[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 27 21:14:53 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0d3a2aeb by security tracker role at 2023-07-27T20:14:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-3982 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
+ TODO: check
+CVE-2023-3981 (Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s ...)
+ TODO: check
+CVE-2023-3980 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
+ TODO: check
+CVE-2023-3975 (OS Command Injection in GitHub repository jgraph/drawio prior to 21.5. ...)
+ TODO: check
+CVE-2023-3974 (OS Command Injection in GitHub repository jgraph/drawio prior to 21.4. ...)
+ TODO: check
+CVE-2023-3973 (Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/dra ...)
+ TODO: check
+CVE-2023-3970 (A vulnerability, which was classified as problematic, was found in GZ ...)
+ TODO: check
+CVE-2023-3969 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-38512 (Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream \ ...)
+ TODO: check
+CVE-2023-38510 (Tolgee is an open-source localization platform. Starting in version 3. ...)
+ TODO: check
+CVE-2023-38509 (XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki ...)
+ TODO: check
+CVE-2023-38505 (DietPi-Dashboard is a web dashboard for the operating system DietPi. T ...)
+ TODO: check
+CVE-2023-38504 (Sails is a realtime MVC Framework for Node.js. In Sails apps prior to ...)
+ TODO: check
+CVE-2023-38495 (Crossplane is a framework for building cloud native control planes wit ...)
+ TODO: check
+CVE-2023-38492 (Kirby is a content management system. A vulnerability in versions prio ...)
+ TODO: check
+CVE-2023-38491 (Kirby is a content management system. A vulnerability in versions prio ...)
+ TODO: check
+CVE-2023-38490 (Kirby is a content management system. A vulnerability in versions prio ...)
+ TODO: check
+CVE-2023-38489 (Kirby is a content management system. A vulnerability in versions prio ...)
+ TODO: check
+CVE-2023-38488 (Kirby is a content management system. A vulnerability in versions prio ...)
+ TODO: check
+CVE-2023-37993 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De ...)
+ TODO: check
+CVE-2023-37981 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube A ...)
+ TODO: check
+CVE-2023-37980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grav ...)
+ TODO: check
+CVE-2023-37979 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday ...)
+ TODO: check
+CVE-2023-37977 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnel ...)
+ TODO: check
+CVE-2023-37976 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Fo ...)
+ TODO: check
+CVE-2023-37975 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTh ...)
+ TODO: check
+CVE-2023-37970 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-37900 (Crossplane is a framework for building cloud native control planes wit ...)
+ TODO: check
+CVE-2023-37894 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTh ...)
+ TODO: check
+CVE-2023-36942 (A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire R ...)
+ TODO: check
+CVE-2023-36941 (A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire R ...)
+ TODO: check
CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable to unau ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unauthorized ...)
@@ -3676,7 +3738,7 @@ CVE-2023-3389 (A use-after-free vulnerability in the Linux Kernel io_uring subsy
NOTE: https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8
NOTE: https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan ne ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)
CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the /admin fun ...)
@@ -4528,6 +4590,7 @@ CVE-2023-34340 (Improper Authentication vulnerability in Apache Software Foundat
CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees System ...)
NOT-FOR-US: SourceCodester Online School Fees System
CVE-2023-3338 (A null pointer dereference flaw was found in the Linux kernel's DECnet ...)
+ {DLA-3508-1}
- linux 6.1.4-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/24/3
NOTE: https://git.kernel.org/linus/1202cdd665315c525b5237e96e0bedc76d7e754f (6.1-rc1)
@@ -4796,6 +4859,7 @@ CVE-2023-31239 (Stack-based buffer overflow vulnerability in V-Server v4.0.15.0
CVE-2023-30759 (The driver installation package created by Printer Driver Packager NX ...)
NOT-FOR-US: Ricoh
CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/2b947f8769be8b8181dc795fd292d3e7120f5204 (6.4-rc1)
@@ -4814,11 +4878,13 @@ CVE-2023-35826 (An issue was discovered in the Linux kernel before 6.3.2. A use-
CVE-2023-35825
REJECTED
CVE-2023-35824 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/5abda7a16698d4d1f47af1168d8fa2c640116b4a (6.4-rc1)
NOTE: Only "exploitable" by removing the module which needs root privileges
CVE-2023-35823 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/30cf57da176cca80f11df0d9b7f71581fe601389 (6.4-rc1)
@@ -4869,7 +4935,7 @@ CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/reac
CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...)
NOT-FOR-US: salesagility/suitecrm-core
CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
NOTE: https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
@@ -4935,7 +5001,7 @@ CVE-2023-3269 (A vulnerability exists in the memory management subsystem of the
NOTE: https://github.com/lrh2000/StackRot
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/1
CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the Linux kerne ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6 ...)
@@ -5616,6 +5682,7 @@ CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Managem
CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...)
NOT-FOR-US: SourceCodester Performance Indicator System
CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1)
@@ -6303,6 +6370,7 @@ CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all versions
CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.10.8+ds1-2
CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate in fs/ ...)
+ {DLA-3508-1}
- linux 5.19.6-1
NOTE: https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2)
CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admid ...)
@@ -6764,6 +6832,7 @@ CVE-2023-34258 (An issue was discovered in BMC Patrol before 22.1.00. The agent'
CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The agent's con ...)
NOT-FOR-US: BMC Patrol
CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3. There is an ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31 (6.4-rc2)
@@ -8990,7 +9059,7 @@ CVE-2023-32269 (An issue was discovered in the Linux kernel before 6.1.11. In ne
CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary files wi ...)
NOT-FOR-US: Ghost CMS
CVE-2023-32233 (In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_ta ...)
- {DSA-5402-1 DLA-3446-1}
+ {DSA-5402-1 DLA-3508-1 DLA-3446-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/4
NOTE: https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab (6.4-rc1)
@@ -9766,7 +9835,7 @@ CVE-2023-24476 (An attacker with local access to the machine could record the tr
CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts ...)
NOT-FOR-US: Netskope
CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view all sto ...)
@@ -9905,7 +9974,7 @@ CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux k
NOTE: https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/
NOTE: Negligible security impact
CVE-2023-31084 (An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in th ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux ...)
@@ -11784,6 +11853,7 @@ CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-441/
NOTE: https://git.kernel.org/linus/05b252cccb2e5c3f56119d25de684b4f810ba40a (5.19-rc4)
CVE-2023-2007 (The specific flaw exists within the DPT I2O Controller driver. The iss ...)
+ {DLA-3508-1}
- linux 6.0.2-1
NOTE: https://git.kernel.org/linus/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 (6.0-rc1)
CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network protoco ...)
@@ -11799,6 +11869,7 @@ CVE-2023-2004
CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the build 5 of ...)
NOT-FOR-US: Vision120
CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due to a m ...)
+ {DLA-3508-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3
NOTE: Fixed by: https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18
@@ -12291,7 +12362,7 @@ CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.)
NOT-FOR-US: Tenda
CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWe ...)
NOT-FOR-US: Tenda
-CVE-2023-30367 (mRemoteNG configuration files can be stored in an encrypted state on d ...)
+CVE-2023-30367 (Multi-Remote Next Generation Connection Manager (mRemoteNG) is free so ...)
NOT-FOR-US: mRemoteNG
CVE-2023-30366
RESERVED
@@ -13391,7 +13462,7 @@ CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored cross-s
CVE-2023-29846
RESERVED
CVE-2023-29845
- RESERVED
+ REJECTED
CVE-2023-29844
RESERVED
CVE-2023-29843
@@ -19032,6 +19103,7 @@ CVE-2023-28159 (The fullscreen notification could have been hidden on Firefox fo
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159
CVE-2023-1380 (A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in d ...)
+ {DLA-3508-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1
NOTE: https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u
@@ -52427,7 +52499,7 @@ CVE-2023-20595
CVE-2023-20594
RESERVED
CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ...)
- {DSA-5459-1}
+ {DSA-5459-1 DLA-3508-1}
- linux <unfixed>
- amd64-microcode 3.20230719.1 (bug #1041863)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1
@@ -88802,8 +88874,8 @@ CVE-2022-31202 (The export function in SoftGuard Web (SGW) before 5.1.5 allows d
NOT-FOR-US: SoftGuard Web
CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection.)
NOT-FOR-US: SoftGuard Web
-CVE-2022-31200
- RESERVED
+CVE-2022-31200 (Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELangu ...)
+ TODO: check
CVE-2022-31199 (Remote code execution vulnerabilities exist in the Netwrix Auditor Use ...)
NOT-FOR-US: Netwrix Auditor
CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cached c ...)
@@ -147385,8 +147457,8 @@ CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (
NOT-FOR-US: Kooboo CMS
CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possib ...)
NOT-FOR-US: Kooboo CMS
-CVE-2021-36580
- RESERVED
+CVE-2021-36580 (Open Redirect vulnerability exists in IceWarp MailServer IceWarp Serve ...)
+ TODO: check
CVE-2021-36579
RESERVED
CVE-2021-36578
@@ -214102,8 +214174,8 @@ CVE-2020-22625
RESERVED
CVE-2020-22624
RESERVED
-CVE-2020-22623
- RESERVED
+CVE-2020-22623 (Directory traversal vulnerability in Jinfornet Jreport 15.6 allows una ...)
+ TODO: check
CVE-2020-22622
RESERVED
CVE-2020-22621
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d3a2aeb02f47f3d791bcd490137f90c8229149b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d3a2aeb02f47f3d791bcd490137f90c8229149b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230727/beeee718/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list