Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc26f5a0 by security tracker role at 2023-02-24T20:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2023-26543
+ RESERVED
+CVE-2023-26542
+ RESERVED
+CVE-2023-26541
+ RESERVED
+CVE-2023-26540
+ RESERVED
+CVE-2023-26539
+ RESERVED
+CVE-2023-26538
+ RESERVED
+CVE-2023-26537
+ RESERVED
+CVE-2023-26536
+ RESERVED
+CVE-2023-26535
+ RESERVED
+CVE-2023-26534
+ RESERVED
+CVE-2023-26533
+ RESERVED
+CVE-2023-26532
+ RESERVED
+CVE-2023-26531
+ RESERVED
+CVE-2023-26530
+ RESERVED
+CVE-2023-26529
+ RESERVED
+CVE-2023-26528
+ RESERVED
+CVE-2023-26527
+ RESERVED
+CVE-2023-26526
+ RESERVED
+CVE-2023-26525
+ RESERVED
+CVE-2023-26524
+ RESERVED
+CVE-2023-26523
+ RESERVED
+CVE-2023-26522
+ RESERVED
+CVE-2023-26521
+ RESERVED
+CVE-2023-26520
+ RESERVED
+CVE-2023-26519
+ RESERVED
+CVE-2023-26518
+ RESERVED
+CVE-2023-26517
+ RESERVED
+CVE-2023-26516
+ RESERVED
+CVE-2023-26515
+ RESERVED
+CVE-2023-26514
+ RESERVED
+CVE-2023-26513
+ RESERVED
+CVE-2023-26512
+ RESERVED
+CVE-2023-1025
+ RESERVED
+CVE-2023-1024
+ RESERVED
+CVE-2023-1023
+ RESERVED
+CVE-2023-1022
+ RESERVED
+CVE-2023-1021
+ RESERVED
+CVE-2023-1020
+ RESERVED
+CVE-2023-1019
+ RESERVED
+CVE-2023-1018
+ RESERVED
+CVE-2023-1017
+ RESERVED
+CVE-2023-1016
+ RESERVED
+CVE-2023-1015
+ RESERVED
+CVE-2023-1014
+ RESERVED
+CVE-2023-1013
+ RESERVED
+CVE-2023-1012
+ RESERVED
+CVE-2023-1011
+ RESERVED
+CVE-2023-1010 (A vulnerability classified as critical was found in vox2png
1.0. Affec ...)
+ TODO: check
+CVE-2023-1009 (A vulnerability classified as problematic has been found in
DrayTek Vi ...)
+ TODO: check
+CVE-2023-1008 (A vulnerability was found in Twister Antivirus 8.17. It has
been rated ...)
+ TODO: check
+CVE-2023-1007 (A vulnerability was found in Twister Antivirus 8.17. It has
been decla ...)
+ TODO: check
+CVE-2023-1006 (A vulnerability was found in SourceCodester Medical Certificate
Genera ...)
+ TODO: check
+CVE-2023-1005 (A vulnerability was found in JP1016 Markdown-Electron and
classified a ...)
+ TODO: check
+CVE-2023-1004 (A vulnerability has been found in MarkText up to 0.17.1 and
classified ...)
+ TODO: check
+CVE-2023-1003
+ RESERVED
+CVE-2023-1002 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-1001
+ RESERVED
+CVE-2023-1000
+ RESERVED
+CVE-2023-0999 (A vulnerability classified as problematic was found in
SourceCodester ...)
+ TODO: check
+CVE-2023-0998 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce
System ...)
+ TODO: check
CVE-2023-26511
RESERVED
CVE-2023-26510
@@ -1453,8 +1575,7 @@ CVE-2023-25958
RESERVED
CVE-2023-25957
RESERVED
-CVE-2023-25956
- RESERVED
+CVE-2023-25956 (Generation of Error Message Containing Sensitive Information
vulnerabi ...)
NOT-FOR-US: Apache Airflow AWS Provider
CVE-2023-25077
RESERVED
@@ -2283,71 +2404,67 @@ CVE-2023-25698
RESERVED
CVE-2023-25697
RESERVED
-CVE-2023-25696
- RESERVED
+CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow
Hive Pro ...)
NOT-FOR-US: Apache Airflow Hive Provider
CVE-2023-25695
RESERVED
CVE-2023-25694
RESERVED
-CVE-2023-25693
- RESERVED
+CVE-2023-25693 (Improper Input Validation vulnerability in the Apache Airflow
Sqoop Pr ...)
NOT-FOR-US: Apache Airflow Sqoop Provider
-CVE-2023-25692
- RESERVED
+CVE-2023-25692 (Improper Input Validation vulnerability in the Apache Airflow
Google P ...)
NOT-FOR-US: Apache Airflow Google Provider
-CVE-2023-25691
- RESERVED
+CVE-2023-25691 (Improper Input Validation vulnerability in the Apache Airflow
Google P ...)
NOT-FOR-US: Apache Airflow Google Provider
CVE-2023-0805
RESERVED
CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/497
CVE-2023-0803 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/501
CVE-2023-0802 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/500
CVE-2023-0801 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
libtiff/tif_un ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/498
CVE-2023-0800 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in
tools/tiffcrop ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/496
CVE-2023-0799 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop. ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/494
CVE-2023-0798 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop. ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/492
CVE-2023-0797 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
libtiff/tif_uni ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/495
CVE-2023-0796 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop. ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/499
CVE-2023-0795 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in
tools/tiffcrop. ...)
- {DLA-3333-1}
+ {DSA-5361-1 DLA-3333-1}
- tiff 4.5.0-5 (bug #1031632)
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/493
@@ -3711,7 +3828,7 @@ CVE-2023-25200
RESERVED
CVE-2023-25199
RESERVED
-CVE-2023-0687 (A vulnerability was found in GNU C Library 2.38. It has been
declared ...)
+CVE-2023-0687 (** DISPUTED ** A vulnerability was found in GNU C Library 2.38.
It has ...)
NOTE: Not considered a security issue
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29444
NOTE:
https://patchwork.sourceware.org/project/glibc/patch/[email protected]/
@@ -3924,6 +4041,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a
critical injection vulne
CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All
versions & ...)
NOT-FOR-US: Siemens
CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X
before 8.2.3 ...)
+ {DSA-5363-1}
- php8.2 <unfixed> (bug #1031368)
- php7.4 <removed>
- php7.3 <removed>
@@ -4724,8 +4842,8 @@ CVE-2023-0597 (A flaw possibility of memory leak in the
Linux kernel cpu_entry_a
NOTE:
https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1)
CVE-2023-0596
RESERVED
-CVE-2023-0595
- RESERVED
+CVE-2023-0595 (A CWE-117: Improper Output Neutralization for Logs
vulnerability exist ...)
+ TODO: check
CVE-2023-0594
RESERVED
CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS
filesystem extra ...)
@@ -4753,10 +4871,10 @@ CVE-2023-24832
RESERVED
CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One
server b ...)
NOT-FOR-US: Trend Micro
-CVE-2023-0586
- RESERVED
-CVE-2023-0585
- RESERVED
+CVE-2023-0586 (The All in One SEO Pack plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2023-0585 (The All in One SEO Pack plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
CVE-2016-15023 (A vulnerability, which was classified as problematic, was
found in Sit ...)
NOT-FOR-US: SiteFusion
CVE-2023-24831
@@ -5260,6 +5378,7 @@ CVE-2023-0570 (A vulnerability, which was classified as
critical, was found in S
CVE-2023-0569 (Weak Password Requirements in GitHub repository publify/publify
prior ...)
NOT-FOR-US: Publify
CVE-2023-0568 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X
before 8.2.3 ...)
+ {DSA-5363-1}
- php8.2 <unfixed> (bug #1031368)
- php7.4 <removed>
- php7.3 <removed>
@@ -5267,6 +5386,7 @@ CVE-2023-0568 (In PHP 8.0.X before 8.0.28, 8.1.X before
8.1.16 and 8.2.X before
NOTE: Fixed in: 8.2.3
NOTE:
https://github.com/php/php-src/commit/ec10b28d64decbc54aa1e585dce580f0bd7a5953
CVE-2023-0567 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X
before 8.2.3 ...)
+ {DSA-5363-1}
- php8.2 <unfixed> (bug #1031368)
- php7.4 <removed>
- php7.3 <removed>
@@ -5758,8 +5878,7 @@ CVE-2023-0482 (In RESTEasy the insecure
File.createTempFile() is used in the Dat
[buster] - resteasy3.0 <no-dsa> (Minor issue)
NOTE: https://github.com/resteasy/resteasy/pull/3409/
NOTE:
https://github.com/resteasy/resteasy/commit/3d8a551d80b98f185edaff6f895188ec8211366b
-CVE-2023-0481
- RESERVED
+CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure
File.creat ...)
NOT-FOR-US: Quarkus
CVE-2023-0480
RESERVED
@@ -7212,6 +7331,7 @@ CVE-2023-23918 (A privilege escalation vulnerability
exists in Node.js <19.6.
CVE-2023-23917 (A prototype pollution vulnerability exists in Rocket.Chat
server <5 ...)
NOT-FOR-US: Rocket.Chat
CVE-2023-23916 (An allocation of resources without limits or throttling
vulnerability ...)
+ {DLA-3341-1}
- curl 7.88.1-1 (bug #1031371)
NOTE: https://curl.se/docs/CVE-2023-23916.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd
(curl-7_57_0)
@@ -9341,8 +9461,8 @@ CVE-2023-23207
RESERVED
CVE-2023-23206
RESERVED
-CVE-2023-23205
- RESERVED
+CVE-2023-23205 (An issue was discovered in lib60870 v2.3.2. There is a memory
leak in ...)
+ TODO: check
CVE-2023-23204
RESERVED
CVE-2023-23203
@@ -17661,9 +17781,9 @@ CVE-2022-4388
RESERVED
CVE-2022-4387
RESERVED
-CVE-2022-4386 (The Intuitive Custom Post Order WordPress plugin through 3.1.3
lacks C ...)
+CVE-2022-4386 (The Intuitive Custom Post Order WordPress plugin before 3.1.4
lacks CS ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4385 (The Intuitive Custom Post Order WordPress plugin through 3.1.3
does no ...)
+CVE-2022-4385 (The Intuitive Custom Post Order WordPress plugin before 3.1.4
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4384 (The Stream WordPress plugin before 3.9.2 does not prevent users
with l ...)
NOT-FOR-US: WordPress plugin
@@ -19506,8 +19626,7 @@ CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5
and 15.4.6 using a branch w
- gitlab <unfixed>
CVE-2022-4204
RESERVED
-CVE-2022-4203 [openssl: X.509 Name Constraints Read Buffer Overflow]
- RESERVED
+CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate
verificati ...)
- openssl 3.0.8-1
[bullseye] - openssl <not-affected> (Only affects 3.x)
[buster] - openssl <not-affected> (Only affects 3.x)
@@ -28929,8 +29048,8 @@ CVE-2022-43925
RESERVED
CVE-2022-43924
RESERVED
-CVE-2022-43923
- RESERVED
+CVE-2022-43923 (IBM Maximo Application Suite 8.8.0 and 8.9.0 stores
potentially sensit ...)
+ TODO: check
CVE-2022-43922 (IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0,
5.1, 5.2 ...)
NOT-FOR-US: IBM
CVE-2022-43921
@@ -34639,16 +34758,19 @@ CVE-2022-41862
NOTE:
https://www.postgresql.org/about/news/postgresql-152-147-1310-1214-and-1119-released-2592/
NOTE: Fixed in 15.2, 14.7, 13.10, 12.14
CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or
home serv ...)
+ {DLA-3342-1}
- freeradius 3.2.0+dfsg-1
[bullseye] - freeradius <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62
(release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM
option, ...)
+ {DLA-3342-1}
- freeradius 3.2.0+dfsg-1
[bullseye] - freeradius <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708
(release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on unknown option in
EAP-SIM")
CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element()
leaks i ...)
+ {DLA-3342-1}
- freeradius 3.2.0+dfsg-1
NOTE:
https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f912ad2da8ac6e176ac3a606333469937
(release_3_0_26)
TODO: check details on fix
@@ -47615,7 +47737,7 @@ CVE-2022-37034 (In dotCMS 5.x-22.06, it is possible to
call the TempResource mul
CVE-2022-37033 (In dotCMS 5.x-22.06, TempFileAPI allows a user to create a
temporary f ...)
NOT-FOR-US: dotCMS
CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR
before 8.4 ma ...)
- {DLA-3211-1}
+ {DSA-5362-1 DLA-3211-1}
- frr 8.4.1-1 (bug #1021016)
NOTE: Fixed by:
https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed
CVE-2022-37031
@@ -62331,6 +62453,7 @@ CVE-2022-31632
RESERVED
CVE-2022-31631
RESERVED
+ {DSA-5363-1}
- php8.2 8.2.1-1
- php8.1 <removed>
- php7.4 <removed>
@@ -96433,8 +96556,8 @@ CVE-2021-4107 (yetiforcecrm is vulnerable to Improper
Neutralization of Input Du
NOT-FOR-US: yetiforcecrm
CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an
attacker to r ...)
NOT-FOR-US: Snow Inventory Java Scanner
-CVE-2021-4105
- RESERVED
+CVE-2021-4105 (Improper Handling of Parameters vulnerability in BG-TEK COSLAT
Firewal ...)
+ TODO: check
CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict
which packet ...)
- libtoxcore 0.2.2-1
NOTE:
https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release
@@ -108226,8 +108349,8 @@ CVE-2021-41971 (Apache Superset up to and including
1.3.0 when configured with E
NOT-FOR-US: Apache Superset
CVE-2021-3856 (ClassLoaderTheme and ClasspathThemeResourceProviderFactory
allows read ...)
NOT-FOR-US: Keycloak
-CVE-2021-3855
- RESERVED
+CVE-2021-3855 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
CVE-2021-3854
RESERVED
CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in
nix::unistd::getgrouplist]
@@ -124919,10 +125042,10 @@ CVE-2021-35372
RESERVED
CVE-2021-35371
RESERVED
-CVE-2021-35370
- RESERVED
-CVE-2021-35369
- RESERVED
+CVE-2021-35370 (An issue found in Peacexie Imcat v5.4 allows attackers to
execute arbi ...)
+ TODO: check
+CVE-2021-35369 (Arbitrary File Read vulnerability found in Peacexie ImCat
v.5.2 fixed ...)
+ TODO: check
CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x
before 3.2.1 ...)
- modsecurity-crs 3.3.2-1 (bug #992000)
[bullseye] - modsecurity-crs 3.3.0-1+deb11u1
@@ -127908,8 +128031,8 @@ CVE-2021-34066 (An issue was discovered in
EdgeGallery/developer before v1.0. Th
NOT-FOR-US: EdgeGallery/developer
CVE-2021-34065
RESERVED
-CVE-2021-34064
- RESERVED
+CVE-2021-34064 (An issue found in Koel v.5.1.4 and before allows remote
attackers to g ...)
+ TODO: check
CVE-2021-34063
RESERVED
CVE-2021-34062
@@ -129689,8 +129812,8 @@ CVE-2021-33389
RESERVED
CVE-2021-33388
RESERVED
-CVE-2021-33387
- RESERVED
+CVE-2021-33387 (Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows
attacker t ...)
+ TODO: check
CVE-2021-33386
RESERVED
CVE-2021-33385
@@ -130078,8 +130201,8 @@ CVE-2021-33226 (Buffer Overflow vulnerability in
Saltstack v.3003 and before all
TODO: check
CVE-2021-33225
RESERVED
-CVE-2021-33224
- RESERVED
+CVE-2021-33224 (File upload vulnerability in Umbraco Forms v.8.7.0 allows
unauthentica ...)
+ TODO: check
CVE-2021-33223
RESERVED
CVE-2021-33222
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc26f5a0e70c884fc459570425e2adab536ba410
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc26f5a0e70c884fc459570425e2adab536ba410
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
