Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a78887e3 by security tracker role at 2023-02-24T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2023-26511
+ RESERVED
+CVE-2023-26510
+ RESERVED
+CVE-2023-26509
+ RESERVED
+CVE-2023-26508
+ RESERVED
+CVE-2023-26507
+ RESERVED
+CVE-2023-26506
+ RESERVED
+CVE-2023-26505
+ RESERVED
+CVE-2023-26504
+ RESERVED
+CVE-2023-26503
+ RESERVED
+CVE-2023-26502
+ RESERVED
+CVE-2023-26501
+ RESERVED
+CVE-2023-26500
+ RESERVED
+CVE-2023-26499
+ RESERVED
+CVE-2023-26498
+ RESERVED
+CVE-2023-26497
+ RESERVED
+CVE-2023-26496
+ RESERVED
+CVE-2023-26495
+ RESERVED
+CVE-2023-26494
+ RESERVED
+CVE-2023-26493
+ RESERVED
+CVE-2023-26492
+ RESERVED
+CVE-2023-26491
+ RESERVED
+CVE-2023-26490
+ RESERVED
+CVE-2023-26489
+ RESERVED
+CVE-2023-26488
+ RESERVED
+CVE-2023-26487
+ RESERVED
+CVE-2023-26486
+ RESERVED
+CVE-2023-26485
+ RESERVED
+CVE-2023-26484
+ RESERVED
+CVE-2023-26483
+ RESERVED
+CVE-2023-26482
+ RESERVED
+CVE-2023-26481
+ RESERVED
+CVE-2023-26480
+ RESERVED
+CVE-2023-26479
+ RESERVED
+CVE-2023-26478
+ RESERVED
+CVE-2023-26477
+ RESERVED
+CVE-2023-26476
+ RESERVED
+CVE-2023-26475
+ RESERVED
+CVE-2023-26474
+ RESERVED
+CVE-2023-26473
+ RESERVED
+CVE-2023-26472
+ RESERVED
+CVE-2023-26471
+ RESERVED
+CVE-2023-26470
+ RESERVED
+CVE-2023-26469
+ RESERVED
+CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id
during creat ...)
+ TODO: check
+CVE-2023-26467
+ RESERVED
+CVE-2023-26466
+ RESERVED
+CVE-2023-26465
+ RESERVED
+CVE-2023-25944
+ RESERVED
+CVE-2023-25779
+ RESERVED
+CVE-2023-25777
+ RESERVED
+CVE-2023-25775
+ RESERVED
+CVE-2023-25075
+ RESERVED
+CVE-2023-25073
+ RESERVED
+CVE-2023-24542
+ RESERVED
+CVE-2023-24541
+ RESERVED
+CVE-2023-22342
+ RESERVED
+CVE-2023-22293
+ RESERVED
+CVE-2023-0996 (There is a vulnerability in the strided image data parsing code
in the ...)
+ TODO: check
+CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in GitHub repository
unilogies/bum ...)
+ TODO: check
+CVE-2023-0994 (Improper Access Control in GitHub repository
francoisjacquet/rosariosi ...)
+ TODO: check
+CVE-2023-0993
+ RESERVED
+CVE-2023-0992
+ RESERVED
+CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows
XSS via ...)
+ TODO: check
CVE-2023-26464
RESERVED
CVE-2023-0991
@@ -304,10 +430,10 @@ CVE-2023-26328
RESERVED
CVE-2023-26327
RESERVED
-CVE-2023-26326
- RESERVED
-CVE-2023-26325
- RESERVED
+CVE-2023-26326 (The BuddyForms WordPress plugin, in versions prior to 2.7.8,
was affec ...)
+ TODO: check
+CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin
version ...)
+ TODO: check
CVE-2023-26324
RESERVED
CVE-2023-26323
@@ -505,6 +631,7 @@ CVE-2023-26269
CVE-2023-26268
RESERVED
CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to
110.0.5481.177 all ...)
+ {DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0940
@@ -640,24 +767,31 @@ CVE-2023-26214 (The BusinessConnect UI component of TIBCO
Software Inc.'s TIBCO
CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
NOT-FOR-US: Answer
CVE-2023-0933 (Integer overflow in PDF in Google Chrome prior to
110.0.5481.177 allow ...)
+ {DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0932 (Use after free in WebRTC in Google Chrome on Windows prior to
110.0.54 ...)
+ {DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0931 (Use after free in Video in Google Chrome prior to
110.0.5481.177 allow ...)
+ {DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0930 (Heap buffer overflow in Video in Google Chrome prior to
110.0.5481.177 ...)
+ {DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0929 (Use after free in Vulkan in Google Chrome prior to
110.0.5481.177 allo ...)
+ {DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0928 (Use after free in SwiftShader in Google Chrome prior to
110.0.5481.177 ...)
+ {DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-0927 (Use after free in Web Payments API in Google Chrome on Android
prior t ...)
+ {DSA-5359-1}
- chromium 110.0.5481.177-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an
xlators/cluster/dht/src/dht-com ...)
@@ -678,14 +812,17 @@ CVE-2022-48332
CVE-2022-48331
RESERVED
CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2.
htmlfontify.el has ...)
+ {DSA-5360-1}
- emacs 1:28.2+1-11 (bug #1031730)
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60295
CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In
ruby-mode.el, th ...)
+ {DSA-5360-1}
- emacs 1:28.2+1-11 (bug #1031730)
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60268
CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands
via shell ...)
+ {DSA-5360-1}
- emacs 1:28.2+1-11 (bug #1031730)
NOTE:
https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817
@@ -911,8 +1048,8 @@ CVE-2023-26104
RESERVED
CVE-2023-26103
RESERVED
-CVE-2023-26102
- RESERVED
+CVE-2023-26102 (All versions of the package rangy are vulnerable to Prototype
Pollutio ...)
+ TODO: check
CVE-2023-0926
RESERVED
CVE-2023-0925
@@ -1693,10 +1830,10 @@ CVE-2023-25826
RESERVED
CVE-2023-25825
RESERVED
-CVE-2023-25824
- RESERVED
-CVE-2023-25823
- RESERVED
+CVE-2023-25824 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS.
Versions ...)
+ TODO: check
+CVE-2023-25823 (Gradio is an open-source Python library to build machine
learning and ...)
+ TODO: check
CVE-2023-25822
RESERVED
CVE-2023-25821
@@ -2557,10 +2694,10 @@ CVE-2023-24014
RESERVED
CVE-2023-0756
RESERVED
-CVE-2023-0755
- RESERVED
-CVE-2023-0754
- RESERVED
+CVE-2023-0755 (The affected products are vulnerable to an improper validation
of arra ...)
+ TODO: check
+CVE-2023-0754 (The affected products are vulnerable to an integer overflow or
wraparo ...)
+ TODO: check
CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It
has bee ...)
NOT-FOR-US: dimtion Shaarlier
CVE-2023-25611
@@ -4578,8 +4715,7 @@ CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and
lower suffer from a sto
NOT-FOR-US: Rapid7
CVE-2023-0598
RESERVED
-CVE-2023-0597
- RESERVED
+CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel
cpu_entry_area m ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
CVE-2023-0596
@@ -6101,8 +6237,8 @@ CVE-2023-24319
RESERVED
CVE-2023-24318
RESERVED
-CVE-2023-24317
- RESERVED
+CVE-2023-24317 (Judging Management System 1.0 was discovered to contain an
arbitrary f ...)
+ TODO: check
CVE-2023-24316
RESERVED
CVE-2023-24315
@@ -6311,8 +6447,8 @@ CVE-2023-24214
RESERVED
CVE-2023-24213
RESERVED
-CVE-2023-24212
- RESERVED
+CVE-2023-24212 (Tenda AX3 V16.03.12.11 was discovered to contain a stack
overflow via ...)
+ TODO: check
CVE-2023-24211
RESERVED
CVE-2023-24210
@@ -6325,8 +6461,8 @@ CVE-2023-24207
RESERVED
CVE-2023-24206
RESERVED
-CVE-2023-24205
- RESERVED
+CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote
code exe ...)
+ TODO: check
CVE-2023-24204
RESERVED
CVE-2023-24203
@@ -7055,41 +7191,35 @@ CVE-2023-0408
RESERVED
CVE-2023-0407
RESERVED
-CVE-2023-23920 [Node.js insecure loading of ICU data through ICU_DATA
environment variable]
- RESERVED
+CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js.
<19.6.1, ...)
- nodejs <unfixed> (bug #1031834)
NOTE:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920
NOTE:
https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1
-CVE-2023-23919 [Node.js OpenSSL error handling issues in nodejs crypto library]
- RESERVED
+CVE-2023-23919 (A cryptographic vulnerability exists in Node.js <19.2.0,
<18.14. ...)
- nodejs <unfixed> (bug #1031834)
NOTE:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919
NOTE:
https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029
-CVE-2023-23918 [Node.js Permissions policies can be bypassed via
process.mainModule]
- RESERVED
+CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js
<19.6.1, < ...)
- nodejs <unfixed> (bug #1031834)
NOTE:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-permissions-policies-can-be-bypassed-via-process-mainmodule-high-cve-2023-23918
NOTE: Only affects users enabling experimental permissions option with
--experimental-policy.
NOTE:
https://github.com/nodejs/node/commit/af9140088621abd09016848f4526d66b7a81b9ba
NOTE:
https://github.com/nodejs/node/commit/9b7db62276e4a9c97aedf91daf38bf7b7d23fee4
-CVE-2023-23917
- RESERVED
-CVE-2023-23916 [curl: HTTP multi-header compression denial of service]
- RESERVED
+CVE-2023-23917 (A prototype pollution vulnerability exists in Rocket.Chat
server <5 ...)
+ TODO: check
+CVE-2023-23916 (An allocation of resources without limits or throttling
vulnerability ...)
- curl 7.88.1-1 (bug #1031371)
NOTE: https://curl.se/docs/CVE-2023-23916.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd
(curl-7_57_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/119fb187192a9ea13dc90d9d20c215fc82799ab9
(curl-7_88_0)
-CVE-2023-23915 [curl: HSTS amnesia with --parallel]
- RESERVED
+CVE-2023-23915 (A cleartext transmission of sensitive information
vulnerability exists ...)
- curl 7.88.1-1 (bug #1031371)
[bullseye] - curl <ignored> (curl is not built with HSTS support)
[buster] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.se/docs/CVE-2023-23915.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c
(curl-7_74_0)
NOTE: https://github.com/curl/curl/pull/10138
-CVE-2023-23914 [curl: HSTS ignored on multiple requests]
- RESERVED
+CVE-2023-23914 (A cleartext transmission of sensitive information
vulnerability exists ...)
- curl 7.88.1-1 (bug #1031371)
[bullseye] - curl <ignored> (curl is not built with HSTS support)
[buster] - curl <not-affected> (Vulnerable code introduced later)
@@ -9025,12 +9155,12 @@ CVE-2023-23298
RESERVED
CVE-2023-23297
RESERVED
-CVE-2023-23296
- RESERVED
-CVE-2023-23295
- RESERVED
-CVE-2023-23294
- RESERVED
+CVE-2023-23296 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series
1.6.0 are vu ...)
+ TODO: check
+CVE-2023-23295 (Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series
1.6.0 are vu ...)
+ TODO: check
+CVE-2023-23294 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series
1.6.0 are vu ...)
+ TODO: check
CVE-2023-23293
RESERVED
CVE-2023-23292
@@ -10755,6 +10885,7 @@ CVE-2023-22744
CVE-2023-22743 (Git for Windows is the Windows port of the revision control
system Git ...)
NOT-FOR-US: Git for Windows
CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation
of Git. W ...)
+ {DLA-3340-1}
- libgit2 1.5.1+ds-1 (bug #1029368)
[bullseye] - libgit2 <no-dsa> (Minor issue)
[buster] - libgit2 <no-dsa> (Minor issue)
@@ -12524,10 +12655,10 @@ CVE-2023-22432
RESERVED
CVE-2023-22429
RESERVED
-CVE-2023-22427
- RESERVED
-CVE-2023-22425
- RESERVED
+CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching
function ...)
+ TODO: check
+CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function
of SHIR ...)
+ TODO: check
CVE-2023-22424
RESERVED
CVE-2023-22421
@@ -17722,12 +17853,12 @@ CVE-2022-46788
RESERVED
CVE-2022-46787
RESERVED
-CVE-2022-46786
- RESERVED
-CVE-2022-46785
- RESERVED
-CVE-2022-46784
- RESERVED
+CVE-2022-46786 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows
XSS (is ...)
+ TODO: check
+CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows
XSS (is ...)
+ TODO: check
+CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows
open re ...)
+ TODO: check
CVE-2022-46783
RESERVED
CVE-2022-46782
@@ -18665,8 +18796,8 @@ CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to
SQL Injection. In sys_ sq
NOT-FOR-US: dedecms
CVE-2022-46441
RESERVED
-CVE-2022-46440
- RESERVED
+CVE-2022-46440 (ttftool v0.9.2 was discovered to contain a segmentation
violation via ...)
+ TODO: check
CVE-2022-46439
RESERVED
CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the
/admin/article_categ ...)
@@ -28456,8 +28587,8 @@ CVE-2023-20091
RESERVED
CVE-2023-20090
RESERVED
-CVE-2023-20089
- RESERVED
+CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP)
feature fo ...)
+ TODO: check
CVE-2023-20088
RESERVED
CVE-2023-20087
@@ -28538,8 +28669,8 @@ CVE-2023-20052
NOTE:
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
CVE-2023-20051
RESERVED
-CVE-2023-20050
- RESERVED
+CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
CVE-2023-20049
RESERVED
CVE-2023-20048
@@ -28611,18 +28742,18 @@ CVE-2023-20018 (A vulnerability in the web-based
management interface of Cisco I
NOT-FOR-US: Cisco
CVE-2023-20017
RESERVED
-CVE-2023-20016
- RESERVED
-CVE-2023-20015
- RESERVED
+CVE-2023-20016 (A vulnerability in the backup configuration feature of Cisco
UCS Manag ...)
+ TODO: check
+CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series,
Cisco Firep ...)
+ TODO: check
CVE-2023-20014
RESERVED
CVE-2023-20013
RESERVED
-CVE-2023-20012
- RESERVED
-CVE-2023-20011
- RESERVED
+CVE-2023-20012 (A vulnerability in the CLI console login authentication of
Cisco Nexus ...)
+ TODO: check
+CVE-2023-20011 (A vulnerability in the web-based management interface of Cisco
Applica ...)
+ TODO: check
CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20009
@@ -49638,8 +49769,8 @@ CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to
Buffer Overflow via httpd
NOT-FOR-US: Tenda
CVE-2022-36232
RESERVED
-CVE-2022-36231
- RESERVED
+CVE-2022-36231 (pdf_info 0.5.3 is vulnerable to Command Execution. ...)
+ TODO: check
CVE-2022-36230
RESERVED
CVE-2022-36229
@@ -66301,8 +66432,8 @@ CVE-2022-1609
RESERVED
CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does
not hav ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1607
- RESERVED
+CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar
Plus Sys ...)
+ TODO: check
CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions
before 22.3. ...)
NOT-FOR-US: M-Files Server
CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have
CSRF chec ...)
@@ -212970,13 +213101,13 @@ CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable
to CSRF that allows remote at
CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote
attacker ...)
NOT-FOR-US: iSmartgate PRO
CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x
before 0.99. ...)
- {DLA-2936-1}
+ {DLA-3340-1 DLA-2936-1}
- libgit2 0.28.4+dfsg.1-2
[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on
NTFS like filesystem)
[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on
NTFS like filesystem)
NOTE:
https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4
CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x
before 0.99. ...)
- {DLA-2936-1}
+ {DLA-3340-1 DLA-2936-1}
- libgit2 0.28.4+dfsg.1-2
[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on
NTFS like filesystem)
[jessie] - libgit2 <no-dsa> (Minor issue; only problematic when used on
NTFS like filesystem)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a78887e369b6c727b3949da43e71518f0dd8cbd1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a78887e369b6c727b3949da43e71518f0dd8cbd1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
