[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 14 08:10:26 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
530f5f40 by security tracker role at 2023-02-14T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-25760
+ RESERVED
+CVE-2023-25759
+ RESERVED
+CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.1 ...)
+ TODO: check
+CVE-2023-0822
+ RESERVED
+CVE-2023-0821
+ RESERVED
+CVE-2023-0820
+ RESERVED
+CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...)
+ TODO: check
+CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. ...)
+ TODO: check
+CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. ...)
+ TODO: check
CVE-2023-25754
RESERVED
CVE-2023-25753
@@ -58,8 +76,8 @@ CVE-2023-0816
RESERVED
CVE-2023-0815
RESERVED
-CVE-2023-0814
- RESERVED
+CVE-2023-0814 (The Profile Builder – User Profile & User Registration Forms ...)
+ TODO: check
CVE-2023-0813
RESERVED
CVE-2023-0812
@@ -93,12 +111,12 @@ CVE-2023-25721
RESERVED
CVE-2023-25720
RESERVED
-CVE-2023-25719
- RESERVED
-CVE-2023-25718
- RESERVED
-CVE-2023-25717
- RESERVED
+CVE-2023-25719 (ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect ...)
+ TODO: check
+CVE-2023-25718 (The cryptographic code signing process and controls on ConnectWise Con ...)
+ TODO: check
+CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an ...)
+ TODO: check
CVE-2023-25716
RESERVED
CVE-2023-25715
@@ -153,26 +171,26 @@ CVE-2023-25691
RESERVED
CVE-2023-0805
RESERVED
-CVE-2023-0804
- RESERVED
-CVE-2023-0803
- RESERVED
-CVE-2023-0802
- RESERVED
-CVE-2023-0801
- RESERVED
-CVE-2023-0800
- RESERVED
-CVE-2023-0799
- RESERVED
-CVE-2023-0798
- RESERVED
-CVE-2023-0797
- RESERVED
-CVE-2023-0796
- RESERVED
-CVE-2023-0795
- RESERVED
+CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
+ TODO: check
+CVE-2023-0803 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
+ TODO: check
+CVE-2023-0802 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
+ TODO: check
+CVE-2023-0801 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_un ...)
+ TODO: check
+CVE-2023-0800 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...)
+ TODO: check
+CVE-2023-0799 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...)
+ TODO: check
+CVE-2023-0798 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...)
+ TODO: check
+CVE-2023-0797 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_uni ...)
+ TODO: check
+CVE-2023-0796 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...)
+ TODO: check
+CVE-2023-0795 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...)
+ TODO: check
CVE-2022-4925
RESERVED
CVE-2022-4924
@@ -235,8 +253,8 @@ CVE-2021-4317
RESERVED
CVE-2021-4316
RESERVED
-CVE-2015-10079
- RESERVED
+CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rat ...)
+ TODO: check
CVE-2023-25690
RESERVED
CVE-2023-0794 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
@@ -261,8 +279,8 @@ CVE-2023-0785 (A vulnerability classified as problematic was found in SourceCode
NOT-FOR-US: SourceCodester Best Online News Portal
CVE-2023-0784 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Best Online News Portal
-CVE-2022-4905
- RESERVED
+CVE-2022-4905 (A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has ...)
+ TODO: check
CVE-2023-25689
RESERVED
CVE-2023-25688
@@ -456,8 +474,8 @@ CVE-2023-25616
RESERVED
CVE-2023-25615
RESERVED
-CVE-2023-25614
- RESERVED
+CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, ...)
+ TODO: check
CVE-2023-25613
RESERVED
CVE-2023-0767
@@ -637,8 +655,8 @@ CVE-2023-25574
RESERVED
CVE-2023-25573
RESERVED
-CVE-2023-25572
- RESERVED
+CVE-2023-25572 (react-admin is a frontend framework for building browser applications ...)
+ TODO: check
CVE-2023-25571
RESERVED
CVE-2023-25570
@@ -1429,10 +1447,10 @@ CVE-2023-25243
RESERVED
CVE-2023-25242
RESERVED
-CVE-2023-25241
- RESERVED
-CVE-2023-25240
- RESERVED
+CVE-2023-25241 (bgERP v22.31 was discovered to contain a reflected cross-site scriptin ...)
+ TODO: check
+CVE-2023-25240 (An improper SameSite Attribute vulnerability in pimCore v10.5.15 allow ...)
+ TODO: check
CVE-2023-25239
RESERVED
CVE-2023-25238
@@ -1675,12 +1693,12 @@ CVE-2023-25164 (Tinacms is a Git-backed headless content management system with
NOT-FOR-US: Tinacms
CVE-2023-25163 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
NOT-FOR-US: Argo CD
-CVE-2023-25162
- RESERVED
-CVE-2023-25161
- RESERVED
-CVE-2023-25160
- RESERVED
+CVE-2023-25162 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
+ TODO: check
+CVE-2023-25161 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
+ TODO: check
+CVE-2023-25160 (Nextcloud Mail is an email app for the Nextcloud home server platform. ...)
+ TODO: check
CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
TODO: check
CVE-2023-25158
@@ -1887,8 +1905,8 @@ CVE-2023-25068
RESERVED
CVE-2023-25067
RESERVED
-CVE-2023-25066
- RESERVED
+CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flow ...)
+ TODO: check
CVE-2023-25065
RESERVED
CVE-2023-25064
@@ -1987,8 +2005,8 @@ CVE-2023-0657
RESERVED
CVE-2023-0656
RESERVED
-CVE-2023-0655
- RESERVED
+CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...)
+ TODO: check
CVE-2023-0654
RESERVED
CVE-2023-0653
@@ -2937,12 +2955,12 @@ CVE-2023-24650
RESERVED
CVE-2023-24649
RESERVED
-CVE-2023-24648
- RESERVED
-CVE-2023-24647
- RESERVED
-CVE-2023-24646
- RESERVED
+CVE-2023-24648 (Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) v ...)
+ TODO: check
+CVE-2023-24647 (Food Ordering System v2.0 was discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2023-24646 (An arbitrary file upload vulnerability in the component /fos/admin/aja ...)
+ TODO: check
CVE-2023-24645
RESERVED
CVE-2023-24644
@@ -3251,8 +3269,8 @@ CVE-2023-0520
RESERVED
CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...)
NOT-FOR-US: Modoboa
-CVE-2023-0518
- RESERVED
+CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the X.509 cer ...)
{DLA-3285-1}
- libapache-session-browseable-perl 1.3.7-1
@@ -3379,26 +3397,26 @@ CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with acces
TODO: check
CVE-2018-25078 (man-db before 2.8.5 on Gentoo allows local users (with access to the m ...)
TODO: check
-CVE-2023-24530
- RESERVED
-CVE-2023-24529
- RESERVED
-CVE-2023-24528
- RESERVED
+CVE-2023-24530 (SAP BusinessObjects Business Intelligence Platform (CMC) - versions 42 ...)
+ TODO: check
+CVE-2023-24529 (Due to lack of proper input validation, BSP application (CRM_BSP_FRAME ...)
+ TODO: check
+CVE-2023-24528 (SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - ...)
+ TODO: check
CVE-2023-24527
RESERVED
CVE-2023-24526
RESERVED
-CVE-2023-24525
- RESERVED
-CVE-2023-24524
- RESERVED
-CVE-2023-24523
- RESERVED
-CVE-2023-24522
- RESERVED
-CVE-2023-24521
- RESERVED
+CVE-2023-24525 (SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, ...)
+ TODO: check
+CVE-2023-24524 (SAP S/4 HANA Map Treasury Correspondence Format Data does not perform ...)
+ TODO: check
+CVE-2023-24523 (An attacker authenticated as a non-admin user with local access to a s ...)
+ TODO: check
+CVE-2023-24522 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Busines ...)
+ TODO: check
+CVE-2023-24521 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Fra ...)
+ TODO: check
CVE-2023-24520
RESERVED
CVE-2023-24519
@@ -4243,10 +4261,10 @@ CVE-2023-24190
RESERVED
CVE-2023-24189
RESERVED
-CVE-2023-24188
- RESERVED
-CVE-2023-24187
- RESERVED
+CVE-2023-24188 (ureport v2.2.9 was discovered to contain an arbitrary file deletion vu ...)
+ TODO: check
+CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows at ...)
+ TODO: check
CVE-2023-24186
RESERVED
CVE-2023-24185
@@ -4447,12 +4465,12 @@ CVE-2023-24088
RESERVED
CVE-2023-24087
RESERVED
-CVE-2023-24086
- RESERVED
+CVE-2023-24086 (SLIMS v9.5.2 was discovered to contain a reflected cross-site scriptin ...)
+ TODO: check
CVE-2023-24085
RESERVED
-CVE-2023-24084
- RESERVED
+CVE-2023-24084 (ChiKoi v1.0 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
CVE-2023-24083
RESERVED
CVE-2023-24082
@@ -5056,26 +5074,26 @@ CVE-2023-0399
RESERVED
CVE-2023-0398 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...)
NOT-FOR-US: Modoboa
-CVE-2023-23860
- RESERVED
-CVE-2023-23859
- RESERVED
-CVE-2023-23858
- RESERVED
+CVE-2023-23860 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...)
+ TODO: check
+CVE-2023-23859 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...)
+ TODO: check
+CVE-2023-23858 (Due to insufficient input validation, SAP NetWeaver AS for ABAP and AB ...)
+ TODO: check
CVE-2023-23857
RESERVED
-CVE-2023-23856
- RESERVED
-CVE-2023-23855
- RESERVED
-CVE-2023-23854
- RESERVED
-CVE-2023-23853
- RESERVED
-CVE-2023-23852
- RESERVED
-CVE-2023-23851
- RESERVED
+CVE-2023-23856 (In SAP BusinessObjects Business Intelligence (Web Intelligence user in ...)
+ TODO: check
+CVE-2023-23855 (SAP Solution Manager - version 720, allows an authenticated attacker t ...)
+ TODO: check
+CVE-2023-23854 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...)
+ TODO: check
+CVE-2023-23853 (An unauthenticated attacker in AP NetWeaver Application Server for ABA ...)
+ TODO: check
+CVE-2023-23852 (SAP Solution Manager (System Monitoring) - version 720, does not suffi ...)
+ TODO: check
+CVE-2023-23851 (SAP Business Planning and Consolidation - versions 200, 300, allows an ...)
+ TODO: check
CVE-2023-23850
RESERVED
CVE-2023-23849 (Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an u ...)
@@ -9955,8 +9973,8 @@ CVE-2022-48112
RESERVED
CVE-2022-48111
RESERVED
-CVE-2022-48110
- RESERVED
+CVE-2022-48110 (CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scrip ...)
+ TODO: check
CVE-2022-48109
RESERVED
CVE-2022-48108 (D-Link DIR_878_FW1.30B08 was discovered to contain a command injection ...)
@@ -10360,12 +10378,12 @@ CVE-2023-22419
RESERVED
CVE-2023-22377
RESERVED
-CVE-2023-22376
- RESERVED
-CVE-2023-22375
- RESERVED
-CVE-2023-22370
- RESERVED
+CVE-2023-22376 (** UNSUPPORTED WHEN ASSIGNED ** Reflected cross-site scripting vulnera ...)
+ TODO: check
+CVE-2023-22375 (** UNSUPPORTED WHEN ASSIGNED ** Cross-site request forgery (CSRF) vuln ...)
+ TODO: check
+CVE-2023-22370 (** UNSUPPORTED WHEN ASSIGNED ** Stored cross-site scripting vulnerabil ...)
+ TODO: check
CVE-2023-22369
REJECTED
CVE-2023-22368
@@ -10971,10 +10989,10 @@ CVE-2022-43444
RESERVED
CVE-2022-42702
RESERVED
-CVE-2023-0025
- RESERVED
-CVE-2023-0024
- RESERVED
+CVE-2023-0025 (SAP Solution Manager (BSP Application) - version 720, allows an authen ...)
+ TODO: check
+CVE-2023-0024 (SAP Solution Manager (BSP Application) - version 720, allows an authen ...)
+ TODO: check
CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when a user ...)
NOT-FOR-US: SAP
CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for OLAP al ...)
@@ -11194,10 +11212,10 @@ CVE-2023-22334 (Use of password hash instead of password for authentication vuln
NOT-FOR-US: CONPROSYS
CVE-2023-22331 (Use of default credentials vulnerability in CONPROSYS HMI System (CHS) ...)
NOT-FOR-US: CONPROSYS
-CVE-2023-0020
- RESERVED
-CVE-2023-0019
- RESERVED
+CVE-2023-0020 (SAP BusinessObjects Business Intelligence platform - versions 420, 430 ...)
+ TODO: check
+CVE-2023-0019 (In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100 ...)
+ TODO: check
CVE-2023-0018 (Due to improper input sanitization of user-controlled input in SAP Bus ...)
NOT-FOR-US: SAP
CVE-2023-0017 (An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.5 ...)
@@ -14757,8 +14775,8 @@ CVE-2022-47036
RESERVED
CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedd ...)
NOT-FOR-US: D-Link
-CVE-2022-47034
- RESERVED
+CVE-2022-47034 (A type juggling vulnerability in the component /auth/fn.php of PlaySMS ...)
+ TODO: check
CVE-2022-47033
RESERVED
CVE-2022-47032
@@ -18101,8 +18119,8 @@ CVE-2022-45964
RESERVED
CVE-2022-45963 (h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability. ...)
NOT-FOR-US: h3c firewall
-CVE-2022-45962
- RESERVED
+CVE-2022-45962 (Open Solutions for Education, Inc openSIS Community Edition v8.0 and e ...)
+ TODO: check
CVE-2022-45961
RESERVED
CVE-2022-45960
@@ -18323,8 +18341,8 @@ CVE-2022-43662 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in
NOT-FOR-US: OpenHarmony
CVE-2022-41802 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...)
NOT-FOR-US: OpenHarmony
-CVE-2022-4138
- RESERVED
+CVE-2022-4138 (A Cross Site Request Forgery issue has been discovered in GitLab CE/EE ...)
+ TODO: check
CVE-2022-4137
RESERVED
CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a systemd-coredump d ...)
@@ -20170,8 +20188,8 @@ CVE-2022-45287
RESERVED
CVE-2022-45286
RESERVED
-CVE-2022-45285
- RESERVED
+CVE-2022-45285 (Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is ...)
+ TODO: check
CVE-2022-45284
RESERVED
CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...)
@@ -23732,8 +23750,8 @@ CVE-2022-44419
RESERVED
CVE-2022-3760
RESERVED
-CVE-2022-3759
- RESERVED
+CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ TODO: check
CVE-2022-3758
RESERVED
CVE-2022-44418
@@ -27669,8 +27687,8 @@ CVE-2022-43472
RESERVED
CVE-2022-43471
RESERVED
-CVE-2022-43469
- RESERVED
+CVE-2022-43469 (Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona ...)
+ TODO: check
CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cust ...)
NOT-FOR-US: WordPress plugin
CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist ...)
@@ -30740,8 +30758,8 @@ CVE-2022-3413 (Incorrect authorization during display of Audit Events in GitLab
- gitlab <unfixed>
CVE-2022-3412
RESERVED
-CVE-2022-3411
- RESERVED
+CVE-2022-3411 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
+ TODO: check
CVE-2022-3410
RESERVED
CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...)
@@ -95664,7 +95682,7 @@ CVE-2021-44355 (Multiple denial of service vulnerabilities exist in the cgiserve
NOT-FOR-US: Reolink
CVE-2021-44354 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...)
NOT-FOR-US: Reolink
-CVE-2021-4034 (CVE-2021-4034 polkit: Local privilege escalation in pkexec due to inco ...)
+CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...)
{DSA-5059-1 DLA-2899-1}
- policykit-1 0.105-31.1
NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/530f5f40a8b3c9703d5eef70c6a5371fb2980d71
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/530f5f40a8b3c9703d5eef70c6a5371fb2980d71
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230214/7f1be701/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list