[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 24 08:10:25 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
72b4f121 by security tracker role at 2023-03-24T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-28821
+ RESERVED
+CVE-2023-28820
+ RESERVED
+CVE-2023-28819
+ RESERVED
+CVE-2023-28818 (An issue was discovered in Veritas NetBackup IT Analytics 11 before 11 ...)
+ TODO: check
+CVE-2023-28817
+ RESERVED
+CVE-2023-28816
+ RESERVED
+CVE-2023-28815
+ RESERVED
+CVE-2023-28814
+ RESERVED
+CVE-2023-28813
+ RESERVED
+CVE-2023-28812
+ RESERVED
+CVE-2023-28811
+ RESERVED
+CVE-2023-28810
+ RESERVED
+CVE-2023-28809
+ RESERVED
+CVE-2023-28808
+ RESERVED
+CVE-2023-1615
+ RESERVED
+CVE-2023-1614
+ RESERVED
CVE-2023-28807
RESERVED
CVE-2023-28806
@@ -89,20 +121,20 @@ CVE-2023-25180
RESERVED
CVE-2023-24593
RESERVED
-CVE-2023-1613
- RESERVED
-CVE-2023-1612
- RESERVED
+CVE-2023-1613 (A vulnerability has been found in Rebuild up to 3.2.3 and classified a ...)
+ TODO: check
+CVE-2023-1612 (A vulnerability, which was classified as critical, was found in Rebuil ...)
+ TODO: check
CVE-2023-1611
RESERVED
-CVE-2023-1610
- RESERVED
-CVE-2023-1609
- RESERVED
-CVE-2023-1608
- RESERVED
-CVE-2023-1607
- RESERVED
+CVE-2023-1610 (A vulnerability, which was classified as critical, has been found in R ...)
+ TODO: check
+CVE-2023-1609 (A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has ...)
+ TODO: check
+CVE-2023-1608 (A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has ...)
+ TODO: check
+CVE-2023-1607 (A vulnerability was found in novel-plus 3.6.2. It has been classified ...)
+ TODO: check
CVE-2023-1606 (A vulnerability was found in novel-plus 3.6.2 and classified as critic ...)
TODO: check
CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.8. ...)
@@ -382,12 +414,10 @@ CVE-2023-1546
RESERVED
CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
- teampass <itp> (bug #730180)
-CVE-2023-1544 [pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()]
- RESERVED
+CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
- qemu <unfixed>
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
-CVE-2023-28686 [Insufficient message sender validation in Dino]
- RESERVED
+CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...)
- dino-im <unfixed> (bug #1033370)
NOTE: https://dino.im/security/cve-2023-28686/
NOTE: Fixed by: https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec
@@ -593,8 +623,7 @@ CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
NOT-FOR-US: pimcore
CVE-2023-1514
RESERVED
-CVE-2023-1513
- RESERVED
+CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on ...)
- linux 6.1.15-1
NOTE: https://git.kernel.org/linus/2c10b61421a28e95a46ab489fd56c0f442ff6952 (6.2)
CVE-2023-1512
@@ -657,8 +686,8 @@ CVE-2023-28613
RESERVED
CVE-2023-28612
RESERVED
-CVE-2023-28611
- RESERVED
+CVE-2023-28611 (Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and ...)
+ TODO: check
CVE-2023-28610 (The update process in OMICRON StationGuard and OMICRON StationScout be ...)
NOT-FOR-US: OMICRON
CVE-2023-28609 (api/auth.go in Ansible Semaphore before 2.8.89 mishandles authenticati ...)
@@ -1194,16 +1223,16 @@ CVE-2023-28447
RESERVED
CVE-2023-28446
RESERVED
-CVE-2023-28445
- RESERVED
+CVE-2023-28445 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
+ TODO: check
CVE-2023-28444
RESERVED
-CVE-2023-28443
- RESERVED
-CVE-2023-28442
- RESERVED
-CVE-2023-28441
- RESERVED
+CVE-2023-28443 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2023-28442 (GeoNode is an open source platform that facilitates the creation, shar ...)
+ TODO: check
+CVE-2023-28441 (smartCARS 3 is flight tracking software. In version 0.5.8 and prior, a ...)
+ TODO: check
CVE-2023-28440
RESERVED
CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...)
@@ -1212,8 +1241,8 @@ CVE-2023-28438 (Pimcore is an open source data and experience management platfor
NOT-FOR-US: Pimcore
CVE-2023-28437
RESERVED
-CVE-2023-28436
- RESERVED
+CVE-2023-28436 (Tailscale is software for using Wireguard and multi-factor authenticat ...)
+ TODO: check
CVE-2023-28435
RESERVED
CVE-2023-28434 (Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023 ...)
@@ -1549,22 +1578,21 @@ CVE-2023-28338 (Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s w
NOT-FOR-US: Netgear
CVE-2023-28337 (When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (R ...)
NOT-FOR-US: Netgear
-CVE-2023-28336
- RESERVED
-CVE-2023-28335
- RESERVED
-CVE-2023-28334
- RESERVED
-CVE-2023-28333
- RESERVED
-CVE-2023-28332
- RESERVED
-CVE-2023-28331
- RESERVED
-CVE-2023-28330
- RESERVED
-CVE-2023-28329
- RESERVED
+CVE-2023-28336 (Insufficient filtering of grade report history made it possible for te ...)
+ TODO: check
+CVE-2023-28335 (The link to reset all templates of a database activity did not include ...)
+ TODO: check
+CVE-2023-28334 (Authenticated users were able to enumerate other users' names via the ...)
+ TODO: check
+CVE-2023-28333 (The Mustache pix helper contained a potential Mustache injection risk ...)
+ TODO: check
+CVE-2023-28332 (If the algebra filter was enabled but not functional (eg the necessary ...)
+ TODO: check
+CVE-2023-28331 (Content output by the database auto-linking filter required additional ...)
+ TODO: check
+CVE-2023-28330 (Insufficient sanitizing in backup resulted in an arbitrary file read r ...)
+ TODO: check
+CVE-2023-28329 (Insufficient validation of profile field availability condition result ...)
- moodle <removed>
CVE-2023-28328
RESERVED
@@ -1584,8 +1612,8 @@ CVE-2023-1404
RESERVED
CVE-2023-1403
RESERVED
-CVE-2023-1402
- RESERVED
+CVE-2023-1402 (The course participation report required additional checks to prevent ...)
+ TODO: check
CVE-2023-1401
RESERVED
CVE-2023-1400
@@ -2711,8 +2739,7 @@ CVE-2023-1291 (A vulnerability, which was classified as critical, was found in S
NOT-FOR-US: SourceCodester Sales Tracker Management System
CVE-2023-1290 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Sales Tracker Management System
-CVE-2023-1289
- RESERVED
+CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially create ...)
- imagemagick <unfixed> (bug #1033254)
[bullseye] - imagemagick <no-dsa> (Minor issue)
[buster] - imagemagick <postponed> (Should be fixed together with some other CVEs)
@@ -3003,8 +3030,7 @@ CVE-2023-1254 (A vulnerability has been found in SourceCodester Health Center Pa
NOT-FOR-US: SourceCodester Health Center Patient Record Management System
CVE-2023-1253 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Health Center Patient Record Management System
-CVE-2023-1252
- RESERVED
+CVE-2023-1252 (A use-after-free flaw was found in the Linux kernel’s Ext4 File ...)
- linux 5.15.3-3
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -3013,8 +3039,7 @@ CVE-2023-1251 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Akinsoft Wolvox
CVE-2023-1250 (Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), ...)
TODO: check
-CVE-2023-1249 [coredump: Use the vma snapshot in fill_files_note]
- RESERVED
+CVE-2023-1249 (A use-after-free flaw was found in the Linux kernel’s core dump ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
NOTE: https://git.kernel.org/linus/390031c942116d4733310f0684beb8db19885fe6 (5.18-rc1)
@@ -5437,8 +5462,8 @@ CVE-2023-27036
RESERVED
CVE-2023-27035
RESERVED
-CVE-2023-27034
- RESERVED
+CVE-2023-27034 (PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vul ...)
+ TODO: check
CVE-2023-27033
RESERVED
CVE-2023-27032
@@ -7027,12 +7052,12 @@ CVE-2023-26363
RESERVED
CVE-2023-26362
RESERVED
-CVE-2023-26361
- RESERVED
-CVE-2023-26360
- RESERVED
-CVE-2023-26359
- RESERVED
+CVE-2023-26361 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...)
+ TODO: check
+CVE-2023-26360 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...)
+ TODO: check
+CVE-2023-26359 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...)
+ TODO: check
CVE-2023-26358 (Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted ...)
NOT-FOR-US: Adobe
CVE-2023-26357
@@ -9274,10 +9299,10 @@ CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation Pla
NOT-FOR-US: Nautobot
CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...)
NOT-FOR-US: notation-go
-CVE-2023-25655
- RESERVED
-CVE-2023-25654
- RESERVED
+CVE-2023-25655 (baserCMS is a Content Management system. Prior to version 4.7.5, any f ...)
+ TODO: check
+CVE-2023-25654 (baserCMS is a Content Management system. Prior to version 4.7.5, there ...)
+ TODO: check
CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Signing an ...)
NOT-FOR-US: Cisco node-jose (different from src:node-jose)
NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
@@ -11496,8 +11521,7 @@ CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2 filesyst
NOT-FOR-US: jefferson JFFS tool
CVE-2023-0591 (ubireader_extract_files is vulnerable to path traversal when run again ...)
NOT-FOR-US: UBI reader
-CVE-2023-0590
- RESERVED
+CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c ...)
- linux 6.0.6-1
[bullseye] - linux 5.10.158-1
NOTE: https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2)
@@ -11641,10 +11665,10 @@ CVE-2023-24790
RESERVED
CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...)
NOT-FOR-US: jeecg-boot
-CVE-2023-24788
- RESERVED
-CVE-2023-24787
- RESERVED
+CVE-2023-24788 (RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2023-24787 (RESERVED churchcrm v4.5.3 was discovered to contain a SQL injection vu ...)
+ TODO: check
CVE-2023-24786
RESERVED
CVE-2023-24785 (An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a de ...)
@@ -13096,8 +13120,8 @@ CVE-2023-24297
RESERVED
CVE-2023-24296
RESERVED
-CVE-2023-24295
- RESERVED
+CVE-2023-24295 (A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows at ...)
+ TODO: check
CVE-2023-24294
RESERVED
CVE-2023-24293
@@ -18208,8 +18232,7 @@ CVE-2023-0058
RESERVED
CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
- pyload <itp> (bug #1001980)
-CVE-2023-0056
- RESERVED
+CVE-2023-0056 (An uncontrolled resource consumption vulnerability was discovered in H ...)
{DSA-5348-1}
- haproxy 2.6.8-1
[buster] - haproxy <not-affected> (Vulnerable code introduced later)
@@ -32456,12 +32479,12 @@ CVE-2023-20863
RESERVED
CVE-2023-20862
RESERVED
-CVE-2023-20861
- RESERVED
+CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...)
+ TODO: check
CVE-2023-20860
RESERVED
-CVE-2023-20859
- RESERVED
+CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...)
+ TODO: check
CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
NOT-FOR-US: VMware
CVE-2023-20857 (VMware Workspace ONE Content contains a passcode bypass vulnerability. ...)
@@ -46091,8 +46114,7 @@ CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in v
NOTE: https://git.kernel.org/linus/4cf949c7fafe21e085a4ee386bb2dade9067316e
CVE-2022-3147 (Mattermost version 7.0.x and earlier fails to sufficiently limit the i ...)
- mattermost-server <itp> (bug #823556)
-CVE-2022-3146
- RESERVED
+CVE-2022-3146 (A flaw was found in tripleo-ansible. Due to an insecure default config ...)
NOT-FOR-US: tripleo-ansible
CVE-2022-3145 (An open redirect vulnerability exists in Okta OIDC Middleware prior to ...)
NOT-FOR-US: Okta
@@ -46935,8 +46957,7 @@ CVE-2022-3103 (off-by-one in io_uring module. ...)
NOTE: https://git.kernel.org/linus/47abea041f897d64dbd5777f0cf7745148f85d75 (6.0-rc3)
CVE-2022-3102
RESERVED
-CVE-2022-3101
- RESERVED
+CVE-2022-3101 (A flaw was found in tripleo-ansible. Due to an insecure default config ...)
NOT-FOR-US: tripleo-ansible
CVE-2022-3100 (A flaw was found in the openstack-barbican component. This issue allow ...)
{DSA-5247-1 DLA-3136-1}
@@ -56112,8 +56133,8 @@ CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scoot
NOT-FOR-US: Scooter Beyond Compare
CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...)
NOT-FOR-US: Scooter Beyond Compare
-CVE-2022-36413
- RESERVED
+CVE-2022-36413 (Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a b ...)
+ TODO: check
CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests ...)
NOT-FOR-US: Zoho
CVE-2022-36411
@@ -190644,8 +190665,8 @@ CVE-2020-24859
RESERVED
CVE-2020-24858
RESERVED
-CVE-2020-24857
- RESERVED
+CVE-2020-24857 (Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows a ...)
+ TODO: check
CVE-2020-24856
RESERVED
CVE-2020-24855 (Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allo ...)
@@ -201641,8 +201662,8 @@ CVE-2020-19788
RESERVED
CVE-2020-19787
RESERVED
-CVE-2020-19786
- RESERVED
+CVE-2020-19786 (File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 al ...)
+ TODO: check
CVE-2020-19785
RESERVED
CVE-2020-19784
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72b4f121efcfccb9b5610753a5a9a47ea44a7695
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72b4f121efcfccb9b5610753a5a9a47ea44a7695
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230324/82cfea10/attachment.htm>
More information about the debian-security-tracker-commits
mailing list