[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 19 09:12:07 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
562dcecf by security tracker role at 2023-05-19T08:11:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-33240 (Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1 ...)
+	TODO: check
+CVE-2023-32680 (Metabase is an open source business analytics engine. To edit SQL Snip ...)
+	TODO: check
+CVE-2023-2704 (The BP Social Connect plugin for WordPress is vulnerable to authentica ...)
+	TODO: check
 CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-32322 (Ombi is an open source application which allows users to request speci ...)
@@ -3527,10 +3533,10 @@ CVE-2023-2027 (The ZM Ajax Login & Register plugin for WordPress is vulnerable t
 	NOT-FOR-US: ZM Ajax Login & Register plugin for WordPress
 CVE-2023-2026
 	RESERVED
-CVE-2023-2025
-	RESERVED
-CVE-2023-2024
-	RESERVED
+CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75  ...)
+	TODO: check
+CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector  ...)
+	TODO: check
 CVE-2023-2023
 	RESERVED
 CVE-2023-2022
@@ -3934,8 +3940,8 @@ CVE-2023-30472
 	RESERVED
 CVE-2023-30471
 	RESERVED
-CVE-2023-30470
-	RESERVED
+CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode generati ...)
+	TODO: check
 CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...)
 	{DLA-3404-1 DLA-3403-1}
 	- linux 6.1.25-1
@@ -8524,8 +8530,8 @@ CVE-2023-1620
 	RESERVED
 CVE-2023-1619
 	RESERVED
-CVE-2023-1618
-	RESERVED
+CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...)
+	TODO: check
 CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...)
 	NOT-FOR-US: B&R Industrial Automation
 CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has bee ...)
@@ -8760,8 +8766,7 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0
 	NOTE: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
 CVE-2023-28754
 	RESERVED
-CVE-2023-28753
-	RESERVED
+CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in its pa ...)
 	NOT-FOR-US: netconsd
 CVE-2023-28752
 	RESERVED
@@ -11118,8 +11123,8 @@ CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HP
 	NOT-FOR-US: HPE
 CVE-2023-28082
 	RESERVED
-CVE-2023-28081
-	RESERVED
+CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc21 ...)
+	TODO: check
 CVE-2023-28080
 	RESERVED
 CVE-2023-28079
@@ -11995,8 +12000,7 @@ CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/c
 	NOT-FOR-US: UVdesk
 CVE-2023-1196 (The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x be ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-1195
-	RESERVED
+CVE-2023-1195 (A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in  ...)
 	- linux 6.1.4-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -17067,8 +17071,8 @@ CVE-2023-25935
 	RESERVED
 CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...)
 	NOT-FOR-US: Dell
-CVE-2023-25933
-	RESERVED
+CVE-2023-25933 (A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de ...)
+	TODO: check
 CVE-2023-25756
 	RESERVED
 CVE-2023-25546
@@ -20414,10 +20418,10 @@ CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker can
 	NOTE: https://github.com/facebook/zstd/commit/e1873ad576cb478fff0e6e44ad99599cd5fd2846 (v1.5.4)
 	NOTE: https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa (v1.5.4)
 	NOTE: Introduced by https://github.com/facebook/zstd/commit/9a8ccd4ba377060fbe180bcbc3e2bb714bda8726 (v1.4.7)
-CVE-2023-24833
-	RESERVED
-CVE-2023-24832
-	RESERVED
+CVE-2023-24833 (A use-after-free in BigIntPrimitive addition in Hermes prior to commit ...)
+	TODO: check
+CVE-2023-24832 (A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf ...)
+	TODO: check
 CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One server b ...)
 	NOT-FOR-US: Trend Micro
 CVE-2023-0586 (The All in One SEO Pack plugin for WordPress is vulnerable to Stored C ...)
@@ -23554,8 +23558,8 @@ CVE-2023-23761 (An improper authentication vulnerability was identified in GitHu
 	NOT-FOR-US: Github Enterprise Server
 CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
 	NOT-FOR-US: Github Enterprise Server
-CVE-2023-23759
-	RESERVED
+CVE-2023-23759 (There is a vulnerability in the fizz library prior to v2023.01.30.00 w ...)
+	TODO: check
 CVE-2023-23758
 	RESERVED
 CVE-2023-23757
@@ -24361,10 +24365,10 @@ CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the L
 	NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
 CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp.  ...)
 	- eternal-terminal <itp> (bug #861635)
-CVE-2023-23557
-	RESERVED
-CVE-2023-23556
-	RESERVED
+CVE-2023-23557 (An error in Hermes' algorithm for copying objects properties prior to  ...)
+	TODO: check
+CVE-2023-23556 (An error in BigInt conversion to Number in Hermes prior to commit a6dc ...)
+	TODO: check
 CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2023-23553 (Control By Web X-400 devices are vulnerable to a cross-site scripting  ...)
@@ -67364,8 +67368,8 @@ CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
 	NOT-FOR-US: Microsoft
 CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID  ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-35798
-	RESERVED
+CVE-2022-35798 (Azure Arc Jumpstart Information Disclosure Vulnerability)
+	TODO: check
 CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability.)
 	NOT-FOR-US: Microsoft
 CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/562dcecf766840d64f6033c8b3f4c2dd0d3fe13c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/562dcecf766840d64f6033c8b3f4c2dd0d3fe13c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230519/27eb8069/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list