Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1efc0cd8 by security tracker role at 2023-03-09T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-28004
+ RESERVED
+CVE-2023-28003
+ RESERVED
+CVE-2023-28002
+ RESERVED
+CVE-2023-28001
+ RESERVED
+CVE-2023-28000
+ RESERVED
+CVE-2023-27999
+ RESERVED
+CVE-2023-27998
+ RESERVED
+CVE-2023-27997
+ RESERVED
+CVE-2023-27996
+ RESERVED
+CVE-2023-27995
+ RESERVED
+CVE-2023-27994
+ RESERVED
+CVE-2023-27993
+ RESERVED
+CVE-2023-27992
+ RESERVED
+CVE-2023-27991
+ RESERVED
+CVE-2023-27990
+ RESERVED
+CVE-2023-27989
+ RESERVED
+CVE-2023-27988
+ RESERVED
+CVE-2023-27987
+ RESERVED
+CVE-2023-1297
+ RESERVED
+CVE-2023-1296
+ RESERVED
+CVE-2023-1295
+ RESERVED
+CVE-2023-1294 (A vulnerability was found in SourceCodester File Tracker
Manager Syste ...)
+ TODO: check
+CVE-2023-1293 (A vulnerability was found in SourceCodester Online Graduate
Tracer Sys ...)
+ TODO: check
+CVE-2023-1292 (A vulnerability has been found in SourceCodester Sales Tracker
Managem ...)
+ TODO: check
+CVE-2023-1291 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-1290 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-1289
+ RESERVED
+CVE-2023-1288 (An XML External Entity injection (XXE) vulnerability in ENOVIA
Live Co ...)
+ TODO: check
+CVE-2023-1287 (An XSL template vulnerability in ENOVIA Live Collaboration
V6R2013xE a ...)
+ TODO: check
+CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2023-1285
+ RESERVED
CVE-2023-27984
RESERVED
CVE-2023-27983
@@ -279,8 +341,8 @@ CVE-2023-1252
[bullseye] - linux 5.10.84-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9a254403760041528bc8f69fe2f5e1ef86950991 (5.16-rc1)
-CVE-2023-1251
- RESERVED
+CVE-2023-1251 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-1250
RESERVED
CVE-2023-1249 [coredump: Use the vma snapshot in fill_files_note]
@@ -395,75 +457,99 @@ CVE-2023-1238 (Cross-site Scripting (XSS) - Stored in
GitHub repository answerde
CVE-2023-1237 (Cross-site Scripting (XSS) - Stored in GitHub repository
answerdev/ans ...)
NOT-FOR-US: Answer
CVE-2023-1236 (Inappropriate implementation in Internals in Google Chrome
prior to 11 ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1235 (Type confusion in DevTools in Google Chrome prior to
111.0.5563.64 all ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1234 (Inappropriate implementation in Intents in Google Chrome on
Android pr ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1233 (Insufficient policy enforcement in Resource Timing in Google
Chrome pr ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1232 (Insufficient policy enforcement in Resource Timing in Google
Chrome pr ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1231 (Inappropriate implementation in Autofill in Google Chrome on
Android p ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1230 (Inappropriate implementation in WebApp Installs in Google
Chrome on An ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1229 (Inappropriate implementation in Permission prompts in Google
Chrome pr ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1228 (Insufficient policy enforcement in Intents in Google Chrome on
Android ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1227 (Use after free in Core in Google Chrome on Lacros prior to
111.0.5563. ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1226 (Insufficient policy enforcement in Web Payments API in Google
Chrome p ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1225 (Insufficient policy enforcement in Navigation in Google Chrome
on iOS ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1224 (Insufficient policy enforcement in Web Payments API in Google
Chrome p ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1223 (Insufficient policy enforcement in Autofill in Google Chrome on
Androi ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1222 (Heap buffer overflow in Web Audio API in Google Chrome prior to
111.0. ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1221 (Insufficient policy enforcement in Extensions API in Google
Chrome pri ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1220 (Heap buffer overflow in UMA in Google Chrome prior to
111.0.5563.64 al ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1219 (Heap buffer overflow in Metrics in Google Chrome prior to
111.0.5563.6 ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1218 (Use after free in WebRTC in Google Chrome prior to
111.0.5563.64 allow ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1217 (Stack buffer overflow in Crash reporting in Google Chrome on
Windows p ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1216 (Use after free in DevTools in Google Chrome prior to
111.0.5563.64 all ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1215 (Type confusion in CSS in Google Chrome prior to 111.0.5563.64
allowed ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1214 (Type confusion in V8 in Google Chrome prior to 111.0.5563.64
allowed a ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1213 (Use after free in Swiftshader in Google Chrome prior to
111.0.5563.64 ...)
+ {DSA-5371-1}
- chromium 111.0.5563.64-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-1212 (Cross-site Scripting (XSS) - Stored in GitHub repository
phpipam/phpip ...)
@@ -4657,10 +4743,10 @@ CVE-2023-26211
RESERVED
CVE-2023-26210
RESERVED
-CVE-2023-26209
- RESERVED
-CVE-2023-26208
- RESERVED
+CVE-2023-26209 (A improper restriction of excessive authentication attempts
vulnerabil ...)
+ TODO: check
+CVE-2023-26208 (A improper restriction of excessive authentication attempts
vulnerabil ...)
+ TODO: check
CVE-2023-26207
RESERVED
CVE-2023-26206
@@ -5705,8 +5791,8 @@ CVE-2023-25816 (Nextcloud is an Open Source private cloud
software. Versions 25.
- nextcloud-server <itp> (bug #941708)
CVE-2023-25815
RESERVED
-CVE-2023-25814
- RESERVED
+CVE-2023-25814 (metersphere is an open source continuous testing platform. In
versions ...)
+ TODO: check
CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a
SQL inj ...)
NOT-FOR-US: Sequelize
CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected
versions do ...)
@@ -5775,8 +5861,8 @@ CVE-2023-25781
RESERVED
CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of
alarm r ...)
NOT-FOR-US: OpenNMS
-CVE-2023-0845
- RESERVED
+CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with
servic ...)
+ TODO: check
CVE-2023-0844
RESERVED
CVE-2023-0843
@@ -6690,8 +6776,8 @@ CVE-2023-25575 (API Platform Core is the server component
of API Platform: hyper
NOT-FOR-US: API Platform Core
CVE-2023-25574
RESERVED
-CVE-2023-25573
- RESERVED
+CVE-2023-25573 (metersphere is an open source continuous testing platform. In
affected ...)
+ TODO: check
CVE-2023-25572 (react-admin is a frontend framework for building browser
applications ...)
NOT-FOR-US: react-admin
CVE-2023-25571 (Backstage is an open platform for building developer portals.
`@backst ...)
@@ -74150,8 +74236,8 @@ CVE-2022-29058 (An improper neutralization of special
elements [CWE-89] used in
NOT-FOR-US: FortiGuard
CVE-2022-29057 (A improper neutralization of input during web page generation
('cross- ...)
NOT-FOR-US: Fortinet
-CVE-2022-29056
- RESERVED
+CVE-2022-29056 (A improper restriction of excessive authentication attempts
vulnerabil ...)
+ TODO: check
CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version
7.2.0, 7 ...)
NOT-FOR-US: FortiGuard
CVE-2022-29054 (A missing cryptographic steps vulnerability [CWE-325] in the
functions ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1efc0cd86d7d7a4980afcc550c520445f842b0ba
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1efc0cd86d7d7a4980afcc550c520445f842b0ba
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
