Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
eb20bb95 by security tracker role at 2023-03-27T08:10:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,97 @@
+CVE-2023-28892
+ RESERVED
+CVE-2023-28891
+ RESERVED
+CVE-2023-28890
+ RESERVED
+CVE-2023-28889
+ RESERVED
+CVE-2023-28888
+ RESERVED
+CVE-2023-28887
+ RESERVED
+CVE-2023-28886
+ RESERVED
+CVE-2023-28885 (The MyLink infotainment system (build 2021.3.26) in General
Motors Che ...)
+ TODO: check
+CVE-2023-28884 (In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows
XSS in ...)
+ TODO: check
+CVE-2023-28883 (In Cerebrate 1.13, a blind SQL injection exists in the
searchAll API e ...)
+ TODO: check
+CVE-2023-28882
+ RESERVED
+CVE-2023-28881
+ RESERVED
+CVE-2023-28880
+ RESERVED
+CVE-2023-28879
+ RESERVED
+CVE-2023-28878
+ RESERVED
+CVE-2023-28877
+ RESERVED
+CVE-2023-28876
+ RESERVED
+CVE-2023-28875
+ RESERVED
+CVE-2023-28874
+ RESERVED
+CVE-2023-28873
+ RESERVED
+CVE-2023-28872
+ RESERVED
+CVE-2023-28871
+ RESERVED
+CVE-2023-28870
+ RESERVED
+CVE-2023-28869
+ RESERVED
+CVE-2023-28868
+ RESERVED
+CVE-2023-28867 (In GraphQL Java (aka graphql-java) before 20.1, an attacker
can send a ...)
+ TODO: check
+CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c
allows out ...)
+ TODO: check
+CVE-2023-28865
+ RESERVED
+CVE-2023-28864
+ RESERVED
+CVE-2023-28863
+ RESERVED
+CVE-2023-28862
+ RESERVED
+CVE-2023-28861
+ RESERVED
+CVE-2023-28860
+ RESERVED
+CVE-2023-1647 (Improper Access Control in GitHub repository calcom/cal.com
prior to 2 ...)
+ TODO: check
+CVE-2023-1646 (A vulnerability was found in IObit Malware Fighter 9.4.0.776.
It has b ...)
+ TODO: check
+CVE-2023-1645 (A vulnerability was found in IObit Malware Fighter 9.4.0.776.
It has b ...)
+ TODO: check
+CVE-2023-1644 (A vulnerability was found in IObit Malware Fighter 9.4.0.776
and class ...)
+ TODO: check
+CVE-2023-1643 (A vulnerability has been found in IObit Malware Fighter
9.4.0.776 and ...)
+ TODO: check
+CVE-2023-1642 (A vulnerability, which was classified as problematic, was found
in IOb ...)
+ TODO: check
+CVE-2023-1641 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-1640 (A vulnerability classified as problematic was found in IObit
Malware F ...)
+ TODO: check
+CVE-2023-1639 (A vulnerability classified as problematic has been found in
IObit Malw ...)
+ TODO: check
+CVE-2023-1638 (A vulnerability was found in IObit Malware Fighter 9.4.0.776.
It has b ...)
+ TODO: check
+CVE-2018-25083 (The pullit package before 1.4.0 for Node.js allows OS Command
Injectio ...)
+ TODO: check
CVE-2023-28859 (redis-py through 4.5.3 leaves a connection open after
canceling an asy ...)
TODO: check
CVE-2023-28858 (redis-py before 4.5.3, as used in ChatGPT and other products,
leaves a ...)
TODO: check
CVE-2023-1637 [x86/speculation: Restore speculation related MSRs during S3
resume]
+ RESERVED
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -3588,8 +3677,8 @@ CVE-2023-27798
RESERVED
CVE-2023-27797
RESERVED
-CVE-2023-27796
- RESERVED
+CVE-2023-27796 (RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX
PRO Wire ...)
+ TODO: check
CVE-2023-27795
RESERVED
CVE-2023-27794
@@ -6081,12 +6170,12 @@ CVE-2023-26804
RESERVED
CVE-2023-26803
RESERVED
-CVE-2023-26802
- RESERVED
-CVE-2023-26801
- RESERVED
-CVE-2023-26800
- RESERVED
+CVE-2023-26802 (An issue in the component /network_config/nsg_masq.cgi of DCN
(Digital ...)
+ TODO: check
+CVE-2023-26801 (LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9,
LB-LINK BL-X26 ...)
+ TODO: check
+CVE-2023-26800 (Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204
was discov ...)
+ TODO: check
CVE-2023-26799
RESERVED
CVE-2023-26798
@@ -8537,8 +8626,8 @@ CVE-2022-48324 (Multiple Cross Site Scripting (XSS)
vulnerabilities in Mapos 4.3
NOT-FOR-US: Mapos
CVE-2021-46874
RESERVED
-CVE-2023-25909
- RESERVED
+CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict
upload of fil ...)
+ TODO: check
CVE-2023-25908
RESERVED
CVE-2023-25907
@@ -11190,10 +11279,10 @@ CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced
a double-free vulnerability
NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3522
NOTE: Introduced by:
https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
NOTE: https://www.openwall.com/lists/oss-security/2023/02/13/1
-CVE-2023-25018
- RESERVED
-CVE-2023-25017
- RESERVED
+CVE-2023-25018 (RIFARTEK IOT Wall transportation function has insufficient
filtering f ...)
+ TODO: check
+CVE-2023-25017 (RIFARTEK IOT Wall has a vulnerability of incorrect
authorization. An a ...)
+ TODO: check
CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x
before 7.1. ...)
NOT-FOR-US: Couchbase Server
CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used,
allows CSRF ...)
@@ -11641,24 +11730,24 @@ CVE-2023-24844
RESERVED
CVE-2023-24843
RESERVED
-CVE-2023-24842
- RESERVED
-CVE-2023-24841
- RESERVED
-CVE-2023-24840
- RESERVED
-CVE-2023-24839
- RESERVED
-CVE-2023-24838
- RESERVED
-CVE-2023-24837
- RESERVED
+CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access
control. A ...)
+ TODO: check
+CVE-2023-24841 (HGiga MailSherlock query function for connection log has a
vulnerabili ...)
+ TODO: check
+CVE-2023-24840 (HGiga MailSherlock mail query function has vulnerability of
insufficie ...)
+ TODO: check
+CVE-2023-24839 (HGiga MailSherlock’s specific function has insufficient
filterin ...)
+ TODO: check
+CVE-2023-24838 (HGiga PowerStation has a vulnerability of Information Leakage.
An unau ...)
+ TODO: check
+CVE-2023-24837 (HGiga PowerStation remote management function has insufficient
filteri ...)
+ TODO: check
CVE-2023-24836
RESERVED
-CVE-2023-24835
- RESERVED
-CVE-2023-24834
- RESERVED
+CVE-2023-24835 (Softnext Technologies Corp.’s SPAM SQR has a
vulnerability of Co ...)
+ TODO: check
+CVE-2023-24834 (WisdomGarden Tronclass has improper access control when
uploading file ...)
+ TODO: check
CVE-2023-0600
RESERVED
CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a
stored c ...)
@@ -17261,8 +17350,8 @@ CVE-2023-22904
RESERVED
CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect
access c ...)
NOT-FOR-US: LibrePhotos
-CVE-2023-22902
- RESERVED
+CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient
filtering f ...)
+ TODO: check
CVE-2023-22901
RESERVED
CVE-2023-22900 (Efence login function has insufficient validation for user
input. An u ...)
@@ -27932,8 +28021,8 @@ CVE-2022-4128 (A NULL pointer dereference issue was
discovered in the Linux kern
CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux
kernel in ...)
- linux <not-affected> (Vulnerable code only in 5.19-rcX versions)
NOTE:
https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6)
-CVE-2022-4126
- RESERVED
+CVE-2022-4126 (Use of Default Password vulnerability in ABB RCCMD on Windows,
Linux, ...)
+ TODO: check
CVE-2022-4125 (The Popup Manager WordPress plugin through 1.6.6 does not have
authori ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4124 (The Popup Manager WordPress plugin through 1.6.6 does not have
authori ...)
@@ -46282,7 +46371,7 @@ CVE-2022-3142 (The NEX-Forms WordPress plugin before
7.9.7 does not properly san
CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3
is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser
integration ...)
- {DSA-5252-1}
+ {DSA-5252-1 DLA-3368-1}
- libreoffice 1:7.4.1~rc2-3
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140
CVE-2022-3139 (The We’re Open! WordPress plugin before 1.42 does not
sanitise a ...)
@@ -48962,8 +49051,8 @@ CVE-2022-3061 (Found Linux Kernel flaw in the i740
driver. The Userspace program
{DSA-5257-1 DLA-3173-1}
- linux 5.18.2-1
NOTE:
https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5)
-CVE-2022-39043
- RESERVED
+CVE-2022-39043 (Juiker app stores debug logs which contains sensitive
information to m ...)
+ TODO: check
CVE-2022-39042 (aEnrich a+HRD has improper validation for login function. An
unauthent ...)
NOT-FOR-US: aEnrich a+HRD
CVE-2022-39041 (aEnrich a+HRD has insufficient user input validation for
specific API ...)
@@ -67877,8 +67966,8 @@ CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer
over-read in _dwarf_check
NOTE: Fixed by:
https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069
NOTE: https://github.com/davea42/libdwarf-code/issues/116
NOTE: https://www.prevanders.net/dwarfbug.html#DW202205-001
-CVE-2022-32199
- RESERVED
+CVE-2022-32199 (db_convert.php in ScriptCase through 9.9.008 is vulnerable to
Arbitrar ...)
+ TODO: check
CVE-2022-32198
RESERVED
CVE-2022-32197
@@ -85383,14 +85472,17 @@ CVE-2022-26309 (Pandora FMS v7.0NG.759 allows
Cross-Site Request Forgery in Bulk
CVE-2022-26308 (Pandora FMS v7.0NG.760 and below allows an improper access
control in ...)
NOT-FOR-US: Pandora FMS
CVE-2022-26307 (LibreOffice supports the storage of passwords for web
connections in t ...)
+ {DLA-3368-1}
- libreoffice 1:7.3.3~rc1-2
[bullseye] - libreoffice 1:7.0.4-4+deb11u2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
CVE-2022-26306 (LibreOffice supports the storage of passwords for web
connections in t ...)
+ {DLA-3368-1}
- libreoffice 1:7.3.3~rc1-2
[bullseye] - libreoffice 1:7.0.4-4+deb11u2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306
CVE-2022-26305 (An Improper Certificate Validation vulnerability in
LibreOffice existe ...)
+ {DLA-3368-1}
- libreoffice 1:7.3.2~rc2-1
[bullseye] - libreoffice 1:7.0.4-4+deb11u2
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305
@@ -157240,6 +157332,7 @@ CVE-2021-25638
CVE-2021-25637
RESERVED
CVE-2021-25636 (LibreOffice supports digital signatures of ODF documents and
macros wi ...)
+ {DLA-3368-1}
- libreoffice 1:7.3.0-1
[bullseye] - libreoffice 1:7.0.4-4+deb11u2
[stretch] - libreoffice <postponed> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb20bb951812091e37f395be3a4a3e9f95a27e03
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb20bb951812091e37f395be3a4a3e9f95a27e03
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
