[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 12 21:12:13 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d71728dd by security tracker role at 2023-05-12T20:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-32306 (Time Tracker is an open source time tracking system. A time-based blin ...)
+ TODO: check
+CVE-2023-32305 (aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contai ...)
+ TODO: check
+CVE-2023-32081 (Vert.x STOMP is a vert.x implementation of the STOMP specification tha ...)
+ TODO: check
+CVE-2023-32073 (WWBN AVideo is an open source video platform. In versions 12.4 and pri ...)
+ TODO: check
+CVE-2023-31985 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...)
+ TODO: check
+CVE-2023-31983 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...)
+ TODO: check
+CVE-2023-31922 (QuickJS commit 2788d71 was discovered to contain a stack-overflow via ...)
+ TODO: check
+CVE-2023-31921 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
+ TODO: check
+CVE-2023-31920 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
+ TODO: check
+CVE-2023-31919 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
+ TODO: check
+CVE-2023-31918 (Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertio ...)
+ TODO: check
+CVE-2023-31916 (Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertio ...)
+ TODO: check
+CVE-2023-31914 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memo ...)
+ TODO: check
+CVE-2023-31913 (Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertio ...)
+ TODO: check
+CVE-2023-2682 (A vulnerability was found in Caton Live up to 2023-04-26 and classifie ...)
+ TODO: check
+CVE-2023-2678 (A vulnerability has been found in SourceCodester File Tracker Manager ...)
+ TODO: check
+CVE-2023-2677 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-2676 (A vulnerability, which was classified as critical, has been found in H ...)
+ TODO: check
+CVE-2023-2675 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...)
+ TODO: check
+CVE-2023-2672 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-2671 (A vulnerability was found in SourceCodester Lost and Found Information ...)
+ TODO: check
+CVE-2023-2515 (Mattermost fails to restrict a user with permissions to edit other use ...)
+ TODO: check
+CVE-2023-2514 (Mattermost Sever fails to redact the DB username and password before e ...)
+ TODO: check
+CVE-2023-2512 (Prior to version v1.20230419.0, the FormData API implementation was su ...)
+ TODO: check
+CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior t ...)
+ TODO: check
+CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome on Chrom ...)
+ TODO: check
CVE-2023-32243 (Improper Authentication vulnerability in WPDeveloper Essential Addons ...)
NOT-FOR-US: WordPress plugin
CVE-2023-32059 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...)
@@ -1044,10 +1096,10 @@ CVE-2023-31204
RESERVED
CVE-2023-31200
RESERVED
-CVE-2023-31199
- RESERVED
-CVE-2023-31197
- RESERVED
+CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbox(TM) ...)
+ TODO: check
+CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...)
+ TODO: check
CVE-2023-31187
RESERVED
CVE-2023-31186
@@ -1180,14 +1232,14 @@ CVE-2023-31124
RESERVED
CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform ...)
NOT-FOR-US: effectindex/tripreporter
-CVE-2023-30768
- RESERVED
-CVE-2023-30763
- RESERVED
+CVE-2023-30768 (Improper access control in the Intel(R) Server Board S2600WTT belongin ...)
+ TODO: check
+CVE-2023-30763 (Heap-based overflow in Intel(R) SoC Watch based software before versio ...)
+ TODO: check
CVE-2023-29502
RESERVED
-CVE-2023-29242
- RESERVED
+CVE-2023-29242 (Improper access control for Intel(R) oneAPI Toolkits before version 20 ...)
+ TODO: check
CVE-2023-29168
RESERVED
CVE-2023-29152
@@ -3921,10 +3973,10 @@ CVE-2023-30249
RESERVED
CVE-2023-30248
RESERVED
-CVE-2023-30247
- RESERVED
-CVE-2023-30246
- RESERVED
+CVE-2023-30247 (File Upload vulnerability found in Oretnom23 Storage Unit Rental Manag ...)
+ TODO: check
+CVE-2023-30246 (SQL injection vulnerability found in Judging Management System v.1.0 a ...)
+ TODO: check
CVE-2023-30245
RESERVED
CVE-2023-30244
@@ -4155,8 +4207,8 @@ CVE-2023-30132
RESERVED
CVE-2023-30131
RESERVED
-CVE-2023-30130
- RESERVED
+CVE-2023-30130 (An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute ...)
+ TODO: check
CVE-2023-30129
RESERVED
CVE-2023-30128
@@ -4374,7 +4426,7 @@ CVE-2023-30026
RESERVED
CVE-2023-30025
RESERVED
-CVE-2023-30024 (Insecure Permissions vulnerability found in MagicJack A921 USB Phone J ...)
+CVE-2023-30024 (The MagicJack device, a VoIP solution for internet phone calls, contai ...)
NOT-FOR-US: MagicJack
CVE-2023-30023
RESERVED
@@ -4456,8 +4508,8 @@ CVE-2023-29985
RESERVED
CVE-2023-29984
RESERVED
-CVE-2023-29983
- RESERVED
+CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8. ...)
+ TODO: check
CVE-2023-29982
RESERVED
CVE-2023-29981
@@ -4820,12 +4872,12 @@ CVE-2023-29822
RESERVED
CVE-2023-29821
RESERVED
-CVE-2023-29820
- RESERVED
-CVE-2023-29819
- RESERVED
-CVE-2023-29818
- RESERVED
+CVE-2023-29820 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...)
+ TODO: check
+CVE-2023-29819 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...)
+ TODO: check
+CVE-2023-29818 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...)
+ TODO: check
CVE-2023-29817
RESERVED
CVE-2023-29816
@@ -5148,8 +5200,8 @@ CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists
NOTE: https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991 (v1.15.2)
CVE-2023-29658
RESERVED
-CVE-2023-29657
- RESERVED
+CVE-2023-29657 (eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in ...)
+ TODO: check
CVE-2023-29656
RESERVED
CVE-2023-29655
@@ -5733,8 +5785,8 @@ CVE-2023-1936
RESERVED
CVE-2023-1935
RESERVED
-CVE-2023-1934
- RESERVED
+CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is afflicted by ...)
+ TODO: check
CVE-2023-1933
RESERVED
CVE-2023-1932
@@ -9366,8 +9418,8 @@ CVE-2023-28416
RESERVED
CVE-2023-28415
RESERVED
-CVE-2023-28414
- RESERVED
+CVE-2023-28414 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apex ...)
+ TODO: check
CVE-2023-28413
RESERVED
CVE-2023-28409
@@ -10072,7 +10124,7 @@ CVE-2023-28207
CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...)
NOT-FOR-US: Apple
CVE-2023-28205 (A use after free issue was addressed with improved memory management. ...)
- {DSA-5397-1 DSA-5396-1}
+ {DSA-5397-1 DSA-5396-1 DLA-3419-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
@@ -10942,7 +10994,7 @@ CVE-2023-27956 (The issue was addressed with improved memory handling. This issu
CVE-2023-27955 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-27954 (The issue was addressed by removing origin information. This issue is ...)
- {DSA-5397-1 DSA-5396-1}
+ {DSA-5397-1 DSA-5396-1 DLA-3419-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
@@ -10989,7 +11041,7 @@ CVE-2023-27934 (A memory initialization issue was addressed. This issue is fixed
CVE-2023-27933 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2023-27932 (This issue was addressed with improved state management. This issue is ...)
- {DSA-5397-1 DSA-5396-1}
+ {DSA-5397-1 DSA-5396-1 DLA-3419-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
@@ -11220,8 +11272,8 @@ CVE-2023-27865
RESERVED
CVE-2023-27864 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML ...)
NOT-FOR-US: IBM
-CVE-2023-27863
- RESERVED
+CVE-2023-27863 (IBM Spectrum Protect Plus Server 10.1.13, under specific configuration ...)
+ TODO: check
CVE-2023-27862
RESERVED
CVE-2023-27861
@@ -11505,8 +11557,8 @@ CVE-2023-27825
RESERVED
CVE-2023-27824
RESERVED
-CVE-2023-27823
- RESERVED
+CVE-2023-27823 (An authentication bypass in Optoma 1080PSTX C02 allows an attacker to ...)
+ TODO: check
CVE-2023-27822
RESERVED
CVE-2023-27821 (Databasir v1.0.7 was discovered to contain a remote code execution (RC ...)
@@ -13185,10 +13237,10 @@ CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command injec
NOT-FOR-US: Tenda
CVE-2023-27239 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...)
NOT-FOR-US: Tenda
-CVE-2023-27238
- RESERVED
-CVE-2023-27237
- RESERVED
+CVE-2023-27238 (LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache pois ...)
+ TODO: check
+CVE-2023-27237 (LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header ...)
+ TODO: check
CVE-2023-27236
RESERVED
CVE-2023-27235 (An arbitrary file upload vulnerability in the \admin\c\CommonControlle ...)
@@ -13596,7 +13648,7 @@ CVE-2023-27045
RESERVED
CVE-2023-27044
RESERVED
-CVE-2023-27043 (The e-mail module of Python 0 - 2.7.18, 3.x - 3.11 incorrectly parses ...)
+CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-mail ad ...)
- python3.11 <unfixed>
- python3.10 <unfixed>
- python3.9 <removed>
@@ -16417,8 +16469,8 @@ CVE-2023-25960
RESERVED
CVE-2023-25959
RESERVED
-CVE-2023-25958
- RESERVED
+CVE-2023-25958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Just ...)
+ TODO: check
CVE-2023-25957 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
NOT-FOR-US: Siemens
CVE-2023-25956 (Generation of Error Message Containing Sensitive Information vulnerabi ...)
@@ -16527,8 +16579,8 @@ CVE-2023-25929
RESERVED
CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
NOT-FOR-US: IBM
-CVE-2023-25927
- RESERVED
+CVE-2023-25927 (IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and ...)
+ TODO: check
CVE-2023-25926
RESERVED
CVE-2023-25925
@@ -18225,8 +18277,8 @@ CVE-2023-25462
RESERVED
CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nami ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25460
- RESERVED
+CVE-2023-25460 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...)
+ TODO: check
CVE-2023-25459
RESERVED
CVE-2023-25458 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO ...)
@@ -18289,8 +18341,8 @@ CVE-2023-25430
RESERVED
CVE-2023-25429
RESERVED
-CVE-2023-25428
- RESERVED
+CVE-2023-25428 (A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.2 ...)
+ TODO: check
CVE-2023-25427
RESERVED
CVE-2023-25426
@@ -22587,8 +22639,8 @@ CVE-2023-23869
RESERVED
CVE-2023-23868
RESERVED
-CVE-2023-23867
- RESERVED
+CVE-2023-23867 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23866 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins St ...)
@@ -22759,8 +22811,8 @@ CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23811
RESERVED
-CVE-2023-23810
- RESERVED
+CVE-2023-23810 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...)
+ TODO: check
CVE-2023-23809 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mori ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23808 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Serg ...)
@@ -24129,8 +24181,8 @@ CVE-2023-23446
RESERVED
CVE-2023-23445
RESERVED
-CVE-2023-23444
- RESERVED
+CVE-2023-23444 (Missing Authentication for Critical Function in SICK Flexi Classic and ...)
+ TODO: check
CVE-2023-23443
RESERVED
CVE-2023-23442
@@ -24700,8 +24752,8 @@ CVE-2023-23171
RESERVED
CVE-2023-23170
RESERVED
-CVE-2023-23169
- RESERVED
+CVE-2023-23169 (Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and serve ...)
+ TODO: check
CVE-2023-23168
RESERVED
CVE-2023-23167
@@ -26586,8 +26638,8 @@ CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose
NOT-FOR-US: Jose Mortellaro Freesoul Deactivate
CVE-2023-22686 (Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice Pa ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22685
- RESERVED
+CVE-2023-22685 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips ...)
+ TODO: check
CVE-2023-22684
RESERVED
CVE-2023-22683 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...)
@@ -28068,8 +28120,8 @@ CVE-2022-48022 (An issue in the component /api/v1/mentions of Zammad v5.3.0 allo
- zammad <itp> (bug #841355)
CVE-2022-48021 (A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary ...)
- zammad <itp> (bug #841355)
-CVE-2022-48020
- RESERVED
+CVE-2022-48020 (Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site sc ...)
+ TODO: check
CVE-2022-48019 (The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3 ...)
NOT-FOR-US: Another Eden
CVE-2022-48018
@@ -29164,10 +29216,10 @@ CVE-2022-47882
RESERVED
CVE-2022-47881 (Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of ...)
NOT-FOR-US: Foxit
-CVE-2022-47880
- RESERVED
-CVE-2022-47879
- RESERVED
+CVE-2022-47880 (An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH J ...)
+ TODO: check
+CVE-2022-47879 (A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 20 ...)
+ TODO: check
CVE-2022-47878 (Incorrect input validation for the default-storage-path in the setting ...)
NOT-FOR-US: Jedox
CVE-2022-47877 (A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows r ...)
@@ -74710,7 +74762,7 @@ CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handl
NOTE: https://webkitgtk.org/security/WSA-2022-0009.html
CVE-2022-32885
REJECTED
- {DSA-5397-1 DSA-5396-1}
+ {DSA-5397-1 DSA-5396-1 DLA-3419-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.38.6-1
NOTE: https://webkitgtk.org/security/WSA-2023-0003.html
@@ -107036,7 +107088,7 @@ CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior t
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
- {DSA-5397-1 DSA-5396-1 DSA-5046-1}
+ {DSA-5397-1 DSA-5396-1 DSA-5046-1 DLA-3419-1}
- chromium 97.0.4692.71-0.1
[buster] - chromium <end-of-life> (see DSA 5046)
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -226302,8 +226354,8 @@ CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF In
NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
CVE-2020-13378 (Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Inj ...)
TODO: check
-CVE-2020-13377
- RESERVED
+CVE-2020-13377 (The web-services interface of Loadbalancer.org Enterprise VA MAX throu ...)
+ TODO: check
CVE-2020-13376 (SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable fil ...)
NOT-FOR-US: SecurEnvoy SecurMail
CVE-2020-13375
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d71728dd200b02cefb4d3e935c1520844b3e7387
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d71728dd200b02cefb4d3e935c1520844b3e7387
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230512/8c9c37ed/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list