[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 16 21:12:37 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a9210ea3 by security tracker role at 2023-06-16T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,61 @@
+CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-sto ...)
+ TODO: check
+CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...)
+ TODO: check
+CVE-2023-35784 (A double free or use after free could occur after SSL_clear in OpenBSD ...)
+ TODO: check
+CVE-2023-35783 (The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x throu ...)
+ TODO: check
+CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL ...)
+ TODO: check
+CVE-2023-34832 (TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer ...)
+ TODO: check
+CVE-2023-34795 (xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitial ...)
+ TODO: check
+CVE-2023-34733 (A lack of exception handling in the Volkswagen Discover Media Infotain ...)
+ TODO: check
+CVE-2023-34660 (jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg ...)
+ TODO: check
+CVE-2023-34659 (jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id p ...)
+ TODO: check
+CVE-2023-34645 (jfinal CMS 5.1.0 has an arbitrary file read vulnerability.)
+ TODO: check
+CVE-2023-34548 (Simple Customer Relationship Management 1.0 is vulnerable to SQL Injec ...)
+ TODO: check
+CVE-2023-33307 (A null pointer dereference in Fortinet FortiOS before 7.2.5 and before ...)
+ TODO: check
+CVE-2023-33306 (A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7 ...)
+ TODO: check
+CVE-2023-2918
+ REJECTED
+CVE-2023-2831 (Mattermost fails to unescape Markdown strings in a memory-efficient wa ...)
+ TODO: check
+CVE-2023-2797 (Mattermost fails to sanitize code permalinks, allowing an attacker to ...)
+ TODO: check
+CVE-2023-2793 (Mattermost fails to validate links on external websites when construct ...)
+ TODO: check
+CVE-2023-2792 (Mattermost fails to sanitize ephemeral error messages, allowing an att ...)
+ TODO: check
+CVE-2023-2791 (When creating a playbook run via the /dialog API, Mattermost fails to ...)
+ TODO: check
+CVE-2023-2788 (Mattermost fails to check if an admin user account active after an oau ...)
+ TODO: check
+CVE-2023-2787 (Mattermost fails to check channel membership when accessing message th ...)
+ TODO: check
+CVE-2023-2786 (Mattermost fails to properly check thepermissions when executing comma ...)
+ TODO: check
+CVE-2023-2785 (Mattermost fails to properly truncate the postgres error log message o ...)
+ TODO: check
+CVE-2023-2784 (Mattermost fails to verify if the requestor is a sysadmin or not, befo ...)
+ TODO: check
+CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided in th ...)
+ TODO: check
CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...)
TODO: check
-CVE-2023-3268 [relayfs: fix out-of-bounds access in relay_file_read]
+CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the Linux kerne ...)
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
-CVE-2023-35708 (Progress MOVEit Transfer has a privilege escalation vulnerability that ...)
+CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6 ...)
NOT-FOR-US: MOVEit
CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file upload vuln ...)
NOT-FOR-US: Bludit
@@ -540,10 +592,10 @@ CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is vulner
NOT-FOR-US: Sourcecodester Service Provider Management System
CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_sen ...)
NOT-FOR-US: NanoMQ
-CVE-2023-34475 [heap use-after-free issue in ReplaceXmpValue() function in MagickCore/profile.c]
+CVE-2023-34475 (A heap use after free issue was discovered in ImageMagick's ReplaceXmp ...)
- imagemagick <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10)
-CVE-2023-34474 [heap-based buffer overflow in ReadTIM2ImageData() function in coders/tim2.c]
+CVE-2023-34474 (A heap-based buffer overflow issue was discovered in ImageMagick's Rea ...)
- imagemagick <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10)
CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...)
@@ -624,7 +676,7 @@ CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random
TODO: check
CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-3195 [stack overflow when parsing malicious tiff image]
+CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...)
- imagemagick <unfixed>
[buster] - imagemagick <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1
@@ -2210,7 +2262,7 @@ CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source Apache
CVE-2023-32311 (CloudExplorer Lite is an open source cloud management platform. In Clo ...)
NOT-FOR-US: CloudExplorer Lite
CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...)
- {DLA-3441-1}
+ {DSA-5431-1 DLA-3441-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-6 (bug #1036847)
NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c
NOTE: https://github.com/freeswitch/sofia-sip/pull/214
@@ -5720,16 +5772,16 @@ CVE-2022-48475
RESERVED
CVE-2022-48474
RESERVED
-CVE-2022-48473
- RESERVED
-CVE-2022-48472
- RESERVED
-CVE-2022-48471
- RESERVED
+CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei Printer. ...)
+ TODO: check
+CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. Success ...)
+ TODO: check
+CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei Printer. ...)
+ TODO: check
CVE-2022-48470
RESERVED
-CVE-2022-48469
- RESERVED
+CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. Successf ...)
+ TODO: check
CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...)
NOT-FOR-US: I Recommend This Plugin
CVE-2023-30794
@@ -6239,8 +6291,8 @@ CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software med
NOT-FOR-US: jellyfin-web
CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with 10.8. ...)
- jellyfin <itp> (bug #994189)
-CVE-2023-30625
- RESERVED
+CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer Data Pla ...)
+ TODO: check
CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6. ...)
NOT-FOR-US: wasmtime
CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, ...)
@@ -6999,8 +7051,8 @@ CVE-2023-30455 (An issue was discovered in ebankIT before 7. A Denial-of-Service
NOT-FOR-US: ebankIT
CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object Model bas ...)
NOT-FOR-US: ebankIT
-CVE-2023-30453
- RESERVED
+CVE-2023-30453 (The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent ...)
+ TODO: check
CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluen ...)
NOT-FOR-US: MoroSystems EasyMind
CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGurukul Ba ...)
@@ -7493,10 +7545,10 @@ CVE-2023-30225
RESERVED
CVE-2023-30224
RESERVED
-CVE-2023-30223
- RESERVED
-CVE-2023-30222
- RESERVED
+CVE-2023-30223 (A broken authentication vulnerability in 4D SAS 4D Server software v17 ...)
+ TODO: check
+CVE-2023-30222 (An information disclosure vulnerability in 4D SAS 4D Server Applicatio ...)
+ TODO: check
CVE-2023-30221
RESERVED
CVE-2023-30220
@@ -16273,8 +16325,8 @@ CVE-2023-27422
RESERVED
CVE-2023-27421
RESERVED
-CVE-2023-27420
- RESERVED
+CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
+ TODO: check
CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...)
NOT-FOR-US: WordPress theme
CVE-2023-27418
@@ -18454,16 +18506,16 @@ CVE-2023-26543
RESERVED
CVE-2023-26542
RESERVED
-CVE-2023-26541
- RESERVED
+CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
+ TODO: check
CVE-2023-26540
RESERVED
CVE-2023-26539
RESERVED
CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26537
- RESERVED
+CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nico ...)
+ TODO: check
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26535
@@ -18482,8 +18534,8 @@ CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26527
- RESERVED
+CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIn ...)
+ TODO: check
CVE-2023-26526
RESERVED
CVE-2023-26525
@@ -18506,8 +18558,8 @@ CVE-2023-26517 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26516
RESERVED
-CVE-2023-26515
- RESERVED
+CVE-2023-26515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko T ...)
+ TODO: check
CVE-2023-26514
RESERVED
CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...)
@@ -19723,8 +19775,8 @@ CVE-2023-0922 (The Samba AD DC administration tool, when operating against a rem
NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html
CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-48330
- RESERVED
+CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write vulnerability. A ...)
+ TODO: check
CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...)
NOT-FOR-US: Progress Flowmon Packet Investigator
CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...)
@@ -20034,8 +20086,8 @@ CVE-2023-26015
RESERVED
CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HT ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26013
- RESERVED
+CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denz ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More ...)
@@ -20112,8 +20164,8 @@ CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Int
NOT-FOR-US: WordPress plugin
CVE-2023-25975
RESERVED
-CVE-2023-25974
- RESERVED
+CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psic ...)
+ TODO: check
CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...)
@@ -20134,8 +20186,8 @@ CVE-2023-25965
RESERVED
CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25963
- RESERVED
+CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...)
+ TODO: check
CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Th ...)
@@ -21290,8 +21342,8 @@ CVE-2023-25647
RESERVED
CVE-2023-25646
RESERVED
-CVE-2023-25645
- RESERVED
+CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...)
+ TODO: check
CVE-2023-25644
RESERVED
CVE-2023-25643
@@ -22126,8 +22178,8 @@ CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to In
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...)
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
-CVE-2023-25366
- RESERVED
+CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...)
+ TODO: check
CVE-2023-25365
RESERVED
CVE-2023-25364
@@ -22573,14 +22625,14 @@ CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSc
NOT-FOR-US: Mamoto extension for MediaWiki
CVE-2023-25189
RESERVED
-CVE-2023-25188
- RESERVED
-CVE-2023-25187
- RESERVED
-CVE-2023-25186
- RESERVED
-CVE-2023-25185
- RESERVED
+CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
+ TODO: check
+CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
+ TODO: check
+CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
+ TODO: check
+CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
+ TODO: check
CVE-2023-25074
RESERVED
CVE-2023-24590
@@ -25430,8 +25482,8 @@ CVE-2023-24245
RESERVED
CVE-2023-24244
RESERVED
-CVE-2023-24243
- RESERVED
+CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a Server-Side R ...)
+ TODO: check
CVE-2023-24242
RESERVED
CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...)
@@ -34438,11 +34490,13 @@ CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analy
CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). Supp ...)
NOT-FOR-US: Oracle
CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34472,6 +34526,7 @@ CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34505,16 +34560,19 @@ CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analy
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34532,6 +34590,7 @@ CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Service
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -44969,8 +45028,8 @@ CVE-2023-20887 (Aria Operations for Networks contains a command injection vulner
NOT-FOR-US: VMware
CVE-2023-20886
RESERVED
-CVE-2023-20885
- RESERVED
+CVE-2023-20885 (Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume ...)
+ TODO: check
CVE-2023-20884 (VMware Workspace ONE Access and VMware Identity Manager contain an ins ...)
NOT-FOR-US: VMware
CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9210ea344484f0c8644709dfe48d6410ea87c9f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9210ea344484f0c8644709dfe48d6410ea87c9f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230616/d9cdfc28/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list