[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 28 09:10:29 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
49b3767a by security tracker role at 2023-03-28T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-28934
+ RESERVED
+CVE-2023-28933
+ RESERVED
+CVE-2023-28932
+ RESERVED
+CVE-2023-28931
+ RESERVED
+CVE-2023-28930
+ RESERVED
+CVE-2023-28929
+ RESERVED
+CVE-2023-28928
+ RESERVED
+CVE-2023-1668
+ RESERVED
+CVE-2023-1667
+ RESERVED
+CVE-2023-1666 (A vulnerability has been found in SourceCodester Automatic Question Pa ...)
+ TODO: check
+CVE-2023-1665 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
+ TODO: check
CVE-2023-28927
RESERVED
CVE-2023-28926
@@ -69,6 +91,7 @@ CVE-2023-28894
CVE-2023-28893
RESERVED
CVE-2023-1664
+ RESERVED
NOT-FOR-US: Keycloak
CVE-2023-1663
RESERVED
@@ -104,8 +127,8 @@ CVE-2023-1650
RESERVED
CVE-2023-1649
RESERVED
-CVE-2023-1648
- RESERVED
+CVE-2023-1648 (An issue has been discovered in GitLab DAST API scanner affecting all ...)
+ TODO: check
CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page ...)
@@ -208,8 +231,7 @@ CVE-2023-28859 (redis-py through 4.5.3 leaves a connection open after canceling
TODO: check
CVE-2023-28858 (redis-py before 4.5.3, as used in ChatGPT and other products, leaves a ...)
TODO: check
-CVE-2023-1637 [x86/speculation: Restore speculation related MSRs during S3 resume]
- RESERVED
+CVE-2023-1637 (A flaw that boot CPU could be vulnerable for the speculative execution ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -891,12 +913,12 @@ CVE-2023-1525
RESERVED
CVE-2023-1524
RESERVED
-CVE-2023-28655
- RESERVED
-CVE-2023-28652
- RESERVED
-CVE-2023-28650
- RESERVED
+CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...)
+ TODO: check
+CVE-2023-28652 (An authenticated malicious user could successfully upload a malicious ...)
+ TODO: check
+CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious link and ...)
+ TODO: check
CVE-2023-28647
RESERVED
CVE-2023-28646
@@ -911,12 +933,12 @@ CVE-2023-28642
RESERVED
CVE-2023-28641
RESERVED
-CVE-2023-28640
- RESERVED
+CVE-2023-28640 (Apiman is a flexible and open source API Management platform. Due to a ...)
+ TODO: check
CVE-2023-28639
RESERVED
-CVE-2023-28638
- RESERVED
+CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...)
+ TODO: check
CVE-2023-28637
RESERVED
CVE-2023-28636
@@ -931,14 +953,14 @@ CVE-2023-28632
RESERVED
CVE-2023-28631
RESERVED
-CVE-2023-28630
- RESERVED
-CVE-2023-28629
- RESERVED
-CVE-2023-28628
- RESERVED
-CVE-2023-28627
- RESERVED
+CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...)
+ TODO: check
+CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD versions befor ...)
+ TODO: check
+CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versi ...)
+ TODO: check
+CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In versio ...)
+ TODO: check
CVE-2023-28626
RESERVED
CVE-2023-28625
@@ -959,10 +981,10 @@ CVE-2023-28618
RESERVED
CVE-2023-28391
RESERVED
-CVE-2023-27927
- RESERVED
-CVE-2023-22300
- RESERVED
+CVE-2023-27927 (An authenticated malicious user could acquire the simple mail transfer ...)
+ TODO: check
+CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...)
+ TODO: check
CVE-2023-1523
RESERVED
CVE-2023-1522
@@ -1121,10 +1143,10 @@ CVE-2023-28599
RESERVED
CVE-2023-28598
RESERVED
-CVE-2023-28597
- RESERVED
-CVE-2023-28596
- RESERVED
+CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust boundary implem ...)
+ TODO: check
+CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version 5.13.5 contai ...)
+ TODO: check
CVE-2023-28595
RESERVED
CVE-2023-28594
@@ -1615,8 +1637,8 @@ CVE-2023-28432 (Minio is a Multi-Cloud Object Storage framework. In a cluster de
- minio <itp> (bug #859207)
CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. Frontier's ...)
NOT-FOR-US: Frontier
-CVE-2023-28430
- RESERVED
+CVE-2023-28430 (OneSignal is an email, sms, push notification, and in-app message serv ...)
+ TODO: check
CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...)
NOT-FOR-US: Pimcore
CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versions 1. ...)
@@ -2475,8 +2497,7 @@ CVE-2023-28159
RESERVED
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159
-CVE-2023-1380
- RESERVED
+CVE-2023-1380 (A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in d ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1
NOTE: https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u
@@ -2750,8 +2771,8 @@ CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL repre
NOT-FOR-US: silverstripe/graphql
CVE-2023-28103
RESERVED
-CVE-2023-28102
- RESERVED
+CVE-2023-28102 (discordrb is an implementation of the Discord API using Ruby. In disco ...)
+ TODO: check
CVE-2023-28101 (Flatpak is a system for building, distributing, and running sandboxed ...)
- flatpak 1.14.4-1 (bug #1033098)
[bullseye] - flatpak <no-dsa> (Minor issue)
@@ -4013,8 +4034,8 @@ CVE-2023-27702
RESERVED
CVE-2023-27701
RESERVED
-CVE-2023-27700
- RESERVED
+CVE-2023-27700 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...)
+ TODO: check
CVE-2023-27699
RESERVED
CVE-2023-27698
@@ -5262,39 +5283,32 @@ CVE-2023-27264 (A missing permissions check in Mattermost Playbooks in Mattermos
- mattermost-server <itp> (bug #823556)
CVE-2023-27263 (A missing permissions check in the /plugins/playbooks/api/v0/runs API ...)
- mattermost-server <itp> (bug #823556)
-CVE-2023-1079
- RESERVED
+CVE-2023-1079 (A flaw was found in the Linux kernel. A use-after-free may be triggere ...)
- linux 6.1.20-1
NOTE: https://git.kernel.org/linus/4ab3a086d10eeec1424f2e8a968827a6336203df
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/4
-CVE-2023-1078
- RESERVED
+CVE-2023-1078 (A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets ...)
- linux 6.1.12-1
NOTE: https://git.kernel.org/linus/f753a68980cf4b59a80fe677619da2b1804f526d
-CVE-2023-1077
- RESERVED
+CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type confused ...)
- linux 6.1.20-1
NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
-CVE-2023-1076
- RESERVED
+CVE-2023-1076 (A flaw was found in the Linux Kernel. The tun/tap sockets have their s ...)
- linux 6.1.20-1
NOTE: https://git.kernel.org/linus/66b2c338adce580dfce2199591e65e2bab889cff
NOTE: https://git.kernel.org/linus/a096ccca6e503a5c575717ff8a36ace27510ab0a
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/5
-CVE-2023-1075
- RESERVED
+CVE-2023-1075 (A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectl ...)
- linux 6.1.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/ffe2a22562444720b05bdfeb999c03e810d84cbb
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/6
-CVE-2023-1074
- RESERVED
+CVE-2023-1074 (A memory leak flaw was found in the Linux kernel's Stream Control Tran ...)
- linux 6.1.11-1
NOTE: https://git.kernel.org/linus/458e279f861d3f61796894cd158b780765a1569f
NOTE: https://www.openwall.com/lists/oss-security/2023/01/23/1
-CVE-2023-1073
- RESERVED
+CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel’s human i ...)
- linux 6.1.11-1
NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3
@@ -6050,8 +6064,8 @@ CVE-2023-26926
RESERVED
CVE-2023-26925
RESERVED
-CVE-2023-26924
- RESERVED
+CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockReg ...)
+ TODO: check
CVE-2023-26923
RESERVED
CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...)
@@ -6804,12 +6818,12 @@ CVE-2023-26551
RESERVED
CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allow ...)
NOT-FOR-US: BMC Control-M
-CVE-2023-26549
- RESERVED
-CVE-2023-26548
- RESERVED
-CVE-2023-26547
- RESERVED
+CVE-2023-26549 (The SystemUI module has a vulnerability of repeated app restart due to ...)
+ TODO: check
+CVE-2023-26548 (The pgmng module has a vulnerability in serialization/deserialization. ...)
+ TODO: check
+CVE-2023-26547 (The InputMethod module has a vulnerability of serialization/deserializ ...)
+ TODO: check
CVE-2023-26546
RESERVED
CVE-2023-24544
@@ -6857,38 +6871,38 @@ CVE-2023-1032
NOTE: https://git.kernel.org/linus/649c15c7691e9b13cbe9bf6c65c365350e056067
CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-48361
- RESERVED
-CVE-2022-48360
- RESERVED
-CVE-2022-48359
- RESERVED
-CVE-2022-48358
- RESERVED
-CVE-2022-48357
- RESERVED
-CVE-2022-48356
- RESERVED
-CVE-2022-48355
- RESERVED
-CVE-2022-48354
- RESERVED
-CVE-2022-48353
- RESERVED
-CVE-2022-48352
- RESERVED
-CVE-2022-48351
- RESERVED
-CVE-2022-48350
- RESERVED
-CVE-2022-48349
- RESERVED
-CVE-2022-48348
- RESERVED
-CVE-2022-48347
- RESERVED
-CVE-2022-48346
- RESERVED
+CVE-2022-48361 (The Always On Display (AOD) has a path traversal vulnerability in them ...)
+ TODO: check
+CVE-2022-48360 (The facial recognition module has a vulnerability in file permission c ...)
+ TODO: check
+CVE-2022-48359 (The recovery mode for updates has a vulnerability that causes arbitrar ...)
+ TODO: check
+CVE-2022-48358 (The BatteryHealthActivity has a redirection vulnerability. Successful ...)
+ TODO: check
+CVE-2022-48357 (Some products have the double fetch vulnerability. Successful exploita ...)
+ TODO: check
+CVE-2022-48356 (The facial recognition module has a vulnerability in input parameter v ...)
+ TODO: check
+CVE-2022-48355 (The Bluetooth module has a heap out-of-bounds read vulnerability. Succ ...)
+ TODO: check
+CVE-2022-48354 (The Bluetooth module has a heap out-of-bounds write vulnerability. Suc ...)
+ TODO: check
+CVE-2022-48353 (Some smartphones have configuration issues. Successful exploitation of ...)
+ TODO: check
+CVE-2022-48352 (Some smartphones have data initialization issues. Successful exploitat ...)
+ TODO: check
+CVE-2022-48351 (The secure OS module has configuration defects. Successful exploitatio ...)
+ TODO: check
+CVE-2022-48350 (The HUAWEI Messaging app has a vulnerability of unauthorized file acce ...)
+ TODO: check
+CVE-2022-48349 (The control component has a spoofing vulnerability. Successful exploit ...)
+ TODO: check
+CVE-2022-48348 (The MediaProvider module has a vulnerability of unauthorized data read ...)
+ TODO: check
+CVE-2022-48347 (The MediaProvider module has a vulnerability in permission verificatio ...)
+ TODO: check
+CVE-2022-48346 (The HwContacts module has a logic bypass vulnerability. Successful exp ...)
+ TODO: check
CVE-2020-36662
RESERVED
CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...)
@@ -7082,8 +7096,8 @@ CVE-2023-26495
RESERVED
CVE-2023-26494
RESERVED
-CVE-2023-26493
- RESERVED
+CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real ...)
+ TODO: check
CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...)
NOT-FOR-US: Directus
CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...)
@@ -8752,8 +8766,8 @@ CVE-2021-46874
RESERVED
CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload of fil ...)
TODO: check
-CVE-2023-25908
- RESERVED
+CVE-2023-25908 (Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) ...)
+ TODO: check
CVE-2023-25907
RESERVED
CVE-2023-25906
@@ -8812,38 +8826,38 @@ CVE-2023-25880
RESERVED
CVE-2023-25879
RESERVED
-CVE-2023-25878
- RESERVED
-CVE-2023-25877
- RESERVED
-CVE-2023-25876
- RESERVED
-CVE-2023-25875
- RESERVED
-CVE-2023-25874
- RESERVED
-CVE-2023-25873
- RESERVED
-CVE-2023-25872
- RESERVED
-CVE-2023-25871
- RESERVED
-CVE-2023-25870
- RESERVED
-CVE-2023-25869
- RESERVED
-CVE-2023-25868
- RESERVED
-CVE-2023-25867
- RESERVED
-CVE-2023-25866
- RESERVED
-CVE-2023-25865
- RESERVED
-CVE-2023-25864
- RESERVED
-CVE-2023-25863
- RESERVED
+CVE-2023-25878 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25877 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25876 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25875 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25874 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25873 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25872 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25871 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25870 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25869 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25868 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25867 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25866 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25865 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25864 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
+CVE-2023-25863 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...)
+ TODO: check
CVE-2023-25862 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
NOT-FOR-US: Adobe
CVE-2023-25861 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...)
@@ -8948,10 +8962,10 @@ CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a se
- nextcloud-server <itp> (bug #941708)
CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...)
NOT-FOR-US: Discourse
-CVE-2023-25818
- RESERVED
-CVE-2023-25817
- RESERVED
+CVE-2023-25818 (Nextcloud server is an open source, personal cloud implementation. In ...)
+ TODO: check
+CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementation. In ...)
+ TODO: check
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25815
@@ -9608,8 +9622,7 @@ CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub re
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-0779
RESERVED
-CVE-2023-0778
- RESERVED
+CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...)
- libpod <unfixed> (bug #1032099)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256
NOTE: https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8
@@ -9659,8 +9672,8 @@ CVE-2023-25663 (TensorFlow is an open source platform for machine learning. Prio
- tensorflow <itp> (bug #804612)
CVE-2023-25662 (TensorFlow is an open source platform for machine learning. Versions p ...)
- tensorflow <itp> (bug #804612)
-CVE-2023-25661
- RESERVED
+CVE-2023-25661 (TensorFlow is an Open Source Machine Learning Framework. In versions p ...)
+ TODO: check
CVE-2023-25660 (TensorFlow is an open source platform for machine learning. Prior to v ...)
- tensorflow <itp> (bug #804612)
CVE-2023-25659 (TensorFlow is an open source platform for machine learning. Prior to v ...)
@@ -10731,12 +10744,12 @@ CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversa
NOT-FOR-US: Docmosis Tornado
CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...)
NOT-FOR-US: Docmosis Tornado
-CVE-2023-25263
- RESERVED
-CVE-2023-25262
- RESERVED
-CVE-2023-25261
- RESERVED
+CVE-2023-25263 (In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attac ...)
+ TODO: check
+CVE-2023-25262 (Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Se ...)
+ TODO: check
+CVE-2023-25261 (Certain Stimulsoft GmbH products are affected by: Remote Code Executio ...)
+ TODO: check
CVE-2023-25260
RESERVED
CVE-2023-25259
@@ -12486,8 +12499,8 @@ CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful exploi
NOT-FOR-US: Huawei
CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability. Success ...)
NOT-FOR-US: Huawei
-CVE-2022-48291
- RESERVED
+CVE-2022-48291 (The Bluetooth module has an authentication bypass vulnerability in the ...)
+ TODO: check
CVE-2022-48290 (The phone-PC collaboration module has a logic bypass vulnerability. Su ...)
NOT-FOR-US: Huawei
CVE-2022-48289 (The bundle management module lacks authentication and control mechanis ...)
@@ -12882,8 +12895,7 @@ CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF che
NOT-FOR-US: WordPress plugin
CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does not hav ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses]
- RESERVED
+CVE-2023-0494 (A vulnerability was found in X.Org. This issue occurs due to a danglin ...)
{DSA-5342-1 DLA-3310-1}
- xorg-server 2:21.1.7-1 (bug #1030777)
- xwayland 2:22.1.8-1
@@ -13345,8 +13357,8 @@ CVE-2023-24368 (** DISPUTED ** Incorrect access control in Temenos T24 Release 2
NOT-FOR-US: Temenos
CVE-2023-24367 (Temenos T24 Release 20 was discovered to contain a reflected cross-sit ...)
NOT-FOR-US: Tenemos
-CVE-2023-24366
- RESERVED
+CVE-2023-24366 (An arbitrary file download vulnerability in rConfig v6.8.0 allows atta ...)
+ TODO: check
CVE-2023-24365
RESERVED
CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was discovered to ...)
@@ -15423,8 +15435,8 @@ CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7 does not have adequate p
NOT-FOR-US: WordPress plugin
CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been class ...)
NOT-FOR-US: saemorris TheRadSystem
-CVE-2023-0326
- RESERVED
+CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...)
+ TODO: check
CVE-2023-0325
RESERVED
CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels ...)
@@ -16011,8 +16023,8 @@ CVE-2023-0243 (A vulnerability classified as critical has been found in TuziCMS
NOT-FOR-US: TuziCMS
CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different privileg ...)
NOT-FOR-US: Rapid7
-CVE-2023-0241
- RESERVED
+CVE-2023-0241 (pgAdmin 4 versions prior to v6.19 contains a directory traversal vulne ...)
+ TODO: check
CVE-2023-0240 (There is a logic error in io_uring's implementation which can be used ...)
{DLA-3349-1}
- linux 5.14.6-1
@@ -16319,8 +16331,8 @@ CVE-2023-23332
RESERVED
CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...)
NOT-FOR-US: Amano Xoffice
-CVE-2023-23330
- RESERVED
+CVE-2023-23330 (amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable ...)
+ TODO: check
CVE-2023-23329
RESERVED
CVE-2023-23328 (A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated ...)
@@ -17328,8 +17340,7 @@ CVE-2023-0181
RESERVED
CVE-2023-0180
RESERVED
-CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits]
- RESERVED
+CVE-2023-0179 (A buffer overflow vulnerability was found in the Netfilter subsystem i ...)
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -17409,8 +17420,7 @@ CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x throu
NOT-FOR-US: MediaWiki extension MobileFrontend
CVE-2023-22908
RESERVED
-CVE-2023-0210
- RESERVED
+CVE-2023-0210 (A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -18654,7 +18664,7 @@ CVE-2023-22610 (A CWE-285: Improper Authorization vulnerability exists that coul
CVE-2023-22609
REJECTED
CVE-2023-22608
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29936
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09 (binutils-2_40)
@@ -21543,16 +21553,16 @@ CVE-2023-22253 (Experience Manager versions 6.5.15.0 (and earlier) are affected
NOT-FOR-US: Adobe
CVE-2023-22252 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
NOT-FOR-US: Adobe
-CVE-2023-22251
- RESERVED
-CVE-2023-22250
- RESERVED
-CVE-2023-22249
- RESERVED
+CVE-2023-22251 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
+ TODO: check
+CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
+ TODO: check
+CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
+ TODO: check
CVE-2023-22248
RESERVED
-CVE-2023-22247
- RESERVED
+CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...)
+ TODO: check
CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...)
NOT-FOR-US: Adobe
CVE-2023-22245
@@ -26193,10 +26203,10 @@ CVE-2022-46287 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTE
NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM
CVE-2022-41993 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...)
NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM
-CVE-2022-46416
- RESERVED
-CVE-2022-46415
- RESERVED
+CVE-2022-46416 (Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate term ...)
+ TODO: check
+CVE-2022-46415 (DJI Spark 01.00.0900 allows remote attackers to prevent legitimate ter ...)
+ TODO: check
CVE-2022-46414 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...)
NOT-FOR-US: Veritas
CVE-2022-46413 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...)
@@ -28083,8 +28093,8 @@ CVE-2022-45827
RESERVED
CVE-2022-45826
RESERVED
-CVE-2022-45825
- RESERVED
+CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes ...)
+ TODO: check
CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Ca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45823
@@ -32835,8 +32845,8 @@ CVE-2023-20862
RESERVED
CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...)
TODO: check
-CVE-2023-20860
- RESERVED
+CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ...)
+ TODO: check
CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...)
TODO: check
CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...)
@@ -40431,8 +40441,8 @@ CVE-2022-42449
RESERVED
CVE-2022-42448
RESERVED
-CVE-2022-42447
- RESERVED
+CVE-2022-42447 (HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). Thi ...)
+ TODO: check
CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by default. Aft ...)
NOT-FOR-US: HCL
CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...)
@@ -45373,127 +45383,127 @@ CVE-2022-40603 (A cross-site scripting (XSS) vulnerability in the CGI program of
CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG ...)
NOT-FOR-US: Zyxel
CVE-2022-40601
- RESERVED
+ REJECTED
CVE-2022-40600
- RESERVED
+ REJECTED
CVE-2022-40599
- RESERVED
+ REJECTED
CVE-2022-40598
- RESERVED
+ REJECTED
CVE-2022-40597
- RESERVED
+ REJECTED
CVE-2022-40596
- RESERVED
+ REJECTED
CVE-2022-40595
- RESERVED
+ REJECTED
CVE-2022-40594
- RESERVED
+ REJECTED
CVE-2022-40593
- RESERVED
+ REJECTED
CVE-2022-40592
- RESERVED
+ REJECTED
CVE-2022-40591
- RESERVED
+ REJECTED
CVE-2022-40590
- RESERVED
+ REJECTED
CVE-2022-40589
- RESERVED
+ REJECTED
CVE-2022-40588
- RESERVED
+ REJECTED
CVE-2022-40587
- RESERVED
+ REJECTED
CVE-2022-40586
- RESERVED
+ REJECTED
CVE-2022-40585
- RESERVED
+ REJECTED
CVE-2022-40584
- RESERVED
+ REJECTED
CVE-2022-40583
- RESERVED
+ REJECTED
CVE-2022-40582
- RESERVED
+ REJECTED
CVE-2022-40581
- RESERVED
+ REJECTED
CVE-2022-40580
- RESERVED
+ REJECTED
CVE-2022-40579
- RESERVED
+ REJECTED
CVE-2022-40578
- RESERVED
+ REJECTED
CVE-2022-40577
- RESERVED
+ REJECTED
CVE-2022-40576
- RESERVED
+ REJECTED
CVE-2022-40575
- RESERVED
+ REJECTED
CVE-2022-40574
- RESERVED
+ REJECTED
CVE-2022-40573
- RESERVED
+ REJECTED
CVE-2022-40572
- RESERVED
+ REJECTED
CVE-2022-40571
- RESERVED
+ REJECTED
CVE-2022-40570
- RESERVED
+ REJECTED
CVE-2022-40569
- RESERVED
+ REJECTED
CVE-2022-40568
- RESERVED
+ REJECTED
CVE-2022-40567
- RESERVED
+ REJECTED
CVE-2022-40566
- RESERVED
+ REJECTED
CVE-2022-40565
- RESERVED
+ REJECTED
CVE-2022-40564
- RESERVED
+ REJECTED
CVE-2022-40563
- RESERVED
+ REJECTED
CVE-2022-40562
- RESERVED
+ REJECTED
CVE-2022-40561
- RESERVED
+ REJECTED
CVE-2022-40560
- RESERVED
+ REJECTED
CVE-2022-40559
- RESERVED
+ REJECTED
CVE-2022-40558
- RESERVED
+ REJECTED
CVE-2022-40557
- RESERVED
+ REJECTED
CVE-2022-40556
- RESERVED
+ REJECTED
CVE-2022-40555
- RESERVED
+ REJECTED
CVE-2022-40554
- RESERVED
+ REJECTED
CVE-2022-40553
- RESERVED
+ REJECTED
CVE-2022-40552
- RESERVED
+ REJECTED
CVE-2022-40551
- RESERVED
+ REJECTED
CVE-2022-40550
- RESERVED
+ REJECTED
CVE-2022-40549
- RESERVED
+ REJECTED
CVE-2022-40548
- RESERVED
+ REJECTED
CVE-2022-40547
- RESERVED
+ REJECTED
CVE-2022-40546
- RESERVED
+ REJECTED
CVE-2022-40545
- RESERVED
+ REJECTED
CVE-2022-40544
- RESERVED
+ REJECTED
CVE-2022-40543
- RESERVED
+ REJECTED
CVE-2022-40542
- RESERVED
+ REJECTED
CVE-2022-40541
- RESERVED
+ REJECTED
CVE-2022-40540 (Memory corruption due to buffer copy without checking the size of inpu ...)
NOT-FOR-US: Qualcomm
CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper validation ...)
@@ -47255,8 +47265,8 @@ CVE-2022-39799 (An attacker with no prior authentication could craft and send ma
NOT-FOR-US: SAP
CVE-2022-3117
REJECTED
-CVE-2022-3116
- RESERVED
+CVE-2022-3116 (The Heimdal Software Kerberos 5 implementation is vulnerable to a null ...)
+ TODO: check
CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6. malidp_c ...)
- linux 5.18.5-1
[bullseye] - linux 5.10.127-1
@@ -61224,8 +61234,7 @@ CVE-2022-2239 (The Request a Quote WordPress plugin through 2.3.7 does not sanit
NOT-FOR-US: WordPress plugin
CVE-2022-2238 (A vulnerability was found in the search-api container in Red Hat Advan ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 / Stolostron
-CVE-2022-2237
- RESERVED
+CVE-2022-2237 (A flaw was found in the Keycloak Node.js Adapter. This flaw allows an ...)
NOT-FOR-US: Keycloak
CVE-2022-2236
RESERVED
@@ -110013,8 +110022,7 @@ CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0 allows attackers to achieve rem
NOT-FOR-US: ChurchInfo
CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of MantisBT ...)
- mantis <removed>
-CVE-2021-3923
- RESERVED
+CVE-2021-3923 (A flaw was found in the Linux kernel's implementation of RDMA over inf ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
@@ -171515,7 +171523,8 @@ CVE-2021-20326 (A user authorized to performing a specific type of find query ma
CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...)
- apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
-CVE-2021-20324 (A flaw was found in WildFly Elytron. A variation to the use of a sessi ...)
+CVE-2021-20324
+ REJECTED
NOT-FOR-US: WildFly Elytron
CVE-2021-20323 (A POST based reflected Cross Site Scripting vulnerability on has been ...)
NOT-FOR-US: Keycloak
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49b3767a97813d17875235cae51287015c727bbf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49b3767a97813d17875235cae51287015c727bbf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230328/bd33c217/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list