[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 2 21:12:33 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d3326bf by security tracker role at 2023-05-02T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-32007 (** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibi ...)
+ TODO: check
+CVE-2023-31435 (Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Te ...)
+ TODO: check
+CVE-2023-31434 (The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user prof ...)
+ TODO: check
+CVE-2023-31433 (A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9 ...)
+ TODO: check
+CVE-2023-2479 (OS Command Injection in GitHub repository appium/appium-desktop prior ...)
+ TODO: check
+CVE-2023-2477 (A vulnerability was found in Funadmin up to 3.2.3. It has been declare ...)
+ TODO: check
+CVE-2023-2476 (A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been ...)
+ TODO: check
+CVE-2023-2475 (A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classifi ...)
+ TODO: check
+CVE-2023-2474 (A vulnerability has been found in Rebuild 3.2 and classified as proble ...)
+ TODO: check
+CVE-2023-2473 (A vulnerability was found in Dreamer CMS up to 4.1.3. It has been decl ...)
+ TODO: check
+CVE-2023-2445 (Improper access control in Subscriptions Folder path filter in Devolut ...)
+ TODO: check
CVE-2022-48483 (3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthentica ...)
NOT-FOR-US: 3CX
CVE-2022-48482 (3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows all ...)
@@ -445,8 +467,8 @@ CVE-2023-31209
RESERVED
CVE-2023-31208
RESERVED
-CVE-2023-31207
- RESERVED
+CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk <= 2.1. ...)
+ TODO: check
CVE-2023-2283
RESERVED
CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...)
@@ -1082,10 +1104,10 @@ CVE-2023-30946
RESERVED
CVE-2023-30945
RESERVED
-CVE-2023-30944
- RESERVED
-CVE-2023-30943
- RESERVED
+CVE-2023-30944 (The vulnerability was found Moodle which exists due to insufficient sa ...)
+ TODO: check
+CVE-2023-30943 (The vulnerability was found Moodle which exists because the applicatio ...)
+ TODO: check
CVE-2023-30942
RESERVED
CVE-2023-30941
@@ -1349,8 +1371,8 @@ CVE-2023-30871
RESERVED
CVE-2023-30870
RESERVED
-CVE-2023-30869
- RESERVED
+CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...)
+ TODO: check
CVE-2023-30868
RESERVED
CVE-2023-30867
@@ -1416,8 +1438,8 @@ CVE-2023-2168 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-
NOT-FOR-US: TaxoPress plugin for WordPress
CVE-2023-2167
RESERVED
-CVE-2023-30861
- RESERVED
+CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When all of the ...)
+ TODO: check
CVE-2023-30860
RESERVED
CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that helps you ...)
@@ -2599,8 +2621,8 @@ CVE-2023-2002
NOTE: Hardening: https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000@pku.edu.cn/
CVE-2023-2001
RESERVED
-CVE-2023-2000
- RESERVED
+CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redirecti ...)
+ TODO: check
CVE-2023-1999
RESERVED
{DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
@@ -2800,6 +2822,7 @@ CVE-2023-1982
RESERVED
CVE-2023-1981 [avahi-daemon can be crashed via DBus]
RESERVED
+ {DLA-3414-1}
- avahi 0.8-10 (bug #1034594)
NOTE: https://github.com/lathiat/avahi/issues/375
NOTE: https://github.com/lathiat/avahi/pull/407
@@ -2999,8 +3022,8 @@ CVE-2023-30405 (A cross-site scripting (XSS) vulnerability in Aigital Wireless-N
NOT-FOR-US: Aigital
CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to co ...)
NOT-FOR-US: Aigital Wireless-N Repeater Mini_Router
-CVE-2023-30403
- RESERVED
+CVE-2023-30403 (An issue in the time-based authentication mechanism of Aigital Aigital ...)
+ TODO: check
CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the function ...)
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/206
@@ -3441,7 +3464,8 @@ CVE-2023-30185
RESERVED
CVE-2023-30184
RESERVED
-CVE-2023-30183 (Wangmarket CMS v4.10 was discovered to contain a SQL injection vulnera ...)
+CVE-2023-30183
+ REJECTED
NOT-FOR-US: Wangmarket CMS
CVE-2023-30182
RESERVED
@@ -3972,8 +3996,8 @@ CVE-2023-29920
RESERVED
CVE-2023-29919
RESERVED
-CVE-2023-29918
- RESERVED
+CVE-2023-29918 (RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Modul ...)
+ TODO: check
CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
NOT-FOR-US: H3C
CVE-2023-29916 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...)
@@ -4072,10 +4096,10 @@ CVE-2023-29870
RESERVED
CVE-2023-29869
RESERVED
-CVE-2023-29868
- RESERVED
-CVE-2023-29867
- RESERVED
+CVE-2023-29868 (Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Contro ...)
+ TODO: check
+CVE-2023-29867 (Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. ...)
+ TODO: check
CVE-2023-29866
RESERVED
CVE-2023-29865
@@ -4096,8 +4120,8 @@ CVE-2023-29858
RESERVED
CVE-2023-29857
RESERVED
-CVE-2023-29856
- RESERVED
+CVE-2023-29856 (D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerab ...)
+ TODO: check
CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via admin/languag ...)
NOT-FOR-US: WBCE CMS
CVE-2023-29854 (DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the for ...)
@@ -4252,8 +4276,8 @@ CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service v
NOT-FOR-US: Third Reality Smart Blind
CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulner ...)
NOT-FOR-US: Sengled Dimmer Switch
-CVE-2023-29778
- RESERVED
+CVE-2023-29778 (GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection v ...)
+ TODO: check
CVE-2023-29777
RESERVED
CVE-2023-29776
@@ -4264,8 +4288,8 @@ CVE-2023-29774 (Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (
NOT-FOR-US: Dreamer CMS
CVE-2023-29773
RESERVED
-CVE-2023-29772
- RESERVED
+CVE-2023-29772 (A Cross-site scripting (XSS) vulnerability in the System Log/General L ...)
+ TODO: check
CVE-2023-29771
RESERVED
CVE-2023-29770
@@ -10485,8 +10509,8 @@ CVE-2020-36668 (The JetBackup \u2013 WP Backup, Migrate & Restore plugin for Wor
NOT-FOR-US: JetBackup WP Backup, Migrate & Restore plugin for WordPress
CVE-2020-36667 (The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress ...)
NOT-FOR-US: JetBackup WP Backup, Migrate & Restore plugin for WordPress
-CVE-2023-27892
- RESERVED
+CVE-2023-27892 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
+ TODO: check
CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application authorization fr ...)
NOT-FOR-US: rami.io
CVE-2023-27890 (The Export User plugin through 2.0 for MyBB allows XSS during the proc ...)
@@ -10706,8 +10730,8 @@ CVE-2023-1198 (Improper Neutralization of Special Elements used in an SQL Comman
NOT-FOR-US: Saysis Starcities
CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...)
NOT-FOR-US: UVdesk
-CVE-2023-1196
- RESERVED
+CVE-2023-1196 (The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x be ...)
+ TODO: check
CVE-2023-1195
RESERVED
- linux 6.1.4-1
@@ -13385,7 +13409,8 @@ CVE-2023-26814
RESERVED
CVE-2023-26813 (SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictiona ...)
NOT-FOR-US: wangmarket CMS
-CVE-2023-26812 (Command execution vulnerability in the ActionEnter Class ins jfinal CM ...)
+CVE-2023-26812
+ REJECTED
NOT-FOR-US: jfinal CMS
CVE-2023-26811
RESERVED
@@ -13937,8 +13962,8 @@ CVE-2023-26548 (The pgmng module has a vulnerability in serialization/deserializ
NOT-FOR-US: Huawei
CVE-2023-26547 (The InputMethod module has a vulnerability of serialization/deserializ ...)
NOT-FOR-US: Huawei
-CVE-2023-26546
- RESERVED
+CVE-2023-26546 (European Chemicals Agency IUCLID before 6.27.6 allows remote authentic ...)
+ TODO: check
CVE-2023-24544 (Improper access control vulnerability in Buffalo network devices allow ...)
NOT-FOR-US: Buffalo network devices
CVE-2023-24464 (Stored-cross-site scripting vulnerability in Buffalo network devices a ...)
@@ -14845,8 +14870,8 @@ CVE-2023-26270
RESERVED
CVE-2023-26269 (Apache James server version 3.7.3 and earlier provides a JMX managemen ...)
NOT-FOR-US: Apache James
-CVE-2023-26268
- RESERVED
+CVE-2023-26268 (Design documents with matching document IDs, from databases on the sam ...)
+ TODO: check
CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to 110.0.5481.177 all ...)
{DSA-5359-1}
- chromium 110.0.5481.177-1
@@ -15322,8 +15347,8 @@ CVE-2023-26091 (The frp_form_answers (aka Forms Export) extension before 3.1.2,
NOT-FOR-US: TYPO3 extension
CVE-2023-26090
RESERVED
-CVE-2023-26089
- RESERVED
+CVE-2023-26089 (European Chemicals Agency IUCLID 6.x before 6.27.6 allows authenticati ...)
+ TODO: check
CVE-2023-26088 (In Malwarebytes before 4.5.23, a symbolic link may be used delete any ...)
NOT-FOR-US: Malwarebytes
CVE-2023-26087
@@ -21739,7 +21764,7 @@ CVE-2023-0408
CVE-2023-0407
RESERVED
CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. <19.6.1, <18 ...)
- {DLA-3344-1}
+ {DSA-5395-1 DLA-3344-1}
- nodejs <unfixed> (bug #1031834)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920
NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1
@@ -22356,8 +22381,8 @@ CVE-2023-23725
RESERVED
CVE-2023-23724
RESERVED
-CVE-2023-23723
- RESERVED
+CVE-2023-23723 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
+ TODO: check
CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...)
@@ -28408,16 +28433,16 @@ CVE-2022-47880
RESERVED
CVE-2022-47879
RESERVED
-CVE-2022-47878
- RESERVED
-CVE-2022-47877
- RESERVED
-CVE-2022-47876
- RESERVED
-CVE-2022-47875
- RESERVED
-CVE-2022-47874
- RESERVED
+CVE-2022-47878 (Incorrect input validation for the default-storage-path in the setting ...)
+ TODO: check
+CVE-2022-47877 (A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows r ...)
+ TODO: check
+CVE-2022-47876 (The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticate ...)
+ TODO: check
+CVE-2022-47875 (A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedo ...)
+ TODO: check
+CVE-2022-47874 (Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows ...)
+ TODO: check
CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...)
NOT-FOR-US: Netcad KEOS
CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request forgery ( ...)
@@ -31042,7 +31067,7 @@ CVE-2022-4473 (The Widget Shortcode WordPress plugin through 0.3.5 does not vali
NOT-FOR-US: WordPress plugin
CVE-2022-4472 (The Simple Sitemap WordPress plugin before 3.5.8 does not validate and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4471 (The YARPP WordPress plugin through 5.30.1 does not validate and escape ...)
+CVE-2022-4471 (The YARPP WordPress plugin before 5.30.3 does not validate and escape ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4470 (The Widgets for Google Reviews WordPress plugin before 9.8 does not va ...)
NOT-FOR-US: WordPress plugin
@@ -60823,7 +60848,8 @@ CVE-2022-37710 (Patterson Dental Eaglesoft 21 has AES-256 encryption but there a
NOT-FOR-US: Patterson Dental Eaglesoft
CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is ...)
NOT-FOR-US: Tesla
-CVE-2022-37708 (Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permi ...)
+CVE-2022-37708
+ REJECTED
- docker.io <unfixed> (unimportant; bug #1034886)
NOTE: https://github.com/thekevinday/docker_lightman_exploit
NOTE: Non issue, Docker works as expected, will probably be rejected
@@ -88165,7 +88191,7 @@ CVE-2022-1114 (A heap-use-after-free flaw was found in ImageMagick's RelinquishD
[stretch] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/4947
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f
-CVE-2022-1113 (The Flower Delivery by Florist One WordPress plugin through 3.5.10 doe ...)
+CVE-2022-1113 (The Flower Delivery by Florist One WordPress plugin through 3.7 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d3326bf2464591868da39acf4f748b5721cbf8d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d3326bf2464591868da39acf4f748b5721cbf8d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230502/ffb89787/attachment.htm>
More information about the debian-security-tracker-commits
mailing list