Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f9a4a80c by security tracker role at 2023-03-16T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,108 @@
-CVE-2023-28466 [net: tls: fix possible race condition between
do_tls_getsockopt_conf() and do_tls_setsockopt_conf()]
+CVE-2023-28488
+ RESERVED
+CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in
sudoreplay ou ...)
+ TODO: check
+CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log
messages. ...)
+ TODO: check
+CVE-2023-28485
+ RESERVED
+CVE-2023-28484
+ RESERVED
+CVE-2023-28483
+ RESERVED
+CVE-2023-28482
+ RESERVED
+CVE-2023-28481
+ RESERVED
+CVE-2023-28480
+ RESERVED
+CVE-2023-28479
+ RESERVED
+CVE-2023-28478
+ RESERVED
+CVE-2023-28477
+ RESERVED
+CVE-2023-28476
+ RESERVED
+CVE-2023-28475
+ RESERVED
+CVE-2023-28474
+ RESERVED
+CVE-2023-28473
+ RESERVED
+CVE-2023-28472
+ RESERVED
+CVE-2023-28471
+ RESERVED
+CVE-2023-28470
+ RESERVED
+CVE-2023-28469
+ RESERVED
+CVE-2023-28468
+ RESERVED
+CVE-2023-28467
+ RESERVED
+CVE-2023-28465
+ RESERVED
+CVE-2023-28464
+ RESERVED
+CVE-2023-28463
+ RESERVED
+CVE-2023-28462
+ RESERVED
+CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and
earlier) allow ...)
+ TODO: check
+CVE-2023-28460 (A command injection vulnerability was discovered in Array
Networks APV ...)
+ TODO: check
+CVE-2023-28459
+ RESERVED
+CVE-2023-28458
+ RESERVED
+CVE-2023-28457
+ RESERVED
+CVE-2023-28456
+ RESERVED
+CVE-2023-28455
+ RESERVED
+CVE-2023-28454
+ RESERVED
+CVE-2023-28453
+ RESERVED
+CVE-2023-28452
+ RESERVED
+CVE-2023-28451
+ RESERVED
+CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default
maximum ED ...)
+ TODO: check
+CVE-2023-1424
+ RESERVED
+CVE-2023-1423
+ RESERVED
+CVE-2023-1422
+ RESERVED
+CVE-2023-1421 (A reflected cross-site scripting vulnerability in the OAuth
flow compl ...)
+ TODO: check
+CVE-2019-25135
+ RESERVED
+CVE-2019-25134
+ RESERVED
+CVE-2019-25133
+ RESERVED
+CVE-2019-25132
+ RESERVED
+CVE-2019-25131
+ RESERVED
+CVE-2019-25130
+ RESERVED
+CVE-2019-25129
+ RESERVED
+CVE-2019-25128
+ RESERVED
+CVE-2019-25127
+ RESERVED
+CVE-2019-25126
+ RESERVED
+CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel
through 6. ...)
- linux <unfixed>
[bullseye] - linux <ignored> (Minor issue; CONFIG_TLS not enabled in
Debian)
[buster] - linux <ignored> (Minor issue; CONFIG_TLS not enabled in
Debian)
@@ -340,10 +444,10 @@ CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is
available, allows privil
NOTE: Restricting ioctl on the kernel side seems the better approach,
patches have been
NOTE: posted to kernel-hardening list, and can be mitigated with Linux
6.2, see option
NOTE: CONFIG_LEGACY_TIOCSTI.
-CVE-2023-28338
- RESERVED
-CVE-2023-28337
- RESERVED
+CVE-2023-28338 (Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s
web ser ...)
+ TODO: check
+CVE-2023-28337 (When uploading a firmware image to a Netgear Nighthawk Wifi6
Router (R ...)
+ TODO: check
CVE-2023-28336
RESERVED
CVE-2023-28335
@@ -407,8 +511,8 @@ CVE-2023-1390
- linux 5.10.12-1
[buster] - linux 4.19.171-1
NOTE:
https://git.kernel.org/linus/b77413446408fdd256599daf00d5be72b5f3e7c6 (5.11-rc4)
-CVE-2023-1389
- RESERVED
+CVE-2023-1389 (TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4
Build 2023 ...)
+ TODO: check
CVE-2023-1388
RESERVED
CVE-2023-1387
@@ -1147,16 +1251,16 @@ CVE-2023-28101
RESERVED
CVE-2023-28100
RESERVED
-CVE-2023-28099
- RESERVED
-CVE-2023-28098
- RESERVED
-CVE-2023-28097
- RESERVED
-CVE-2023-28096
- RESERVED
-CVE-2023-28095
- RESERVED
+CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
+CVE-2023-28098 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
+CVE-2023-28097 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
+CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol (SIP) server
implementation, h ...)
+ TODO: check
+CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
CVE-2023-28094
RESERVED
CVE-2023-28093
@@ -2629,18 +2733,18 @@ CVE-2014-125092 (A vulnerability was found in
MaxButtons Plugin up to 1.26.0 and
NOT-FOR-US: WordPress plugin
CVE-2006-10001 (A vulnerability, which was classified as problematic, was
found in Sub ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27601
- RESERVED
-CVE-2023-27600
- RESERVED
-CVE-2023-27599
- RESERVED
-CVE-2023-27598
- RESERVED
-CVE-2023-27597
- RESERVED
-CVE-2023-27596
- RESERVED
+CVE-2023-27601 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
+CVE-2023-27600 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
+CVE-2023-27599 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
+CVE-2023-27598 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
+CVE-2023-27597 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
+CVE-2023-27596 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
+ TODO: check
CVE-2023-27595
RESERVED
CVE-2023-27594
@@ -4028,8 +4132,8 @@ CVE-2023-27097
RESERVED
CVE-2023-27096
RESERVED
-CVE-2023-27095
- RESERVED
+CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j
v.1.4.3 ...)
+ TODO: check
CVE-2023-27094
RESERVED
CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows
attackers t ...)
@@ -4050,8 +4154,8 @@ CVE-2023-27086
RESERVED
CVE-2023-27085
RESERVED
-CVE-2023-27084
- RESERVED
+CVE-2023-27084 (Permissions vulnerability found in isoftforce Dreamer CMS
v.4.0.1 allo ...)
+ TODO: check
CVE-2023-27083
RESERVED
CVE-2023-27082
@@ -4316,8 +4420,8 @@ CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to
contain a stored cross-site
NOT-FOR-US: onekeyadmin
CVE-2023-26952 (onekeyadmin v1.3.9 was discovered to contain a stored
cross-site scrip ...)
NOT-FOR-US: onekeyadmin
-CVE-2023-26951
- RESERVED
+CVE-2023-26951 (onekeyadmin v1.3.9 was discovered to contain a stored
cross-site scrip ...)
+ TODO: check
CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored
cross-site scrip ...)
NOT-FOR-US: onekeyadmin
CVE-2023-26949 (An arbitrary file upload vulnerability in the component
/admin1/config ...)
@@ -4394,8 +4498,8 @@ CVE-2023-26914
RESERVED
CVE-2023-26913
RESERVED
-CVE-2023-26912
- RESERVED
+CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm
thru commi ...)
+ TODO: check
CVE-2023-26911
RESERVED
CVE-2023-26910
@@ -4650,8 +4754,8 @@ CVE-2023-26786
RESERVED
CVE-2023-26785
RESERVED
-CVE-2023-26784
- RESERVED
+CVE-2023-26784 (SQL Injection vulnerability found in Kirin Fortress Machine
v.1.7-2020 ...)
+ TODO: check
CVE-2023-26783
RESERVED
CVE-2023-26782
@@ -5401,8 +5505,8 @@ CVE-2023-26486 (Vega is a visualization grammar, a
declarative format for creati
NOT-FOR-US: Vega
CVE-2023-26485
RESERVED
-CVE-2023-26484
- RESERVED
+CVE-2023-26484 (KubeVirt is a virtual machine management add-on for
Kubernetes. In ver ...)
+ TODO: check
CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service
Provider ...)
- golang-github-russellhaering-gosaml2 <itp> (bug #948190)
CVE-2023-26482
@@ -7881,8 +7985,8 @@ CVE-2023-25682
RESERVED
CVE-2023-25681
RESERVED
-CVE-2023-25680
- RESERVED
+CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is
vulnerable to ...)
+ TODO: check
CVE-2023-25679
RESERVED
CVE-2023-0783 (A vulnerability was found in EcShop 4.1.5. It has been
classified as c ...)
@@ -8860,10 +8964,10 @@ CVE-2023-25347
RESERVED
CVE-2023-25346
RESERVED
-CVE-2023-25345
- RESERVED
-CVE-2023-25344
- RESERVED
+CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4
and swi ...)
+ TODO: check
+CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig
thru 1.4 ...)
+ TODO: check
CVE-2023-25343
RESERVED
CVE-2023-25342
@@ -8988,10 +9092,10 @@ CVE-2023-25283 (A stack overflow vulnerability in
D-Link DIR820LA1_FW106B02 allo
NOT-FOR-US: D-Link
CVE-2023-25282 (A heap overflow vulnerability in D-Link DIR820LA1_FW106B02
allows atta ...)
NOT-FOR-US: D-Link
-CVE-2023-25281
- RESERVED
-CVE-2023-25280
- RESERVED
+CVE-2023-25281 (A stack overflow vulnerability exists in pingV4Msg component
in D-Link ...)
+ TODO: check
+CVE-2023-25280 (OS Command injection vulnerability in D-Link
DIR820LA1_FW105B03 allows ...)
+ TODO: check
CVE-2023-25279 (OS Command injection vulnerability in D-Link
DIR820LA1_FW105B03 allows ...)
NOT-FOR-US: D-Link
CVE-2023-25278
@@ -9016,8 +9120,8 @@ CVE-2023-25269
RESERVED
CVE-2023-25268
RESERVED
-CVE-2023-25267
- RESERVED
+CVE-2023-25267 (An issue was discovered in GFI Kerio Connect 9.4.1 patch 1
(fixed in 1 ...)
+ TODO: check
CVE-2023-25266 (An issue was discovered in Docmosis Tornado prior to version
2.9.5. An ...)
NOT-FOR-US: Docmosis Tornado
CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory
Traversal lead ...)
@@ -10318,8 +10422,8 @@ CVE-2023-24797
RESERVED
CVE-2023-24796
RESERVED
-CVE-2023-24795
- RESERVED
+CVE-2023-24795 (Command execution vulnerability was discovered in JHR-N916R
router fir ...)
+ TODO: check
CVE-2023-24794
RESERVED
CVE-2023-24793
@@ -10388,8 +10492,8 @@ CVE-2023-24762 (OS Command injection vulnerability in
D-Link DIR-867 DIR_867_FW1
NOT-FOR-US: D-Link
CVE-2023-24761
RESERVED
-CVE-2023-24760
- RESERVED
+CVE-2023-24760 (An issue found in Ofcms v.1.1.4 allows a remote attacker to to
escalat ...)
+ TODO: check
CVE-2023-24759
RESERVED
CVE-2023-24758 (libde265 v1.0.10 was discovered to contain a NULL pointer
dereference ...)
@@ -11373,8 +11477,8 @@ CVE-2023-24470
RESERVED
CVE-2023-24469
RESERVED
-CVE-2023-24468
- RESERVED
+CVE-2023-24468 (Broken access control in Advanced Authentication versions
prior to 6.4 ...)
+ TODO: check
CVE-2023-24467
RESERVED
CVE-2023-24466
@@ -14960,8 +15064,8 @@ CVE-2023-23152
RESERVED
CVE-2023-23151 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary
file deleti ...)
NOT-FOR-US: bloofoxCMS
-CVE-2023-23150
- RESERVED
+CVE-2023-23150 (SA-WR915ND router firmware v17.35.1 was discovered to be
vulnerable to ...)
+ TODO: check
CVE-2023-23149
RESERVED
CVE-2023-23148
@@ -17030,8 +17134,8 @@ CVE-2023-22593
RESERVED
CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through
21.0.4 cou ...)
NOT-FOR-US: IBM
-CVE-2023-22591
- RESERVED
+CVE-2023-22591 (IBM Robotic Process Automation 21.0.1 through 21.0.7 and
23.0.0 throug ...)
+ TODO: check
CVE-2023-22590
RESERVED
CVE-2023-22589
@@ -23450,8 +23554,8 @@ CVE-2022-46775
RESERVED
CVE-2022-46774 (IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo
Application S ...)
NOT-FOR-US: IBM
-CVE-2022-46773
- RESERVED
+CVE-2022-46773 (IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is
vulnerabl ...)
+ TODO: check
CVE-2022-46772
RESERVED
CVE-2022-46771 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0
through 7 ...)
@@ -23838,8 +23942,8 @@ CVE-2022-4315 (An issue has been discovered in GitLab
DAST analyzer affecting al
NOT-FOR-US: Gitlab DAST analyzer
CVE-2022-4314 (Improper Privilege Management in GitHub repository
ikus060/rdiffweb pr ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-4313
- RESERVED
+CVE-2022-4313 (A vulnerability was reported where through modifying the scan
variable ...)
+ TODO: check
CVE-2022-4312 (A cleartext storage of sensitive information vulnerability
exists in P ...)
NOT-FOR-US: PcVue
CVE-2022-4311 (An insertion of sensitive information into log file
vulnerability exis ...)
@@ -26909,9 +27013,9 @@ CVE-2022-45591
RESERVED
CVE-2022-45590
RESERVED
-CVE-2022-45589 (SQL Injection vulnerability in Talend ESB Runtime
7.3.1-R2022-09-RT th ...)
+CVE-2022-45589 (All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of
the Tal ...)
NOT-FOR-US: Talend
-CVE-2022-45588 (XML External Entity (XXE) vulnerability in Talend Remote
Engine Gen 2 ...)
+CVE-2022-45588 (All versions before R2022-09 of Talend's Remote Engine Gen 2
are poten ...)
NOT-FOR-US: Talend
CVE-2022-45587 (Stack overflow vulnerability in function gmalloc in
goo/gmem.cc in xpd ...)
- xpdf <not-affected> (Debian uses poppler, which is not affected)
@@ -27420,8 +27524,8 @@ CVE-2022-41783 (tdpServer of TP-Link RE300 V1
improperly processes its input, wh
NOT-FOR-US: TP-Link
CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4009
- RESERVED
+CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a
user to in ...)
+ TODO: check
CVE-2022-4008
RESERVED
CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all
versions fro ...)
@@ -72183,11 +72287,13 @@ CVE-2022-30260 (Emerson DeltaV Distributed Control
System (DCS) has insufficient
CVE-2022-1588
REJECTED
CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2
librar ...)
+ {DLA-3363-1}
- pcre2 10.40-1 (bug #1011954)
[bullseye] - pcre2 10.36-2+deb11u1
[stretch] - pcre2 <no-dsa> (Minor issue)
NOTE:
https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
(pcre2-10.40)
CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2
librar ...)
+ {DLA-3363-1}
- pcre2 10.40-1 (bug #1011954)
[bullseye] - pcre2 10.36-2+deb11u1
[stretch] - pcre2 <no-dsa> (Minor issue)
@@ -182838,8 +182944,8 @@ CVE-2020-27509 (Persistent XSS in Galaxkey Secure
Mail Client in Galaxkey up to
NOT-FOR-US: Galaxkey
CVE-2020-27508 (In two-factor authentication, the system also sending 2fa
secret key i ...)
NOT-FOR-US: Frappe Framework
-CVE-2020-27507
- RESERVED
+CVE-2020-27507 (The Kamailio SIP before 5.5.0 server mishandles INVITE
requests with d ...)
+ TODO: check
CVE-2020-27506
RESERVED
CVE-2020-27505
@@ -228584,6 +228690,7 @@ CVE-2020-8995 (Programi Bilanc Build 007 Release 014
31.01.2020 supplies a .exe
CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP
SDK before ...)
NOT-FOR-US: Heartland & Global Payments PHP SDK
CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when
the pat ...)
+ {DLA-3363-1}
- pcre2 10.34-1
[stretch] - pcre2 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=2421
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9a4a80c6d00893e688d6bc416e73e0aac628a7a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9a4a80c6d00893e688d6bc416e73e0aac628a7a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
