[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 21 21:19:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
753f197d by security tracker role at 2023-06-21T20:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,25 @@
-CVE-2023-2911 [Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0]
+CVE-2023-3351
+ REJECTED
+CVE-2023-3110 (Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier ...)
+ TODO: check
+CVE-2023-34981 (A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1 ...)
+ TODO: check
+CVE-2023-33725 (Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovere ...)
+ TODO: check
+CVE-2023-33591 (User Registration & Login and User Management System v1.0 was discover ...)
+ TODO: check
+CVE-2023-33584 (Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Inj ...)
+ TODO: check
+CVE-2023-33289 (The urlnorm crate through 0.1.4 for Rust allows Regular Expression Den ...)
+ TODO: check
+CVE-2023-2829 (A `named` instance configured to run as a DNSSEC-validating recursive ...)
+ TODO: check
+CVE-2023-2911 (If the `recursive-clients` quota is reached on a BIND 9 resolver confi ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2023-2911
NOTE: https://downloads.isc.org/isc/bind9/9.18.16/patches/0003-CVE-2023-2911.patch
NOTE: https://downloads.isc.org/isc/bind9/9.16.42/patches/0003-CVE-2023-2911.patch
-CVE-2023-2828 [named's configured cache size limit can be significantly exceeded]
+CVE-2023-2828 (Every `named` instance configured to run as a recursive resolver maint ...)
- bind9 <unfixed>
NOTE: https://kb.isc.org/docs/cve-2023-2828
NOTE: https://downloads.isc.org/isc/bind9/9.18.16/patches/0001-CVE-2023-2828.patch
@@ -486,6 +502,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic]
CVE-2023-3193 (Cross-site scripting (XSS) vulnerability in the Layout module's SEO co ...)
NOT-FOR-US: Liferay
CVE-2023-3138 [Buffer overflows in InitExt.c in libX11]
+ {DSA-5433-1}
- libx11 2:1.8.6-1 (bug #1038133)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/15/2
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
@@ -1920,6 +1937,7 @@ CVE-2023-33670 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack ove
CVE-2023-33669 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...)
NOT-FOR-US: Tenda
CVE-2023-33476 (ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable t ...)
+ {DSA-5434-1 DLA-3465-1}
- minidlna 1.3.2+dfsg-1.1 (bug #1037052)
NOTE: https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
NOTE: Fixed by: https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/ (v1_3_3)
@@ -16702,8 +16720,8 @@ CVE-2023-27452
RESERVED
CVE-2023-27451
RESERVED
-CVE-2023-27450
- RESERVED
+CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of ...)
+ TODO: check
CVE-2023-27449
RESERVED
CVE-2023-27448
@@ -16716,16 +16734,16 @@ CVE-2023-27445
RESERVED
CVE-2023-27444
RESERVED
-CVE-2023-27443
- RESERVED
+CVE-2023-27443 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-27442
RESERVED
CVE-2023-27441
RESERVED
CVE-2023-27440
RESERVED
-CVE-2023-27439
- RESERVED
+CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_S ...)
+ TODO: check
CVE-2023-27438
RESERVED
CVE-2023-27437
@@ -16738,14 +16756,14 @@ CVE-2023-27434
RESERVED
CVE-2023-27433
RESERVED
-CVE-2023-27432
- RESERVED
+CVE-2023-27432 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimple ...)
+ TODO: check
CVE-2023-27431
RESERVED
CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27429
- RESERVED
+CVE-2023-27429 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Auto ...)
+ TODO: check
CVE-2023-27428
RESERVED
CVE-2023-27427
@@ -16774,8 +16792,8 @@ CVE-2023-27416
RESERVED
CVE-2023-27415
RESERVED
-CVE-2023-27414
- RESERVED
+CVE-2023-27414 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Bo ...)
+ TODO: check
CVE-2023-27413
RESERVED
CVE-2023-27412
@@ -17363,8 +17381,8 @@ CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management Pr
NOT-FOR-US: File Management Project
CVE-2023-27244
RESERVED
-CVE-2023-27243
- RESERVED
+CVE-2023-27243 (An access control issue in Makves DCAP v3.0.0.122 allows unauthenticat ...)
+ TODO: check
CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to contain a ...)
NOT-FOR-US: SourceCodester Loan Management System
CVE-2023-27241 (SourceCodester Water Billing System v1.0 was discovered to contain a c ...)
@@ -19572,14 +19590,14 @@ CVE-2023-0974
RESERVED
CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...)
NOT-FOR-US: STEPTools ifcmesh library
-CVE-2023-0972
- RESERVED
-CVE-2023-0971
- RESERVED
-CVE-2023-0970
- RESERVED
-CVE-2023-0969
- RESERVED
+CVE-2023-0972 (Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlie ...)
+ TODO: check
+CVE-2023-0971 (A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows au ...)
+ TODO: check
+CVE-2023-0970 (Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK ve ...)
+ TODO: check
+CVE-2023-0969 (A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an a ...)
+ TODO: check
CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Si ...)
NOT-FOR-US: Watu Quiz plugin for WordPress
CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with normal user ...)
@@ -22488,8 +22506,8 @@ CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1
NOT-FOR-US: vTech
CVE-2023-25436
RESERVED
-CVE-2023-25435
- RESERVED
+CVE-2023-25435 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...)
+ TODO: check
CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...)
TODO: check
CVE-2023-25433
@@ -32760,8 +32778,8 @@ CVE-2023-22314
RESERVED
CVE-2023-22277
RESERVED
-CVE-2023-0026
- RESERVED
+CVE-2023-0026 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...)
+ TODO: check
CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected and stor ...)
NOT-FOR-US: Heimdall Application Dashboard
CVE-2022-47967 (A vulnerability has been identified in Solid Edge (All versions < V202 ...)
@@ -42510,8 +42528,8 @@ CVE-2022-45289
RESERVED
CVE-2022-45288
RESERVED
-CVE-2022-45287
- RESERVED
+CVE-2022-45287 (An access control issue in Registration.aspx of Temenos CWX 8.5.6 allo ...)
+ TODO: check
CVE-2022-45286
RESERVED
CVE-2022-45285 (Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is ...)
@@ -54895,8 +54913,8 @@ CVE-2022-3373 (Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91
{DSA-5245-1}
- chromium 106.0.5249.91-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2022-3372
- RESERVED
+CVE-2022-3372 (There is a CSRF vulnerability on Netman-204 version 02.05. An attacker ...)
+ TODO: check
CVE-2022-3371 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3370 (Use after free in Custom Elements in Google Chrome prior to 106.0.5249 ...)
@@ -96290,7 +96308,7 @@ CVE-2022-27142
RESERVED
CVE-2022-27141
RESERVED
-CVE-2022-27140 (An arbitrary file upload vulnerability in the file upload module of Ex ...)
+CVE-2022-27140 (An arbitrary file upload vulnerability in the file upload module of ex ...)
NOT-FOR-US: Express FileUpload
CVE-2022-27139 (An arbitrary file upload vulnerability in the file upload module of Gh ...)
NOT-FOR-US: Ghost CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753f197d3e32b9f6fec517a951a10acf94f366cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753f197d3e32b9f6fec517a951a10acf94f366cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230621/2b09b04a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list