[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 24 08:10:25 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72b4f121 by security tracker role at 2023-03-24T08:10:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-28821
+	RESERVED
+CVE-2023-28820
+	RESERVED
+CVE-2023-28819
+	RESERVED
+CVE-2023-28818 (An issue was discovered in Veritas NetBackup IT Analytics 11 before 11 ...)
+	TODO: check
+CVE-2023-28817
+	RESERVED
+CVE-2023-28816
+	RESERVED
+CVE-2023-28815
+	RESERVED
+CVE-2023-28814
+	RESERVED
+CVE-2023-28813
+	RESERVED
+CVE-2023-28812
+	RESERVED
+CVE-2023-28811
+	RESERVED
+CVE-2023-28810
+	RESERVED
+CVE-2023-28809
+	RESERVED
+CVE-2023-28808
+	RESERVED
+CVE-2023-1615
+	RESERVED
+CVE-2023-1614
+	RESERVED
 CVE-2023-28807
 	RESERVED
 CVE-2023-28806
@@ -89,20 +121,20 @@ CVE-2023-25180
 	RESERVED
 CVE-2023-24593
 	RESERVED
-CVE-2023-1613
-	RESERVED
-CVE-2023-1612
-	RESERVED
+CVE-2023-1613 (A vulnerability has been found in Rebuild up to 3.2.3 and classified a ...)
+	TODO: check
+CVE-2023-1612 (A vulnerability, which was classified as critical, was found in Rebuil ...)
+	TODO: check
 CVE-2023-1611
 	RESERVED
-CVE-2023-1610
-	RESERVED
-CVE-2023-1609
-	RESERVED
-CVE-2023-1608
-	RESERVED
-CVE-2023-1607
-	RESERVED
+CVE-2023-1610 (A vulnerability, which was classified as critical, has been found in R ...)
+	TODO: check
+CVE-2023-1609 (A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has ...)
+	TODO: check
+CVE-2023-1608 (A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has ...)
+	TODO: check
+CVE-2023-1607 (A vulnerability was found in novel-plus 3.6.2. It has been classified  ...)
+	TODO: check
 CVE-2023-1606 (A vulnerability was found in novel-plus 3.6.2 and classified as critic ...)
 	TODO: check
 CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.8. ...)
@@ -382,12 +414,10 @@ CVE-2023-1546
 	RESERVED
 CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...)
 	- teampass <itp> (bug #730180)
-CVE-2023-1544 [pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()]
-	RESERVED
+CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...)
 	- qemu <unfixed>
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html
-CVE-2023-28686 [Insufficient message sender validation in Dino]
-	RESERVED
+CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...)
 	- dino-im <unfixed> (bug #1033370)
 	NOTE: https://dino.im/security/cve-2023-28686/
 	NOTE: Fixed by: https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec
@@ -593,8 +623,7 @@ CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
 	NOT-FOR-US: pimcore
 CVE-2023-1514
 	RESERVED
-CVE-2023-1513
-	RESERVED
+CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on  ...)
 	- linux 6.1.15-1
 	NOTE: https://git.kernel.org/linus/2c10b61421a28e95a46ab489fd56c0f442ff6952 (6.2)
 CVE-2023-1512
@@ -657,8 +686,8 @@ CVE-2023-28613
 	RESERVED
 CVE-2023-28612
 	RESERVED
-CVE-2023-28611
-	RESERVED
+CVE-2023-28611 (Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and  ...)
+	TODO: check
 CVE-2023-28610 (The update process in OMICRON StationGuard and OMICRON StationScout be ...)
 	NOT-FOR-US: OMICRON
 CVE-2023-28609 (api/auth.go in Ansible Semaphore before 2.8.89 mishandles authenticati ...)
@@ -1194,16 +1223,16 @@ CVE-2023-28447
 	RESERVED
 CVE-2023-28446
 	RESERVED
-CVE-2023-28445
-	RESERVED
+CVE-2023-28445 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
+	TODO: check
 CVE-2023-28444
 	RESERVED
-CVE-2023-28443
-	RESERVED
-CVE-2023-28442
-	RESERVED
-CVE-2023-28441
-	RESERVED
+CVE-2023-28443 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2023-28442 (GeoNode is an open source platform that facilitates the creation, shar ...)
+	TODO: check
+CVE-2023-28441 (smartCARS 3 is flight tracking software. In version 0.5.8 and prior, a ...)
+	TODO: check
 CVE-2023-28440
 	RESERVED
 CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.  ...)
@@ -1212,8 +1241,8 @@ CVE-2023-28438 (Pimcore is an open source data and experience management platfor
 	NOT-FOR-US: Pimcore
 CVE-2023-28437
 	RESERVED
-CVE-2023-28436
-	RESERVED
+CVE-2023-28436 (Tailscale is software for using Wireguard and multi-factor authenticat ...)
+	TODO: check
 CVE-2023-28435
 	RESERVED
 CVE-2023-28434 (Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023 ...)
@@ -1549,22 +1578,21 @@ CVE-2023-28338 (Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s w
 	NOT-FOR-US: Netgear
 CVE-2023-28337 (When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (R ...)
 	NOT-FOR-US: Netgear
-CVE-2023-28336
-	RESERVED
-CVE-2023-28335
-	RESERVED
-CVE-2023-28334
-	RESERVED
-CVE-2023-28333
-	RESERVED
-CVE-2023-28332
-	RESERVED
-CVE-2023-28331
-	RESERVED
-CVE-2023-28330
-	RESERVED
-CVE-2023-28329
-	RESERVED
+CVE-2023-28336 (Insufficient filtering of grade report history made it possible for te ...)
+	TODO: check
+CVE-2023-28335 (The link to reset all templates of a database activity did not include ...)
+	TODO: check
+CVE-2023-28334 (Authenticated users were able to enumerate other users' names via the  ...)
+	TODO: check
+CVE-2023-28333 (The Mustache pix helper contained a potential Mustache injection risk  ...)
+	TODO: check
+CVE-2023-28332 (If the algebra filter was enabled but not functional (eg the necessary ...)
+	TODO: check
+CVE-2023-28331 (Content output by the database auto-linking filter required additional ...)
+	TODO: check
+CVE-2023-28330 (Insufficient sanitizing in backup resulted in an arbitrary file read r ...)
+	TODO: check
+CVE-2023-28329 (Insufficient validation of profile field availability condition result ...)
 	- moodle <removed>
 CVE-2023-28328
 	RESERVED
@@ -1584,8 +1612,8 @@ CVE-2023-1404
 	RESERVED
 CVE-2023-1403
 	RESERVED
-CVE-2023-1402
-	RESERVED
+CVE-2023-1402 (The course participation report required additional checks to prevent  ...)
+	TODO: check
 CVE-2023-1401
 	RESERVED
 CVE-2023-1400
@@ -2711,8 +2739,7 @@ CVE-2023-1291 (A vulnerability, which was classified as critical, was found in S
 	NOT-FOR-US: SourceCodester Sales Tracker Management System
 CVE-2023-1290 (A vulnerability, which was classified as critical, has been found in S ...)
 	NOT-FOR-US: SourceCodester Sales Tracker Management System
-CVE-2023-1289
-	RESERVED
+CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially create ...)
 	- imagemagick <unfixed> (bug #1033254)
 	[bullseye] - imagemagick <no-dsa> (Minor issue)
 	[buster] - imagemagick <postponed> (Should be fixed together with some other CVEs)
@@ -3003,8 +3030,7 @@ CVE-2023-1254 (A vulnerability has been found in SourceCodester Health Center Pa
 	NOT-FOR-US: SourceCodester Health Center Patient Record Management System
 CVE-2023-1253 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester Health Center Patient Record Management System
-CVE-2023-1252
-	RESERVED
+CVE-2023-1252 (A use-after-free flaw was found in the Linux kernel’s Ext4 File  ...)
 	- linux 5.15.3-3
 	[bullseye] - linux 5.10.84-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -3013,8 +3039,7 @@ CVE-2023-1251 (Improper Neutralization of Special Elements used in an SQL Comman
 	NOT-FOR-US: Akinsoft Wolvox
 CVE-2023-1250 (Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), ...)
 	TODO: check
-CVE-2023-1249 [coredump: Use the vma snapshot in fill_files_note]
-	RESERVED
+CVE-2023-1249 (A use-after-free flaw was found in the Linux kernel’s core dump  ...)
 	- linux 5.17.3-1
 	[bullseye] - linux 5.10.113-1
 	NOTE: https://git.kernel.org/linus/390031c942116d4733310f0684beb8db19885fe6 (5.18-rc1)
@@ -5437,8 +5462,8 @@ CVE-2023-27036
 	RESERVED
 CVE-2023-27035
 	RESERVED
-CVE-2023-27034
-	RESERVED
+CVE-2023-27034 (PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vul ...)
+	TODO: check
 CVE-2023-27033
 	RESERVED
 CVE-2023-27032
@@ -7027,12 +7052,12 @@ CVE-2023-26363
 	RESERVED
 CVE-2023-26362
 	RESERVED
-CVE-2023-26361
-	RESERVED
-CVE-2023-26360
-	RESERVED
-CVE-2023-26359
-	RESERVED
+CVE-2023-26361 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...)
+	TODO: check
+CVE-2023-26360 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...)
+	TODO: check
+CVE-2023-26359 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...)
+	TODO: check
 CVE-2023-26358 (Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted ...)
 	NOT-FOR-US: Adobe
 CVE-2023-26357
@@ -9274,10 +9299,10 @@ CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation Pla
 	NOT-FOR-US: Nautobot
 CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...)
 	NOT-FOR-US: notation-go
-CVE-2023-25655
-	RESERVED
-CVE-2023-25654
-	RESERVED
+CVE-2023-25655 (baserCMS is a Content Management system. Prior to version 4.7.5, any f ...)
+	TODO: check
+CVE-2023-25654 (baserCMS is a Content Management system. Prior to version 4.7.5, there ...)
+	TODO: check
 CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Signing an ...)
 	NOT-FOR-US: Cisco node-jose (different from src:node-jose)
 	NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
@@ -11496,8 +11521,7 @@ CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2 filesyst
 	NOT-FOR-US: jefferson JFFS tool
 CVE-2023-0591 (ubireader_extract_files is vulnerable to path traversal when run again ...)
 	NOT-FOR-US: UBI reader
-CVE-2023-0590
-	RESERVED
+CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c  ...)
 	- linux 6.0.6-1
 	[bullseye] - linux 5.10.158-1
 	NOTE: https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2)
@@ -11641,10 +11665,10 @@ CVE-2023-24790
 	RESERVED
 CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...)
 	NOT-FOR-US: jeecg-boot
-CVE-2023-24788
-	RESERVED
-CVE-2023-24787
-	RESERVED
+CVE-2023-24788 (RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vu ...)
+	TODO: check
+CVE-2023-24787 (RESERVED churchcrm v4.5.3 was discovered to contain a SQL injection vu ...)
+	TODO: check
 CVE-2023-24786
 	RESERVED
 CVE-2023-24785 (An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a de ...)
@@ -13096,8 +13120,8 @@ CVE-2023-24297
 	RESERVED
 CVE-2023-24296
 	RESERVED
-CVE-2023-24295
-	RESERVED
+CVE-2023-24295 (A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows at ...)
+	TODO: check
 CVE-2023-24294
 	RESERVED
 CVE-2023-24293
@@ -18208,8 +18232,7 @@ CVE-2023-0058
 	RESERVED
 CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
 	- pyload <itp> (bug #1001980)
-CVE-2023-0056
-	RESERVED
+CVE-2023-0056 (An uncontrolled resource consumption vulnerability was discovered in H ...)
 	{DSA-5348-1}
 	- haproxy 2.6.8-1
 	[buster] - haproxy <not-affected> (Vulnerable code introduced later)
@@ -32456,12 +32479,12 @@ CVE-2023-20863
 	RESERVED
 CVE-2023-20862
 	RESERVED
-CVE-2023-20861
-	RESERVED
+CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...)
+	TODO: check
 CVE-2023-20860
 	RESERVED
-CVE-2023-20859
-	RESERVED
+CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...)
+	TODO: check
 CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
 	NOT-FOR-US: VMware
 CVE-2023-20857 (VMware Workspace ONE Content contains a passcode bypass vulnerability. ...)
@@ -46091,8 +46114,7 @@ CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in v
 	NOTE: https://git.kernel.org/linus/4cf949c7fafe21e085a4ee386bb2dade9067316e
 CVE-2022-3147 (Mattermost version 7.0.x and earlier fails to sufficiently limit the i ...)
 	- mattermost-server <itp> (bug #823556)
-CVE-2022-3146
-	RESERVED
+CVE-2022-3146 (A flaw was found in tripleo-ansible. Due to an insecure default config ...)
 	NOT-FOR-US: tripleo-ansible
 CVE-2022-3145 (An open redirect vulnerability exists in Okta OIDC Middleware prior to ...)
 	NOT-FOR-US: Okta
@@ -46935,8 +46957,7 @@ CVE-2022-3103 (off-by-one in io_uring module. ...)
 	NOTE: https://git.kernel.org/linus/47abea041f897d64dbd5777f0cf7745148f85d75 (6.0-rc3)
 CVE-2022-3102
 	RESERVED
-CVE-2022-3101
-	RESERVED
+CVE-2022-3101 (A flaw was found in tripleo-ansible. Due to an insecure default config ...)
 	NOT-FOR-US: tripleo-ansible
 CVE-2022-3100 (A flaw was found in the openstack-barbican component. This issue allow ...)
 	{DSA-5247-1 DLA-3136-1}
@@ -56112,8 +56133,8 @@ CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scoot
 	NOT-FOR-US: Scooter Beyond Compare
 CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...)
 	NOT-FOR-US: Scooter Beyond Compare
-CVE-2022-36413
-	RESERVED
+CVE-2022-36413 (Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a b ...)
+	TODO: check
 CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests  ...)
 	NOT-FOR-US: Zoho
 CVE-2022-36411
@@ -190644,8 +190665,8 @@ CVE-2020-24859
 	RESERVED
 CVE-2020-24858
 	RESERVED
-CVE-2020-24857
-	RESERVED
+CVE-2020-24857 (Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows a ...)
+	TODO: check
 CVE-2020-24856
 	RESERVED
 CVE-2020-24855 (Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allo ...)
@@ -201641,8 +201662,8 @@ CVE-2020-19788
 	RESERVED
 CVE-2020-19787
 	RESERVED
-CVE-2020-19786
-	RESERVED
+CVE-2020-19786 (File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 al ...)
+	TODO: check
 CVE-2020-19785
 	RESERVED
 CVE-2020-19784



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72b4f121efcfccb9b5610753a5a9a47ea44a7695

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72b4f121efcfccb9b5610753a5a9a47ea44a7695
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230324/82cfea10/attachment.htm>


More information about the debian-security-tracker-commits mailing list