[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 2 20:10:48 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
082a3e98 by security tracker role at 2023-03-02T20:10:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2023-27539
+ RESERVED
+CVE-2023-27538
+ RESERVED
+CVE-2023-27537
+ RESERVED
+CVE-2023-27536
+ RESERVED
+CVE-2023-27535
+ RESERVED
+CVE-2023-27534
+ RESERVED
+CVE-2023-27533
+ RESERVED
+CVE-2023-27532
+ RESERVED
+CVE-2023-27531
+ RESERVED
+CVE-2023-27530
+ RESERVED
+CVE-2023-27526
+ RESERVED
+CVE-2023-27525
+ RESERVED
+CVE-2023-27524
+ RESERVED
+CVE-2023-27523
+ RESERVED
+CVE-2023-27522
+ RESERVED
+CVE-2023-23567
+ RESERVED
+CVE-2023-1155 (The Cost Calculator plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-1154
+ RESERVED
+CVE-2023-1153
+ RESERVED
+CVE-2023-1152
+ RESERVED
CVE-2023-27520
RESERVED
CVE-2023-27511
@@ -319,8 +359,7 @@ CVE-2023-1120
RESERVED
CVE-2023-1119
RESERVED
-CVE-2023-1118
- RESERVED
+CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/29b0589a865b6f66d141d79b2dd1373e4e50fe17
NOTE: https://www.openwall.com/lists/oss-security/2023/03/02/1
@@ -330,7 +369,7 @@ CVE-2023-1116 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2023-1115 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2023-1114 (Improper Input Validation vulnerability in Eskom Bilgisayar e-Belediye ...)
+CVE-2023-1114 (Improper Input Validation, Missing Authorization vulnerability in Esko ...)
NOT-FOR-US: Eskom Bilgisayar e-Belediye
CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System 1.0. ...)
NOT-FOR-US: SourceCodester Simple Payroll System
@@ -1737,8 +1776,8 @@ CVE-2023-26782
RESERVED
CVE-2023-26781
RESERVED
-CVE-2023-26780
- RESERVED
+CVE-2023-26780 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. ...)
+ TODO: check
CVE-2023-26779
RESERVED
CVE-2023-26778
@@ -2476,16 +2515,16 @@ CVE-2023-26482
RESERVED
CVE-2023-26481
RESERVED
-CVE-2023-26480
- RESERVED
-CVE-2023-26479
- RESERVED
-CVE-2023-26478
- RESERVED
-CVE-2023-26477
- RESERVED
-CVE-2023-26476
- RESERVED
+CVE-2023-26480 (XWiki Platform is a generic wiki platform. Starting in version 12.10, ...)
+ TODO: check
+CVE-2023-26479 (XWiki Platform is a generic wiki platform. Starting in version 6.0, us ...)
+ TODO: check
+CVE-2023-26478 (XWiki Platform is a generic wiki platform. Starting in version 14.3-rc ...)
+ TODO: check
+CVE-2023-26477 (XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc ...)
+ TODO: check
+CVE-2023-26476 (XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, ...)
+ TODO: check
CVE-2023-26475
RESERVED
CVE-2023-26474
@@ -5376,8 +5415,8 @@ CVE-2023-25538
RESERVED
CVE-2023-25537
RESERVED
-CVE-2023-25536
- RESERVED
+CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive informati ...)
+ TODO: check
CVE-2023-25535
RESERVED
CVE-2023-22660
@@ -5841,18 +5880,18 @@ CVE-2023-25365
RESERVED
CVE-2023-25364
RESERVED
-CVE-2023-25363
- RESERVED
-CVE-2023-25362
- RESERVED
-CVE-2023-25361
- RESERVED
-CVE-2023-25360
- RESERVED
+CVE-2023-25363 (A use-after-free vulnerability in WebCore::RenderLayer::updateDescenda ...)
+ TODO: check
+CVE-2023-25362 (A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSe ...)
+ TODO: check
+CVE-2023-25361 (A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling ...)
+ TODO: check
+CVE-2023-25360 (A use-after-free vulnerability in WebCore::RenderLayer::renderer in We ...)
+ TODO: check
CVE-2023-25359
RESERVED
-CVE-2023-25358
- RESERVED
+CVE-2023-25358 (A use-after-free vulnerability in WebCore::RenderLayer::addChild in We ...)
+ TODO: check
CVE-2023-25357
RESERVED
CVE-2023-25356
@@ -12326,7 +12365,7 @@ CVE-2023-23007 (An issue was discovered in ESPCMS P8.21120101 after logging in t
CVE-2023-23006 (In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5 ...)
- linux 5.15.15-1
NOTE: https://git.kernel.org/linus/6b8b42585886c59a008015083282aae434349094 (5.16-rc8)
-CVE-2023-23005 (In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the al ...)
+CVE-2023-23005 (** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misin ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerble code not present)
@@ -13730,8 +13769,8 @@ CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to Sto
NOT-FOR-US: Swifty Page Manager plugin for WordPress
CVE-2023-0086 (The JetWidgets for Elementor plugin for WordPress is vulnerable to Cro ...)
NOT-FOR-US: JetWidgets for Elementor plugin for WordPress
-CVE-2023-0085
- RESERVED
+CVE-2023-0085 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...)
+ TODO: check
CVE-2023-0084
RESERVED
CVE-2023-0083
@@ -45332,8 +45371,8 @@ CVE-2022-38736
REJECTED
CVE-2022-38735
REJECTED
-CVE-2022-38734
- RESERVED
+CVE-2022-38734 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 ...)
+ TODO: check
CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an ...)
NOT-FOR-US: NetApp
CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...)
@@ -96206,12 +96245,12 @@ CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. Ther
NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
CVE-2021-4167
RESERVED
-CVE-2021-45479
- RESERVED
-CVE-2021-45478
- RESERVED
-CVE-2021-45477
- RESERVED
+CVE-2021-45479 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
+ TODO: check
+CVE-2021-45478 (Improper Handling of Parameters vulnerability in Bordam Information Te ...)
+ TODO: check
+CVE-2021-45477 (Improper Handling of Parameters vulnerability in Bordam Information Te ...)
+ TODO: check
CVE-2021-45476 (Yordam Library Information Document Automation product before version ...)
NOT-FOR-US: Yordam Library Information Document Automation
CVE-2021-45475 (Yordam Library Information Document Automation product before version ...)
@@ -109140,7 +109179,7 @@ CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugin
- anjuta <unfixed> (unimportant)
NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12
NOTE: Memory leak in GUI application, no security impact
-CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK, and it lies ...)
+CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK before 9.2.5, ...)
- vtk9 <unfixed> (bug #1031877)
[bullseye] - vtk9 <no-dsa> (Minor issue)
- vtk7 <unfixed>
@@ -110765,8 +110804,8 @@ CVE-2021-3856 (ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows
NOT-FOR-US: Keycloak
CVE-2021-3855 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
NOT-FOR-US: Liman MYS
-CVE-2021-3854
- RESERVED
+CVE-2021-3854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist]
- rust-nix 0.19.0-2 (bug #995562)
[bullseye] - rust-nix <no-dsa> (Minor issue)
@@ -132618,7 +132657,7 @@ CVE-2021-33228
RESERVED
CVE-2021-33227
RESERVED
-CVE-2021-33226 (Buffer Overflow vulnerability in Saltstack v.3003 and before allows at ...)
+CVE-2021-33226 (** DISPUTED ** Buffer Overflow vulnerability in Saltstack v.3003 and b ...)
TODO: check
CVE-2021-33225
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/082a3e9813d0121c4aec3a7ccd17c17e7cdd1dd2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/082a3e9813d0121c4aec3a7ccd17c17e7cdd1dd2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230302/55c2d7f8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list