[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 12 21:12:22 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b14987f1 by security tracker role at 2023-06-12T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...)
+ TODO: check
+CVE-2023-3206 (A vulnerability classified as problematic was found in Chengdu VEC40G ...)
+ TODO: check
+CVE-2023-3159 (A use after free issue was discovered in driver/firewire in outbound_p ...)
+ TODO: check
+CVE-2023-35054 (In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-ren ...)
+ TODO: check
+CVE-2023-35053 (In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible vi ...)
+ TODO: check
+CVE-2023-35042 (GeoServer 2, in some configurations, allows remote attackers to execut ...)
+ TODO: check
+CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the urlFilterList ...)
+ TODO: check
+CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...)
+ TODO: check
+CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipm ...)
+ TODO: check
+CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is vulnerable t ...)
+ TODO: check
+CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_sen ...)
+ TODO: check
+CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...)
+ TODO: check
+CVE-2023-34468 (The DBCPConnectionPool and HikariCPConnectionPool Controller Services ...)
+ TODO: check
+CVE-2023-34345 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
+ TODO: check
+CVE-2023-34344 (AMI BMC contains a vulnerability in the IPMI handler, where an unautho ...)
+ TODO: check
+CVE-2023-34343 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
+ TODO: check
+CVE-2023-34342 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...)
+ TODO: check
+CVE-2023-34341 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
+ TODO: check
+CVE-2023-34336 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...)
+ TODO: check
+CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an unauthe ...)
+ TODO: check
+CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
+ TODO: check
+CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ...)
+ TODO: check
+CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...)
+ TODO: check
+CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...)
+ TODO: check
+CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...)
+ TODO: check
+CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...)
+ TODO: check
+CVE-2023-33625 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...)
+ TODO: check
+CVE-2023-33624
+ REJECTED
+CVE-2023-33623
+ REJECTED
+CVE-2023-33622
+ REJECTED
+CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular Expressi ...)
+ TODO: check
+CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code execution. An authenti ...)
+ TODO: check
+CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...)
+ TODO: check
+CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperat ...)
+ TODO: check
+CVE-2023-2718 (The Contact Form Email WordPress plugin before 1.3.38 does not escape ...)
+ TODO: check
+CVE-2023-2568 (The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape ...)
+ TODO: check
+CVE-2023-2398 (The Icegram Engage WordPress plugin before 3.1.12 does not escape a pa ...)
+ TODO: check
+CVE-2023-2362 (The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress pl ...)
+ TODO: check
CVE-2023-35036 (In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5 ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-35035 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...)
@@ -125,7 +205,7 @@ CVE-2023-3165 (A vulnerability was found in SourceCodester Life Insurance Manage
NOT-FOR-US: SourceCodester Life Insurance Management System
CVE-2023-3163 (A vulnerability was found in y_project RuoYi up to 4.7.7. It has been ...)
NOT-FOR-US: y_project RuoYi
-CVE-2023-3161 [fbcon: Check font dimension limits]
+CVE-2023-3161 (A flaw was found in the Framebuffer Console (fbcon) in the Linux Kerne ...)
- linux 6.1.11-1
[bullseye] - linux 5.10.178-1
[buster] - linux 4.19.282-1
@@ -603,7 +683,7 @@ CVE-2023-34417
- firefox 114.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417
CVE-2023-34416
- {DSA-5423-1 DSA-5421-1 DLA-3448-1}
+ {DSA-5423-1 DSA-5421-1 DLA-3452-1 DLA-3448-1}
- firefox 114.0-1
- firefox-esr 102.12.0esr-1
- thunderbird 1:102.12.0-1
@@ -614,7 +694,7 @@ CVE-2023-34415
- firefox 114.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34415
CVE-2023-34414
- {DSA-5423-1 DSA-5421-1 DLA-3448-1}
+ {DSA-5423-1 DSA-5421-1 DLA-3452-1 DLA-3448-1}
- firefox 114.0-1
- firefox-esr 102.12.0esr-1
- thunderbird 1:102.12.0-1
@@ -3029,6 +3109,7 @@ CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimco
CVE-2023-2614 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...)
NOT-FOR-US: pimcore
CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
+ {DLA-3453-1}
- vim <unfixed> (bug #1035955)
[bookworm] - vim <no-dsa> (Minor issue)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -3677,8 +3758,8 @@ CVE-2023-31238
RESERVED
CVE-2023-31237
RESERVED
-CVE-2023-31236
- RESERVED
+CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...)
+ TODO: check
CVE-2023-31235
RESERVED
CVE-2023-31234
@@ -5309,8 +5390,8 @@ CVE-2023-30755
RESERVED
CVE-2023-30754
RESERVED
-CVE-2023-30753
- RESERVED
+CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chu ...)
+ TODO: check
CVE-2023-30752
RESERVED
CVE-2023-30751
@@ -5325,8 +5406,8 @@ CVE-2023-30747
RESERVED
CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30745
- RESERVED
+CVE-2023-30745 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan ...)
+ TODO: check
CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...)
NOT-FOR-US: SAP
CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions SAP_UI 75 ...)
@@ -6876,8 +6957,8 @@ CVE-2023-30200
RESERVED
CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access ...)
NOT-FOR-US: Prestashop
-CVE-2023-30198
- RESERVED
+CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Co ...)
+ TODO: check
CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinventory) <= ...)
NOT-FOR-US: Prestashop
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...)
@@ -8894,12 +8975,12 @@ CVE-2023-1901
RESERVED
CVE-2023-1900 (A vulnerability within the Avira network protection feature allowed an ...)
NOT-FOR-US: Norton
-CVE-2023-1899
- RESERVED
-CVE-2023-1898
- RESERVED
-CVE-2023-1897
- RESERVED
+CVE-2023-1899 (Atlas Copco Power Focus 6000 web server is not a secure connection by ...)
+ TODO: check
+CVE-2023-1898 (Atlas Copco Power Focus 6000 web server uses a small amount of session ...)
+ TODO: check
+CVE-2023-1897 (Atlas Copco Power Focus 6000 web server does not sanitize the login in ...)
+ TODO: check
CVE-2023-1896
RESERVED
CVE-2023-1895 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...)
@@ -8939,8 +9020,8 @@ CVE-2023-29387
RESERVED
CVE-2023-29386
RESERVED
-CVE-2023-29385
- RESERVED
+CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...)
+ TODO: check
CVE-2023-29384
RESERVED
CVE-2023-1893
@@ -10459,8 +10540,8 @@ CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of So
NOT-FOR-US: Sophos
CVE-2023-28934
RESERVED
-CVE-2023-28933
- RESERVED
+CVE-2023-28933 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPe ...)
+ TODO: check
CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28931
@@ -12154,8 +12235,8 @@ CVE-2023-28480
RESERVED
CVE-2023-28479
RESERVED
-CVE-2023-28478
- RESERVED
+CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Bu ...)
+ TODO: check
CVE-2023-28477 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28476 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
@@ -13703,8 +13784,8 @@ CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does n
NOT-FOR-US: WordPress plugin
CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1323
- RESERVED
+CVE-2023-1323 (The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not s ...)
+ TODO: check
CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as critical. A ...)
NOT-FOR-US: lmxcms
CVE-2023-1321 (A vulnerability has been found in lmxcms 1.41 and classified as critic ...)
@@ -15010,6 +15091,7 @@ CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow
CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...)
NOT-FOR-US: mlflow
CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...)
+ {DLA-3453-1}
- vim 2:9.0.1378-1
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
@@ -25259,8 +25341,8 @@ CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices
NOT-FOR-US: Baicells
CVE-2023-0432 (The web configuration service of the affected device contains an authe ...)
NOT-FOR-US: Delta Electronics
-CVE-2023-0431
- RESERVED
+CVE-2023-0431 (The File Away WordPress plugin through 3.9.9.0.1 does not validate and ...)
+ TODO: check
CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...)
- yii <itp> (bug #597899)
CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in ModSecurity before ...)
@@ -25817,16 +25899,16 @@ CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability inWP-TopBar<= 5.36 vers
NOT-FOR-US: WordPress plugin
CVE-2023-23823
RESERVED
-CVE-2023-23822
- RESERVED
+CVE-2023-23822 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludw ...)
+ TODO: check
CVE-2023-23821 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23820 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23819
- RESERVED
-CVE-2023-23818
- RESERVED
+CVE-2023-23819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rola ...)
+ TODO: check
+CVE-2023-23818 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Avip ...)
+ TODO: check
CVE-2023-23817 (Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebA ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23816 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sit ...)
@@ -30048,6 +30130,7 @@ CVE-2023-22604
CVE-2023-22603
REJECTED
CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.)
+ {DLA-3453-1}
- vim 2:9.0.1378-1 (bug #1031875)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
@@ -35573,8 +35656,8 @@ CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft M
NOT-FOR-US: WordPress plugin
CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic K ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47140
- RESERVED
+CVE-2022-47140 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute I ...)
+ TODO: check
CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Ba ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN ...)
@@ -39345,6 +39428,7 @@ CVE-2022-4143
CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...)
+ {DLA-3453-1}
- vim 2:9.0.1000-1 (bug #1027146)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
@@ -39542,8 +39626,8 @@ CVE-2022-45829 (Auth. Path Traversal vulnerability inEasy WP SMTP plugin <= 1.5.
NOT-FOR-US: WordPress plugin
CVE-2022-45828
RESERVED
-CVE-2022-45827
- RESERVED
+CVE-2022-45827 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gall ...)
+ TODO: check
CVE-2022-45826
RESERVED
CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes ...)
@@ -48043,10 +48127,10 @@ CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerab
NOT-FOR-US: HP
CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
NOT-FOR-US: HP
-CVE-2022-43778
- RESERVED
-CVE-2022-43777
- RESERVED
+CVE-2022-43778 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
+CVE-2022-43777 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
CVE-2022-43776 (The url parameter of the /api/geojson endpoint in Metabase versions <4 ...)
NOT-FOR-US: Metabase
CVE-2022-43775 (The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL ...)
@@ -63740,8 +63824,8 @@ CVE-2022-38158
RESERVED
CVE-2022-38157
RESERVED
-CVE-2022-38156
- RESERVED
+CVE-2022-38156 (A remote command injection issues exists in the web server of the Krat ...)
+ TODO: check
CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted applicatio ...)
NOT-FOR-US: Samsung mTower
CVE-2022-38154
@@ -68441,8 +68525,8 @@ CVE-2022-36333
RESERVED
CVE-2022-36332
RESERVED
-CVE-2022-36331
- RESERVED
+CVE-2022-36331 (Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDis ...)
+ TODO: check
CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware version val ...)
NOT-FOR-US: Western Digital
CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...)
@@ -93666,12 +93750,12 @@ CVE-2022-27543
RESERVED
CVE-2022-27542
RESERVED
-CVE-2022-27541
- RESERVED
+CVE-2022-27541 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
CVE-2022-27540
RESERVED
-CVE-2022-27539
- RESERVED
+CVE-2022-27539 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
NOT-FOR-US: HP
CVE-2022-27537 (Potential vulnerabilities have been identified in the system BIOS of c ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b14987f13af41c50ae57418482ed257e15b1889f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b14987f13af41c50ae57418482ed257e15b1889f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230612/c5676902/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list