[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 26 09:10:37 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d6fe19af by security tracker role at 2023-04-26T08:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2023-31224
+ RESERVED
+CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated author user ...)
+ TODO: check
+CVE-2023-2295
+ RESERVED
+CVE-2023-2294 (A vulnerability was found in UCMS 1.6.0. It has been classified as pro ...)
+ TODO: check
+CVE-2023-2293 (A vulnerability was found in SourceCodester Purchase Order Management ...)
+ TODO: check
+CVE-2023-2292
+ RESERVED
+CVE-2023-2291
+ RESERVED
+CVE-2023-2290
+ RESERVED
+CVE-2023-2289
+ RESERVED
+CVE-2023-2288
+ RESERVED
+CVE-2023-2287
+ RESERVED
+CVE-2023-2286
+ RESERVED
+CVE-2023-2285
+ RESERVED
+CVE-2023-2284
+ RESERVED
CVE-2023-31222
RESERVED
CVE-2023-31221
@@ -226,8 +254,7 @@ CVE-2023-24476
RESERVED
CVE-2023-2270
RESERVED
-CVE-2023-2269
- RESERVED
+CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268
@@ -1025,8 +1052,8 @@ CVE-2023-30844
RESERVED
CVE-2023-30843
RESERVED
-CVE-2023-30842
- RESERVED
+CVE-2023-30842 (AVideo is an open-source video platform. Prior to version 12.4, AVideo ...)
+ TODO: check
CVE-2023-30841
RESERVED
CVE-2023-30840
@@ -1731,8 +1758,7 @@ CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their re
NOT-FOR-US: Discourse-reactions plugin
CVE-2023-30610 (aws-sigv4 is a rust library for low level request signing in the aws c ...)
NOT-FOR-US: aws-sigv4
-CVE-2023-30609
- RESERVED
+CVE-2023-30609 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP ...)
NOT-FOR-US: Node matrix-react-sdk
NOTE: https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw
CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In affected ...)
@@ -2085,8 +2111,7 @@ CVE-2023-30551
RESERVED
CVE-2023-30550
RESERVED
-CVE-2023-30549
- RESERVED
+CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an ...)
- singularity-container <unfixed>
NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg
CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which exposes ...)
@@ -2531,8 +2556,8 @@ CVE-2023-30406 (Jerryscript commit 1a2c047 was discovered to contain a segmentat
TODO: check
CVE-2023-30405
RESERVED
-CVE-2023-30404
- RESERVED
+CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to co ...)
+ TODO: check
CVE-2023-30403
RESERVED
CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the function ...)
@@ -3119,8 +3144,8 @@ CVE-2023-30113
RESERVED
CVE-2023-30112
RESERVED
-CVE-2023-30111
- RESERVED
+CVE-2023-30111 (Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scrip ...)
+ TODO: check
CVE-2023-30110
RESERVED
CVE-2023-30109
@@ -3129,8 +3154,8 @@ CVE-2023-30108
RESERVED
CVE-2023-30107
RESERVED
-CVE-2023-30106
- RESERVED
+CVE-2023-30106 (Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to C ...)
+ TODO: check
CVE-2023-30105
RESERVED
CVE-2023-30104
@@ -6080,18 +6105,17 @@ CVE-2023-29014 (The Goobi viewer is a web application that allows digitised mate
NOT-FOR-US: Goobi viewer
CVE-2023-29013 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...)
- traefik <itp> (bug #983289)
-CVE-2023-29012
- RESERVED
-CVE-2023-29011
- RESERVED
+CVE-2023-29012 (Git for Windows is the Windows port of Git. Prior to version 2.40.1, a ...)
+ TODO: check
+CVE-2023-29011 (Git for Windows, the Windows port of Git, ships with an executable cal ...)
+ TODO: check
CVE-2023-29010 (Budibase is a low code platform for creating internal tools, workflows ...)
NOT-FOR-US: budibase
CVE-2023-29009
RESERVED
CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...)
NOT-FOR-US: SvelteKit
-CVE-2023-29007
- RESERVED
+CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
- git 1:2.40.1-1 (bug #1034835)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
@@ -10256,8 +10280,8 @@ CVE-2023-27845
RESERVED
CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and ...)
NOT-FOR-US: PrestaShop
-CVE-2023-27843
- RESERVED
+CVE-2023-27843 (SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 a ...)
+ TODO: check
CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File manager eXt ...)
- extplorer <removed>
CVE-2023-27841
@@ -13025,8 +13049,8 @@ CVE-2023-26737
RESERVED
CVE-2023-26736
RESERVED
-CVE-2023-26735
- RESERVED
+CVE-2023-26735 (blackbox_exporter v0.23.0 was discovered to contain an access control ...)
+ TODO: check
CVE-2023-26734
RESERVED
CVE-2023-26733 (Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local a ...)
@@ -13366,8 +13390,8 @@ CVE-2023-26562
RESERVED
CVE-2023-26561
RESERVED
-CVE-2023-26560
- RESERVED
+CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of aut ...)
+ TODO: check
CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author before 25 ...)
NOT-FOR-US: Oxygen XML Web Author
CVE-2023-26558
@@ -15584,8 +15608,7 @@ CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementatio
- nextcloud-server <itp> (bug #941708)
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2023-25815
- RESERVED
+CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...)
- git 1:2.40.1-1 (bug #1034835)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
@@ -16322,8 +16345,7 @@ CVE-2023-25654 (baserCMS is a Content Management system. Prior to version 4.7.5,
CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Signing an ...)
NOT-FOR-US: Cisco node-jose (different from src:node-jose)
NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
-CVE-2023-25652
- RESERVED
+CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...)
- git 1:2.40.1-1 (bug #1034835)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
@@ -16968,8 +16990,8 @@ CVE-2023-25463
RESERVED
CVE-2023-25462
RESERVED
-CVE-2023-25461
- RESERVED
+CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nami ...)
+ TODO: check
CVE-2023-25460
RESERVED
CVE-2023-25459
@@ -19624,8 +19646,8 @@ CVE-2022-4897 (The BackupBuddy WordPress plugin before 8.8.3 does not sanitise a
NOT-FOR-US: WordPress plugin
CVE-2023-24513 (On affected platforms running Arista CloudEOS an issue in the Software ...)
NOT-FOR-US: Arista
-CVE-2023-24512
- RESERVED
+CVE-2023-24512 (On affected platforms running Arista EOS, an authorized attacker with ...)
+ TODO: check
CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured, a speci ...)
NOT-FOR-US: Arista
CVE-2023-24510
@@ -20926,8 +20948,8 @@ CVE-2023-24007
RESERVED
CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Softwa ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24005
- RESERVED
+CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
+ TODO: check
CVE-2023-24004 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24003 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -20946,8 +20968,8 @@ CVE-2023-23997
RESERVED
CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prof ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23995
- RESERVED
+CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...)
+ TODO: check
CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23993
@@ -21263,8 +21285,8 @@ CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23890
RESERVED
-CVE-2023-23889
- RESERVED
+CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23888
RESERVED
CVE-2023-23887
@@ -21309,8 +21331,8 @@ CVE-2023-23868
RESERVED
CVE-2023-23867
RESERVED
-CVE-2023-23866
- RESERVED
+CVE-2023-23866 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins St ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Micha ...)
@@ -21387,8 +21409,8 @@ CVE-2023-23841
RESERVED
CVE-2023-23840
RESERVED
-CVE-2023-23839
- RESERVED
+CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...)
+ TODO: check
CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...)
TODO: check
CVE-2023-23837 (No exception handling vulnerability which revealed sensitive or excess ...)
@@ -21833,8 +21855,8 @@ CVE-2023-23712
RESERVED
CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...)
NOT-FOR-US: A2 Hosting
-CVE-2023-23710
- RESERVED
+CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...)
+ TODO: check
CVE-2023-23709
RESERVED
CVE-2023-23708
@@ -25679,8 +25701,7 @@ CVE-2023-0047
REJECTED
CVE-2023-0046 (Improper Restriction of Names for Files and Other Resources in GitHub ...)
NOT-FOR-US: lirantal/daloradius
-CVE-2023-0045
- RESERVED
+CVE-2023-0045 (The current implementation of the prctl syscall does not issue an IBPB ...)
- linux 6.1.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/1
NOTE: https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8#event-88245
@@ -39860,17 +39881,13 @@ CVE-2023-20874
RESERVED
CVE-2023-20873 (In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsup ...)
TODO: check
-CVE-2023-20872
- RESERVED
+CVE-2023-20872 (VMware Workstation and Fusion contain an out-of-bounds read/write vuln ...)
NOT-FOR-US: VMware
-CVE-2023-20871
- RESERVED
+CVE-2023-20871 (VMware Fusion contains a local privilege escalation vulnerability. A m ...)
NOT-FOR-US: VMware
-CVE-2023-20870
- RESERVED
+CVE-2023-20870 (VMware Workstation and Fusion contain an out-of-bounds read vulnerabil ...)
NOT-FOR-US: VMware
-CVE-2023-20869
- RESERVED
+CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-bas ...)
NOT-FOR-US: VMware
CVE-2023-20868
RESERVED
@@ -49483,8 +49500,8 @@ CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open
NOTE: Only affects the nginx-extras binary package
CVE-2022-41740 (IBM Robotic Process Automation 20.12 through 21.0.6 could allow an att ...)
NOT-FOR-US: IBM
-CVE-2022-41739
- RESERVED
+CVE-2022-41739 (IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access ...)
+ TODO: check
CVE-2022-41738
RESERVED
CVE-2022-41737
@@ -62844,8 +62861,8 @@ CVE-2022-36771 (IBM QRadar User Behavior Analytics could allow an authenticated
NOT-FOR-US: IBM
CVE-2022-36770
RESERVED
-CVE-2022-36769
- RESERVED
+CVE-2022-36769 (IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to up ...)
+ TODO: check
CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
NOT-FOR-US: IBM
CVE-2022-2546 (The All-in-One WP Migration WordPress plugin before 7.63 uses the wron ...)
@@ -526096,10 +526113,10 @@ CVE-2012-5875 (Firefly Media Server 1.0.0.1359 allows remote attackers to cause
NOT-FOR-US: Firefly Media Server
CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1) update_whosonline_re ...)
NOT-FOR-US: Elite Bulletin Board
-CVE-2012-5873
- RESERVED
-CVE-2012-5872
- RESERVED
+CVE-2012-5873 (ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_poi ...)
+ TODO: check
+CVE-2012-5872 (ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTri ...)
+ TODO: check
CVE-2012-5871
RESERVED
CVE-2012-5870
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fe19af5ea1188dc514aa56ee8d1a9383a68ce3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fe19af5ea1188dc514aa56ee8d1a9383a68ce3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230426/00e4d9b5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list