[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 31 09:10:24 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9278dc74 by security tracker role at 2023-03-31T08:10:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,115 @@
+CVE-2023-29092
+ RESERVED
+CVE-2023-29091
+ RESERVED
+CVE-2023-29090
+ RESERVED
+CVE-2023-29089
+ RESERVED
+CVE-2023-29088
+ RESERVED
+CVE-2023-29087
+ RESERVED
+CVE-2023-29086
+ RESERVED
+CVE-2023-29085
+ RESERVED
+CVE-2023-29084
+ RESERVED
+CVE-2023-29083
+ RESERVED
+CVE-2023-29082
+ RESERVED
+CVE-2023-29081
+ RESERVED
+CVE-2023-29080
+ RESERVED
+CVE-2023-29079
+ RESERVED
+CVE-2023-29078
+ RESERVED
+CVE-2023-29077
+ RESERVED
+CVE-2023-29076
+ RESERVED
+CVE-2023-29075
+ RESERVED
+CVE-2023-29074
+ RESERVED
+CVE-2023-29073
+ RESERVED
+CVE-2023-29072
+ RESERVED
+CVE-2023-29071
+ RESERVED
+CVE-2023-29070
+ RESERVED
+CVE-2023-29069
+ RESERVED
+CVE-2023-29068
+ RESERVED
+CVE-2023-29067
+ RESERVED
+CVE-2023-29066
+ RESERVED
+CVE-2023-29065
+ RESERVED
+CVE-2023-29064
+ RESERVED
+CVE-2023-29063
+ RESERVED
+CVE-2023-29062
+ RESERVED
+CVE-2023-29061
+ RESERVED
+CVE-2023-29060
+ RESERVED
+CVE-2023-1764
+ RESERVED
+CVE-2023-1763
+ RESERVED
+CVE-2023-1762 (Improper Privilege Management in GitHub repository thorsten/phpmyfaq p ...)
+ TODO: check
+CVE-2023-1761 (Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12. ...)
+ TODO: check
+CVE-2023-1760 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-1759 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-1758
+ RESERVED
+CVE-2023-1757
+ RESERVED
+CVE-2023-1756
+ RESERVED
+CVE-2023-1755 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...)
+ TODO: check
+CVE-2023-1754 (Improper Input Validation in GitHub repository thorsten/phpmyfaq prior ...)
+ TODO: check
+CVE-2023-1753 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...)
+ TODO: check
+CVE-2023-1752
+ RESERVED
+CVE-2023-1751
+ RESERVED
+CVE-2023-1750
+ RESERVED
+CVE-2023-1749
+ RESERVED
+CVE-2023-1748
+ RESERVED
+CVE-2023-1747 (A vulnerability has been found in IBOS up to 4.5.4 and classified as c ...)
+ TODO: check
+CVE-2023-1746 (A vulnerability, which was classified as problematic, was found in Dre ...)
+ TODO: check
+CVE-2023-1745 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-1744 (A vulnerability classified as critical was found in IBOS 4.5.5. This v ...)
+ TODO: check
+CVE-2023-1743 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2023-1742 (A vulnerability was found in IBOS 4.5.5. It has been rated as critical ...)
+ TODO: check
CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code, as explo ...)
NOT-FOR-US: 3CX DesktopApp
CVE-2023-29058
@@ -52,20 +164,20 @@ CVE-2023-29034
RESERVED
CVE-2023-29033
RESERVED
-CVE-2023-1741
- RESERVED
-CVE-2023-1740
- RESERVED
-CVE-2023-1739
- RESERVED
-CVE-2023-1738
- RESERVED
-CVE-2023-1737
- RESERVED
-CVE-2023-1736
- RESERVED
-CVE-2023-1735
- RESERVED
+CVE-2023-1741 (A vulnerability was found in jeecg-boot 3.5.0. It has been declared as ...)
+ TODO: check
+CVE-2023-1740 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...)
+ TODO: check
+CVE-2023-1739 (A vulnerability was found in SourceCodester Simple and Beautiful Shopp ...)
+ TODO: check
+CVE-2023-1738 (A vulnerability has been found in SourceCodester Young Entrepreneur E- ...)
+ TODO: check
+CVE-2023-1737 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-1736 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-1735 (A vulnerability classified as critical was found in SourceCodester You ...)
+ TODO: check
CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System
CVE-2023-1733
@@ -424,8 +536,7 @@ CVE-2023-1672
RESERVED
CVE-2023-1671
RESERVED
-CVE-2023-1670
- RESERVED
+CVE-2023-1670 (A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-car ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44
CVE-2023-1669
@@ -671,11 +782,11 @@ CVE-2023-1638 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It
NOT-FOR-US: IObit Malware Fighter
CVE-2018-25083 (The pullit package before 1.4.0 for Node.js allows OS Command Injectio ...)
TODO: check
-CVE-2023-28859 (redis-py through 4.5.3 leaves a connection open after canceling an asy ...)
+CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open ...)
- python-redis <not-affected> (Incomplete fix for CVE-2023-28858 not applied)
NOTE: https://github.com/redis/redis-py/issues/2665
NOTE: https://github.com/redis/redis-py/pull/2641
-CVE-2023-28858 (redis-py before 4.5.3, as used in ChatGPT and other products, leaves a ...)
+CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling an asyn ...)
- python-redis <unfixed>
NOTE: https://github.com/redis/redis-py/issues/2624
NOTE: https://github.com/redis/redis-py/pull/2641
@@ -731,8 +842,8 @@ CVE-2023-28848
RESERVED
CVE-2023-28847
RESERVED
-CVE-2023-28846
- RESERVED
+CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...)
+ TODO: check
CVE-2023-28845
RESERVED
CVE-2023-28844
@@ -1009,10 +1120,10 @@ CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPC
NOT-FOR-US: Veritas
CVE-2023-28757
RESERVED
-CVE-2023-28756
- RESERVED
-CVE-2023-28755
- RESERVED
+CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...)
+ TODO: check
+CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...)
+ TODO: check
CVE-2023-28754
RESERVED
CVE-2023-28753
@@ -1125,10 +1236,10 @@ CVE-2023-28729
RESERVED
CVE-2023-28728
RESERVED
-CVE-2023-28727
- RESERVED
-CVE-2023-28726
- RESERVED
+CVE-2023-28727 (Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attacker ...)
+ TODO: check
+CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers ...)
+ TODO: check
CVE-2023-28725 (General Bytes Crypto Application Server (CAS) 20230120, as distributed ...)
NOT-FOR-US: General Bytes Crypto Application Server (CAS)
CVE-2023-28723
@@ -1999,8 +2110,8 @@ CVE-2023-28464
NOTE: https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/
CVE-2023-28463
RESERVED
-CVE-2023-28462
- RESERVED
+CVE-2023-28462 (A JNDI rebind operation in the default ORB listener in Payara Server 4 ...)
+ TODO: check
CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow ...)
NOT-FOR-US: Array Networks
CVE-2023-28460 (A command injection vulnerability was discovered in Array Networks APV ...)
@@ -2486,8 +2597,7 @@ CVE-2023-1395 (A vulnerability was found in SourceCodester Yoga Class Registrati
NOT-FOR-US: SourceCodester Yoga Class Registration System
CVE-2023-1394 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...)
NOT-FOR-US: SourceCodester Online Graduate Tracer System
-CVE-2023-1393
- RESERVED
+CVE-2023-1393 (A flaw was found in X.Org Server Overlay Window. A Use-After-Free may ...)
{DSA-5380-1 DLA-3372-1}
- xorg-server 2:21.1.7-2
- xwayland 2:22.1.9-1
@@ -4997,43 +5107,37 @@ CVE-2023-27539
NOTE: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c (v3.0.6.1)
NOTE: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff (v2.2.6.4)
NOTE: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466
-CVE-2023-27538 [SSH connection too eager reuse still]
- RESERVED
+CVE-2023-27538 (An authentication bypass vulnerability exists in libcurl v8.0.0 where ...)
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27538.html
NOTE: Fixed by: https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb (curl-8_0_0)
-CVE-2023-27537 [HSTS double-free]
- RESERVED
+CVE-2023-27537 (A double free vulnerability exists in libcurl <8.0.0 when sharing H ...)
- curl 7.88.1-7
[bullseye] - curl <not-affected> (Vulnerable code introduced later)
[buster] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2023-27537.html
NOTE: Introduced by: https://github.com/curl/curl/commit/076a2f629119222aeeb50f5a03bf9f9052fabb9a (curl-7_88_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/dca4cdf071be095bcdc7126eaa77a8946ea4790b (curl-8_0_0)
-CVE-2023-27536 [GSS delegation too eager connection re-use]
- RESERVED
+CVE-2023-27536 (An authentication bypass vulnerability exists libcurl <8.0.0 in the ...)
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27536.html
NOTE: Introduced by: https://github.com/curl/curl/commit/ebf42c4be76df40ec6d3bf32f229bbb274e2c32f (curl-7_22_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 (curl-8_0_0)
-CVE-2023-27535 [FTP too eager connection reuse]
- RESERVED
+CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl <8.0.0 in ...)
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27535.html
NOTE: Introduced by: https://github.com/curl/curl/commit/177dbc7be07125582ddb7416dba7140b88ab9f62 (curl-7_13_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1 (curl-8_0_0)
-CVE-2023-27534 [SFTP path ~ resolving discrepancy]
- RESERVED
+CVE-2023-27534 (A path traversal vulnerability exists in curl <8.0.0 SFTP implement ...)
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27534.html
NOTE: Introduced by: https://github.com/curl/curl/commit/ba6f20a2442ab1ebfe947cff19a552f92114a29a (curl-7_18_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 (curl-8_0_0)
-CVE-2023-27533 [TELNET option IAC injection]
- RESERVED
+CVE-2023-27533 (A vulnerability in input validation exists in curl <8.0 during comm ...)
- curl 7.88.1-7
[bullseye] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-27533.html
@@ -5502,6 +5606,7 @@ CVE-2023-1100 (A vulnerability classified as critical has been found in SourceCo
CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student Management ...)
NOT-FOR-US: SourceCodester Online Student Management System
CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) ...)
+ {DLA-3374-1}
- libmicrohttpd 0.9.75-6
[bullseye] - libmicrohttpd <no-dsa> (Minor issue)
NOTE: https://git.gnunet.org/libmicrohttpd.git/commit/?id=e0754d1638c602382384f1eface30854b1defeec (v0.9.76)
@@ -7034,8 +7139,8 @@ CVE-2023-26694
RESERVED
CVE-2023-26693
RESERVED
-CVE-2023-26692
- RESERVED
+CVE-2023-26692 (ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Manage ...)
+ TODO: check
CVE-2023-26691
RESERVED
CVE-2023-26690
@@ -10447,7 +10552,7 @@ CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear S
CVE-2023-25588
RESERVED
CVE-2023-25587
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29846
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3d3af4ba39e892b1c544d667ca241846bc3df386 (binutils-2_40)
@@ -20745,8 +20850,7 @@ CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classifie
NOT-FOR-US: Brave UX for-the-badge
CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and ea ...)
NOT-FOR-US: Fuji Electric
-CVE-2022-4744
- RESERVED
+CVE-2022-4744 (A double-free flaw was found in the Linux kernel’s TUN/TAP devic ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.136-1
NOTE: https://git.kernel.org/linus/158b515f703e75e7d68289bf4d98c664e1d632df (5.16-rc7)
@@ -22190,8 +22294,8 @@ CVE-2022-47544 (An issue was discovered in Siren Investigate before 12.1.7. Scri
NOT-FOR-US: Siren Investigate
CVE-2022-47543 (An issue was discovered in Siren Investigate before 12.1.7. There is a ...)
NOT-FOR-US: Siren Investigate
-CVE-2022-47542
- RESERVED
+CVE-2022-47542 (Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Cont ...)
+ TODO: check
CVE-2022-4615 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...)
NOT-FOR-US: OpenEMR
CVE-2022-4614 (Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znot ...)
@@ -40952,8 +41056,8 @@ CVE-2022-42454 (Insights for Vulnerability Remediation (IVR) is vulnerable to ma
NOT-FOR-US: HCL
CVE-2022-42453 (There are insufficient warnings when a Fixlet is imported by a user. T ...)
NOT-FOR-US: HCL
-CVE-2022-42452
- RESERVED
+CVE-2022-42452 (HCL Launch is vulnerable to HTML injection. HTML code is stored and in ...)
+ TODO: check
CVE-2022-42451
RESERVED
CVE-2022-42450
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9278dc74a092552e861b88c3ce7abe96807ab0d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9278dc74a092552e861b88c3ce7abe96807ab0d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230331/27fe2346/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list