31058
+ RESERVED
+CVE-2023-31057
+ RESERVED
+CVE-2023-31056 (CloverDX before 5.17.3 writes passwords to the audit log in certain si ...)
+ TODO: check
+CVE-2023-31055
+ RESERVED
+CVE-2023-31054
+ RESERVED
+CVE-2023-31053
+ RESERVED
+CVE-2023-31052
+ RESERVED
+CVE-2023-31051
+ RESERVED
+CVE-2023-31050
+ RESERVED
+CVE-2023-31049
+ RESERVED
+CVE-2023-31048
+ RESERVED
+CVE-2023-31047
+ RESERVED
+CVE-2023-31046
+ RESERVED
+CVE-2023-31045
+ RESERVED
+CVE-2023-31044
+ RESERVED
+CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...)
+ TODO: check
+CVE-2023-2247
+ RESERVED
CVE-2023-31042
RESERVED
CVE-2023-31041
@@ -8731,8 +8855,8 @@ CVE-2023-28133
RESERVED
CVE-2023-28132
RESERVED
-CVE-2023-28131
- RESERVED
+CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to take ov ...)
+ TODO: check
CVE-2023-28130
RESERVED
CVE-2023-28129
@@ -19771,6 +19895,7 @@ CVE-2023-24293
CVE-2023-24292
RESERVED
CVE-2023-24291 [A crafted save file can cause a buffer overrun in Simon Tatham's Portable Puzzle Collection]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
@@ -19779,26 +19904,32 @@ CVE-2023-24290
CVE-2023-24289
RESERVED
CVE-2023-24288 [A crafted save file can cause a buffer overrun in Simon Tatham's Portable Puzzle Collection]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
CVE-2023-24287 [A crafted save file can cause a buffer overrun in the Undead puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
CVE-2023-24286 [A crafted save file can cause a buffer overrun in the Mosaic puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <not-affected> (Vulnerable code introduced later)
[buster] - sgt-puzzles <not-affected> (Vulnerable code introduced later)
CVE-2023-24285 [A crafted save file can cause a buffer overrun in the Netslide puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
CVE-2023-24284 [A crafted save file can cause a buffer overrun in the Guess puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
CVE-2023-24283 [A crafted save file can cause a buffer overrun in the Guess puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
@@ -21251,8 +21382,8 @@ CVE-2023-0343 (Akuvox E11 contains a function that encrypts messages which are t
NOT-FOR-US: Akuvox E11
CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...)
NOT-FOR-US: frioux ptome
-CVE-2023-23753
- RESERVED
+CVE-2023-23753 (The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQ ...)
+ TODO: check
CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper ac ...)
NOT-FOR-US: Joomla!
CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...)
@@ -58035,6 +58166,7 @@ CVE-2022-38369 (Apache IoTDB version 0.13.0 is vulnerable by session id attack.
CVE-2022-2851
RESERVED
CVE-2022-2850 (A flaw was found In 389-ds-base. When the Content Synchronization plug ...)
+ {DLA-3399-1}
- 389-ds-base 2.3.1-1 (bug #1018054)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2118691
NOTE: https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979
@@ -89578,6 +89710,7 @@ CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel’s vi
CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sensor co ...)
NOT-FOR-US: Fidelis
CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...)
+ {DLA-3399-1}
- 389-ds-base 2.0.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
NOTE: https://github.com/389ds/389-ds-base/issues/5221
@@ -90689,6 +90822,7 @@ CVE-2022-0920 (The Salon booking system Free and Pro WordPress plugins before 7.
CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before 7.6.3 d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that allows ...)
+ {DLA-3399-1}
- 389-ds-base 2.0.15-1.1 (bug #1016445)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815
NOTE: https://github.com/389ds/389-ds-base/issues/5242
@@ -110709,6 +110843,7 @@ CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure
CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...)
+ {DLA-3399-1}
- 389-ds-base 2.0.15-1
[stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
@@ -135603,6 +135738,7 @@ CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android,
CVE-2021-36768
RESERVED
CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...)
+ {DLA-3399-1}
- 389-ds-base 1.4.4.17-1 (bug #991405)
[bullseye] - 389-ds-base <no-dsa> (Minor issue)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
@@ -148054,6 +148190,7 @@ CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112
NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...)
+ {DLA-3399-1}
- 389-ds-base 1.4.4.11-2 (bug #988727)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://github.com/389ds/389-ds-base/issues/4711
@@ -273750,7 +273887,7 @@ CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session co
CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, versions ...)
NOT-FOR-US: Katello
CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...)
- {DLA-2004-1}
+ {DLA-3399-1 DLA-2004-1}
- 389-ds-base 1.4.2.4-1 (bug #944150)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448
@@ -288156,6 +288293,7 @@ CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the
CVE-2019-10225 (A flaw was found in atomic-openshift of openshift-4.2 where the basic- ...)
NOT-FOR-US: OpenShift
CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. ...)
+ {DLA-3399-1}
- 389-ds-base 1.4.1.5-1
[stretch] - 389-ds-base <not-affected> (vulnerable code not present)
[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
@@ -305547,7 +305685,7 @@ CVE-2019-3885 (A use-after-free flaw was found in pacemaker up to and including
CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of atomic-o ...)
NOT-FOR-US: atomic-openshift
CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...)
- {DLA-1779-1}
+ {DLA-3399-1 DLA-1779-1}
- 389-ds-base 1.4.1.5-1 (bug #927939)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50ddda23ed5e7c7ce241a1b796c2d35feec7e4b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50ddda23ed5e7c7ce241a1b796c2d35feec7e4b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230424/a16c3c70/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list