[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 6 21:12:59 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30069f75 by security tracker role at 2023-06-06T20:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2023-3123
+ REJECTED
+CVE-2023-3121 (A vulnerability has been found in Dahua Smart Parking Management up to ...)
+ TODO: check
+CVE-2023-3120 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-3119 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, t ...)
+ TODO: check
+CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...)
+ TODO: check
+CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...)
+ TODO: check
+CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...)
+ TODO: check
+CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container ...)
+ TODO: check
+CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and container ...)
+ TODO: check
+CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and container ...)
+ TODO: check
+CVE-2023-33747 (CloudPanel v2.2.2 allows attackers to execute a path traversal.)
+ TODO: check
+CVE-2023-33684 (Weak session management in DB Elettronica Telecomunicazioni SpA SFT DA ...)
+ TODO: check
+CVE-2023-33659 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...)
+ TODO: check
+CVE-2023-33653 (Sitecore Experience Platform (XP) v9.3 was discovered to contain an au ...)
+ TODO: check
+CVE-2023-33652 (Sitecore Experience Platform (XP) v9.3 was discovered to contain an au ...)
+ TODO: check
+CVE-2023-33651 (An issue in the MVC Device Simulator of Sitecore Experience Platform ( ...)
+ TODO: check
+CVE-2023-33613 (axTLS v2.1.5 was discovered to contain a heap buffer overflow in the b ...)
+ TODO: check
+CVE-2023-33569 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...)
+ TODO: check
+CVE-2023-33533 (Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Vers ...)
+ TODO: check
+CVE-2023-33532 (There is a command injection vulnerability in the Netgear R6250 router ...)
+ TODO: check
+CVE-2023-33530 (There is a command injection vulnerability in the Tenda G103 Gigabit G ...)
+ TODO: check
+CVE-2023-33477 (In Harmonic NSG 9000-6G devices, an authenticated remote user can obta ...)
+ TODO: check
+CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse functi ...)
+ TODO: check
+CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...)
+ TODO: check
+CVE-2023-33381 (A command injection vulnerability was found in the ping functionality ...)
+ TODO: check
+CVE-2023-32683 (Synapse is a Matrix protocol homeserver written in Python with the Twi ...)
+ TODO: check
+CVE-2023-32682 (Synapse is a Matrix protocol homeserver written in Python with the Twi ...)
+ TODO: check
+CVE-2023-32551 (Landscape allowed URLs which caused open redirection.)
+ TODO: check
+CVE-2023-32550 (Landscape's server-status page exposed sensitive system information. T ...)
+ TODO: check
+CVE-2023-32549 (Landscape cryptographic keys were insecurely generated with a weak pse ...)
+ TODO: check
+CVE-2023-32545 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
+CVE-2023-32539 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
+CVE-2023-32289 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
+CVE-2023-32281 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
+CVE-2023-32203 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
+CVE-2023-31606 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...)
+ TODO: check
+CVE-2023-31569 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...)
+ TODO: check
+CVE-2023-31278 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
+CVE-2023-31244 (The affected product does not properly validate user-supplied data. If ...)
+ TODO: check
+CVE-2023-2833 (The ReviewX plugin for WordPress is vulnerable to privilege escalation ...)
+ TODO: check
+CVE-2023-2801 (Grafana is an open-source platform for monitoring and observability. ...)
+ TODO: check
+CVE-2023-29503 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
+CVE-2023-28653 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
+CVE-2023-27916 (The affected application lacks proper validation of user-supplied data ...)
+ TODO: check
CVE-2023-34417
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417
@@ -728,7 +818,7 @@ CVE-2023-2970 (A vulnerability classified as problematic was found in MindSpore
NOT-FOR-US: MindSpore
CVE-2023-2962 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester
-CVE-2023-2961 [SEGV via invalid read address]
+CVE-2023-2961 (A segmentation fault flaw was found in the Advancecomp package. This m ...)
- advancecomp 2.5-1 (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2210768
NOTE: Fixed by: https://github.com/amadvance/advancecomp/commit/cfca0f6e589cd46151d067c6723752ff17038b2a (v2.5)
@@ -2035,7 +2125,7 @@ CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the cleart
[buster] - keepass2 <no-dsa> (Minor issue)
NOTE: https://github.com/vdohney/keepass-password-dumper
NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/
-CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep thro ...)
+CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5. ...)
NOT-FOR-US: git-url-parse
CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...)
[experimental] - libvirt 9.3.0-1
@@ -2132,14 +2222,14 @@ CVE-2023-2672 (A vulnerability classified as critical has been found in SourceCo
NOT-FOR-US: SourceCodester Lost and Found Information System
CVE-2023-2671 (A vulnerability was found in SourceCodester Lost and Found Information ...)
NOT-FOR-US: SourceCodester Lost and Found Information System
-CVE-2023-2603 [LCAP-CR-23-02]
+CVE-2023-2603 (A vulnerability was found in libcap. This issue occurs in the _libcap_ ...)
- libcap2 1:2.66-4 (bug #1036114)
[bullseye] - libcap2 <no-dsa> (Minor issue)
NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe
NOTE: https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf
NOTE: https://www.openwall.com/lists/oss-security/2023/05/15/4
NOTE: Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=422bec25ae4a1ab03fd4d6f728695ed279173b18 (libcap-2.69)
-CVE-2023-2602 [LCAP-CR-23-01]
+CVE-2023-2602 (A vulnerability was found in the pthread_create() function in libcap. ...)
- libcap2 1:2.66-4 (bug #1036114)
[bullseye] - libcap2 <no-dsa> (Minor issue)
NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe
@@ -2182,7 +2272,8 @@ CVE-2023-31529 (Motorola CX2L Router 1.0.1 was discovered to contain a command i
NOT-FOR-US: Motorola
CVE-2023-31528 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...)
NOT-FOR-US: Motorola
-CVE-2023-31508 (A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allo ...)
+CVE-2023-31508
+ REJECTED
NOT-FOR-US: PrestaShop
CVE-2023-31502 (Altenergy Power Control Software C1.2.5 was discovered to contain a re ...)
NOT-FOR-US: Altenergy Power Control Software
@@ -3492,8 +3583,7 @@ CVE-2023-2255 (Improper access control in editor components of The Document Foun
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
CVE-2023-2254
RESERVED
-CVE-2023-2253
- RESERVED
+CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in distribution/distri ...)
{DSA-5414-1}
- docker-registry 2.8.2+ds1-1 (bug #1035956)
NOTE: Fixed by: https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 (v2.8.2-beta.1)
@@ -3865,8 +3955,8 @@ CVE-2023-30950
RESERVED
CVE-2023-30949
RESERVED
-CVE-2023-30948
- RESERVED
+CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...)
+ TODO: check
CVE-2023-30947
RESERVED
CVE-2023-30946
@@ -4167,8 +4257,8 @@ CVE-2023-2185
REJECTED
CVE-2023-2184
RESERVED
-CVE-2023-2183
- RESERVED
+CVE-2023-2183 (Grafana is an open-source platform for monitoring and observability. ...)
+ TODO: check
CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...)
@@ -4384,8 +4474,7 @@ CVE-2023-2159
RESERVED
CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user impersonatio ...)
NOT-FOR-US: Code Dx
-CVE-2023-2157
- RESERVED
+CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...)
- imagemagick <unfixed> (bug #1036476)
[bookworm] - imagemagick <no-dsa> (Minor issue)
[bullseye] - imagemagick <no-dsa> (Minor issue)
@@ -4475,8 +4564,7 @@ CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrom
{DSA-5393-1}
- chromium 112.0.5615.138-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2132
- RESERVED
+CVE-2023-2132 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS co ...)
NOT-FOR-US: INEA ME RTU firmware
@@ -7450,8 +7538,8 @@ CVE-2023-29634
RESERVED
CVE-2023-29633
RESERVED
-CVE-2023-29632
- RESERVED
+CVE-2023-29632 (PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_ ...)
+ TODO: check
CVE-2023-29631 (PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control v ...)
TODO: check
CVE-2023-29630 (PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection ...)
@@ -9172,8 +9260,8 @@ CVE-2023-1781
RESERVED
CVE-2023-1780
RESERVED
-CVE-2023-1779
- RESERVED
+CVE-2023-1779 (Exposure of Sensitive Information to an unauthorized actor vulnerabili ...)
+ TODO: check
CVE-2023-1778 (This vulnerability exists in GajShield Data Security Firewall firmware ...)
NOT-FOR-US: GajShield Data Security Firewall firmware
CVE-2023-1777 (Mattermost allows an attacker to request a preview of an existing mess ...)
@@ -10202,8 +10290,8 @@ CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not p
NOT-FOR-US: WordPress plugin
CVE-2023-1622
REJECTED
-CVE-2023-1621
- RESERVED
+CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
CVE-2023-1620
RESERVED
CVE-2023-1619
@@ -13719,7 +13807,7 @@ CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a fi
NOT-FOR-US: NETGEAR
CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cr ...)
NOT-FOR-US: NETGEAR
-CVE-2023-1204 (An issue has been discovered in GitLab affecting all versions starting ...)
+CVE-2023-1204 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...)
NOT-FOR-US: Devolutions
@@ -15743,8 +15831,8 @@ CVE-2023-27128
RESERVED
CVE-2023-27127
RESERVED
-CVE-2023-27126
- RESERVED
+CVE-2023-27126 (The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on fi ...)
+ TODO: check
CVE-2023-27125
RESERVED
CVE-2023-27124
@@ -17376,8 +17464,8 @@ CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCode
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-0986 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
-CVE-2023-0985
- RESERVED
+CVE-2023-0985 (An Authorization Bypass vulnerability was found in MB Connect LinesmbC ...)
+ TODO: check
CVE-2023-0984
RESERVED
CVE-2023-0983 (The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does ...)
@@ -18354,8 +18442,7 @@ CVE-2023-0923
CVE-2023-0922 (The Samba AD DC administration tool, when operating against a remote L ...)
- samba 2:4.17.7+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html
-CVE-2023-0921
- RESERVED
+CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
- gitlab <unfixed>
CVE-2022-48330
RESERVED
@@ -28600,8 +28687,8 @@ CVE-2023-22835
RESERVED
CVE-2023-22834
RESERVED
-CVE-2023-22833
- RESERVED
+CVE-2023-22833 (Palantir discovered a software bug in a recently released version of F ...)
+ TODO: check
CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19. ...)
NOT-FOR-US: Apache NiFi
CVE-2023-22831
@@ -30032,7 +30119,7 @@ CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress pl
NOT-FOR-US: WordPress plugin
CVE-2022-4830 (The Paid Memberships Pro WordPress plugin before 2.9.9 does not valida ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 does no ...)
+CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...)
NOT-FOR-US: WordPress plugin
@@ -38006,8 +38093,8 @@ CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubern
NOT-FOR-US: Capsule
CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...)
NOT-FOR-US: Spring boot admins
-CVE-2022-46165
- RESERVED
+CVE-2022-46165 (Syncthing is an open source, continuous file synchronization program. ...)
+ TODO: check
CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain ...)
NOT-FOR-US: NodeBB
CVE-2022-46163 (Travel support program is a rails app to support the travel support pr ...)
@@ -45309,66 +45396,66 @@ CVE-2023-20754
RESERVED
CVE-2023-20753
RESERVED
-CVE-2023-20752
- RESERVED
-CVE-2023-20751
- RESERVED
-CVE-2023-20750
- RESERVED
-CVE-2023-20749
- RESERVED
+CVE-2023-20752 (In keymange, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2023-20751 (In keymange, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2023-20750 (In swpm, there is a possible out of bounds write due to a race conditi ...)
+ TODO: check
+CVE-2023-20749 (In swpm, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
CVE-2023-20748
RESERVED
-CVE-2023-20747
- RESERVED
-CVE-2023-20746
- RESERVED
-CVE-2023-20745
- RESERVED
-CVE-2023-20744
- RESERVED
-CVE-2023-20743
- RESERVED
-CVE-2023-20742
- RESERVED
-CVE-2023-20741
- RESERVED
-CVE-2023-20740
- RESERVED
-CVE-2023-20739
- RESERVED
-CVE-2023-20738
- RESERVED
-CVE-2023-20737
- RESERVED
-CVE-2023-20736
- RESERVED
-CVE-2023-20735
- RESERVED
-CVE-2023-20734
- RESERVED
-CVE-2023-20733
- RESERVED
-CVE-2023-20732
- RESERVED
-CVE-2023-20731
- RESERVED
-CVE-2023-20730
- RESERVED
-CVE-2023-20729
- RESERVED
-CVE-2023-20728
- RESERVED
+CVE-2023-20747 (In vcu, there is a possible memory corruption due to type confusion. T ...)
+ TODO: check
+CVE-2023-20746 (In vcu, there is a possible out of bounds write due to improper lockin ...)
+ TODO: check
+CVE-2023-20745 (In vcu, there is a possible out of bounds write due to improper lockin ...)
+ TODO: check
+CVE-2023-20744 (In vcu, there is a possible use after free due to a logic error. This ...)
+ TODO: check
+CVE-2023-20743 (In vcu, there is a possible out of bounds write due to improper lockin ...)
+ TODO: check
+CVE-2023-20742 (In ril, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2023-20741 (In ril, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2023-20740 (In vcu, there is a possible memory corruption due to a logic error. Th ...)
+ TODO: check
+CVE-2023-20739 (In vcu, there is a possible memory corruption due to a logic error. Th ...)
+ TODO: check
+CVE-2023-20738 (In vcu, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20737 (In vcu, there is a possible use after free due to improper locking. Th ...)
+ TODO: check
+CVE-2023-20736 (In vcu, there is a possible out of bounds write due to a race conditio ...)
+ TODO: check
+CVE-2023-20735 (In vcu, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20734 (In vcu, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-20733 (In vcu, there is a possible use after free due to improper locking. Th ...)
+ TODO: check
+CVE-2023-20732 (In wlan, there is a possible out of bounds read due to a missing bound ...)
+ TODO: check
+CVE-2023-20731 (In wlan, there is a possible out of bounds read due to a missing bound ...)
+ TODO: check
+CVE-2023-20730 (In wlan, there is a possible out of bounds read due to a missing bound ...)
+ TODO: check
+CVE-2023-20729 (In wlan, there is a possible out of bounds read due to a missing bound ...)
+ TODO: check
+CVE-2023-20728 (In wlan, there is a possible out of bounds read due to a missing bound ...)
+ TODO: check
CVE-2023-20727 (In wlan, there is a possible out of bounds read due to a missing bound ...)
TODO: check
CVE-2023-20726 (In mnld, there is a possible leak of GPS location due to a missing per ...)
NOT-FOR-US: Mediatek
-CVE-2023-20725
- RESERVED
-CVE-2023-20724
- RESERVED
-CVE-2023-20723
- RESERVED
+CVE-2023-20725 (In preloader, there is a possible out of bounds write due to a missing ...)
+ TODO: check
+CVE-2023-20724 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-20723 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
CVE-2023-20722 (In m4u, there is a possible out of bounds write due to improper input ...)
NOT-FOR-US: Mediatek
CVE-2023-20721 (In isp, there is a possible out of bounds write due to improper input ...)
@@ -45381,16 +45468,16 @@ CVE-2023-20718 (In vcu, there is a possible out of bounds write due to a missing
NOT-FOR-US: Mediatek
CVE-2023-20717 (In vcu, there is a possible leak of dma buffer due to a race condition ...)
NOT-FOR-US: Mediatek
-CVE-2023-20716
- RESERVED
-CVE-2023-20715
- RESERVED
+CVE-2023-20716 (In wlan, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
+CVE-2023-20715 (In wlan, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
CVE-2023-20714
RESERVED
CVE-2023-20713
RESERVED
-CVE-2023-20712
- RESERVED
+CVE-2023-20712 (In wlan, there is a possible out of bounds write due to a missing boun ...)
+ TODO: check
CVE-2023-20711 (In keyinstall, there is a possible out of bounds read due to a missing ...)
NOT-FOR-US: Mediatek
CVE-2023-20710 (In keyinstall, there is a possible out of bounds read due to a missing ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30069f75a31afe280b497eed2aacaae7d3dc117b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30069f75a31afe280b497eed2aacaae7d3dc117b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230606/02502811/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list