Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2f452d45 by security tracker role at 2023-02-22T08:10:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2023-26314
+CVE-2023-26313
+ RESERVED
+CVE-2023-26312
+ RESERVED
+CVE-2023-26311
+ RESERVED
+CVE-2023-26310
+ RESERVED
+CVE-2023-26309
+ RESERVED
+CVE-2023-26308
+ RESERVED
+CVE-2023-26307
+ RESERVED
+CVE-2023-26306
+ RESERVED
+CVE-2023-26305
+ RESERVED
+CVE-2023-26304
+ RESERVED
+CVE-2023-26303
+ RESERVED
+CVE-2023-26302
+ RESERVED
+CVE-2023-26301
+ RESERVED
+CVE-2023-26300
+ RESERVED
+CVE-2023-26299
+ RESERVED
+CVE-2023-26298
+ RESERVED
+CVE-2023-26297
+ RESERVED
+CVE-2023-26296
+ RESERVED
+CVE-2023-26295
+ RESERVED
+CVE-2023-26294
+ RESERVED
+CVE-2023-0947 (Path Traversal in GitHub repository flatpressblog/flatpress
prior to 1 ...)
+ TODO: check
+CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS
Management S ...)
+ TODO: check
+CVE-2023-0945 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2023-0944
+ RESERVED
+CVE-2023-0943 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows
arbitrary ...)
- mono 6.8.0.105+dfsg-3.3 (bug #972146)
[bullseye] - mono <no-dsa> (Minor issue; will be fixed via point
release)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1
@@ -561,10 +613,10 @@ CVE-2022-48329 (MISP before 2.4.166 unsafely allows users
to use the order param
NOT-FOR-US: MISP
CVE-2022-48328 (app/Controller/Component/IndexFilterComponent.php in MISP
before 2.4.1 ...)
NOT-FOR-US: MISP
-CVE-2021-4325
- RESERVED
-CVE-2017-20179
- RESERVED
+CVE-2021-4325 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2017-20179 (A vulnerability was found in InSTEDD Pollit 2.3.1. It has been
rated a ...)
+ TODO: check
CVE-2015-10085 (A vulnerability was found in GoPistolet. It has been declared
as probl ...)
TODO: check
CVE-2015-10084 (A vulnerability was found in irontec klear-library chloe and
classifie ...)
@@ -1251,12 +1303,12 @@ CVE-2023-25814
RESERVED
CVE-2023-25813
RESERVED
-CVE-2023-25812
- RESERVED
-CVE-2023-25811
- RESERVED
-CVE-2023-25810
- RESERVED
+CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected
versions do ...)
+ TODO: check
+CVE-2023-25811 (Uptime Kuma is a self-hosted monitoring tool. In versions
prior to 1.2 ...)
+ TODO: check
+CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions
prior to 1.2 ...)
+ TODO: check
CVE-2023-25809
RESERVED
CVE-2023-25808
@@ -1691,42 +1743,52 @@ CVE-2023-25691
CVE-2023-0805
RESERVED
CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/497
CVE-2023-0803 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/501
CVE-2023-0802 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/500
CVE-2023-0801 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
libtiff/tif_un ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/498
CVE-2023-0800 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/496
CVE-2023-0799 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop. ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/494
CVE-2023-0798 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop. ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/492
CVE-2023-0797 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
libtiff/tif_uni ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/495
CVE-2023-0796 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop. ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/499
CVE-2023-0795 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop. ...)
+ {DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/493
@@ -1919,8 +1981,8 @@ CVE-2023-25659
RESERVED
CVE-2023-25658
RESERVED
-CVE-2023-25657
- RESERVED
+CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
+ TODO: check
CVE-2023-25656 (notation-go is a collection of libraries for supporting
Notation sign, ...)
NOT-FOR-US: notation-go
CVE-2023-25655
@@ -3261,10 +3323,10 @@ CVE-2023-25160 (Nextcloud Mail is an email app for the
Nextcloud home server pla
NOT-FOR-US: Nextcloud Mail
CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2023-25158
- RESERVED
-CVE-2023-25157
- RESERVED
+CVE-2023-25158 (GeoTools is an open source Java library that provides tools
for geospa ...)
+ TODO: check
+CVE-2023-25157 (GeoServer is an open source software server written in Java
that allow ...)
+ TODO: check
CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not
impose rate ...)
NOT-FOR-US: Kiwi TCMS
CVE-2023-25155
@@ -5609,8 +5671,8 @@ CVE-2023-24322 (A reflected cross-site scripting (XSS)
vulnerability in the File
NOT-FOR-US: Mojoportal
CVE-2023-24321
RESERVED
-CVE-2023-24320
- RESERVED
+CVE-2023-24320 (An access control issue in Axcora POS #0~gitf77ec09 allows
unauthentic ...)
+ TODO: check
CVE-2023-24319
RESERVED
CVE-2023-24318
@@ -6033,10 +6095,10 @@ CVE-2023-24110
RESERVED
CVE-2023-24109
RESERVED
-CVE-2023-24108
- RESERVED
-CVE-2023-24107
- RESERVED
+CVE-2023-24108 (MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was
discovered to co ...)
+ TODO: check
+CVE-2023-24107 (hour_of_code_python_2015 commit
520929797b9ca43bb818b2e8f963fb2025459f ...)
+ TODO: check
CVE-2023-24106
RESERVED
CVE-2023-24105
@@ -6087,10 +6149,10 @@ CVE-2023-24083
RESERVED
CVE-2023-24082
RESERVED
-CVE-2023-24081
- RESERVED
-CVE-2023-24080
- RESERVED
+CVE-2023-24081 (Multiple stored cross-site scripting (XSS) vulnerabilities in
Redrock ...)
+ TODO: check
+CVE-2023-24080 (A lack of rate limiting on the password reset endpoint of
Chamberlain ...)
+ TODO: check
CVE-2023-24079
RESERVED
CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to
contain a r ...)
@@ -17755,8 +17817,8 @@ CVE-2022-46639 (A vulnerability in the
descarga_etiqueta.php component of Correo
NOT-FOR-US: Prestashop
CVE-2022-46638
RESERVED
-CVE-2022-46637
- RESERVED
+CVE-2022-46637 (Prolink router PRS1841 was discovered to contain hardcoded
credentials ...)
+ TODO: check
CVE-2022-46636
RESERVED
CVE-2022-46635
@@ -24899,14 +24961,14 @@ CVE-2023-20860
RESERVED
CVE-2023-20859
RESERVED
-CVE-2023-20858
- RESERVED
+CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x
prior to 8 ...)
+ TODO: check
CVE-2023-20857
RESERVED
CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass
vulnerabilit ...)
NOT-FOR-US: VMware
-CVE-2023-20855
- RESERVED
+CVE-2023-20855 (VMware vRealize Orchestrator contains an XML External Entity
(XXE) vul ...)
+ TODO: check
CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion
vulnerability. ...)
NOT-FOR-US: VMware
CVE-2022-44605
@@ -41973,8 +42035,8 @@ CVE-2022-38781
RESERVED
CVE-2022-38780
RESERVED
-CVE-2022-38779
- RESERVED
+CVE-2022-38779 (An open redirect issue was discovered in Kibana that could
lead to a u ...)
+ TODO: check
CVE-2022-38778 (A flaw (CVE-2022-38900) was discovered in one of
Kibana’s third ...)
- kibana <itp> (bug #700337)
CVE-2022-38777 (An issue was discovered in the rollback feature of Elastic
Endpoint Se ...)
@@ -43226,8 +43288,8 @@ CVE-2022-38393 (A denial of service vulnerability
exists in the cfg_server cm_pr
CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from
11.3.4 pri ...)
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
-CVE-2022-2883
- RESERVED
+CVE-2022-2883 (In affected versions of Octopus Deploy it is possible to upload
a zipb ...)
+ TODO: check
CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-2881 (The underlying bug might cause read past end of the buffer and
either ...)
@@ -153236,35 +153298,35 @@ CVE-2021-23953 (If a user clicked into a
specifically crafted PDF, the PDF reade
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23953
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23953
CVE-2021-23952
- RESERVED
+ REJECTED
CVE-2021-23951
- RESERVED
+ REJECTED
CVE-2021-23950
- RESERVED
+ REJECTED
CVE-2021-23949
- RESERVED
+ REJECTED
CVE-2021-23948
- RESERVED
+ REJECTED
CVE-2021-23947
- RESERVED
+ REJECTED
CVE-2021-23946
- RESERVED
+ REJECTED
CVE-2021-23945
- RESERVED
+ REJECTED
CVE-2021-23944
- RESERVED
+ REJECTED
CVE-2021-23943
- RESERVED
+ REJECTED
CVE-2021-23942
- RESERVED
+ REJECTED
CVE-2021-23941
- RESERVED
+ REJECTED
CVE-2021-23940
- RESERVED
+ REJECTED
CVE-2021-23939
- RESERVED
+ REJECTED
CVE-2021-23938
- RESERVED
+ REJECTED
CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in
WebClie ...)
NOT-FOR-US: Apache Wicket
CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to
a bypas ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f452d4526f14388658993253371dc9f0ab7f57a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f452d4526f14388658993253371dc9f0ab7f57a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
