[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 24 21:10:46 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6b07be93 by security tracker role at 2023-04-24T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-31122
+ RESERVED
+CVE-2023-31121
+ RESERVED
+CVE-2023-31120
+ RESERVED
+CVE-2023-31119
+ RESERVED
+CVE-2023-31118
+ RESERVED
+CVE-2023-31117
+ RESERVED
+CVE-2023-31116
+ RESERVED
+CVE-2023-31115
+ RESERVED
+CVE-2023-31114
+ RESERVED
+CVE-2023-31113
+ RESERVED
+CVE-2023-31112
+ RESERVED
+CVE-2023-31111
+ RESERVED
+CVE-2023-31110
+ RESERVED
+CVE-2023-31109
+ RESERVED
+CVE-2023-31108
+ RESERVED
+CVE-2023-31107
+ RESERVED
+CVE-2023-31106
+ RESERVED
+CVE-2023-31105
+ RESERVED
+CVE-2023-31104
+ RESERVED
+CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...)
+ TODO: check
+CVE-2023-2256
+ RESERVED
+CVE-2023-2255
+ RESERVED
+CVE-2023-2254
+ RESERVED
+CVE-2023-2253
+ RESERVED
+CVE-2023-2252
+ RESERVED
+CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.2.2. ...)
+ TODO: check
+CVE-2023-2250
+ RESERVED
+CVE-2023-2249
+ RESERVED
+CVE-2023-2248
+ RESERVED
+CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module in ...)
+ TODO: check
+CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` ...)
+ TODO: check
CVE-2023-31103
RESERVED
CVE-2023-31102
@@ -119,8 +181,8 @@ CVE-2023-31047
RESERVED
CVE-2023-31046
RESERVED
-CVE-2023-31045
- RESERVED
+CVE-2023-31045 (** DISPUTED ** A stored Cross-site scripting (XSS) issue in Text Edito ...)
+ TODO: check
CVE-2023-31044
RESERVED
CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...)
@@ -153,10 +215,10 @@ CVE-2023-2241 (A vulnerability, which was classified as critical, was found in P
[bullseye] - libpodofo <no-dsa> (Minor issue)
NOTE: https://github.com/podofo/podofo/issues/69
NOTE: https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
-CVE-2012-10014
- RESERVED
-CVE-2012-10013
- RESERVED
+CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-Boy Ba ...)
+ TODO: check
+CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin up to ...)
+ TODO: check
CVE-2023-31037
RESERVED
CVE-2023-31036
@@ -948,8 +1010,8 @@ CVE-2023-30778
RESERVED
CVE-2023-30777
RESERVED
-CVE-2023-30776
- RESERVED
+CVE-2023-30776 (An authenticated user with specific data permissions could access data ...)
+ TODO: check
CVE-2023-2129
RESERVED
CVE-2023-2128
@@ -1387,8 +1449,8 @@ CVE-2023-30624
RESERVED
CVE-2023-30623
RESERVED
-CVE-2023-30622
- RESERVED
+CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...)
+ TODO: check
CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...)
NOT-FOR-US: Gipsy
CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers build AI sol ...)
@@ -1405,8 +1467,8 @@ CVE-2023-30615
RESERVED
CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...)
NOT-FOR-US: Pay (payments engine for Ruby on Rails)
-CVE-2023-30613
- RESERVED
+CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...)
+ TODO: check
CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...)
NOT-FOR-US: Cloud hypervisor
CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...)
@@ -1771,8 +1833,8 @@ CVE-2023-30546
RESERVED
CVE-2023-30545
RESERVED
-CVE-2023-30544
- RESERVED
+CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...)
+ TODO: check
CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...)
NOT-FOR-US: @web3-react
CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
@@ -1795,8 +1857,8 @@ CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core
NOT-FOR-US: Snowflake JDBC
CVE-2023-30534
RESERVED
-CVE-2023-30533
- RESERVED
+CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...)
+ TODO: check
CVE-2023-2011
RESERVED
CVE-2023-2010
@@ -2075,8 +2137,8 @@ CVE-2023-30460
RESERVED
CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker ...)
NOT-FOR-US: SmartPTT SCADA
-CVE-2023-30458
- RESERVED
+CVE-2023-30458 (A username enumeration issue was discovered in Medicine Tracker System ...)
+ TODO: check
CVE-2023-30457
RESERVED
CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...)
@@ -2252,28 +2314,28 @@ CVE-2023-30380
RESERVED
CVE-2023-30379
RESERVED
-CVE-2023-30378
- RESERVED
+CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-b ...)
+ TODO: check
CVE-2023-30377
RESERVED
-CVE-2023-30376
- RESERVED
-CVE-2023-30375
- RESERVED
+CVE-2023-30376 (In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a ...)
+ TODO: check
+CVE-2023-30375 (In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-ba ...)
+ TODO: check
CVE-2023-30374
RESERVED
-CVE-2023-30373
- RESERVED
-CVE-2023-30372
- RESERVED
-CVE-2023-30371
- RESERVED
-CVE-2023-30370
- RESERVED
-CVE-2023-30369
- RESERVED
-CVE-2023-30368
- RESERVED
+CVE-2023-30373 (In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a ...)
+ TODO: check
+CVE-2023-30372 (In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack ...)
+ TODO: check
+CVE-2023-30371 (In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-b ...)
+ TODO: check
+CVE-2023-30370 (In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-bas ...)
+ TODO: check
+CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. ...)
+ TODO: check
+CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWe ...)
+ TODO: check
CVE-2023-30367
RESERVED
CVE-2023-30366
@@ -3310,10 +3372,10 @@ CVE-2023-29851
RESERVED
CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip ...)
NOT-FOR-US: SENAYAN Library Management System (SLiMS) Bulia
-CVE-2023-29849
- RESERVED
-CVE-2023-29848
- RESERVED
+CVE-2023-29849 (Bang Resto 1.0 was discovered to contain multiple SQL injection vulner ...)
+ TODO: check
+CVE-2023-29848 (Bang Resto 1.0 was discovered to contain a stored cross-site scripting ...)
+ TODO: check
CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored cross-site sc ...)
NOT-FOR-US: AeroCMS
CVE-2023-29846
@@ -3448,8 +3510,8 @@ CVE-2023-29782
RESERVED
CVE-2023-29781
RESERVED
-CVE-2023-29780
- RESERVED
+CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnera ...)
+ TODO: check
CVE-2023-29779
RESERVED
CVE-2023-29778
@@ -3842,10 +3904,10 @@ CVE-2023-29585
RESERVED
CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...)
NOT-FOR-US: mp4v2
-CVE-2023-29583
- RESERVED
-CVE-2023-29582
- RESERVED
+CVE-2023-29583 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
+ TODO: check
+CVE-2023-29582 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
+ TODO: check
CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...)
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/216
@@ -3854,10 +3916,10 @@ CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation vi
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/215
NOTE: Crash in CLI tool, no security impact
-CVE-2023-29579
- RESERVED
-CVE-2023-29578
- RESERVED
+CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
+ TODO: check
+CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...)
+ TODO: check
CVE-2023-29577
RESERVED
CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...)
@@ -3872,16 +3934,16 @@ CVE-2023-29572
RESERVED
CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
NOT-FOR-US: Cesenta MJS
-CVE-2023-29570
- RESERVED
+CVE-2023-29570 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ TODO: check
CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
NOT-FOR-US: Cesenta MJS
CVE-2023-29568
RESERVED
CVE-2023-29567
RESERVED
-CVE-2023-29566
- RESERVED
+CVE-2023-29566 (huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 w ...)
+ TODO: check
CVE-2023-29565
RESERVED
CVE-2023-29564
@@ -3916,7 +3978,7 @@ CVE-2023-29551
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29551
CVE-2023-29550
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -3929,7 +3991,7 @@ CVE-2023-29549
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29549
CVE-2023-29548
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -3969,7 +4031,7 @@ CVE-2023-29542
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29542
CVE-2023-29541
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -3982,7 +4044,7 @@ CVE-2023-29540
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29540
CVE-2023-29539
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -3999,7 +4061,7 @@ CVE-2023-29537
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29537
CVE-2023-29536
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -4008,7 +4070,7 @@ CVE-2023-29536
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29536
CVE-2023-29535
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -4021,7 +4083,7 @@ CVE-2023-29534
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534
CVE-2023-29533
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -4080,7 +4142,7 @@ CVE-2023-1946 (A vulnerability was found in SourceCodester Survey Application Sy
NOT-FOR-US: SourceCodester Survey Application System
CVE-2023-1945
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945
@@ -4200,13 +4262,11 @@ CVE-2023-29482
RESERVED
CVE-2023-29481
RESERVED
-CVE-2023-29480
- RESERVED
+CVE-2023-29480 (Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked af ...)
- rnp <unfixed> (bug #1034558)
NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/
-CVE-2023-29479
- RESERVED
- {DSA-5392-1}
+CVE-2023-29479 (Ribose RNP before 0.16.3 may hang when the input is malformed. ...)
+ {DSA-5392-1 DLA-3400-1}
- rnp <unfixed> (bug #1034558)
- thunderbird 1:102.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29479
@@ -5471,19 +5531,19 @@ CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Akbim Computer Panon
CVE-2023-29092
RESERVED
-CVE-2023-29091 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29090 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29089 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29089 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29088 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29088 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29087 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29087 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29086 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29086 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29085 (An issue was discovered in Exynos Mobile Processor, Automotive Process ...)
+CVE-2023-29085 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
CVE-2023-29084 (Zoho ManageEngine ADManager Plus through 7180 allows for authenticated ...)
NOT-FOR-US: Zoho ManageEngine
@@ -5655,8 +5715,8 @@ CVE-2023-1733 (A denial of service condition exists in the Prometheus server bun
- gitlab <unfixed>
CVE-2023-1732
RESERVED
-CVE-2023-1731
- RESERVED
+CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file upload fun ...)
+ TODO: check
CVE-2023-1730
RESERVED
CVE-2023-1729
@@ -6426,10 +6486,10 @@ CVE-2023-1625 [information leak in API]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621
NOTE: https://review.opendev.org/c/openstack/heat/+/868166
NOTE: https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf (20.0.0.0rc1)
-CVE-2023-1624
- RESERVED
-CVE-2023-1623
- RESERVED
+CVE-2023-1624 (The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleti ...)
+ TODO: check
+CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not proper ...)
+ TODO: check
CVE-2023-1622
REJECTED
CVE-2023-1621
@@ -7589,8 +7649,8 @@ CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing
NOTE: https://github.com/jettison-json/jettison/pull/62
NOTE: https://github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f (jettison-1.5.4)
NOTE: Introduced by: https://github.com/jettison-json/jettison/commit/be193159085b9fc2bc3526f8655871f9b0472d06 (jettison-1.3.1)
-CVE-2023-1435
- RESERVED
+CVE-2023-1435 (The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise a ...)
+ TODO: check
CVE-2023-1434
RESERVED
CVE-2023-1433 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...)
@@ -7794,7 +7854,7 @@ CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versi
NOTE: https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 (v1.1.1)
NOTE: https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf
CVE-2023-28427 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
- {DSA-5392-1}
+ {DSA-5392-1 DLA-3400-1}
- node-matrix-js-sdk <unfixed> (bug #1033621)
[bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
[buster] - node-matrix-js-sdk <no-dsa> (Minor issue)
@@ -7936,8 +7996,8 @@ CVE-2023-22361
RESERVED
CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...)
NOT-FOR-US: WAB-MAT
-CVE-2023-1420
- RESERVED
+CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro W ...)
+ TODO: check
CVE-2023-1419
RESERVED
CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -7948,8 +8008,8 @@ CVE-2023-1416 (A vulnerability classified as critical has been found in Simple A
NOT-FOR-US: Simple Art Gallery
CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...)
NOT-FOR-US: Simple Art Gallery
-CVE-2023-1414
- RESERVED
+CVE-2023-1414 (The WP VR WordPress plugin before 8.3.0 does not have authorisation an ...)
+ TODO: check
CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and escape s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...)
@@ -9144,8 +9204,8 @@ CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and
NOT-FOR-US: Apport
CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not va ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1324
- RESERVED
+CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sa ...)
+ TODO: check
CVE-2023-1323
RESERVED
CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as critical. A ...)
@@ -9269,10 +9329,10 @@ CVE-2023-27993
RESERVED
CVE-2023-27992
RESERVED
-CVE-2023-27991
- RESERVED
-CVE-2023-27990
- RESERVED
+CVE-2023-27991 (The post-authentication command injection vulnerability in the CLI com ...)
+ TODO: check
+CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 throu ...)
+ TODO: check
CVE-2023-27989
RESERVED
CVE-2023-27988
@@ -9906,10 +9966,10 @@ CVE-2023-XXXX [Transaction cache overrides the current user]
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/12108
NOTE: Fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/107b68af389a2cb5c95f663f7a3107fc12aecaf7
NOTE: Fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/1ce8523f11aa78a88dd03e1f0ae2e2b076b6fdb0 (trytond-6.0.29)
-CVE-2023-27849
- RESERVED
-CVE-2023-27848
- RESERVED
+CVE-2023-27849 (rails-routes-to-json v1.0.0 was discovered to contain a remote code ex ...)
+ TODO: check
+CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote code execut ...)
+ TODO: check
CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and be ...)
NOT-FOR-US: PrestaShop
CVE-2023-27846
@@ -10773,8 +10833,8 @@ CVE-2023-27526
RESERVED
CVE-2023-27525 (An authenticated user with Gamma role authorization could have access ...)
NOT-FOR-US: Apache Superset
-CVE-2023-27524
- RESERVED
+CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to and inclu ...)
+ TODO: check
CVE-2023-27523
RESERVED
CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...)
@@ -11098,8 +11158,8 @@ CVE-2023-24463
RESERVED
CVE-2023-22312
RESERVED
-CVE-2023-1129
- RESERVED
+CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...)
+ TODO: check
CVE-2023-1128
RESERVED
CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. ...)
@@ -11107,8 +11167,8 @@ CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. ..
NOTE: https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
NOTE: https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c (v9.0.1367)
NOTE: Crash in CLI tool, no security impact
-CVE-2023-1126
- RESERVED
+CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not sanitise an ...)
+ TODO: check
CVE-2023-1125
RESERVED
CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 ...)
@@ -12413,8 +12473,8 @@ CVE-2023-26867
RESERVED
CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions ...)
NOT-FOR-US: GreenPacket
-CVE-2023-26865
- RESERVED
+CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and b ...)
+ TODO: check
CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...)
NOT-FOR-US: PrestaShop
CVE-2023-26863
@@ -13249,8 +13309,8 @@ CVE-2023-1022 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorize
NOT-FOR-US: WP Meta SEO plugin for WordPress
CVE-2023-1021
RESERVED
-CVE-2023-1020
- RESERVED
+CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...)
+ TODO: check
CVE-2023-1019
RESERVED
CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module Library ...)
@@ -13337,8 +13397,8 @@ CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for Ex
NOT-FOR-US: Samsung
CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2023-26494
- RESERVED
+CVE-2023-26494 (lorawan-stack is an open source LoRaWAN network server. Prior to versi ...)
+ TODO: check
CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real ...)
NOT-FOR-US: Cocos Engine
CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -14428,12 +14488,12 @@ CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon
NOT-FOR-US: Progress Flowmon Packet Investigator
CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...)
NOT-FOR-US: Progress Flowmon
-CVE-2023-26099
- RESERVED
+CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consult ...)
+ TODO: check
CVE-2023-26098
RESERVED
-CVE-2023-26097
- RESERVED
+CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorize ...)
+ TODO: check
CVE-2023-26096
RESERVED
CVE-2023-26095
@@ -14507,12 +14567,12 @@ CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By
NOT-FOR-US: Lexmark
CVE-2023-26062
RESERVED
-CVE-2023-26061
- RESERVED
-CVE-2023-26060
- RESERVED
-CVE-2023-26059
- RESERVED
+CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...)
+ TODO: check
+CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...)
+ TODO: check
+CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site ...)
+ TODO: check
CVE-2023-26058
RESERVED
CVE-2023-26057
@@ -14688,8 +14748,8 @@ CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in Git
NOT-FOR-US: pixelfed
CVE-2023-0900
RESERVED
-CVE-2023-0899
- RESERVED
+CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...)
+ TODO: check
CVE-2023-0898
RESERVED
CVE-2023-0897
@@ -17419,12 +17479,12 @@ CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an unauthenticated remote atta
NOT-FOR-US: vBulletin
CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an adversary (with ...)
NOT-FOR-US: McAfee
-CVE-2023-25133
- RESERVED
-CVE-2023-25132
- RESERVED
-CVE-2023-25131
- RESERVED
+CVE-2023-25133 (Improper privilege management vulnerability in default.cmd file in Pow ...)
+ TODO: check
+CVE-2023-25132 (Unrestricted upload of file with dangerous type vulnerability in defau ...)
+ TODO: check
+CVE-2023-25131 (Use of default password vulnerability in PowerPanel Business Local/Rem ...)
+ TODO: check
CVE-2023-25130
REJECTED
CVE-2023-25129
@@ -18261,18 +18321,18 @@ CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
NOTE: https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59 (0.29.0.gfm.10)
-CVE-2023-24823
- RESERVED
-CVE-2023-24822
- RESERVED
-CVE-2023-24821
- RESERVED
-CVE-2023-24820
- RESERVED
-CVE-2023-24819
- RESERVED
-CVE-2023-24818
- RESERVED
+CVE-2023-24823 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+ TODO: check
+CVE-2023-24822 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+ TODO: check
+CVE-2023-24821 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+ TODO: check
+CVE-2023-24820 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+ TODO: check
+CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+ TODO: check
+CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things devices, ...)
+ TODO: check
CVE-2023-24817
RESERVED
CVE-2023-24816 (IPython (Interactive Python) is a command shell for interactive comput ...)
@@ -18928,7 +18988,7 @@ CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitiz
NOT-FOR-US: WordPress plugin
CVE-2023-0547
RESERVED
- {DSA-5392-1}
+ {DSA-5392-1 DLA-3400-1}
- thunderbird 1:102.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547
CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not proper ...)
@@ -20685,20 +20745,20 @@ CVE-2023-0426
RESERVED
CVE-2023-0425
RESERVED
-CVE-2023-0424
- RESERVED
+CVE-2023-0424 (The MS-Reviews WordPress plugin through 1.5 does not sanitise and esca ...)
+ TODO: check
CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not properly s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0421
RESERVED
-CVE-2023-0420
- RESERVED
+CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin through ...)
+ TODO: check
CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0418
- RESERVED
+CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not validate ...)
+ TODO: check
CVE-2022-4894
RESERVED
CVE-2022-4893
@@ -20912,8 +20972,8 @@ CVE-2023-23894
RESERVED
CVE-2023-23893
RESERVED
-CVE-2023-23892
- RESERVED
+CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23890
@@ -21233,8 +21293,8 @@ CVE-2023-0390
RESERVED
CVE-2023-0389
RESERVED
-CVE-2023-0388
- RESERVED
+CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly sanit ...)
+ TODO: check
CVE-2023-0387
RESERVED
CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...)
@@ -22082,8 +22142,8 @@ CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly
NOT-FOR-US: WordPress plugin
CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0276
- RESERVED
+CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not ...)
+ TODO: check
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0274
@@ -24028,18 +24088,18 @@ CVE-2023-22920 (A security misconfiguration vulnerability exists in the Zyxel LT
NOT-FOR-US: Zyxel
CVE-2023-22919
RESERVED
-CVE-2023-22918
- RESERVED
-CVE-2023-22917
- RESERVED
-CVE-2023-22916
- RESERVED
-CVE-2023-22915
- RESERVED
-CVE-2023-22914
- RESERVED
-CVE-2023-22913
- RESERVED
+CVE-2023-22918 (A post-authentication information exposure vulnerability in the CGI pr ...)
+ TODO: check
+CVE-2023-22917 (A buffer overflow vulnerability in the “sdwan_iface_ipc” b ...)
+ TODO: check
+CVE-2023-22916 (The configuration parser of Zyxel ATP series firmware versions 5.10 th ...)
+ TODO: check
+CVE-2023-22915 (A buffer overflow vulnerability in the “fbwifi_forward.cgi” ...)
+ TODO: check
+CVE-2023-22914 (A path traversal vulnerability in the “account_print.cgi” ...)
+ TODO: check
+CVE-2023-22913 (A post-authentication command injection vulnerability in the “ac ...)
+ TODO: check
CVE-2023-22912 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...)
@@ -25414,16 +25474,16 @@ CVE-2023-22583
RESERVED
CVE-2023-22582
RESERVED
-CVE-2023-22581
- RESERVED
+CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it possible f ...)
+ TODO: check
CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...)
NOT-FOR-US: DIVD
CVE-2023-22579 (Due to improper parameter filtering in the sequalize js library, can a ...)
NOT-FOR-US: DIVD
CVE-2023-22578 (Due to improper artibute filtering in the sequalize js library, can a ...)
NOT-FOR-US: DIVD
-CVE-2023-22577
- RESERVED
+CVE-2023-22577 (Within White Rabbit Switch it's possible as an unauthenticated user to ...)
+ TODO: check
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...)
NOT-FOR-US: AsyncHTTPClient
CVE-2023-0039 (Duplicate. Please use CVE-2022-4060 instead. ...)
@@ -28116,8 +28176,8 @@ CVE-2022-47600
RESERVED
CVE-2022-47599
RESERVED
-CVE-2022-47598
- RESERVED
+CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP P ...)
+ TODO: check
CVE-2022-47597
RESERVED
CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...)
@@ -30783,8 +30843,8 @@ CVE-2022-47160
RESERVED
CVE-2022-47159
RESERVED
-CVE-2022-47158
- RESERVED
+CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...)
+ TODO: check
CVE-2022-47157
RESERVED
CVE-2022-47156
@@ -37105,8 +37165,8 @@ CVE-2022-45086 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy ...)
NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
-CVE-2022-45084
- RESERVED
+CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softacul ...)
+ TODO: check
CVE-2022-45083
RESERVED
CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilit ...)
@@ -45146,7 +45206,8 @@ CVE-2022-43130
RESERVED
CVE-2022-43129
RESERVED
-CVE-2022-43128 (Dreamer CMS 4.0.1 allows SQL injection via ArchivesMapper.xml. ...)
+CVE-2022-43128
+ REJECTED
NOT-FOR-US: Dreamer CMS
CVE-2022-43127 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...)
NOT-FOR-US: Online Diagnostic Lab Management System
@@ -49398,8 +49459,8 @@ CVE-2022-41616
RESERVED
CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41612
- RESERVED
+CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shar ...)
+ TODO: check
CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41608
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b07be937283891e3e23cd97fb056c90ad2b09b3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b07be937283891e3e23cd97fb056c90ad2b09b3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230424/25258a65/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list