[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 9 08:10:41 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0edc4ba by security tracker role at 2023-03-09T08:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-27984
+ RESERVED
+CVE-2023-27983
+ RESERVED
+CVE-2023-27982
+ RESERVED
+CVE-2023-27981
+ RESERVED
+CVE-2023-27980
+ RESERVED
+CVE-2023-27979
+ RESERVED
+CVE-2023-27978
+ RESERVED
+CVE-2023-27977
+ RESERVED
+CVE-2023-27976
+ RESERVED
+CVE-2023-27975
+ RESERVED
+CVE-2023-27974 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wh ...)
+ TODO: check
+CVE-2023-27973
+ RESERVED
+CVE-2023-27972
+ RESERVED
+CVE-2023-27971
+ RESERVED
+CVE-2023-1284
+ RESERVED
+CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.0. ...)
+ TODO: check
+CVE-2023-1282
+ RESERVED
+CVE-2023-1281
+ RESERVED
+CVE-2023-1280
+ RESERVED
+CVE-2023-1279
+ RESERVED
+CVE-2023-1278 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-1277 (A vulnerability, which was classified as critical, was found in kylin- ...)
+ TODO: check
+CVE-2018-25081 (** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill wi ...)
+ TODO: check
+CVE-2017-20182
+ RESERVED
+CVE-2014-125093
+ RESERVED
+CVE-2013-10020
+ RESERVED
CVE-2023-27970
RESERVED
CVE-2023-27969
@@ -104,14 +156,14 @@ CVE-2023-1268
RESERVED
CVE-2023-1267 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Ulkem Company PtteM Kart
-CVE-2023-27986 [emacsclient-mail.desktop Emacs Lisp code injection]
+CVE-2023-27986 (emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to E ...)
- emacs <unfixed> (bug #1032538)
[bullseye] - emacs <not-affected> (Vulnerable code not present, introduced in 28.1)
[buster] - emacs <not-affected> (Vulnerable code not present, introduced in 28.1)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/08/2
NOTE: Introduced by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c (emacs-28.0.90)
NOTE: Fixed by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc
-CVE-2023-27985 [emacsclient-mail.desktop shell command injection]
+CVE-2023-27985 (emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to s ...)
- emacs <unfixed> (bug #1032538)
[bullseye] - emacs <not-affected> (Vulnerable code not present, introduced in 28.1)
[buster] - emacs <not-affected> (Vulnerable code not present, introduced in 28.1)
@@ -1408,8 +1460,8 @@ CVE-2023-27488
RESERVED
CVE-2023-27487
RESERVED
-CVE-2023-27486
- RESERVED
+CVE-2023-27486 (xCAT is a toolkit for deployment and administration of computer cluste ...)
+ TODO: check
CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...)
NOT-FOR-US: thmmniii/fbs-core
CVE-2023-27484
@@ -1430,8 +1482,8 @@ CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and
[buster] - libmemcached <not-affected> (Vulnerable code introduced later)
NOTE: Introduced with: https://github.com/awesomized/libmemcached/commit/d7a0084bf99d618d1dc26a54fd413db7ae8b8e63 (1.1.0-beta1)
NOTE: Fixed by: https://github.com/awesomized/libmemcached/commit/48dcc61a4919f6f3d5ee164630a843f2d8b8ade9 (1.1.4)
-CVE-2023-27477
- RESERVED
+CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code ...)
+ TODO: check
CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...)
[experimental] - owslib 0.28.1-1~exp1
- owslib <unfixed>
@@ -2705,8 +2757,8 @@ CVE-2023-26958
RESERVED
CVE-2023-26957
RESERVED
-CVE-2023-26956
- RESERVED
+CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...)
+ TODO: check
CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
@@ -2721,8 +2773,8 @@ CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site
TODO: check
CVE-2023-26949 (An arbitrary file upload vulnerability in the component /admin1/config ...)
NOT-FOR-US: onekeyadmin
-CVE-2023-26948
- RESERVED
+CVE-2023-26948 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...)
+ TODO: check
CVE-2023-26947
RESERVED
CVE-2023-26946
@@ -3790,8 +3842,8 @@ CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When
NOT-FOR-US: RSSHub
CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...)
NOT-FOR-US: mailcow
-CVE-2023-26489
- RESERVED
+CVE-2023-26489 (wasmtime is a fast and secure runtime for WebAssembly. In affected ver ...)
+ TODO: check
CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin
CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...)
@@ -4803,10 +4855,10 @@ CVE-2023-26112
RESERVED
CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...)
NOT-FOR-US: @nubosoftware/node-static
-CVE-2023-26110
- RESERVED
-CVE-2023-26109
- RESERVED
+CVE-2023-26110 (All versions of the package node-bluetooth are vulnerable to Buffer Ov ...)
+ TODO: check
+CVE-2023-26109 (All versions of the package node-bluetooth-serial-port are vulnerable ...)
+ TODO: check
CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...)
NOT-FOR-US: @nestjs/core
CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...)
@@ -8718,8 +8770,8 @@ CVE-2023-24784
RESERVED
CVE-2023-24783
RESERVED
-CVE-2023-24782
- RESERVED
+CVE-2023-24782 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
NOT-FOR-US: Funadmin
CVE-2023-24780 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
@@ -8728,8 +8780,8 @@ CVE-2023-24779
RESERVED
CVE-2023-24778
RESERVED
-CVE-2023-24777
- RESERVED
+CVE-2023-24777 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...)
NOT-FOR-US: Funadmin
CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...)
@@ -9454,10 +9506,9 @@ CVE-2023-24535
RESERVED
CVE-2023-24534
RESERVED
-CVE-2023-24533
- RESERVED
-CVE-2023-24532
- RESERVED
+CVE-2023-24533 (Multiplication of certain unreduced P-256 scalars produce incorrect re ...)
+ TODO: check
+CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...)
- golang-1.20 1.20.2-1
[experimental] - golang-1.19 1.19.7-1
- golang-1.19 <unfixed>
@@ -10182,8 +10233,8 @@ CVE-2023-24284
RESERVED
CVE-2023-24283
RESERVED
-CVE-2023-24282
- RESERVED
+CVE-2023-24282 (An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 al ...)
+ TODO: check
CVE-2023-24281
RESERVED
CVE-2023-24280
@@ -11548,8 +11599,8 @@ CVE-2023-23762
RESERVED
CVE-2023-23761
RESERVED
-CVE-2023-23760
- RESERVED
+CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ TODO: check
CVE-2023-23759
RESERVED
CVE-2023-23758
@@ -14151,14 +14202,14 @@ CVE-2023-22894
RESERVED
CVE-2023-22893
RESERVED
-CVE-2023-22892
- RESERVED
-CVE-2023-22891
- RESERVED
-CVE-2023-22890
- RESERVED
-CVE-2023-22889
- RESERVED
+CVE-2023-22892 (There exists an information disclosure vulnerability in SmartBear Zeph ...)
+ TODO: check
+CVE-2023-22891 (There exists a privilege escalation vulnerability in SmartBear Zephyr ...)
+ TODO: check
+CVE-2023-22890 (SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated user ...)
+ TODO: check
+CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined inp ...)
+ TODO: check
CVE-2023-22888
RESERVED
CVE-2023-22887
@@ -15581,8 +15632,7 @@ CVE-2022-48200
RESERVED
CVE-2023-22551 (The FTP (aka "Implementation of a simple FTP client and server") proje ...)
NOT-FOR-US: rovinbhandari FTP
-CVE-2023-0030
- RESERVED
+CVE-2023-0030 (A use-after-free flaw was found in the Linux kernel’s nouveau dr ...)
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1)
CVE-2023-0029 (A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411 ...)
@@ -22195,8 +22245,8 @@ CVE-2022-4317
RESERVED
CVE-2022-4316
RESERVED
-CVE-2022-4315
- RESERVED
+CVE-2022-4315 (An issue has been discovered in GitLab DAST analyzer affecting all ver ...)
+ TODO: check
CVE-2022-4314 (Improper Privilege Management in GitHub repository ikus060/rdiffweb pr ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-4313
@@ -22866,8 +22916,8 @@ CVE-2022-46396
RESERVED
CVE-2022-46395 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
NOT-FOR-US: Arm Mali
-CVE-2022-46394
- RESERVED
+CVE-2022-46394 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
+ TODO: check
CVE-2022-46393 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...)
- mbedtls 2.28.2-1
[bullseye] - mbedtls <not-affected> (The vulnerable code was introduced later)
@@ -25781,8 +25831,8 @@ CVE-2022-4009
RESERVED
CVE-2022-4008
RESERVED
-CVE-2022-4007
- RESERVED
+CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...)
+ TODO: check
CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WBCE CMS
CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not sanitize a ...)
@@ -49183,8 +49233,8 @@ CVE-2022-37941
RESERVED
CVE-2022-37940
RESERVED
-CVE-2022-37939
- RESERVED
+CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...)
+ TODO: check
CVE-2022-37938 (Unauthenticated server side request forgery in HPE Serviceguard Manage ...)
NOT-FOR-US: HPE
CVE-2022-37937 (Pre-auth memory corruption in HPE Serviceguard ...)
@@ -132985,8 +133035,8 @@ CVE-2021-33641 (When processing files, malloc stores the data of the current lin
CVE-2021-33640 (After tar_close(), libtar.c releases the memory pointed to by pointer ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2143012
TODO: check details, possibly Huawei OpenEuler OS specific as the related CVEs
-CVE-2021-33639
- RESERVED
+CVE-2021-33639 (REMAP cmd of SVM driver can be used to remap read only memory as read- ...)
+ TODO: check
CVE-2021-33638
RESERVED
CVE-2021-33637
@@ -133764,12 +133814,12 @@ CVE-2021-33355
RESERVED
CVE-2021-33354 (Directory Traversal vulnerability in htmly before 2.8.1 allows remote ...)
NOT-FOR-US: htmly
-CVE-2021-33353
- RESERVED
-CVE-2021-33352
- RESERVED
-CVE-2021-33351
- RESERVED
+CVE-2021-33353 (Directory Traversal vulnerability in Wyomind Help Desk Magento 2 exten ...)
+ TODO: check
+CVE-2021-33352 (An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before f ...)
+ TODO: check
+CVE-2021-33351 (Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 exte ...)
+ TODO: check
CVE-2021-33350
RESERVED
CVE-2021-33349
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0edc4ba9565715526c1925d768824d3d30f0afe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0edc4ba9565715526c1925d768824d3d30f0afe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230309/cac351bf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list