[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 16 08:10:28 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9a4a80c by security tracker role at 2023-03-16T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,108 @@
-CVE-2023-28466 [net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()]
+CVE-2023-28488
+ RESERVED
+CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...)
+ TODO: check
+CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages. ...)
+ TODO: check
+CVE-2023-28485
+ RESERVED
+CVE-2023-28484
+ RESERVED
+CVE-2023-28483
+ RESERVED
+CVE-2023-28482
+ RESERVED
+CVE-2023-28481
+ RESERVED
+CVE-2023-28480
+ RESERVED
+CVE-2023-28479
+ RESERVED
+CVE-2023-28478
+ RESERVED
+CVE-2023-28477
+ RESERVED
+CVE-2023-28476
+ RESERVED
+CVE-2023-28475
+ RESERVED
+CVE-2023-28474
+ RESERVED
+CVE-2023-28473
+ RESERVED
+CVE-2023-28472
+ RESERVED
+CVE-2023-28471
+ RESERVED
+CVE-2023-28470
+ RESERVED
+CVE-2023-28469
+ RESERVED
+CVE-2023-28468
+ RESERVED
+CVE-2023-28467
+ RESERVED
+CVE-2023-28465
+ RESERVED
+CVE-2023-28464
+ RESERVED
+CVE-2023-28463
+ RESERVED
+CVE-2023-28462
+ RESERVED
+CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow ...)
+ TODO: check
+CVE-2023-28460 (A command injection vulnerability was discovered in Array Networks APV ...)
+ TODO: check
+CVE-2023-28459
+ RESERVED
+CVE-2023-28458
+ RESERVED
+CVE-2023-28457
+ RESERVED
+CVE-2023-28456
+ RESERVED
+CVE-2023-28455
+ RESERVED
+CVE-2023-28454
+ RESERVED
+CVE-2023-28453
+ RESERVED
+CVE-2023-28452
+ RESERVED
+CVE-2023-28451
+ RESERVED
+CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...)
+ TODO: check
+CVE-2023-1424
+ RESERVED
+CVE-2023-1423
+ RESERVED
+CVE-2023-1422
+ RESERVED
+CVE-2023-1421 (A reflected cross-site scripting vulnerability in the OAuth flow compl ...)
+ TODO: check
+CVE-2019-25135
+ RESERVED
+CVE-2019-25134
+ RESERVED
+CVE-2019-25133
+ RESERVED
+CVE-2019-25132
+ RESERVED
+CVE-2019-25131
+ RESERVED
+CVE-2019-25130
+ RESERVED
+CVE-2019-25129
+ RESERVED
+CVE-2019-25128
+ RESERVED
+CVE-2019-25127
+ RESERVED
+CVE-2019-25126
+ RESERVED
+CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6. ...)
- linux <unfixed>
[bullseye] - linux <ignored> (Minor issue; CONFIG_TLS not enabled in Debian)
[buster] - linux <ignored> (Minor issue; CONFIG_TLS not enabled in Debian)
@@ -340,10 +444,10 @@ CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is available, allows privil
NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been
NOTE: posted to kernel-hardening list, and can be mitigated with Linux 6.2, see option
NOTE: CONFIG_LEGACY_TIOCSTI.
-CVE-2023-28338
- RESERVED
-CVE-2023-28337
- RESERVED
+CVE-2023-28338 (Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web ser ...)
+ TODO: check
+CVE-2023-28337 (When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (R ...)
+ TODO: check
CVE-2023-28336
RESERVED
CVE-2023-28335
@@ -407,8 +511,8 @@ CVE-2023-1390
- linux 5.10.12-1
[buster] - linux 4.19.171-1
NOTE: https://git.kernel.org/linus/b77413446408fdd256599daf00d5be72b5f3e7c6 (5.11-rc4)
-CVE-2023-1389
- RESERVED
+CVE-2023-1389 (TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 2023 ...)
+ TODO: check
CVE-2023-1388
RESERVED
CVE-2023-1387
@@ -1147,16 +1251,16 @@ CVE-2023-28101
RESERVED
CVE-2023-28100
RESERVED
-CVE-2023-28099
- RESERVED
-CVE-2023-28098
- RESERVED
-CVE-2023-28097
- RESERVED
-CVE-2023-28096
- RESERVED
-CVE-2023-28095
- RESERVED
+CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
+CVE-2023-28098 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
+CVE-2023-28097 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
+CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol (SIP) server implementation, h ...)
+ TODO: check
+CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
CVE-2023-28094
RESERVED
CVE-2023-28093
@@ -2629,18 +2733,18 @@ CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 and
NOT-FOR-US: WordPress plugin
CVE-2006-10001 (A vulnerability, which was classified as problematic, was found in Sub ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27601
- RESERVED
-CVE-2023-27600
- RESERVED
-CVE-2023-27599
- RESERVED
-CVE-2023-27598
- RESERVED
-CVE-2023-27597
- RESERVED
-CVE-2023-27596
- RESERVED
+CVE-2023-27601 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
+CVE-2023-27600 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
+CVE-2023-27599 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
+CVE-2023-27598 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
+CVE-2023-27597 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
+CVE-2023-27596 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
+ TODO: check
CVE-2023-27595
RESERVED
CVE-2023-27594
@@ -4028,8 +4132,8 @@ CVE-2023-27097
RESERVED
CVE-2023-27096
RESERVED
-CVE-2023-27095
- RESERVED
+CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...)
+ TODO: check
CVE-2023-27094
RESERVED
CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...)
@@ -4050,8 +4154,8 @@ CVE-2023-27086
RESERVED
CVE-2023-27085
RESERVED
-CVE-2023-27084
- RESERVED
+CVE-2023-27084 (Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allo ...)
+ TODO: check
CVE-2023-27083
RESERVED
CVE-2023-27082
@@ -4316,8 +4420,8 @@ CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site
NOT-FOR-US: onekeyadmin
CVE-2023-26952 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
NOT-FOR-US: onekeyadmin
-CVE-2023-26951
- RESERVED
+CVE-2023-26951 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
+ TODO: check
CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26949 (An arbitrary file upload vulnerability in the component /admin1/config ...)
@@ -4394,8 +4498,8 @@ CVE-2023-26914
RESERVED
CVE-2023-26913
RESERVED
-CVE-2023-26912
- RESERVED
+CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commi ...)
+ TODO: check
CVE-2023-26911
RESERVED
CVE-2023-26910
@@ -4650,8 +4754,8 @@ CVE-2023-26786
RESERVED
CVE-2023-26785
RESERVED
-CVE-2023-26784
- RESERVED
+CVE-2023-26784 (SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020 ...)
+ TODO: check
CVE-2023-26783
RESERVED
CVE-2023-26782
@@ -5401,8 +5505,8 @@ CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creati
NOT-FOR-US: Vega
CVE-2023-26485
RESERVED
-CVE-2023-26484
- RESERVED
+CVE-2023-26484 (KubeVirt is a virtual machine management add-on for Kubernetes. In ver ...)
+ TODO: check
CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Provider ...)
- golang-github-russellhaering-gosaml2 <itp> (bug #948190)
CVE-2023-26482
@@ -7881,8 +7985,8 @@ CVE-2023-25682
RESERVED
CVE-2023-25681
RESERVED
-CVE-2023-25680
- RESERVED
+CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to ...)
+ TODO: check
CVE-2023-25679
RESERVED
CVE-2023-0783 (A vulnerability was found in EcShop 4.1.5. It has been classified as c ...)
@@ -8860,10 +8964,10 @@ CVE-2023-25347
RESERVED
CVE-2023-25346
RESERVED
-CVE-2023-25345
- RESERVED
-CVE-2023-25344
- RESERVED
+CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...)
+ TODO: check
+CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...)
+ TODO: check
CVE-2023-25343
RESERVED
CVE-2023-25342
@@ -8988,10 +9092,10 @@ CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allo
NOT-FOR-US: D-Link
CVE-2023-25282 (A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows atta ...)
NOT-FOR-US: D-Link
-CVE-2023-25281
- RESERVED
-CVE-2023-25280
- RESERVED
+CVE-2023-25281 (A stack overflow vulnerability exists in pingV4Msg component in D-Link ...)
+ TODO: check
+CVE-2023-25280 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...)
+ TODO: check
CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...)
NOT-FOR-US: D-Link
CVE-2023-25278
@@ -9016,8 +9120,8 @@ CVE-2023-25269
RESERVED
CVE-2023-25268
RESERVED
-CVE-2023-25267
- RESERVED
+CVE-2023-25267 (An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 1 ...)
+ TODO: check
CVE-2023-25266 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...)
NOT-FOR-US: Docmosis Tornado
CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal lead ...)
@@ -10318,8 +10422,8 @@ CVE-2023-24797
RESERVED
CVE-2023-24796
RESERVED
-CVE-2023-24795
- RESERVED
+CVE-2023-24795 (Command execution vulnerability was discovered in JHR-N916R router fir ...)
+ TODO: check
CVE-2023-24794
RESERVED
CVE-2023-24793
@@ -10388,8 +10492,8 @@ CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1
NOT-FOR-US: D-Link
CVE-2023-24761
RESERVED
-CVE-2023-24760
- RESERVED
+CVE-2023-24760 (An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalat ...)
+ TODO: check
CVE-2023-24759
RESERVED
CVE-2023-24758 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...)
@@ -11373,8 +11477,8 @@ CVE-2023-24470
RESERVED
CVE-2023-24469
RESERVED
-CVE-2023-24468
- RESERVED
+CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...)
+ TODO: check
CVE-2023-24467
RESERVED
CVE-2023-24466
@@ -14960,8 +15064,8 @@ CVE-2023-23152
RESERVED
CVE-2023-23151 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deleti ...)
NOT-FOR-US: bloofoxCMS
-CVE-2023-23150
- RESERVED
+CVE-2023-23150 (SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to ...)
+ TODO: check
CVE-2023-23149
RESERVED
CVE-2023-23148
@@ -17030,8 +17134,8 @@ CVE-2023-22593
RESERVED
CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 cou ...)
NOT-FOR-US: IBM
-CVE-2023-22591
- RESERVED
+CVE-2023-22591 (IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 throug ...)
+ TODO: check
CVE-2023-22590
RESERVED
CVE-2023-22589
@@ -23450,8 +23554,8 @@ CVE-2022-46775
RESERVED
CVE-2022-46774 (IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application S ...)
NOT-FOR-US: IBM
-CVE-2022-46773
- RESERVED
+CVE-2022-46773 (IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerabl ...)
+ TODO: check
CVE-2022-46772
RESERVED
CVE-2022-46771 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7 ...)
@@ -23838,8 +23942,8 @@ CVE-2022-4315 (An issue has been discovered in GitLab DAST analyzer affecting al
NOT-FOR-US: Gitlab DAST analyzer
CVE-2022-4314 (Improper Privilege Management in GitHub repository ikus060/rdiffweb pr ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-4313
- RESERVED
+CVE-2022-4313 (A vulnerability was reported where through modifying the scan variable ...)
+ TODO: check
CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists in P ...)
NOT-FOR-US: PcVue
CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...)
@@ -26909,9 +27013,9 @@ CVE-2022-45591
RESERVED
CVE-2022-45590
RESERVED
-CVE-2022-45589 (SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT th ...)
+CVE-2022-45589 (All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Tal ...)
NOT-FOR-US: Talend
-CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 ...)
+CVE-2022-45588 (All versions before R2022-09 of Talend's Remote Engine Gen 2 are poten ...)
NOT-FOR-US: Talend
CVE-2022-45587 (Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpd ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
@@ -27420,8 +27524,8 @@ CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, wh
NOT-FOR-US: TP-Link
CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4009
- RESERVED
+CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a user to in ...)
+ TODO: check
CVE-2022-4008
RESERVED
CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...)
@@ -72183,11 +72287,13 @@ CVE-2022-30260 (Emerson DeltaV Distributed Control System (DCS) has insufficient
CVE-2022-1588
REJECTED
CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
+ {DLA-3363-1}
- pcre2 10.40-1 (bug #1011954)
[bullseye] - pcre2 10.36-2+deb11u1
[stretch] - pcre2 <no-dsa> (Minor issue)
NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40)
CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...)
+ {DLA-3363-1}
- pcre2 10.40-1 (bug #1011954)
[bullseye] - pcre2 10.36-2+deb11u1
[stretch] - pcre2 <no-dsa> (Minor issue)
@@ -182838,8 +182944,8 @@ CVE-2020-27509 (Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to
NOT-FOR-US: Galaxkey
CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...)
NOT-FOR-US: Frappe Framework
-CVE-2020-27507
- RESERVED
+CVE-2020-27507 (The Kamailio SIP before 5.5.0 server mishandles INVITE requests with d ...)
+ TODO: check
CVE-2020-27506
RESERVED
CVE-2020-27505
@@ -228584,6 +228690,7 @@ CVE-2020-8995 (Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe
CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK before ...)
NOT-FOR-US: Heartland & Global Payments PHP SDK
CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...)
+ {DLA-3363-1}
- pcre2 10.34-1
[stretch] - pcre2 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=2421
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9a4a80c6d00893e688d6bc416e73e0aac628a7a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9a4a80c6d00893e688d6bc416e73e0aac628a7a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230316/fa3c7037/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list