[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 31 21:11:00 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
42df1638 by security tracker role at 2023-03-31T20:10:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,155 @@
+CVE-2023-29149
+ RESERVED
+CVE-2023-29148
+ RESERVED
+CVE-2023-29147
+ RESERVED
+CVE-2023-29146
+ RESERVED
+CVE-2023-29145
+ RESERVED
+CVE-2023-29144
+ RESERVED
+CVE-2023-29143
+ RESERVED
+CVE-2023-29142
+ RESERVED
+CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...)
+ TODO: check
+CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for MediaWi ...)
+ TODO: check
+CVE-2023-29139 (An issue was discovered in the CheckUser extension for MediaWiki throu ...)
+ TODO: check
+CVE-2023-29138
+ RESERVED
+CVE-2023-29137 (An issue was discovered in the GrowthExperiments extension for MediaWi ...)
+ TODO: check
+CVE-2023-29136
+ RESERVED
+CVE-2023-29135
+ RESERVED
+CVE-2023-29134
+ RESERVED
+CVE-2023-29133
+ RESERVED
+CVE-2023-29132
+ RESERVED
+CVE-2023-29131
+ RESERVED
+CVE-2023-29130
+ RESERVED
+CVE-2023-29129
+ RESERVED
+CVE-2023-29128
+ RESERVED
+CVE-2023-29127
+ RESERVED
+CVE-2023-29126
+ RESERVED
+CVE-2023-29125
+ RESERVED
+CVE-2023-29124
+ RESERVED
+CVE-2023-29123
+ RESERVED
+CVE-2023-29122
+ RESERVED
+CVE-2023-29121
+ RESERVED
+CVE-2023-29120
+ RESERVED
+CVE-2023-29119
+ RESERVED
+CVE-2023-29118
+ RESERVED
+CVE-2023-29117
+ RESERVED
+CVE-2023-29116
+ RESERVED
+CVE-2023-29115
+ RESERVED
+CVE-2023-29114
+ RESERVED
+CVE-2023-29113
+ RESERVED
+CVE-2023-29112
+ RESERVED
+CVE-2023-29111
+ RESERVED
+CVE-2023-29110
+ RESERVED
+CVE-2023-29109
+ RESERVED
+CVE-2023-29108
+ RESERVED
+CVE-2023-29107
+ RESERVED
+CVE-2023-29106
+ RESERVED
+CVE-2023-29105
+ RESERVED
+CVE-2023-29104
+ RESERVED
+CVE-2023-29103
+ RESERVED
+CVE-2023-29102
+ RESERVED
+CVE-2023-29101
+ RESERVED
+CVE-2023-29100
+ RESERVED
+CVE-2023-29099
+ RESERVED
+CVE-2023-29098
+ RESERVED
+CVE-2023-29097
+ RESERVED
+CVE-2023-29096
+ RESERVED
+CVE-2023-29095
+ RESERVED
+CVE-2023-29094
+ RESERVED
+CVE-2023-29093
+ RESERVED
+CVE-2023-1783
+ RESERVED
+CVE-2023-1782
+ RESERVED
+CVE-2023-1781
+ RESERVED
+CVE-2023-1780
+ RESERVED
+CVE-2023-1779
+ RESERVED
+CVE-2023-1778
+ RESERVED
+CVE-2023-1777 (Mattermost allows an attacker to request a preview of an existing mess ...)
+ TODO: check
+CVE-2023-1776 (Boards in Mattermost allows an attacker to upload a malicious SVG imag ...)
+ TODO: check
+CVE-2023-1775 (When running in a High Availability configuration, Mattermost fails to ...)
+ TODO: check
+CVE-2023-1774 (When processing an email invite to a private channel on a team, Matter ...)
+ TODO: check
+CVE-2023-1773 (A vulnerability was found in Rockoa 2.3.2. It has been declared as cri ...)
+ TODO: check
+CVE-2023-1772 (A vulnerability was found in DataGear up to 4.5.1. It has been classif ...)
+ TODO: check
+CVE-2023-1771 (A vulnerability was found in SourceCodester Grade Point Average GPA Ca ...)
+ TODO: check
+CVE-2023-1770 (A vulnerability has been found in SourceCodester Grade Point Average G ...)
+ TODO: check
+CVE-2023-1769 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-1768
+ RESERVED
+CVE-2023-1767
+ RESERVED
+CVE-2023-1766
+ RESERVED
+CVE-2023-1765
+ RESERVED
CVE-2023-29092
RESERVED
CVE-2023-29091
@@ -715,16 +867,15 @@ CVE-2023-28881
RESERVED
CVE-2023-28880
RESERVED
-CVE-2023-28879 [Buffer Overflow in s_xBCPE_process]
- RESERVED
+CVE-2023-28879 (In Artifex Ghostscript through 10.01.0, there is a buffer overflow lea ...)
- ghostscript <unfixed> (bug #1033757)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public)
NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179
NOTE: Hardening: https://git.ghostscript.com/?p=ghostpdl.git;h=3635f4c75e54e337a4eebcf6db3eef0e60f9cebf
CVE-2023-28878
RESERVED
-CVE-2023-28877
- RESERVED
+CVE-2023-28877 (The VTEX apps-graphql at 2.x GraphQL API module does not properly restric ...)
+ TODO: check
CVE-2023-28876
RESERVED
CVE-2023-28875
@@ -755,8 +906,7 @@ CVE-2023-28864
RESERVED
CVE-2023-28863
RESERVED
-CVE-2023-28862
- RESERVED
+CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...)
- lemonldap-ng 2.16.1+ds-1
[bullseye] - lemonldap-ng <no-dsa> (Minor issue)
[buster] - lemonldap-ng <no-dsa> (Minor issue)
@@ -852,8 +1002,8 @@ CVE-2023-28845
RESERVED
CVE-2023-28844
RESERVED
-CVE-2023-28843
- RESERVED
+CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop web comm ...)
+ TODO: check
CVE-2023-28842
RESERVED
CVE-2023-28841
@@ -2107,8 +2257,7 @@ CVE-2023-28467
RESERVED
CVE-2023-28465
RESERVED
-CVE-2023-28464
- RESERVED
+CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel throu ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/03/28/2
NOTE: https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/
@@ -4000,8 +4149,8 @@ CVE-2023-27894 (SAP BusinessObjects Business Intelligence Platform (Web Services
NOT-FOR-US: SAP
CVE-2023-27893 (An attacker authenticated as a user with a non-administrative role and ...)
NOT-FOR-US: SAP
-CVE-2023-1258
- RESERVED
+CVE-2023-1258 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series device ...)
NOT-FOR-US: Moxa UC Series devices
CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server ar ...)
@@ -5930,8 +6079,8 @@ CVE-2023-1062 (A vulnerability, which was classified as critical, was found in S
NOT-FOR-US: SourceCodester Doctors Appointment System
CVE-2023-1061 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Doctors Appointment System
-CVE-2023-1060
- RESERVED
+CVE-2023-1060 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-1059 (A vulnerability classified as critical was found in SourceCodester Doc ...)
NOT-FOR-US: SourceCodester Doctors Appointment System
CVE-2023-1058 (A vulnerability classified as critical has been found in SourceCodeste ...)
@@ -6161,16 +6310,16 @@ CVE-2023-27165
RESERVED
CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 allows att ...)
NOT-FOR-US: Halo
-CVE-2023-27163
- RESERVED
-CVE-2023-27162
- RESERVED
+CVE-2023-27163 (request-baskets up to v1.2.1 was discovered to contain a Server-Side R ...)
+ TODO: check
+CVE-2023-27162 (openapi-generator up to v6.4.0 was discovered to contain a Server-Side ...)
+ TODO: check
CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...)
NOT-FOR-US: Jellyfin
-CVE-2023-27160
- RESERVED
-CVE-2023-27159
- RESERVED
+CVE-2023-27160 (forem up to v2022.11.11 was discovered to contain a Server-Side Reques ...)
+ TODO: check
+CVE-2023-27159 (Appwrite up to v1.2.1 was discovered to contain a Server-Side Request ...)
+ TODO: check
CVE-2023-27158
RESERVED
CVE-2023-27157
@@ -6658,8 +6807,8 @@ CVE-2023-26927
RESERVED
CVE-2023-26926
RESERVED
-CVE-2023-26925
- RESERVED
+CVE-2023-26925 (An information disclosure vulnerability exists in the Syslog functiona ...)
+ TODO: check
CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockReg ...)
TODO: check
CVE-2023-26923 (Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that ...)
@@ -6853,10 +7002,10 @@ CVE-2023-26832
RESERVED
CVE-2023-26831
RESERVED
-CVE-2023-26830
- RESERVED
-CVE-2023-26829
- RESERVED
+CVE-2023-26830 (An unrestricted file upload vulnerability in the administrative portal ...)
+ TODO: check
+CVE-2023-26829 (An authentication bypass vulnerability in the Password Reset component ...)
+ TODO: check
CVE-2023-26828
RESERVED
CVE-2023-26827
@@ -14755,8 +14904,8 @@ CVE-2023-24023
RESERVED
CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with ...)
NOT-FOR-US: Baicells
-CVE-2023-0432
- RESERVED
+CVE-2023-0432 (The web configuration service of the affected device contains an authe ...)
+ TODO: check
CVE-2023-0431
RESERVED
CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...)
@@ -15595,10 +15744,10 @@ CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP c
NOT-FOR-US: Akuvox
CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default and can ...)
NOT-FOR-US: Akuvox
-CVE-2023-0344
- RESERVED
-CVE-2023-0343
- RESERVED
+CVE-2023-0344 (Akuvox E11 appears to be using a custom version of dropbear SSH server ...)
+ TODO: check
+CVE-2023-0343 (Akuvox E11 contains a function that encrypts messages which are then f ...)
+ TODO: check
CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...)
NOT-FOR-US: frioux ptome
CVE-2023-23753
@@ -16159,8 +16308,8 @@ CVE-2023-23596 (jc21 NGINX Proxy Manager through 2.9.19 allows OS command inject
NOT-FOR-US: jc21 NGINX Proxy Manager
CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...)
NOT-FOR-US: BlueCat Device Registration Portal
-CVE-2023-23594
- RESERVED
+CVE-2023-23594 (An authentication bypass vulnerability in the web client interface for ...)
+ TODO: check
CVE-2023-23593
RESERVED
CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to ac ...)
@@ -45980,8 +46129,8 @@ CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File
NOT-FOR-US: IBM
CVE-2022-40607 (IBM Spectrum Scale 5.1 could allow users with permissions to create po ...)
NOT-FOR-US: IBM
-CVE-2022-3192
- RESERVED
+CVE-2022-3192 (Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows C ...)
+ TODO: check
CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability in Hita ...)
NOT-FOR-US: Hitachi
CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wiresha ...)
@@ -95366,14 +95515,17 @@ CVE-2022-23483 (xrdp is an open source project which provides a graphical login
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-38rw-9ch2-fcxq
CVE-2022-23482 (xrdp is an open source project which provides a graphical login to rem ...)
+ {DLA-3375-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-56pq-2pm9-7fhm
NOTE: https://github.com/neutrinolabs/xrdp/commit/1e42426db59120c6596d673f1bb2dc8b0312e692
CVE-2022-23481 (xrdp is an open source project which provides a graphical login to rem ...)
+ {DLA-3375-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hm75-9jcg-p7hq
NOTE: https://github.com/neutrinolabs/xrdp/commit/bc6b052959697b205d15108fb88e7c7e38c15bee
CVE-2022-23480 (xrdp is an open source project which provides a graphical login to rem ...)
+ {DLA-3375-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-3jmx-f6hv-95wg
NOTE: https://github.com/neutrinolabs/xrdp/commit/ae7c17e1f629156cce21f7f1b568d849c63bdc3f
@@ -104102,6 +104254,7 @@ CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator of
NOTE: https://hackmd.io/nDT_UKLyRQendxDwil9A4w
NOTE: memory overusage in GUI tool, no security impact
CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
+ {DLA-3376-1}
- svgpp 1.3.0+dfsg1-5 (bug #1014599)
[bullseye] - svgpp <no-dsa> (Minor issue)
NOTE: https://github.com/svgpp/svgpp/issues/101
@@ -293892,6 +294045,7 @@ CVE-2019-6250 (A pointer overflow, with code execution, was discovered in ZeroMQ
CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 ...)
NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script
CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
+ {DLA-3376-1}
- svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Issue only in src:svgpp which does not call the AGG-API in correct way.
@@ -293900,7 +294054,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling
- svgpp 1.2.3+dfsg1-5 (bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
- {DLA-2872-1 DLA-1656-1}
+ {DLA-3376-1 DLA-2872-1 DLA-1656-1}
- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
- svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42df1638196975d5f070c25fb523fdd48d9e53f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42df1638196975d5f070c25fb523fdd48d9e53f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230331/8243b7be/attachment.htm>
More information about the debian-security-tracker-commits
mailing list