[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 2 08:10:31 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8441e826 by security tracker role at 2023-03-02T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2023-27520
+ RESERVED
+CVE-2023-27511
+ RESERVED
+CVE-2023-27509
+ RESERVED
+CVE-2023-27508
+ RESERVED
+CVE-2023-27506
+ RESERVED
+CVE-2023-27505
+ RESERVED
+CVE-2023-27501
+ RESERVED
+CVE-2023-27500
+ RESERVED
+CVE-2023-27499
+ RESERVED
+CVE-2023-27498
+ RESERVED
+CVE-2023-27497
+ RESERVED
+CVE-2023-27393
+ RESERVED
+CVE-2023-27386
+ RESERVED
+CVE-2023-27298
+ RESERVED
+CVE-2023-25772
+ RESERVED
+CVE-2023-24460
+ RESERVED
+CVE-2023-23572
+ RESERVED
+CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical Records ...)
+ TODO: check
+CVE-2023-1150
+ RESERVED
+CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...)
+ TODO: check
+CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
+ TODO: check
+CVE-2023-1147 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
+ TODO: check
+CVE-2023-1146 (Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblo ...)
+ TODO: check
+CVE-2023-1145
+ RESERVED
+CVE-2023-1144
+ RESERVED
+CVE-2023-1143
+ RESERVED
+CVE-2023-1142
+ RESERVED
+CVE-2023-1141
+ RESERVED
+CVE-2023-1140
+ RESERVED
+CVE-2023-1139
+ RESERVED
+CVE-2023-1138
+ RESERVED
+CVE-2023-1137
+ RESERVED
+CVE-2023-1136
+ RESERVED
+CVE-2023-1135
+ RESERVED
+CVE-2023-1134
+ RESERVED
+CVE-2023-1133
+ RESERVED
+CVE-2023-1132
+ RESERVED
+CVE-2023-1131 (A vulnerability has been found in SourceCodester Computer Parts Sales ...)
+ TODO: check
+CVE-2023-1130 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
CVE-2023-27496
RESERVED
CVE-2023-27495
@@ -319,10 +397,10 @@ CVE-2023-1109
RESERVED
CVE-2023-1108
RESERVED
-CVE-2023-1107
- RESERVED
-CVE-2023-1106
- RESERVED
+CVE-2023-1107 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
+ TODO: check
+CVE-2023-1106 (Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressb ...)
+ TODO: check
CVE-2023-1105 (External Control of File Name or Path in GitHub repository flatpressbl ...)
NOT-FOR-US: flatpressblog
CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...)
@@ -476,8 +554,8 @@ CVE-2023-22847
RESERVED
CVE-2023-1098
RESERVED
-CVE-2023-1097
- RESERVED
+CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vu ...)
+ TODO: check
CVE-2023-1096
RESERVED
CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error, nft ...)
@@ -3601,8 +3679,8 @@ CVE-2023-26055
RESERVED
CVE-2023-26054
RESERVED
-CVE-2023-26053
- RESERVED
+CVE-2023-26053 (Gradle is a build tool with a focus on build automation and support fo ...)
+ TODO: check
CVE-2023-26052
RESERVED
CVE-2023-26051
@@ -3615,8 +3693,8 @@ CVE-2023-26048
RESERVED
CVE-2023-26047
RESERVED
-CVE-2023-26046
- RESERVED
+CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
+ TODO: check
CVE-2023-26045
RESERVED
CVE-2023-26044
@@ -4247,8 +4325,8 @@ CVE-2023-25808
RESERVED
CVE-2023-25807 (DataEase is an open source data visualization and analysis tool. When ...)
NOT-FOR-US: DataEase
-CVE-2023-25806
- RESERVED
+CVE-2023-25806 (OpenSearch Security is a plugin for OpenSearch that offers encryption, ...)
+ TODO: check
CVE-2023-25805 (versionn, software for changing version information across multiple fi ...)
NOT-FOR-US: Node versionn
CVE-2023-25804
@@ -5161,7 +5239,7 @@ CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/a
NOT-FOR-US: Answer
CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...)
NOT-FOR-US: Answer
-CVE-2023-0739 (Race Condition in Switch in GitHub repository answerdev/answer prior t ...)
+CVE-2023-0739 (Concurrent Execution using Shared Resource with Improper Synchronizati ...)
NOT-FOR-US: Answer
CVE-2023-0738
RESERVED
@@ -6164,7 +6242,7 @@ CVE-2023-25191 (AMI MegaRAC SPX devices allow Password Disclosure through Redfis
NOT-FOR-US: AMI
CVE-2023-25190
RESERVED
-CVE-2023-0678 (Improper Authorization in GitHub repository phpipam/phpipam prior to v ...)
+CVE-2023-0678 (Missing Authorization in GitHub repository phpipam/phpipam prior to v1 ...)
- phpipam <itp> (bug #731713)
CVE-2023-0677 (Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/ph ...)
- phpipam <itp> (bug #731713)
@@ -6271,8 +6349,8 @@ CVE-2023-25157 (GeoServer is an open source software server written in Java that
NOT-FOR-US: Geoserver
CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...)
NOT-FOR-US: Kiwi TCMS
-CVE-2023-25155
- RESERVED
+CVE-2023-25155 (Redis is an in-memory database that persists on disk. Authenticated us ...)
+ TODO: check
CVE-2023-25154 (Misskey is an open source, decentralized social media platform. In ver ...)
NOT-FOR-US: Misskey
CVE-2023-25153 (containerd is an open source container runtime. Before versions 1.6.18 ...)
@@ -7741,7 +7819,7 @@ CVE-2023-24598
RESERVED
CVE-2023-24597
RESERVED
-CVE-2023-0566 (Static Code Injection in GitHub repository froxlor/froxlor prior to 2. ...)
+CVE-2023-0566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- froxlor <itp> (bug #581792)
CVE-2023-0565 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...)
- froxlor <itp> (bug #581792)
@@ -8165,7 +8243,7 @@ CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure File.
CVE-2023-0480
RESERVED
CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values in the ...)
- {DLA-3347-1}
+ {DSA-5367-1 DLA-3347-1}
- spip 4.1.8+dfsg-1
NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html
NOTE: https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266 (v3.2.18)
@@ -8519,7 +8597,7 @@ CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not valida
NOT-FOR-US: WordPress plugin
CVE-2023-0441
RESERVED
-CVE-2023-0440 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+CVE-2023-0440 (Observable Discrepancy in GitHub repository healthchecks/healthchecks ...)
NOT-FOR-US: healthchecks
CVE-2023-0439
RESERVED
@@ -9019,42 +9097,42 @@ CVE-2023-24136
RESERVED
CVE-2023-24135
RESERVED
-CVE-2023-24134
- RESERVED
-CVE-2023-24133
- RESERVED
-CVE-2023-24132
- RESERVED
-CVE-2023-24131
- RESERVED
-CVE-2023-24130
- RESERVED
-CVE-2023-24129
- RESERVED
-CVE-2023-24128
- RESERVED
-CVE-2023-24127
- RESERVED
-CVE-2023-24126
- RESERVED
-CVE-2023-24125
- RESERVED
-CVE-2023-24124
- RESERVED
-CVE-2023-24123
- RESERVED
-CVE-2023-24122
- RESERVED
-CVE-2023-24121
- RESERVED
-CVE-2023-24120
- RESERVED
-CVE-2023-24119
- RESERVED
-CVE-2023-24118
- RESERVED
-CVE-2023-24117
- RESERVED
+CVE-2023-24134 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24133 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24132 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24131 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24130 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24129 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24128 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24127 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24126 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24125 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24124 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24123 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24122 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24121 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24120 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24119 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24118 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
+CVE-2023-24117 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...)
+ TODO: check
CVE-2023-24116
RESERVED
CVE-2023-24115
@@ -10768,7 +10846,7 @@ CVE-2014-125077 (A vulnerability, which was classified as critical, has been fou
NOT-FOR-US: pointhi searx_stats
CVE-2023-23590 (Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers ...)
NOT-FOR-US: Mercedes-Benz
-CVE-2023-0298 (Improper Authorization in GitHub repository firefly-iii/firefly-iii pr ...)
+CVE-2023-0298 (Incorrect Authorization in GitHub repository firefly-iii/firefly-iii p ...)
NOT-FOR-US: firefly-iii
CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev ...)
- pyload <itp> (bug #1001980)
@@ -11453,8 +11531,8 @@ CVE-2023-23349
RESERVED
CVE-2023-0229 (A flaw was found in github.com/openshift/apiserver-library-go, used in ...)
NOT-FOR-US: OpenShift
-CVE-2023-0228
- RESERVED
+CVE-2023-0228 (Improper Authentication vulnerability in ABB Symphony Plus S+ Operatio ...)
+ TODO: check
CVE-2023-0227 (Insufficient Session Expiration in GitHub repository pyload/pyload pri ...)
- pyload <itp> (bug #1001980)
CVE-2023-0226
@@ -12239,16 +12317,16 @@ CVE-2023-23008
RESERVED
CVE-2023-23007 (An issue was discovered in ESPCMS P8.21120101 after logging in to the ...)
NOT-FOR-US: ESPCMS
-CVE-2023-23006
- RESERVED
-CVE-2023-23005
- RESERVED
-CVE-2023-23004
- RESERVED
-CVE-2023-23003
- RESERVED
-CVE-2023-23002
- RESERVED
+CVE-2023-23006 (In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5 ...)
+ TODO: check
+CVE-2023-23005 (In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the al ...)
+ TODO: check
+CVE-2023-23004 (In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c m ...)
+ TODO: check
+CVE-2023-23003 (In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check ...)
+ TODO: check
+CVE-2023-23002 (In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinte ...)
+ TODO: check
CVE-2023-23001 (In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c mis ...)
- linux 5.16.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -12464,8 +12542,8 @@ CVE-2023-0198
RESERVED
CVE-2023-0197
RESERVED
-CVE-2023-0196
- RESERVED
+CVE-2023-0196 (NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local use ...)
+ TODO: check
CVE-2023-0195
RESERVED
CVE-2023-0194
@@ -13341,8 +13419,8 @@ CVE-2023-22740 (Discourse is an open source platform for community discussion. V
NOT-FOR-US: Discourse
CVE-2023-22739 (Discourse is an open source platform for community discussion. Version ...)
NOT-FOR-US: Discourse
-CVE-2023-22738
- RESERVED
+CVE-2023-22738 (vantage6 is a privacy preserving federated learning infrastructure for ...)
+ TODO: check
CVE-2023-22737 (wire-server provides back end services for Wire, a team communication ...)
NOT-FOR-US: wire-server
CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
@@ -13838,8 +13916,8 @@ CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.114
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
NOTE: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731 (v9.0.1145)
-CVE-2023-0053
- RESERVED
+CVE-2023-0053 (SAUTER Controls Nova 200–220 Series with firmware version 3.3-00 ...)
+ TODO: check
CVE-2023-0052 (SAUTER Controls Nova 200–220 Series with firmware version 3.3-00 ...)
NOT-FOR-US: SAUTER
CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
@@ -14517,8 +14595,8 @@ CVE-2023-22465 (Http4s is a Scala interface for HTTP services. Starting with ver
NOT-FOR-US: http4s
CVE-2023-22463 (KubePi is a k8s panel. The jwt authentication function of KubePi throu ...)
NOT-FOR-US: KubePi
-CVE-2023-22462
- RESERVED
+CVE-2023-22462 (Grafana is an open-source platform for monitoring and observability. O ...)
+ TODO: check
CVE-2023-22461 (The `sanitize-svg` package, a small SVG sanitizer to prevent cross-sit ...)
NOT-FOR-US: sanitize-svg
CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary Linked Data ( ...)
@@ -14954,9 +15032,9 @@ CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior
NOT-FOR-US: usememos
CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository usemem ...)
NOT-FOR-US: usememos
-CVE-2022-4812 (Comparison of Object References Instead of Object Contents in GitHub r ...)
+CVE-2022-4812 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: usememos
-CVE-2022-4811 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
+CVE-2022-4811 (Incorrect Authorization in GitHub repository usememos/memos prior to 0 ...)
NOT-FOR-US: usememos
CVE-2022-4810 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
NOT-FOR-US: usememos
@@ -14966,15 +15044,15 @@ CVE-2022-4808 (Improper Privilege Management in GitHub repository usememos/memos
NOT-FOR-US: usememos
CVE-2022-4807 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
NOT-FOR-US: usememos
-CVE-2022-4806 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+CVE-2022-4806 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: usememos
CVE-2022-4805 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...)
NOT-FOR-US: usememos
CVE-2022-4804 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
NOT-FOR-US: usememos
-CVE-2022-4803 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...)
+CVE-2022-4803 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: usememos
-CVE-2022-4802 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
+CVE-2022-4802 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: usememos
CVE-2022-4801 (Insufficient Granularity of Access Control in GitHub repository usemem ...)
NOT-FOR-US: usememos
@@ -14982,7 +15060,7 @@ CVE-2022-4800 (Improper Verification of Source of a Communication Channel in Git
NOT-FOR-US: usememos
CVE-2022-47990 (IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged loca ...)
NOT-FOR-US: IBM
-CVE-2022-4799 (Improper Authentication in GitHub repository usememos/memos prior to 0 ...)
+CVE-2022-4799 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: usememos
CVE-2022-47989
RESERVED
@@ -15004,7 +15082,7 @@ CVE-2022-47981
RESERVED
CVE-2022-47980
RESERVED
-CVE-2022-4798 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...)
+CVE-2022-4798 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: usememos
CVE-2022-47979
RESERVED
@@ -38549,8 +38627,7 @@ CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to
NOTE: Crash in CLI tool, no security impact
CVE-2022-3295 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3294
- RESERVED
+CVE-2022-3294 (Users may have access to secure endpoints in the control plane network ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
@@ -41411,8 +41488,7 @@ CVE-2022-40177 (A vulnerability has been identified in Desigo PXM30-1 (All versi
NOT-FOR-US: Siemens
CVE-2022-40176 (A vulnerability has been identified in Desigo PXM30-1 (All versions &l ...)
NOT-FOR-US: Siemens
-CVE-2022-3162
- RESERVED
+CVE-2022-3162 (Users authorized to list or watch one type of namespaced custom resour ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
@@ -235972,8 +236048,8 @@ CVE-2020-5028
RESERVED
CVE-2020-5027
RESERVED
-CVE-2020-5026
- RESERVED
+CVE-2020-5026 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
+ TODO: check
CVE-2020-5025 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2020-5024 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
@@ -236022,8 +236098,8 @@ CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML E
NOT-FOR-US: IBM
CVE-2020-5002
RESERVED
-CVE-2020-5001
- RESERVED
+CVE-2020-5001 (IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a re ...)
+ TODO: check
CVE-2020-5000 (IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to ...)
NOT-FOR-US: IBM
CVE-2020-4999
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8441e826d2cb95e48913370f3328e4236b2a9b0b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8441e826d2cb95e48913370f3328e4236b2a9b0b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230302/d0120be0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list