[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 18 09:12:16 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c40180a by security tracker role at 2023-05-18T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,15 @@
+CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer overflow in che ...)
+ TODO: check
+CVE-2023-33203 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...)
+ TODO: check
+CVE-2023-31729 (TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.)
+ TODO: check
+CVE-2023-2780 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...)
+ TODO: check
+CVE-2023-2757 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2019-25137 (Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated admin ...)
+ TODO: check
CVE-2023-32763
- qt6-base <unfixed>
- qtbase-opensource-src <unfixed>
@@ -123,7 +135,7 @@ CVE-2023-2739 (A vulnerability classified as problematic was found in Gira HomeS
NOT-FOR-US: Gira HomeServer
CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda OA 11. ...)
NOT-FOR-US: Tongda
-CVE-2023-2731 [null pointer deference in LZWDecode() in libtiff/tif_lzw.c]
+CVE-2023-2731 (A NULL pointer dereference flaw was found in Libtiff's LZWDecode() fun ...)
- tiff <unfixed>
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/548
@@ -131,21 +143,27 @@ CVE-2023-2731 [null pointer deference in LZWDecode() in libtiff/tif_lzw.c]
CVE-2023-2730 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-2726 (Inappropriate implementation in WebApp Installs in Google Chrome prior ...)
+ {DSA-5404-1}
- chromium 113.0.5672.126-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2725 (Use after free in Guest View in Google Chrome prior to 113.0.5672.126 ...)
+ {DSA-5404-1}
- chromium 113.0.5672.126-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2724 (Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed ...)
+ {DSA-5404-1}
- chromium 113.0.5672.126-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2723 (Use after free in DevTools in Google Chrome prior to 113.0.5672.126 al ...)
+ {DSA-5404-1}
- chromium 113.0.5672.126-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2722 (Use after free in Autofill UI in Google Chrome on Android prior to 113 ...)
+ {DSA-5404-1}
- chromium 113.0.5672.126-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2721 (Use after free in Navigation in Google Chrome prior to 113.0.5672.126 ...)
+ {DSA-5404-1}
- chromium 113.0.5672.126-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2548 (The RegistrationMagic plugin for WordPress is vulnerable to Insecure D ...)
@@ -1279,8 +1297,7 @@ CVE-2023-28386
RESERVED
CVE-2023-25183
RESERVED
-CVE-2023-2319
- RESERVED
+CVE-2023-2319 (It was discovered that an update for PCS package in RHBA-2023:2151 err ...)
NOT-FOR-US: ed Hat Enterprise Linux 9.2 specific security regression from CVE-2023-28154
CVE-2023-2318
RESERVED
@@ -1427,8 +1444,7 @@ CVE-2023-31224
RESERVED
CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated author user ...)
NOT-FOR-US: Dradis
-CVE-2023-2295
- RESERVED
+CVE-2023-2295 (A vulnerability was found in the libreswan library. This security issu ...)
NOTE: RedHat assigned duplicate of CVE-2023-30570, reported to the CNA
CVE-2023-2294 (A vulnerability was found in UCMS 1.6.0. It has been classified as pro ...)
NOT-FOR-US: UCMS
@@ -2280,8 +2296,7 @@ CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes Onl
NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...)
NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store
-CVE-2023-2203
- RESERVED
+CVE-2023-2203 (A flaw was found in the WebKitGTK package. An improper input validatio ...)
- webkit2gtk <not-affected> (RHEL-specific backport regression)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188543
CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosariosi ...)
@@ -3915,8 +3930,7 @@ CVE-2023-30466 (This vulnerability exists in Milesight 4K/H.265 Series NVR model
NOT-FOR-US: Milesight
CVE-2023-30465 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Apache InLong
-CVE-2023-1972
- RESERVED
+CVE-2023-1972 (A potential heap based buffer overflow was found in _bfd_elf_slurp_ver ...)
- binutils <unfixed> (unimportant)
NOTE: https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30285
@@ -4652,8 +4666,8 @@ CVE-2023-30126
RESERVED
CVE-2023-30125 (EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).)
NOT-FOR-US: Eyoucms
-CVE-2023-30124
- RESERVED
+CVE-2023-30124 (LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Mem ...)
NOT-FOR-US: wuzhicms
CVE-2023-30122 (An arbitrary file upload vulnerability in the component /admin/ajax.ph ...)
@@ -4937,8 +4951,8 @@ CVE-2023-29987
RESERVED
CVE-2023-29986 (spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibl ...)
NOT-FOR-US: spring-boot-actuator-logview
-CVE-2023-29985
- RESERVED
+CVE-2023-29985 (Sourcecodester Student Study Center Desk Management System v1.0 admin\ ...)
+ TODO: check
CVE-2023-29984
RESERVED
CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8. ...)
@@ -5226,8 +5240,8 @@ CVE-2023-29859
RESERVED
CVE-2023-29858
RESERVED
-CVE-2023-29857
- RESERVED
+CVE-2023-29857 (An issue in Teslamate v1.27.1 allows attackers to obtain sensitive inf ...)
+ TODO: check
CVE-2023-29856 (D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerab ...)
NOT-FOR-US: D-Link
CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via admin/languag ...)
@@ -6843,8 +6857,7 @@ CVE-2023-29273 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affec
NOT-FOR-US: Adobe
CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has b ...)
NOT-FOR-US: Keysight IXIA Hawkeye
-CVE-2023-1859
- RESERVED
+CVE-2023-1859 (A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/tr ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.25-1
[bullseye] - linux 5.10.178-1
@@ -9188,7 +9201,7 @@ CVE-2023-1497 (A vulnerability was found in SourceCodester Simple and Nice Shopp
NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script
CVE-2023-1496 (Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/i ...)
NOT-FOR-US: imgproxy
-CVE-2023-2491
+CVE-2023-2491 (A flaw was found in the Emacs text editor. Processing a specially craf ...)
- emacs <not-affected> (Red Hat specific security regression from CVE-2023-28617 patches)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2192873
CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...)
@@ -13702,7 +13715,7 @@ CVE-2023-27235 (An arbitrary file upload vulnerability in the \admin\c\CommonCon
NOT-FOR-US: Jizhicms
CVE-2023-27234 (A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2. ...)
NOT-FOR-US: Jizhicms
-CVE-2023-27233 (Piwigo v13.5.0 was discovered to contain a SQL injection vulnerability ...)
+CVE-2023-27233 (Piwigo before 13.6.0 was discovered to contain a SQL injection vulnera ...)
- piwigo <removed>
CVE-2023-27232 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
NOT-FOR-US: TOTOLINK
@@ -13734,8 +13747,8 @@ CVE-2023-27219
RESERVED
CVE-2023-27218
RESERVED
-CVE-2023-27217
- RESERVED
+CVE-2023-27217 (A stack-based buffer overflow in the ChangeFriendlyName() function of ...)
+ TODO: check
CVE-2023-27216 (An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated u ...)
NOT-FOR-US: D-Link
CVE-2023-27215
@@ -27634,8 +27647,8 @@ CVE-2023-0034 (The JetWidgets For Elementor WordPress plugin before 1.0.14 does
NOT-FOR-US: WordPress plugin
CVE-2023-0033 (The PDF Viewer WordPress plugin before 1.0.0 does not validate and esc ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4870
- RESERVED
+CVE-2022-4870 (In affected versions of Octopus Deploy it is possible to discover netw ...)
+ TODO: check
CVE-2015-10011 (A vulnerability classified as problematic has been found in OpenDNS Op ...)
NOT-FOR-US: OpenResolve
CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been rated as ...)
@@ -44604,8 +44617,8 @@ CVE-2023-20191
RESERVED
CVE-2023-20190
RESERVED
-CVE-2023-20189
- RESERVED
+CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
CVE-2023-20188
RESERVED
CVE-2023-20187
@@ -44614,12 +44627,12 @@ CVE-2023-20186
RESERVED
CVE-2023-20185
RESERVED
-CVE-2023-20184
- RESERVED
-CVE-2023-20183
- RESERVED
-CVE-2023-20182
- RESERVED
+CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
+ TODO: check
+CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
+ TODO: check
+CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
+ TODO: check
CVE-2023-20181
RESERVED
CVE-2023-20180
@@ -44634,44 +44647,44 @@ CVE-2023-20176
RESERVED
CVE-2023-20175
RESERVED
-CVE-2023-20174
- RESERVED
-CVE-2023-20173
- RESERVED
-CVE-2023-20172
- RESERVED
-CVE-2023-20171
- RESERVED
+CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20173 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2023-20172 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
+ TODO: check
+CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
+ TODO: check
CVE-2023-20170
RESERVED
CVE-2023-20169
RESERVED
CVE-2023-20168
RESERVED
-CVE-2023-20167
- RESERVED
-CVE-2023-20166
- RESERVED
+CVE-2023-20167 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
+ TODO: check
+CVE-2023-20166 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
+ TODO: check
CVE-2023-20165
RESERVED
-CVE-2023-20164
- RESERVED
-CVE-2023-20163
- RESERVED
-CVE-2023-20162
- RESERVED
-CVE-2023-20161
- RESERVED
-CVE-2023-20160
- RESERVED
-CVE-2023-20159
- RESERVED
-CVE-2023-20158
- RESERVED
-CVE-2023-20157
- RESERVED
-CVE-2023-20156
- RESERVED
+CVE-2023-20164 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
+ TODO: check
+CVE-2023-20163 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
+ TODO: check
+CVE-2023-20162 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
+CVE-2023-20161 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
+CVE-2023-20160 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
+CVE-2023-20159 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
+CVE-2023-20158 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
+CVE-2023-20157 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
+CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
CVE-2023-20155
RESERVED
CVE-2023-20154
@@ -44762,16 +44775,16 @@ CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow
NOT-FOR-US: Cisco
CVE-2023-20111
RESERVED
-CVE-2023-20110
- RESERVED
+CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco Smart S ...)
+ TODO: check
CVE-2023-20109
RESERVED
CVE-2023-20108
RESERVED
CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG), also ...)
NOT-FOR-US: Cisco
-CVE-2023-20106
- RESERVED
+CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
+ TODO: check
CVE-2023-20105
RESERVED
CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...)
@@ -44808,8 +44821,8 @@ CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feat
NOT-FOR-US: Cisco
CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...)
NOT-FOR-US: Cisco
-CVE-2023-20087
- RESERVED
+CVE-2023-20087 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2023-20086
RESERVED
CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -44828,8 +44841,8 @@ CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...)
NOT-FOR-US: Cisco
-CVE-2023-20077
- RESERVED
+CVE-2023-20077 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment could ...)
NOT-FOR-US: Cisco
CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could allow an ...)
@@ -44941,8 +44954,8 @@ CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco S
NOT-FOR-US: Cisco
CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
-CVE-2023-20024
- RESERVED
+CVE-2023-20024 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
+ TODO: check
CVE-2023-20023 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
NOT-FOR-US: Cisco
CVE-2023-20022 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...)
@@ -44983,8 +44996,8 @@ CVE-2023-20005
RESERVED
CVE-2023-20004
RESERVED
-CVE-2023-20003
- RESERVED
+CVE-2023-20003 (A vulnerability in the social login configuration option for the guest ...)
+ TODO: check
CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software could all ...)
NOT-FOR-US: Cisco
CVE-2023-20001
@@ -192977,8 +192990,7 @@ CVE-2021-0189 (Use of out-of-range pointer offset in the BIOS firmware for some
NOT-FOR-US: Intel
CVE-2021-0188 (Return of pointer value outside of expected range in the BIOS firmware ...)
NOT-FOR-US: Intel
-CVE-2021-0187
- REJECTED
+CVE-2021-0187 (Improper access control in the BIOS firmware for some Intel(R) Process ...)
NOT-FOR-US: Intel
CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...)
NOT-FOR-US: Intel
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c40180a48ab13cf15fc303b4f56830ef6bcc438
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c40180a48ab13cf15fc303b4f56830ef6bcc438
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230518/f33c6165/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list