[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 3 21:12:34 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
18223558 by security tracker role at 2023-05-03T20:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1875,26 +1875,26 @@ CVE-2023-2091 (A vulnerability classified as critical was found in KylinSoft you
NOT-FOR-US: KylinSoft youker-assistant
CVE-2023-2090 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System
-CVE-2023-29240
- RESERVED
-CVE-2023-29163
- RESERVED
-CVE-2023-28742
- RESERVED
-CVE-2023-28724
- RESERVED
-CVE-2023-28656
- RESERVED
-CVE-2023-28406
- RESERVED
-CVE-2023-27378
- RESERVED
-CVE-2023-24594
- RESERVED
-CVE-2023-24461
- RESERVED
-CVE-2023-22372
- RESERVED
+CVE-2023-29240 (An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ ...)
+ TODO: check
+CVE-2023-29163 (When UDP profile with idle timeout set to immediate or the value 0 is ...)
+ TODO: check
+CVE-2023-28742 (When DNS is provisioned, an authenticated remote command execution vul ...)
+ TODO: check
+CVE-2023-28724 (NGINX Management Suite default file permissions are set such that an a ...)
+ TODO: check
+CVE-2023-28656 (NGINX Management Suite may allow an authenticated attacker to gain acc ...)
+ TODO: check
+CVE-2023-28406 (A directory traversal vulnerability exists in an undisclosed page of t ...)
+ TODO: check
+CVE-2023-27378 (Multiple reflected cross-site scripting (XSS) vulnerabilities exist in ...)
+ TODO: check
+CVE-2023-24594 (When an SSL profile is configured on a Virtual Server, undisclosed tra ...)
+ TODO: check
+CVE-2023-24461 (An improper certificate validationvulnerability exists in the BIG-IP E ...)
+ TODO: check
+CVE-2023-22372 (In the pre connection stage, an improper enforcement of message integr ...)
+ TODO: check
CVE-2023-2089 (A vulnerability was found in SourceCodester Complaint Management Syste ...)
NOT-FOR-US: SourceCodester Complaint Management System
CVE-2023-2088
@@ -2838,7 +2838,7 @@ CVE-2023-30471
CVE-2023-30470
RESERVED
CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...)
- {DLA-3403-1}
+ {DLA-3404-1 DLA-3403-1}
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6 (6.3-rc3)
@@ -3273,8 +3273,8 @@ CVE-2023-30302
RESERVED
CVE-2023-30301
RESERVED
-CVE-2023-30300
- RESERVED
+CVE-2023-30300 (An issue in the component hang.wasm of WebAssembly 1.0 causes an infin ...)
+ TODO: check
CVE-2023-30299
RESERVED
CVE-2023-30298
@@ -9117,12 +9117,12 @@ CVE-2023-1387 (Grafana is an open-source platform for monitoring and observabili
- grafana <removed>
CVE-2023-1386
RESERVED
-CVE-2023-1385
- RESERVED
-CVE-2023-1384
- RESERVED
-CVE-2023-1383
- RESERVED
+CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to ...)
+ TODO: check
+CVE-2023-1384 (The setMediaSource function on the amzn.thin.pl service does not sanit ...)
+ TODO: check
+CVE-2023-1383 (An Improper Enforcement of Behavioral Workflow vulnerability in the ex ...)
+ TODO: check
CVE-2023-1382 (A data race flaw was found in the Linux kernel, between where con is a ...)
- linux 6.0.12-1
[bullseye] - linux 5.10.158-1
@@ -9453,6 +9453,7 @@ CVE-2023-28207
CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...)
NOT-FOR-US: Apple
CVE-2023-28205 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
@@ -10322,6 +10323,7 @@ CVE-2023-27955
RESERVED
CVE-2023-27954
RESERVED
+ {DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
@@ -10369,6 +10371,7 @@ CVE-2023-27933
RESERVED
CVE-2023-27932
RESERVED
+ {DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
@@ -15674,8 +15677,8 @@ CVE-2023-26019
RESERVED
CVE-2023-26018
RESERVED
-CVE-2023-26017
- RESERVED
+CVE-2023-26017 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blue ...)
+ TODO: check
CVE-2023-26016
RESERVED
CVE-2023-26015
@@ -15750,8 +15753,8 @@ CVE-2023-25981
RESERVED
CVE-2023-25980
RESERVED
-CVE-2023-25979
- RESERVED
+CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...)
+ TODO: check
CVE-2023-25978
RESERVED
CVE-2023-25977
@@ -15774,8 +15777,8 @@ CVE-2023-25969
RESERVED
CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25967
- RESERVED
+CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...)
+ TODO: check
CVE-2023-25966
RESERVED
CVE-2023-25965
@@ -16168,10 +16171,10 @@ CVE-2023-25829
RESERVED
CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...)
NOT-FOR-US: Pluck CMS
-CVE-2023-25827
- RESERVED
-CVE-2023-25826
- RESERVED
+CVE-2023-25827 (Due to insufficient validation of parameters reflected in error messag ...)
+ TODO: check
+CVE-2023-25826 (Due to insufficient validation of parameters passed to the legacy HTTP ...)
+ TODO: check
CVE-2023-25825 (ZoneMinder is a free, open source Closed-circuit television software a ...)
- zoneminder 1.36.33+dfsg1-1 (unimportant)
NOTE: Only supported for trusted users/behind auth
@@ -16242,38 +16245,38 @@ CVE-2023-25800
RESERVED
CVE-2023-25799
RESERVED
-CVE-2023-25798
- RESERVED
-CVE-2023-25797
- RESERVED
-CVE-2023-25796
- RESERVED
+CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-25797 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlid ...)
+ TODO: check
+CVE-2023-25796 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Incl ...)
+ TODO: check
CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.I ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Geor ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25792
- RESERVED
+CVE-2023-25792 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Xiao ...)
+ TODO: check
CVE-2023-25791
RESERVED
CVE-2023-25790
RESERVED
-CVE-2023-25789
- RESERVED
+CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapf ...)
+ TODO: check
CVE-2023-25788
RESERVED
-CVE-2023-25787
- RESERVED
-CVE-2023-25786
- RESERVED
+CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbol ...)
+ TODO: check
+CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom ...)
+ TODO: check
CVE-2023-25785
RESERVED
-CVE-2023-25784
- RESERVED
-CVE-2023-25783
- RESERVED
+CVE-2023-25784 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon ...)
+ TODO: check
+CVE-2023-25783 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
+ TODO: check
CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25781
@@ -19448,8 +19451,8 @@ CVE-2023-24746
RESERVED
CVE-2023-24745
RESERVED
-CVE-2023-24744
- RESERVED
+CVE-2023-24744 (Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus ...)
+ TODO: check
CVE-2023-24743
RESERVED
CVE-2023-24742
@@ -21925,8 +21928,8 @@ CVE-2023-23883
RESERVED
CVE-2023-23882
RESERVED
-CVE-2023-23881
- RESERVED
+CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...)
+ TODO: check
CVE-2023-23880
RESERVED
CVE-2023-23879 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Exe ...)
@@ -21935,12 +21938,12 @@ CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability
NOT-FOR-US: WordPress plugin
CVE-2023-23877
RESERVED
-CVE-2023-23876
- RESERVED
-CVE-2023-23875
- RESERVED
-CVE-2023-23874
- RESERVED
+CVE-2023-23876 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-23875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hima ...)
+ TODO: check
+CVE-2023-23874 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23873
RESERVED
CVE-2023-23872
@@ -22085,8 +22088,8 @@ CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2023-23831
RESERVED
-CVE-2023-23830
- RESERVED
+CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
+ TODO: check
CVE-2023-23829
RESERVED
CVE-2023-23828
@@ -22105,8 +22108,8 @@ CVE-2023-23822
RESERVED
CVE-2023-23821 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23820
- RESERVED
+CVE-2023-23820 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23819
RESERVED
CVE-2023-23818
@@ -22127,10 +22130,10 @@ CVE-2023-23811
RESERVED
CVE-2023-23810
RESERVED
-CVE-2023-23809
- RESERVED
-CVE-2023-23808
- RESERVED
+CVE-2023-23809 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mori ...)
+ TODO: check
+CVE-2023-23808 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Serg ...)
+ TODO: check
CVE-2023-23807
RESERVED
CVE-2023-23806 (Auth. (admin+) StoredCross-Site Scripting (XSS) vulnerability in Davin ...)
@@ -22165,8 +22168,8 @@ CVE-2023-23792
RESERVED
CVE-2023-23791
RESERVED
-CVE-2023-23790
- RESERVED
+CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team ...)
+ TODO: check
CVE-2023-23789
RESERVED
CVE-2023-23788
@@ -22175,8 +22178,8 @@ CVE-2023-23787
RESERVED
CVE-2023-23786
RESERVED
-CVE-2023-23785
- RESERVED
+CVE-2023-23785 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCu ...)
+ TODO: check
CVE-2023-23784 (A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7 ...)
NOT-FOR-US: FortiGuard
CVE-2023-23783 (A use of externally-controlled format string in Fortinet FortiWeb vers ...)
@@ -22483,8 +22486,8 @@ CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23709
RESERVED
-CVE-2023-23708
- RESERVED
+CVE-2023-23708 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23706
@@ -25871,8 +25874,8 @@ CVE-2023-22715 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Leste
NOT-FOR-US: WordPress plugin
CVE-2023-22714
RESERVED
-CVE-2023-22713
- RESERVED
+CVE-2023-22713 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordP ...)
+ TODO: check
CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22711
@@ -25931,8 +25934,8 @@ CVE-2023-22685
RESERVED
CVE-2023-22684
RESERVED
-CVE-2023-22683
- RESERVED
+CVE-2023-22683 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...)
+ TODO: check
CVE-2023-22682 (Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22681 (Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech On ...)
@@ -32614,8 +32617,8 @@ CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes L
NOT-FOR-US: WordPress plugin
CVE-2022-46853
RESERVED
-CVE-2022-46852
- RESERVED
+CVE-2022-46852 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP T ...)
+ TODO: check
CVE-2022-46851
RESERVED
CVE-2022-46850
@@ -44513,8 +44516,8 @@ CVE-2022-43683
RESERVED
CVE-2022-43682
RESERVED
-CVE-2022-43681
- RESERVED
+CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...)
+ TODO: check
CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by overeag ...)
{DSA-5266-1 DLA-3165-1}
- expat 2.5.0-1 (bug #1022743)
@@ -48826,8 +48829,8 @@ CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1
NOTE: https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a (8.5.83)
CVE-2022-3406
RESERVED
-CVE-2022-3405
- RESERVED
+CVE-2022-3405 (Code execution and sensitive information disclosure due to excessive p ...)
+ TODO: check
CVE-2022-3404
REJECTED
CVE-2022-3403
@@ -53755,8 +53758,8 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based
NOTE: Fixed by: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b
CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...)
NOT-FOR-US: LISTSERV
-CVE-2022-40318
- RESERVED
+CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
+ TODO: check
CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the javascript: subst ...)
NOT-FOR-US: OpenKM
CVE-2022-40316 (The H5P activity attempts report did not filter by groups, which in se ...)
@@ -53818,8 +53821,8 @@ CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 (v2.10.3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336
-CVE-2022-40302
- RESERVED
+CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
+ TODO: check
CVE-2022-40301
RESERVED
CVE-2022-40300 (Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM ...)
@@ -56626,8 +56629,8 @@ CVE-2022-39163
RESERVED
CVE-2022-39162
RESERVED
-CVE-2022-39161
- RESERVED
+CVE-2022-39161 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere ...)
+ TODO: check
CVE-2022-39160 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross ...)
NOT-FOR-US: IBM
CVE-2022-3093 (This vulnerability allows physical attackers to execute arbitrary code ...)
@@ -73980,6 +73983,7 @@ CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handl
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
CVE-2022-32885
RESERVED
+ {DSA-5397-1 DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
@@ -79377,8 +79381,8 @@ CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file u
NOT-FOR-US: FriendsofFlarum
CVE-2022-30996
REJECTED
-CVE-2022-30995
- RESERVED
+CVE-2022-30995 (Sensitive information disclosure due to improper authentication. The f ...)
+ TODO: check
CVE-2022-30994 (Cleartext transmission of sensitive information. The following product ...)
NOT-FOR-US: Acronis
CVE-2022-30993 (Cleartext transmission of sensitive information. The following product ...)
@@ -106294,7 +106298,7 @@ CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior t
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
- {DSA-5046-1}
+ {DSA-5397-1 DSA-5396-1 DSA-5046-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -204306,8 +204310,8 @@ CVE-2020-22431
RESERVED
CVE-2020-22430
RESERVED
-CVE-2020-22429
- RESERVED
+CVE-2020-22429 (redox-os v0.1.0 was discovered to contain a use-after-free bug via the ...)
+ TODO: check
CVE-2020-22428 (SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scr ...)
NOT-FOR-US: SolarWinds
CVE-2020-22427 (NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerabi ...)
@@ -391340,8 +391344,8 @@ CVE-2017-11199
RESERVED
CVE-2017-11198 (Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_ ...)
NOT-FOR-US: FineCMS
-CVE-2017-11197
- RESERVED
+CVE-2017-11197 (In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privi ...)
+ TODO: check
CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in com ...)
{DLA-3058-1 DLA-1049-1}
- libsndfile 1.0.28-3 (bug #869166)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18223558b0cf802b35d2dd1c99c06b738e13c1c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18223558b0cf802b35d2dd1c99c06b738e13c1c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230503/1647b48f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list