[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 31 09:12:39 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c55917d4 by security tracker role at 2023-05-31T08:11:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-33962 (JStachio is a type-safe Java Mustache templating engine. Prior to ver ...)
+ TODO: check
+CVE-2023-33961 (Leantime is a lean open source project management system. Starting in ...)
+ TODO: check
+CVE-2023-33741 (Macrovideo v380pro v1.4.97 shares the device id and password when shar ...)
+ TODO: check
+CVE-2023-33740 (Incorrect access control in luowice v3.5.18 allows attackers to access ...)
+ TODO: check
+CVE-2023-33734 (BlueCMS v1.6 was discovered to contain a SQL injection vulnerability v ...)
+ TODO: check
+CVE-2023-33181 (Xibo is a content management system (CMS). Starting in version 3.0.0 a ...)
+ TODO: check
+CVE-2023-33180 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
+ TODO: check
+CVE-2023-33179 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...)
+ TODO: check
+CVE-2023-32342 (IBM GSKit could allow a remote attacker to obtain sensitive informatio ...)
+ TODO: check
+CVE-2023-2999 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...)
+ TODO: check
+CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
+ TODO: check
+CVE-2023-2836 (The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-2612 (Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ub ...)
+ TODO: check
+CVE-2023-2549 (The Feather Login Page plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2023-2547 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2023-2545 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2023-2436 (The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2023-2435 (The Blog-in-Blog plugin for WordPress is vulnerable to Local File Incl ...)
+ TODO: check
+CVE-2023-2434 (The Nested Pages plugin for WordPress is vulnerable to unauthorized lo ...)
+ TODO: check
+CVE-2015-10107 (A vulnerability was found in Simplr Registration Form Plus+ Plugin up ...)
+ TODO: check
+CVE-2014-125103 (A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on ...)
+ TODO: check
+CVE-2012-10015 (A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on ...)
+ TODO: check
CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
NOT-FOR-US: RIOT-OS
CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...)
@@ -106,7 +154,7 @@ CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2014-125102 (A vulnerability classified as problematic was found in Bestwebsoft Rel ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2953 [potential null pointer dereference flaw]
+CVE-2023-2953 (A vulnerability was found in openldap. This security flaw causes a nul ...)
[experimental] - openldap 2.6.4+dfsg-1~exp1
- openldap <unfixed>
[bookworm] - openldap <no-dsa> (Minor issue)
@@ -118,13 +166,13 @@ CVE-2023-2953 [potential null pointer dereference flaw]
NOTE: https://git.openldap.org/openldap/openldap/-/commit/840944e26f734bb03d925f26c4ef11a6cedcbb9c (OPENLDAP_REL_ENG_2_6_4)
NOTE: https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce (OPENLDAP_REL_ENG_2_5_14)
NOTE: https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b (OPENLDAP_REL_ENG_2_5_14)
-CVE-2023-34153 [Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding]
+CVE-2023-34153 (A vulnerability was found in ImageMagick. This security flaw causes a ...)
- imagemagick <not-affected> (Vulnerable code introduced later in ImageMagick7)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/6338
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d31c80d15a2c82fc1dd8e889e0f97b0219079a57 (7.1.1-10)
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/8fdb81b3c551a37f41a6370fe7d1634406eb1cef
NOTE: introduces the vsync and pix_fmt features, without introducing the vulnerability.
-CVE-2023-34152 [RCE vulnerability in OpenBlob with --enable-pipes configured]
+CVE-2023-34152 (A vulnerability was found in ImageMagick. This security flaw cause a r ...)
- imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339
NOTE: Only an issue when configured with --enable-pipes. Enabling pipes are
@@ -202,43 +250,43 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0.
NOT-FOR-US: OpenEMR
CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
NOT-FOR-US: OpenEMR
-CVE-2023-2941
+CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome prior ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2940
+CVE-2023-2940 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2939
+CVE-2023-2939 (Insufficient data validation in Installer in Google Chrome on Windows ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2938
+CVE-2023-2938 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2937
+CVE-2023-2937 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2936
+CVE-2023-2936 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2935
+CVE-2023-2935 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2934
+CVE-2023-2934 (Out of bounds memory access in Mojo in Google Chrome prior to 114.0.57 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2933
+CVE-2023-2933 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2932
+CVE-2023-2932 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2931
+CVE-2023-2931 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2930
+CVE-2023-2930 (Use after free in Extensions in Google Chrome prior to 114.0.5735.90 a ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2929
+CVE-2023-2929 (Out of bounds write in Swiftshader in Google Chrome prior to 114.0.573 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been declar ...)
@@ -2434,8 +2482,8 @@ CVE-2023-2306
RESERVED
CVE-2023-2305
RESERVED
-CVE-2023-2304
- RESERVED
+CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
CVE-2023-2303
RESERVED
CVE-2023-2302
@@ -5582,8 +5630,8 @@ CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect A
NOT-FOR-US: Prestashop
CVE-2023-30198
RESERVED
-CVE-2023-30197
- RESERVED
+CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinventory) <= ...)
+ TODO: check
CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...)
NOT-FOR-US: Prestashop
CVE-2023-30195
@@ -6535,22 +6583,22 @@ CVE-2023-29747
RESERVED
CVE-2023-29746
RESERVED
-CVE-2023-29745
- RESERVED
+CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
+ TODO: check
CVE-2023-29744
RESERVED
-CVE-2023-29743
- RESERVED
-CVE-2023-29742
- RESERVED
-CVE-2023-29741
- RESERVED
-CVE-2023-29740
- RESERVED
-CVE-2023-29739
- RESERVED
-CVE-2023-29738
- RESERVED
+CVE-2023-29743 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
+ TODO: check
+CVE-2023-29742 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
+ TODO: check
+CVE-2023-29741 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...)
+ TODO: check
+CVE-2023-29740 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...)
+ TODO: check
+CVE-2023-29739 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...)
+ TODO: check
+CVE-2023-29738 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...)
+ TODO: check
CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...)
TODO: check
CVE-2023-29736
@@ -6569,12 +6617,12 @@ CVE-2023-29730
RESERVED
CVE-2023-29729
RESERVED
-CVE-2023-29728
- RESERVED
-CVE-2023-29727
- RESERVED
-CVE-2023-29726
- RESERVED
+CVE-2023-29728 (The Call Blocker application 6.6.3 for Android allows attackers to tam ...)
+ TODO: check
+CVE-2023-29727 (The Call Blocker application 6.6.3 for Android allows unauthorized app ...)
+ TODO: check
+CVE-2023-29726 (The Call Blocker application 6.6.3 for Android incorrectly opens a key ...)
+ TODO: check
CVE-2023-29725
RESERVED
CVE-2023-29724
@@ -9223,8 +9271,8 @@ CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced brow
NOT-FOR-US: Coverity
CVE-2023-1662
RESERVED
-CVE-2023-1661
- RESERVED
+CVE-2023-1661 (The Display post meta, term meta, comment meta, and user meta plugin f ...)
+ TODO: check
CVE-2023-1660 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1659
@@ -11183,26 +11231,26 @@ CVE-2023-28355
RESERVED
CVE-2023-28354
RESERVED
-CVE-2023-28353
- RESERVED
-CVE-2023-28352
- RESERVED
-CVE-2023-28351
- RESERVED
-CVE-2023-28350
- RESERVED
-CVE-2023-28349
- RESERVED
-CVE-2023-28348
- RESERVED
-CVE-2023-28347
- RESERVED
-CVE-2023-28346
- RESERVED
-CVE-2023-28345
- RESERVED
-CVE-2023-28344
- RESERVED
+CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. An ...)
+ TODO: check
+CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. By ...)
+ TODO: check
+CVE-2023-28351 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Eve ...)
+ TODO: check
+CVE-2023-28350 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Att ...)
+ TODO: check
+CVE-2023-28349 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...)
+ TODO: check
+CVE-2023-28348 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. A s ...)
+ TODO: check
+CVE-2023-28347 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...)
+ TODO: check
+CVE-2023-28346 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...)
+ TODO: check
+CVE-2023-28345 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...)
+ TODO: check
+CVE-2023-28344 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...)
+ TODO: check
CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...)
NOT-FOR-US: Altenergy Power Control Software
CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not properly ...)
@@ -17585,8 +17633,8 @@ CVE-2023-26133
RESERVED
CVE-2023-26132
RESERVED
-CVE-2023-26131
- RESERVED
+CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...)
+ TODO: check
CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...)
TODO: check
CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command Injection ...)
@@ -19180,8 +19228,8 @@ CVE-2015-10078 (A vulnerability, which was classified as problematic, has been f
NOT-FOR-US: Resend Welcome Email Plugin
CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
-CVE-2023-0779
- RESERVED
+CVE-2023-0779 (At the most basic level, an invalid pointer can be input that crashes ...)
+ TODO: check
CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...)
- libpod 4.3.1+ds1-7 (bug #1032099)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256
@@ -19625,8 +19673,8 @@ CVE-2023-25541
RESERVED
CVE-2023-25540 (Dell PowerScale OneFS 9.4.0.x contains an incorrect default permission ...)
NOT-FOR-US: Dell
-CVE-2023-25539
- RESERVED
+CVE-2023-25539 (Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerabilit ...)
+ TODO: check
CVE-2023-25538
RESERVED
CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Preci ...)
@@ -25483,8 +25531,8 @@ CVE-2023-23564
RESERVED
CVE-2023-23563
RESERVED
-CVE-2023-23562
- RESERVED
+CVE-2023-23562 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...)
+ TODO: check
CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...)
NOT-FOR-US: Stormshield Endpoint Security
CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...)
@@ -31821,10 +31869,10 @@ CVE-2022-47528
RESERVED
CVE-2022-47527
RESERVED
-CVE-2022-47526
- RESERVED
-CVE-2022-47525
- RESERVED
+CVE-2022-47526 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path travers ...)
+ TODO: check
+CVE-2022-47525 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Ze ...)
+ TODO: check
CVE-2022-47524 (F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homog ...)
NOT-FOR-US: F-Secure SAFE Browser
CVE-2022-47523 (Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pr ...)
@@ -59367,16 +59415,16 @@ CVE-2022-39077
RESERVED
CVE-2022-39076
RESERVED
-CVE-2022-39075
- RESERVED
-CVE-2022-39074
- RESERVED
+CVE-2022-39075 (There is an unauthorized access vulnerability in some ZTE mobile phone ...)
+ TODO: check
+CVE-2022-39074 (There is an unauthorized access vulnerability in some ZTE mobile phone ...)
+ TODO: check
CVE-2022-39073 (There is a command injection vulnerability in ZTE MF286R, Due to insuf ...)
NOT-FOR-US: ZTE
CVE-2022-39072 (There is a SQL injection vulnerability in Some ZTE Mobile Internet pro ...)
NOT-FOR-US: ZTE
-CVE-2022-39071
- RESERVED
+CVE-2022-39071 (There is an unauthorized access vulnerability in some ZTE mobile phone ...)
+ TODO: check
CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT products. ...)
NOT-FOR-US: ZTE
CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...)
@@ -77262,7 +77310,7 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do
NOTE: https://github.com/ImageMagick/ImageMagick/pull/5034
NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45)
-CVE-2023-34151 [Undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546)]
+CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw ouccers a ...)
- imagemagick <unfixed>
NOTE: https://github.com/ImageMagick/ImageMagick/issues/6341
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158 (7.1.1-10)
@@ -153463,8 +153511,8 @@ CVE-2021-31235
RESERVED
CVE-2021-31234
RESERVED
-CVE-2021-31233
- RESERVED
+CVE-2021-31233 (SQL Injection vulnerability found in Fighting Cock Information System ...)
+ TODO: check
CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...)
NOT-FOR-US: CNCF Cortex
CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c55917d4ff3830bcb19e099235967bdbfd3ce75f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c55917d4ff3830bcb19e099235967bdbfd3ce75f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230531/2baa9029/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list