[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 25 09:10:24 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e2b85f43 by security tracker role at 2023-04-25T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,197 @@
+CVE-2023-31206
+ RESERVED
+CVE-2023-31205
+ RESERVED
+CVE-2023-31204
+ RESERVED
+CVE-2023-31200
+ RESERVED
+CVE-2023-31199
+ RESERVED
+CVE-2023-31197
+ RESERVED
+CVE-2023-31187
+ RESERVED
+CVE-2023-31186
+ RESERVED
+CVE-2023-31185
+ RESERVED
+CVE-2023-31184
+ RESERVED
+CVE-2023-31183
+ RESERVED
+CVE-2023-31182
+ RESERVED
+CVE-2023-31181
+ RESERVED
+CVE-2023-31180
+ RESERVED
+CVE-2023-31179
+ RESERVED
+CVE-2023-31178
+ RESERVED
+CVE-2023-31177
+ RESERVED
+CVE-2023-31176
+ RESERVED
+CVE-2023-31175
+ RESERVED
+CVE-2023-31174
+ RESERVED
+CVE-2023-31173
+ RESERVED
+CVE-2023-31172
+ RESERVED
+CVE-2023-31171
+ RESERVED
+CVE-2023-31170
+ RESERVED
+CVE-2023-31169
+ RESERVED
+CVE-2023-31168
+ RESERVED
+CVE-2023-31167
+ RESERVED
+CVE-2023-31166
+ RESERVED
+CVE-2023-31165
+ RESERVED
+CVE-2023-31164
+ RESERVED
+CVE-2023-31163
+ RESERVED
+CVE-2023-31162
+ RESERVED
+CVE-2023-31161
+ RESERVED
+CVE-2023-31160
+ RESERVED
+CVE-2023-31159
+ RESERVED
+CVE-2023-31158
+ RESERVED
+CVE-2023-31157
+ RESERVED
+CVE-2023-31156
+ RESERVED
+CVE-2023-31155
+ RESERVED
+CVE-2023-31154
+ RESERVED
+CVE-2023-31153
+ RESERVED
+CVE-2023-31152
+ RESERVED
+CVE-2023-31151
+ RESERVED
+CVE-2023-31150
+ RESERVED
+CVE-2023-31149
+ RESERVED
+CVE-2023-31148
+ RESERVED
+CVE-2023-31147
+ RESERVED
+CVE-2023-31146
+ RESERVED
+CVE-2023-31145
+ RESERVED
+CVE-2023-31144
+ RESERVED
+CVE-2023-31143
+ RESERVED
+CVE-2023-31142
+ RESERVED
+CVE-2023-31141
+ RESERVED
+CVE-2023-31140
+ RESERVED
+CVE-2023-31139
+ RESERVED
+CVE-2023-31138
+ RESERVED
+CVE-2023-31137
+ RESERVED
+CVE-2023-31136
+ RESERVED
+CVE-2023-31135
+ RESERVED
+CVE-2023-31134
+ RESERVED
+CVE-2023-31133
+ RESERVED
+CVE-2023-31132
+ RESERVED
+CVE-2023-31131
+ RESERVED
+CVE-2023-31130
+ RESERVED
+CVE-2023-31129
+ RESERVED
+CVE-2023-31128
+ RESERVED
+CVE-2023-31127
+ RESERVED
+CVE-2023-31126
+ RESERVED
+CVE-2023-31125
+ RESERVED
+CVE-2023-31124
+ RESERVED
+CVE-2023-31123
+ RESERVED
+CVE-2023-30768
+ RESERVED
+CVE-2023-30763
+ RESERVED
+CVE-2023-29502
+ RESERVED
+CVE-2023-29242
+ RESERVED
+CVE-2023-29168
+ RESERVED
+CVE-2023-29152
+ RESERVED
+CVE-2023-28822
+ RESERVED
+CVE-2023-28745
+ RESERVED
+CVE-2023-28737
+ RESERVED
+CVE-2023-28719
+ RESERVED
+CVE-2023-28378
+ RESERVED
+CVE-2023-27881
+ RESERVED
+CVE-2023-24476
+ RESERVED
+CVE-2023-2270
+ RESERVED
+CVE-2023-2269
+ RESERVED
+CVE-2023-2268
+ RESERVED
+CVE-2023-2267
+ RESERVED
+CVE-2023-2266
+ RESERVED
+CVE-2023-2265
+ RESERVED
+CVE-2023-2264
+ RESERVED
+CVE-2023-2263
+ RESERVED
+CVE-2023-2262
+ RESERVED
+CVE-2023-2261
+ RESERVED
+CVE-2023-2260 (Improper Authorization of Index Containing Sensitive Information in Gi ...)
+ TODO: check
+CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
+CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
+ TODO: check
CVE-2023-31122
RESERVED
CVE-2023-31121
@@ -50,8 +244,8 @@ CVE-2023-2252
RESERVED
CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.2.2. ...)
TODO: check
-CVE-2023-2250
- RESERVED
+CVE-2023-2250 (A flaw was found in the Open Cluster Management (OCM) when a user have ...)
+ TODO: check
CVE-2023-2249
RESERVED
CVE-2023-2248
@@ -1435,20 +1629,20 @@ CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
NOTE: https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html
NOTE: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206
NOTE: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2
-CVE-2023-30629
- RESERVED
-CVE-2023-30628
- RESERVED
-CVE-2023-30627
- RESERVED
-CVE-2023-30626
- RESERVED
+CVE-2023-30629 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...)
+ TODO: check
+CVE-2023-30628 (Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v ...)
+ TODO: check
+CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software media sys ...)
+ TODO: check
+CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with 10.8. ...)
+ TODO: check
CVE-2023-30625
RESERVED
CVE-2023-30624
RESERVED
-CVE-2023-30623
- RESERVED
+CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, ...)
+ TODO: check
CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...)
TODO: check
CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...)
@@ -1696,8 +1890,8 @@ CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteam
- teampass <itp> (bug #730180)
CVE-2023-2020 (Insufficient permission checks in the REST API in Tribe29 Checkmk < ...)
- check-mk <removed>
-CVE-2023-2019
- RESERVED
+CVE-2023-2019 (A flaw was found in the Linux kernel's netdevsim device driver, within ...)
+ TODO: check
CVE-2023-2018
RESERVED
CVE-2023-2017 (Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, ...)
@@ -1871,10 +2065,10 @@ CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-441/
NOTE: https://git.kernel.org/linus/05b252cccb2e5c3f56119d25de684b4f810ba40a (5.19-rc4)
-CVE-2023-2007
- RESERVED
-CVE-2023-2006
- RESERVED
+CVE-2023-2007 (The specific flaw exists within the DPT I2O Controller driver. The iss ...)
+ TODO: check
+CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network protoco ...)
+ TODO: check
CVE-2023-2005
RESERVED
CVE-2023-2004 (An integer overflow vulnerability was discovered in Freetype in tt_hva ...)
@@ -2242,24 +2436,24 @@ CVE-2023-30416
RESERVED
CVE-2023-30415
RESERVED
-CVE-2023-30414
- RESERVED
+CVE-2023-30414 (Jerryscript commit 1a2c047 was discovered to contain a stack overflow ...)
+ TODO: check
CVE-2023-30413
RESERVED
CVE-2023-30412
RESERVED
CVE-2023-30411
RESERVED
-CVE-2023-30410
- RESERVED
+CVE-2023-30410 (Jerryscript commit 1a2c047 was discovered to contain a stack overflow ...)
+ TODO: check
CVE-2023-30409
RESERVED
-CVE-2023-30408
- RESERVED
+CVE-2023-30408 (Jerryscript commit 1a2c047 was discovered to contain a segmentation vi ...)
+ TODO: check
CVE-2023-30407
RESERVED
-CVE-2023-30406
- RESERVED
+CVE-2023-30406 (Jerryscript commit 1a2c047 was discovered to contain a segmentation vi ...)
+ TODO: check
CVE-2023-30405
RESERVED
CVE-2023-30404
@@ -4158,8 +4352,8 @@ CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12. It ha
NOT-FOR-US: WordPress plugin
CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has be ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29530
- RESERVED
+CVE-2023-29530 (Laminas Diactoros provides PSR HTTP Message implementations. In versio ...)
+ TODO: check
CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...)
NOT-FOR-US: matrix-js-sdk
CVE-2023-29528 (XWiki Commons are technical libraries common to several other top leve ...)
@@ -4289,8 +4483,7 @@ CVE-2023-29471
RESERVED
CVE-2023-29470
RESERVED
-CVE-2023-29469 [Hashing of empty dict strings isn't deterministic]
- RESERVED
+CVE-2023-29469 (An issue was discovered in libxml2 before 2.10.4. When hashing empty d ...)
{DSA-5391-1}
- libxml2 2.9.14+dfsg-1.2 (bug #1034437)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984
@@ -6618,8 +6811,8 @@ CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/s
[bullseye] - linux 5.10.70-1
[buster] - linux 4.19.208-1
NOTE: https://git.kernel.org/linus/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 (5.14-rc1)
-CVE-2023-28771
- RESERVED
+CVE-2023-28771 (Improper error message handling in Zyxel ZyWALL/USG series firmware ve ...)
+ TODO: check
CVE-2023-28770
RESERVED
CVE-2023-28769
@@ -7688,8 +7881,7 @@ CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log mes
NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
CVE-2023-28485
RESERVED
-CVE-2023-28484 [NULL dereference in xmlSchemaFixupComplexType]
- RESERVED
+CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ...)
{DSA-5391-1}
- libxml2 2.9.14+dfsg-1.2 (bug #1034436)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994
@@ -10838,7 +11030,7 @@ CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to and
CVE-2023-27523
RESERVED
CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_pr ...)
- {DSA-5376-1}
+ {DSA-5376-1 DLA-3401-1}
- apache2 2.4.56-1 (bug #1032476)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/2
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-27522
@@ -15903,7 +16095,7 @@ CVE-2021-4316
CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rat ...)
NOT-FOR-US: juju2143 WalrusIRC
CVE-2023-25690 (Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 thr ...)
- {DSA-5376-1}
+ {DSA-5376-1 DLA-3401-1}
- apache2 2.4.56-1 (bug #1032476)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690
@@ -25119,8 +25311,8 @@ CVE-2014-125043
REJECTED
CVE-2014-125042
REJECTED
-CVE-2023-22665
- RESERVED
+CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena versions ...)
+ TODO: check
CVE-2023-22652
RESERVED
CVE-2023-22651
@@ -86263,8 +86455,8 @@ CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found
NOTE: https://www.openwall.com/lists/oss-security/2022/04/06/1
CVE-2022-28355 (randomUUID in Scala.js before 1.10.0 generates predictable values. ...)
NOT-FOR-US: Scala.js
-CVE-2022-28354
- RESERVED
+CVE-2022-28354 (In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php dat ...)
+ TODO: check
CVE-2022-28353 (In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL ...)
NOT-FOR-US: MyBB plugin
CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF 4.3.0. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b85f43f973cdb3b11c47a3061a52a83acd90ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b85f43f973cdb3b11c47a3061a52a83acd90ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230425/c5aa5461/attachment.htm>
More information about the debian-security-tracker-commits
mailing list