[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 30 09:10:27 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55b6436d by security tracker role at 2023-03-30T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-29032
+ RESERVED
+CVE-2023-29031
+ RESERVED
+CVE-2023-29030
+ RESERVED
+CVE-2023-29029
+ RESERVED
+CVE-2023-29028
+ RESERVED
+CVE-2023-29027
+ RESERVED
+CVE-2023-29026
+ RESERVED
+CVE-2023-29025
+ RESERVED
+CVE-2023-29024
+ RESERVED
+CVE-2023-29023
+ RESERVED
+CVE-2023-29022
+ RESERVED
+CVE-2023-1710
+ RESERVED
+CVE-2023-1709
+ RESERVED
CVE-2023-29021
RESERVED
CVE-2023-29020
@@ -401,8 +427,8 @@ CVE-2023-1658
RESERVED
CVE-2023-1657
RESERVED
-CVE-2023-1656
- RESERVED
+CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in Forge ...)
+ TODO: check
CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...)
- gpac <unfixed>
[buster] - gpac <end-of-life> (EOL in buster LTS)
@@ -415,8 +441,7 @@ CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.
NOTE: https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da
CVE-2023-1653
RESERVED
-CVE-2023-1652
- RESERVED
+CVE-2023-1652 (A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4 ...)
- linux 6.1.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1637,24 +1662,24 @@ CVE-2023-28511
RESERVED
CVE-2023-28510
RESERVED
-CVE-2023-28509
- RESERVED
-CVE-2023-28508
- RESERVED
-CVE-2023-28507
- RESERVED
-CVE-2023-28506
- RESERVED
-CVE-2023-28505
- RESERVED
-CVE-2023-28504
- RESERVED
-CVE-2023-28503
- RESERVED
-CVE-2023-28502
- RESERVED
-CVE-2023-28501
- RESERVED
+CVE-2023-28509 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
+CVE-2023-28508 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
+CVE-2023-28507 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
+CVE-2023-28506 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
+CVE-2023-28505 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
+CVE-2023-28504 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
+CVE-2023-28503 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
+CVE-2023-28502 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
+CVE-2023-28501 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...)
+ TODO: check
CVE-2023-28500
RESERVED
CVE-2023-28499
@@ -8444,12 +8469,12 @@ CVE-2023-26120
RESERVED
CVE-2023-26119
RESERVED
-CVE-2023-26118
- RESERVED
-CVE-2023-26117
- RESERVED
-CVE-2023-26116
- RESERVED
+CVE-2023-26118 (All versions of the package angular are vulnerable to Regular Expressi ...)
+ TODO: check
+CVE-2023-26117 (All versions of the package angular are vulnerable to Regular Expressi ...)
+ TODO: check
+CVE-2023-26116 (All versions of the package angular are vulnerable to Regular Expressi ...)
+ TODO: check
CVE-2023-26115
RESERVED
CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable to Mi ...)
@@ -9442,8 +9467,7 @@ CVE-2023-22379
RESERVED
CVE-2023-22297
RESERVED
-CVE-2023-0836
- RESERVED
+CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1, 2.2 b ...)
- haproxy 2.6.8-1
NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=2e6bf0a2722866ae0128a4392fa2375bd1f03ff8
NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=f988992d16f45ef03d5bbb024a1042ed8123e4c5 (v2.6.8)
@@ -11355,10 +11379,9 @@ CVE-2023-0667
RESERVED
CVE-2023-0666
RESERVED
-CVE-2023-0665
- RESERVED
-CVE-2023-0664
- RESERVED
+CVE-2023-0665 (HashiCorp Vault's PKI mount issuer endpoints did not correctly authori ...)
+ TODO: check
+CVE-2023-0664 (A flaw was found in the QEMU Guest Agent service for Windows. A local ...)
- qemu <not-affected> (Windows specific issue)
CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3.0. I ...)
NOT-FOR-US: Calendar Event Management System
@@ -11829,10 +11852,10 @@ CVE-2023-0622 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds
NOT-FOR-US: Cscape Envision RV
CVE-2023-0621 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read ...)
NOT-FOR-US: Cscape Envision RV
-CVE-2023-0620
- RESERVED
-CVE-2023-25000
- RESERVED
+CVE-2023-0620 (HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are ...)
+ TODO: check
+CVE-2023-25000 (HashiCorp Vault's implementation of Shamir's secret sharing used preco ...)
+ TODO: check
CVE-2023-24999 (HashiCorp Vault and Vault Enterprise’s approle auth method allow ...)
NOT-FOR-US: Vault
CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
@@ -18615,8 +18638,8 @@ CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpso
NOT-FOR-US: WordPress plugin
CVE-2023-22706
RESERVED
-CVE-2023-22705
- RESERVED
+CVE-2023-22705 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne I ...)
+ TODO: check
CVE-2023-22704 (Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22703
@@ -21793,8 +21816,8 @@ CVE-2022-47604
RESERVED
CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...)
TODO: check
-CVE-2022-47602
- RESERVED
+CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2022-47601
RESERVED
CVE-2022-47600
@@ -33358,8 +33381,7 @@ CVE-2022-3789 (A vulnerability has been found in Tim Campus Confession Wall and
NOT-FOR-US: Tim Campus Confession Wall
CVE-2022-3788
REJECTED
-CVE-2022-3787
- RESERVED
+CVE-2022-3787 (A vulnerability was found in the device-mapper-multipath. The device-m ...)
NOT-FOR-US: Red Hat Enterprise Linux specfic regression for CVE-2022-41974 update
CVE-2022-3786 (A buffer overrun can be triggered in X.509 certificate verification, s ...)
- openssl 3.0.7-1
@@ -33820,12 +33842,12 @@ CVE-2022-44372
RESERVED
CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can cause Rem ...)
NOT-FOR-US: hope-boot
-CVE-2022-44370
- RESERVED
-CVE-2022-44369
- RESERVED
-CVE-2022-44368
- RESERVED
+CVE-2022-44370 (NASM v2.16 was discovered to contain a heap buffer overflow in the com ...)
+ TODO: check
+CVE-2022-44369 (NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference ...)
+ TODO: check
+CVE-2022-44368 (NASM v2.16 was discovered to contain a null pointer deference in the N ...)
+ TODO: check
CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
NOT-FOR-US: Tenda
CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...)
@@ -78897,8 +78919,7 @@ CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mru
NOTE: https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6
CVE-2022-1275 (The BannerMan WordPress plugin through 0.2.4 does not sanitize or esca ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1274
- RESERVED
+CVE-2022-1274 (A flaw was found in Keycloak in the execute-actions-email endpoint. Th ...)
NOT-FOR-US: Keycloak
CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the impo ...)
NOT-FOR-US: WordPress plugin
@@ -117138,8 +117159,8 @@ CVE-2021-41528
RESERVED
CVE-2021-41527
RESERVED
-CVE-2021-41526
- RESERVED
+CVE-2021-41526 (A vulnerability has been reported in the windows installer (MSI) built ...)
+ TODO: check
CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
NOT-FOR-US: FlexNet
CVE-2021-3821 (A potential security vulnerability has been identified for certain HP ...)
@@ -215827,8 +215848,8 @@ CVE-2020-14142
RESERVED
CVE-2020-14141
RESERVED
-CVE-2020-14140
- RESERVED
+CVE-2020-14140 (When Xiaomi router firmware is updated in 2020, there is an unauthenti ...)
+ TODO: check
CVE-2020-14139
RESERVED
CVE-2020-14138
@@ -286616,8 +286637,8 @@ CVE-2019-8965
RESERVED
CVE-2019-8964
RESERVED
-CVE-2019-8963
- RESERVED
+CVE-2019-8963 (A Denial of Service (DoS) vulnerability was discovered in FlexNet Publ ...)
+ TODO: check
CVE-2019-8962
RESERVED
CVE-2019-8961 (A Denial of Service vulnerability related to stack exhaustion has been ...)
@@ -397364,8 +397385,8 @@ CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.
NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router
CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External Entity ( ...)
NOT-FOR-US: USB Pratirodh
-CVE-2017-6894
- RESERVED
+CVE-2017-6894 (A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 a ...)
+ TODO: check
CVE-2017-6893
RESERVED
CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b6436d73fc06e6f6fb747b9d5c10adbd37f6df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b6436d73fc06e6f6fb747b9d5c10adbd37f6df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230330/96c071dc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list