Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
49b3767a by security tracker role at 2023-03-28T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-28934
+ RESERVED
+CVE-2023-28933
+ RESERVED
+CVE-2023-28932
+ RESERVED
+CVE-2023-28931
+ RESERVED
+CVE-2023-28930
+ RESERVED
+CVE-2023-28929
+ RESERVED
+CVE-2023-28928
+ RESERVED
+CVE-2023-1668
+ RESERVED
+CVE-2023-1667
+ RESERVED
+CVE-2023-1666 (A vulnerability has been found in SourceCodester Automatic
Question Pa ...)
+ TODO: check
+CVE-2023-1665 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
+ TODO: check
CVE-2023-28927
RESERVED
CVE-2023-28926
@@ -69,6 +91,7 @@ CVE-2023-28894
CVE-2023-28893
RESERVED
CVE-2023-1664
+ RESERVED
NOT-FOR-US: Keycloak
CVE-2023-1663
RESERVED
@@ -104,8 +127,8 @@ CVE-2023-1650
RESERVED
CVE-2023-1649
RESERVED
-CVE-2023-1648
- RESERVED
+CVE-2023-1648 (An issue has been discovered in GitLab DAST API scanner
affecting all ...)
+ TODO: check
CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572,
2022.1.15583 refle ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH
keys page ...)
@@ -208,8 +231,7 @@ CVE-2023-28859 (redis-py through 4.5.3 leaves a connection
open after canceling
TODO: check
CVE-2023-28858 (redis-py before 4.5.3, as used in ChatGPT and other products,
leaves a ...)
TODO: check
-CVE-2023-1637 [x86/speculation: Restore speculation related MSRs during S3
resume]
- RESERVED
+CVE-2023-1637 (A flaw that boot CPU could be vulnerable for the speculative
execution ...)
- linux 5.17.3-1
[bullseye] - linux 5.10.113-1
[buster] - linux 4.19.249-1
@@ -891,12 +913,12 @@ CVE-2023-1525
RESERVED
CVE-2023-1524
RESERVED
-CVE-2023-28655
- RESERVED
-CVE-2023-28652
- RESERVED
-CVE-2023-28650
- RESERVED
+CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate
privile ...)
+ TODO: check
+CVE-2023-28652 (An authenticated malicious user could successfully upload a
malicious ...)
+ TODO: check
+CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious
link and ...)
+ TODO: check
CVE-2023-28647
RESERVED
CVE-2023-28646
@@ -911,12 +933,12 @@ CVE-2023-28642
RESERVED
CVE-2023-28641
RESERVED
-CVE-2023-28640
- RESERVED
+CVE-2023-28640 (Apiman is a flexible and open source API Management platform.
Due to a ...)
+ TODO: check
CVE-2023-28639
RESERVED
-CVE-2023-28638
- RESERVED
+CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy
compres ...)
+ TODO: check
CVE-2023-28637
RESERVED
CVE-2023-28636
@@ -931,14 +953,14 @@ CVE-2023-28632
RESERVED
CVE-2023-28631
RESERVED
-CVE-2023-28630
- RESERVED
-CVE-2023-28629
- RESERVED
-CVE-2023-28628
- RESERVED
-CVE-2023-28627
- RESERVED
+CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD
versions fr ...)
+ TODO: check
+CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD
versions befor ...)
+ TODO: check
+CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library.
In versi ...)
+ TODO: check
+CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows.
In versio ...)
+ TODO: check
CVE-2023-28626
RESERVED
CVE-2023-28625
@@ -959,10 +981,10 @@ CVE-2023-28618
RESERVED
CVE-2023-28391
RESERVED
-CVE-2023-27927
- RESERVED
-CVE-2023-22300
- RESERVED
+CVE-2023-27927 (An authenticated malicious user could acquire the simple mail
transfer ...)
+ TODO: check
+CVE-2023-22300 (An unauthenticated remote attacker could force all
authenticated users ...)
+ TODO: check
CVE-2023-1523
RESERVED
CVE-2023-1522
@@ -1121,10 +1143,10 @@ CVE-2023-28599
RESERVED
CVE-2023-28598
RESERVED
-CVE-2023-28597
- RESERVED
-CVE-2023-28596
- RESERVED
+CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust
boundary implem ...)
+ TODO: check
+CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version
5.13.5 contai ...)
+ TODO: check
CVE-2023-28595
RESERVED
CVE-2023-28594
@@ -1615,8 +1637,8 @@ CVE-2023-28432 (Minio is a Multi-Cloud Object Storage
framework. In a cluster de
- minio <itp> (bug #859207)
CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate.
Frontier's ...)
NOT-FOR-US: Frontier
-CVE-2023-28430
- RESERVED
+CVE-2023-28430 (OneSignal is an email, sms, push notification, and in-app
message serv ...)
+ TODO: check
CVE-2023-28429 (Pimcore is an open source data and experience management
platform. Ver ...)
NOT-FOR-US: Pimcore
CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In
versions 1. ...)
@@ -2475,8 +2497,7 @@ CVE-2023-28159
RESERVED
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159
-CVE-2023-1380
- RESERVED
+CVE-2023-1380 (A slab-out-of-bound read problem was found in
brcmf_get_assoc_ies in d ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/T/#u
@@ -2750,8 +2771,8 @@ CVE-2023-28104 (`silverstripe/graphql` serves
Silverstripe data as GraphQL repre
NOT-FOR-US: silverstripe/graphql
CVE-2023-28103
RESERVED
-CVE-2023-28102
- RESERVED
+CVE-2023-28102 (discordrb is an implementation of the Discord API using Ruby.
In disco ...)
+ TODO: check
CVE-2023-28101 (Flatpak is a system for building, distributing, and running
sandboxed ...)
- flatpak 1.14.4-1 (bug #1033098)
[bullseye] - flatpak <no-dsa> (Minor issue)
@@ -4013,8 +4034,8 @@ CVE-2023-27702
RESERVED
CVE-2023-27701
RESERVED
-CVE-2023-27700
- RESERVED
+CVE-2023-27700 (MuYuCMS v2.2 was discovered to contain an arbitrary file
deletion vuln ...)
+ TODO: check
CVE-2023-27699
RESERVED
CVE-2023-27698
@@ -5262,39 +5283,32 @@ CVE-2023-27264 (A missing permissions check in
Mattermost Playbooks in Mattermos
- mattermost-server <itp> (bug #823556)
CVE-2023-27263 (A missing permissions check in the
/plugins/playbooks/api/v0/runs API ...)
- mattermost-server <itp> (bug #823556)
-CVE-2023-1079
- RESERVED
+CVE-2023-1079 (A flaw was found in the Linux kernel. A use-after-free may be
triggere ...)
- linux 6.1.20-1
NOTE:
https://git.kernel.org/linus/4ab3a086d10eeec1424f2e8a968827a6336203df
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/4
-CVE-2023-1078
- RESERVED
+CVE-2023-1078 (A flaw was found in the Linux Kernel in RDS (Reliable Datagram
Sockets ...)
- linux 6.1.12-1
NOTE:
https://git.kernel.org/linus/f753a68980cf4b59a80fe677619da2b1804f526d
-CVE-2023-1077
- RESERVED
+CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type
confused ...)
- linux 6.1.20-1
NOTE:
https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
-CVE-2023-1076
- RESERVED
+CVE-2023-1076 (A flaw was found in the Linux Kernel. The tun/tap sockets have
their s ...)
- linux 6.1.20-1
NOTE:
https://git.kernel.org/linus/66b2c338adce580dfce2199591e65e2bab889cff
NOTE:
https://git.kernel.org/linus/a096ccca6e503a5c575717ff8a36ace27510ab0a
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/5
-CVE-2023-1075
- RESERVED
+CVE-2023-1075 (A flaw was found in the Linux Kernel. The tls_is_tx_ready()
incorrectl ...)
- linux 6.1.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ffe2a22562444720b05bdfeb999c03e810d84cbb
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/6
-CVE-2023-1074
- RESERVED
+CVE-2023-1074 (A memory leak flaw was found in the Linux kernel's Stream
Control Tran ...)
- linux 6.1.11-1
NOTE:
https://git.kernel.org/linus/458e279f861d3f61796894cd158b780765a1569f
NOTE: https://www.openwall.com/lists/oss-security/2023/01/23/1
-CVE-2023-1073
- RESERVED
+CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel’s
human i ...)
- linux 6.1.11-1
NOTE:
https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456
NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3
@@ -6050,8 +6064,8 @@ CVE-2023-26926
RESERVED
CVE-2023-26925
RESERVED
-CVE-2023-26924
- RESERVED
+CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in
mlir::outlineSingleBlockReg ...)
+ TODO: check
CVE-2023-26923
RESERVED
CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2
allows a ...)
@@ -6804,12 +6818,12 @@ CVE-2023-26551
RESERVED
CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before
9.0.20.214 allow ...)
NOT-FOR-US: BMC Control-M
-CVE-2023-26549
- RESERVED
-CVE-2023-26548
- RESERVED
-CVE-2023-26547
- RESERVED
+CVE-2023-26549 (The SystemUI module has a vulnerability of repeated app
restart due to ...)
+ TODO: check
+CVE-2023-26548 (The pgmng module has a vulnerability in
serialization/deserialization. ...)
+ TODO: check
+CVE-2023-26547 (The InputMethod module has a vulnerability of
serialization/deserializ ...)
+ TODO: check
CVE-2023-26546
RESERVED
CVE-2023-24544
@@ -6857,38 +6871,38 @@ CVE-2023-1032
NOTE:
https://git.kernel.org/linus/649c15c7691e9b13cbe9bf6c65c365350e056067
CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP
before 10.1. ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2022-48361
- RESERVED
-CVE-2022-48360
- RESERVED
-CVE-2022-48359
- RESERVED
-CVE-2022-48358
- RESERVED
-CVE-2022-48357
- RESERVED
-CVE-2022-48356
- RESERVED
-CVE-2022-48355
- RESERVED
-CVE-2022-48354
- RESERVED
-CVE-2022-48353
- RESERVED
-CVE-2022-48352
- RESERVED
-CVE-2022-48351
- RESERVED
-CVE-2022-48350
- RESERVED
-CVE-2022-48349
- RESERVED
-CVE-2022-48348
- RESERVED
-CVE-2022-48347
- RESERVED
-CVE-2022-48346
- RESERVED
+CVE-2022-48361 (The Always On Display (AOD) has a path traversal vulnerability
in them ...)
+ TODO: check
+CVE-2022-48360 (The facial recognition module has a vulnerability in file
permission c ...)
+ TODO: check
+CVE-2022-48359 (The recovery mode for updates has a vulnerability that causes
arbitrar ...)
+ TODO: check
+CVE-2022-48358 (The BatteryHealthActivity has a redirection vulnerability.
Successful ...)
+ TODO: check
+CVE-2022-48357 (Some products have the double fetch vulnerability. Successful
exploita ...)
+ TODO: check
+CVE-2022-48356 (The facial recognition module has a vulnerability in input
parameter v ...)
+ TODO: check
+CVE-2022-48355 (The Bluetooth module has a heap out-of-bounds read
vulnerability. Succ ...)
+ TODO: check
+CVE-2022-48354 (The Bluetooth module has a heap out-of-bounds write
vulnerability. Suc ...)
+ TODO: check
+CVE-2022-48353 (Some smartphones have configuration issues. Successful
exploitation of ...)
+ TODO: check
+CVE-2022-48352 (Some smartphones have data initialization issues. Successful
exploitat ...)
+ TODO: check
+CVE-2022-48351 (The secure OS module has configuration defects. Successful
exploitatio ...)
+ TODO: check
+CVE-2022-48350 (The HUAWEI Messaging app has a vulnerability of unauthorized
file acce ...)
+ TODO: check
+CVE-2022-48349 (The control component has a spoofing vulnerability. Successful
exploit ...)
+ TODO: check
+CVE-2022-48348 (The MediaProvider module has a vulnerability of unauthorized
data read ...)
+ TODO: check
+CVE-2022-48347 (The MediaProvider module has a vulnerability in permission
verificatio ...)
+ TODO: check
+CVE-2022-48346 (The HwContacts module has a logic bypass vulnerability.
Successful exp ...)
+ TODO: check
CVE-2020-36662
RESERVED
CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found
in UpTh ...)
@@ -7082,8 +7096,8 @@ CVE-2023-26495
RESERVED
CVE-2023-26494
RESERVED
-CVE-2023-26493
- RESERVED
+CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D &
3D real ...)
+ TODO: check
CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
NOT-FOR-US: Directus
CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator.
When the U ...)
@@ -8752,8 +8766,8 @@ CVE-2021-46874
RESERVED
CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict
upload of fil ...)
TODO: check
-CVE-2023-25908
- RESERVED
+CVE-2023-25908 (Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and
earlier) ...)
+ TODO: check
CVE-2023-25907
RESERVED
CVE-2023-25906
@@ -8812,38 +8826,38 @@ CVE-2023-25880
RESERVED
CVE-2023-25879
RESERVED
-CVE-2023-25878
- RESERVED
-CVE-2023-25877
- RESERVED
-CVE-2023-25876
- RESERVED
-CVE-2023-25875
- RESERVED
-CVE-2023-25874
- RESERVED
-CVE-2023-25873
- RESERVED
-CVE-2023-25872
- RESERVED
-CVE-2023-25871
- RESERVED
-CVE-2023-25870
- RESERVED
-CVE-2023-25869
- RESERVED
-CVE-2023-25868
- RESERVED
-CVE-2023-25867
- RESERVED
-CVE-2023-25866
- RESERVED
-CVE-2023-25865
- RESERVED
-CVE-2023-25864
- RESERVED
-CVE-2023-25863
- RESERVED
+CVE-2023-25878 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25877 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25876 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25875 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25874 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25873 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25872 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25871 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25870 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25869 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25868 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25867 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25866 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25865 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25864 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
+CVE-2023-25863 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are
affected by ...)
+ TODO: check
CVE-2023-25862 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and
earlier) are ...)
NOT-FOR-US: Adobe
CVE-2023-25861 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and
earlier) are ...)
@@ -8948,10 +8962,10 @@ CVE-2023-25820 (Nextcloud Server is the file server
software for Nextcloud, a se
- nextcloud-server <itp> (bug #941708)
CVE-2023-25819 (Discourse is an open source platform for community discussion.
Tags th ...)
NOT-FOR-US: Discourse
-CVE-2023-25818
- RESERVED
-CVE-2023-25817
- RESERVED
+CVE-2023-25818 (Nextcloud server is an open source, personal cloud
implementation. In ...)
+ TODO: check
+CVE-2023-25817 (Nextcloud server is an open source, personal cloud
implementation. In ...)
+ TODO: check
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions
25.0.0 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25815
@@ -9608,8 +9622,7 @@ CVE-2023-0780 (Improper Restriction of Rendered UI Layers
or Frames in GitHub re
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-0779
RESERVED
-CVE-2023-0778
- RESERVED
+CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman.
This is ...)
- libpod <unfixed> (bug #1032099)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256
NOTE:
https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8
@@ -9659,8 +9672,8 @@ CVE-2023-25663 (TensorFlow is an open source platform for
machine learning. Prio
- tensorflow <itp> (bug #804612)
CVE-2023-25662 (TensorFlow is an open source platform for machine learning.
Versions p ...)
- tensorflow <itp> (bug #804612)
-CVE-2023-25661
- RESERVED
+CVE-2023-25661 (TensorFlow is an Open Source Machine Learning Framework. In
versions p ...)
+ TODO: check
CVE-2023-25660 (TensorFlow is an open source platform for machine learning.
Prior to v ...)
- tensorflow <itp> (bug #804612)
CVE-2023-25659 (TensorFlow is an open source platform for machine learning.
Prior to v ...)
@@ -10731,12 +10744,12 @@ CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is
vulnerable to Directory Traversa
NOT-FOR-US: Docmosis Tornado
CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version
2.9.5. An ...)
NOT-FOR-US: Docmosis Tornado
-CVE-2023-25263
- RESERVED
-CVE-2023-25262
- RESERVED
-CVE-2023-25261
- RESERVED
+CVE-2023-25263 (In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once
an attac ...)
+ TODO: check
+CVE-2023-25262 (Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is
vulnerable to Se ...)
+ TODO: check
+CVE-2023-25261 (Certain Stimulsoft GmbH products are affected by: Remote Code
Executio ...)
+ TODO: check
CVE-2023-25260
RESERVED
CVE-2023-25259
@@ -12486,8 +12499,8 @@ CVE-2022-48293 (The Bluetooth module has an OOM
vulnerability. Successful exploi
NOT-FOR-US: Huawei
CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability.
Success ...)
NOT-FOR-US: Huawei
-CVE-2022-48291
- RESERVED
+CVE-2022-48291 (The Bluetooth module has an authentication bypass
vulnerability in the ...)
+ TODO: check
CVE-2022-48290 (The phone-PC collaboration module has a logic bypass
vulnerability. Su ...)
NOT-FOR-US: Huawei
CVE-2022-48289 (The bundle management module lacks authentication and control
mechanis ...)
@@ -12882,8 +12895,7 @@ CVE-2023-0496 (The HT Event WordPress plugin before
1.4.6 does not have CSRF che
NOT-FOR-US: WordPress plugin
CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does
not hav ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses]
- RESERVED
+CVE-2023-0494 (A vulnerability was found in X.Org. This issue occurs due to a
danglin ...)
{DSA-5342-1 DLA-3310-1}
- xorg-server 2:21.1.7-1 (bug #1030777)
- xwayland 2:22.1.8-1
@@ -13345,8 +13357,8 @@ CVE-2023-24368 (** DISPUTED ** Incorrect access control
in Temenos T24 Release 2
NOT-FOR-US: Temenos
CVE-2023-24367 (Temenos T24 Release 20 was discovered to contain a reflected
cross-sit ...)
NOT-FOR-US: Tenemos
-CVE-2023-24366
- RESERVED
+CVE-2023-24366 (An arbitrary file download vulnerability in rConfig v6.8.0
allows atta ...)
+ TODO: check
CVE-2023-24365
RESERVED
CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was
discovered to ...)
@@ -15423,8 +15435,8 @@ CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7
does not have adequate p
NOT-FOR-US: WordPress plugin
CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has
been class ...)
NOT-FOR-US: saemorris TheRadSystem
-CVE-2023-0326
- RESERVED
+CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner
affecting all ...)
+ TODO: check
CVE-2023-0325
RESERVED
CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours &
Travels ...)
@@ -16011,8 +16023,8 @@ CVE-2023-0243 (A vulnerability classified as critical
has been found in TuziCMS
NOT-FOR-US: TuziCMS
CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different
privileg ...)
NOT-FOR-US: Rapid7
-CVE-2023-0241
- RESERVED
+CVE-2023-0241 (pgAdmin 4 versions prior to v6.19 contains a directory
traversal vulne ...)
+ TODO: check
CVE-2023-0240 (There is a logic error in io_uring's implementation which can
be used ...)
{DLA-3349-1}
- linux 5.14.6-1
@@ -16319,8 +16331,8 @@ CVE-2023-23332
RESERVED
CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL
Injectio ...)
NOT-FOR-US: Amano Xoffice
-CVE-2023-23330
- RESERVED
+CVE-2023-23330 (amano Xparc parking solutions 7.1.3879 was discovered to be
vulnerable ...)
+ TODO: check
CVE-2023-23329
RESERVED
CVE-2023-23328 (A File Upload vulnerability exists in AvantFAX 3.3.7. An
authenticated ...)
@@ -17328,8 +17340,7 @@ CVE-2023-0181
RESERVED
CVE-2023-0180
RESERVED
-CVE-2023-0179 [netfilter: nft_payload: incorrect arithmetics when fetching
VLAN header bits]
- RESERVED
+CVE-2023-0179 (A buffer overflow vulnerability was found in the Netfilter
subsystem i ...)
{DSA-5324-1 DLA-3349-1}
- linux 6.1.7-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -17409,8 +17420,7 @@ CVE-2023-22909 (An issue was discovered in MediaWiki
before 1.35.9, 1.36.x throu
NOT-FOR-US: MediaWiki extension MobileFrontend
CVE-2023-22908
RESERVED
-CVE-2023-0210
- RESERVED
+CVE-2023-0210 (A bug affects the Linux kernel’s ksmbd NTLMv2
authentication and ...)
- linux 6.1.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -18654,7 +18664,7 @@ CVE-2023-22610 (A CWE-285: Improper Authorization
vulnerability exists that coul
CVE-2023-22609
REJECTED
CVE-2023-22608
- RESERVED
+ REJECTED
- binutils 2.40-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29936
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09
(binutils-2_40)
@@ -21543,16 +21553,16 @@ CVE-2023-22253 (Experience Manager versions 6.5.15.0
(and earlier) are affected
NOT-FOR-US: Adobe
CVE-2023-22252 (Experience Manager versions 6.5.15.0 (and earlier) are
affected by a r ...)
NOT-FOR-US: Adobe
-CVE-2023-22251
- RESERVED
-CVE-2023-22250
- RESERVED
-CVE-2023-22249
- RESERVED
+CVE-2023-22251 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1
(and earli ...)
+ TODO: check
+CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1
(and earli ...)
+ TODO: check
+CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1
(and earli ...)
+ TODO: check
CVE-2023-22248
RESERVED
-CVE-2023-22247
- RESERVED
+CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1
(and earli ...)
+ TODO: check
CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and
earlier) a ...)
NOT-FOR-US: Adobe
CVE-2023-22245
@@ -26193,10 +26203,10 @@ CVE-2022-46287 (Cross-site scripting vulnerability in
DENSHI NYUSATSU CORE SYSTE
NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM
CVE-2022-41993 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE
SYSTEM v6 R ...)
NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM
-CVE-2022-46416
- RESERVED
-CVE-2022-46415
- RESERVED
+CVE-2022-46416 (Parrot Bebop 4.7.1. allows remote attackers to prevent
legitimate term ...)
+ TODO: check
+CVE-2022-46415 (DJI Spark 01.00.0900 allows remote attackers to prevent
legitimate ter ...)
+ TODO: check
CVE-2022-46414 (An issue was discovered in Veritas NetBackup Flex Scale
through 3.0 an ...)
NOT-FOR-US: Veritas
CVE-2022-46413 (An issue was discovered in Veritas NetBackup Flex Scale
through 3.0 an ...)
@@ -28083,8 +28093,8 @@ CVE-2022-45827
RESERVED
CVE-2022-45826
RESERVED
-CVE-2022-45825
- RESERVED
+CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
iThemes ...)
+ TODO: check
CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced
Booking Ca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45823
@@ -32835,8 +32845,8 @@ CVE-2023-20862
RESERVED
CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25,
5.2.0.RELE ...)
TODO: check
-CVE-2023-20860
- RESERVED
+CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 -
5.3.25 using ...)
+ TODO: check
CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions
2.3.x prio ...)
TODO: check
CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x
prior to 8 ...)
@@ -40431,8 +40441,8 @@ CVE-2022-42449
RESERVED
CVE-2022-42448
RESERVED
-CVE-2022-42447
- RESERVED
+CVE-2022-42447 (HCL Compass is vulnerable to Cross-Origin Resource Sharing
(CORS). Thi ...)
+ TODO: check
CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by
default. Aft ...)
NOT-FOR-US: HCL
CVE-2022-42445 (HCL Launch could allow a user with administrative privileges,
includin ...)
@@ -45373,127 +45383,127 @@ CVE-2022-40603 (A cross-site scripting (XSS)
vulnerability in the CGI program of
CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to
V1.00(ABLG ...)
NOT-FOR-US: Zyxel
CVE-2022-40601
- RESERVED
+ REJECTED
CVE-2022-40600
- RESERVED
+ REJECTED
CVE-2022-40599
- RESERVED
+ REJECTED
CVE-2022-40598
- RESERVED
+ REJECTED
CVE-2022-40597
- RESERVED
+ REJECTED
CVE-2022-40596
- RESERVED
+ REJECTED
CVE-2022-40595
- RESERVED
+ REJECTED
CVE-2022-40594
- RESERVED
+ REJECTED
CVE-2022-40593
- RESERVED
+ REJECTED
CVE-2022-40592
- RESERVED
+ REJECTED
CVE-2022-40591
- RESERVED
+ REJECTED
CVE-2022-40590
- RESERVED
+ REJECTED
CVE-2022-40589
- RESERVED
+ REJECTED
CVE-2022-40588
- RESERVED
+ REJECTED
CVE-2022-40587
- RESERVED
+ REJECTED
CVE-2022-40586
- RESERVED
+ REJECTED
CVE-2022-40585
- RESERVED
+ REJECTED
CVE-2022-40584
- RESERVED
+ REJECTED
CVE-2022-40583
- RESERVED
+ REJECTED
CVE-2022-40582
- RESERVED
+ REJECTED
CVE-2022-40581
- RESERVED
+ REJECTED
CVE-2022-40580
- RESERVED
+ REJECTED
CVE-2022-40579
- RESERVED
+ REJECTED
CVE-2022-40578
- RESERVED
+ REJECTED
CVE-2022-40577
- RESERVED
+ REJECTED
CVE-2022-40576
- RESERVED
+ REJECTED
CVE-2022-40575
- RESERVED
+ REJECTED
CVE-2022-40574
- RESERVED
+ REJECTED
CVE-2022-40573
- RESERVED
+ REJECTED
CVE-2022-40572
- RESERVED
+ REJECTED
CVE-2022-40571
- RESERVED
+ REJECTED
CVE-2022-40570
- RESERVED
+ REJECTED
CVE-2022-40569
- RESERVED
+ REJECTED
CVE-2022-40568
- RESERVED
+ REJECTED
CVE-2022-40567
- RESERVED
+ REJECTED
CVE-2022-40566
- RESERVED
+ REJECTED
CVE-2022-40565
- RESERVED
+ REJECTED
CVE-2022-40564
- RESERVED
+ REJECTED
CVE-2022-40563
- RESERVED
+ REJECTED
CVE-2022-40562
- RESERVED
+ REJECTED
CVE-2022-40561
- RESERVED
+ REJECTED
CVE-2022-40560
- RESERVED
+ REJECTED
CVE-2022-40559
- RESERVED
+ REJECTED
CVE-2022-40558
- RESERVED
+ REJECTED
CVE-2022-40557
- RESERVED
+ REJECTED
CVE-2022-40556
- RESERVED
+ REJECTED
CVE-2022-40555
- RESERVED
+ REJECTED
CVE-2022-40554
- RESERVED
+ REJECTED
CVE-2022-40553
- RESERVED
+ REJECTED
CVE-2022-40552
- RESERVED
+ REJECTED
CVE-2022-40551
- RESERVED
+ REJECTED
CVE-2022-40550
- RESERVED
+ REJECTED
CVE-2022-40549
- RESERVED
+ REJECTED
CVE-2022-40548
- RESERVED
+ REJECTED
CVE-2022-40547
- RESERVED
+ REJECTED
CVE-2022-40546
- RESERVED
+ REJECTED
CVE-2022-40545
- RESERVED
+ REJECTED
CVE-2022-40544
- RESERVED
+ REJECTED
CVE-2022-40543
- RESERVED
+ REJECTED
CVE-2022-40542
- RESERVED
+ REJECTED
CVE-2022-40541
- RESERVED
+ REJECTED
CVE-2022-40540 (Memory corruption due to buffer copy without checking the size
of inpu ...)
NOT-FOR-US: Qualcomm
CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper
validation ...)
@@ -47255,8 +47265,8 @@ CVE-2022-39799 (An attacker with no prior
authentication could craft and send ma
NOT-FOR-US: SAP
CVE-2022-3117
REJECTED
-CVE-2022-3116
- RESERVED
+CVE-2022-3116 (The Heimdal Software Kerberos 5 implementation is vulnerable to
a null ...)
+ TODO: check
CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6.
malidp_c ...)
- linux 5.18.5-1
[bullseye] - linux 5.10.127-1
@@ -61224,8 +61234,7 @@ CVE-2022-2239 (The Request a Quote WordPress plugin
through 2.3.7 does not sanit
NOT-FOR-US: WordPress plugin
CVE-2022-2238 (A vulnerability was found in the search-api container in Red
Hat Advan ...)
NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 /
Stolostron
-CVE-2022-2237
- RESERVED
+CVE-2022-2237 (A flaw was found in the Keycloak Node.js Adapter. This flaw
allows an ...)
NOT-FOR-US: Keycloak
CVE-2022-2236
RESERVED
@@ -110013,8 +110022,7 @@ CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0
allows attackers to achieve rem
NOT-FOR-US: ChurchInfo
CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of
MantisBT ...)
- mantis <removed>
-CVE-2021-3923
- RESERVED
+CVE-2021-3923 (A flaw was found in the Linux kernel's implementation of RDMA
over inf ...)
- linux 5.15.15-1
[bullseye] - linux 5.10.92-1
[buster] - linux 4.19.232-1
@@ -171515,7 +171523,8 @@ CVE-2021-20326 (A user authorized to performing a
specific type of find query ma
CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the
versions of ...)
- apache2 <not-affected> (Red Hat RHEL 8 specifc regression of
CVE-2021-40438 and CVE-2021-26691)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
-CVE-2021-20324 (A flaw was found in WildFly Elytron. A variation to the use of
a sessi ...)
+CVE-2021-20324
+ REJECTED
NOT-FOR-US: WildFly Elytron
CVE-2021-20323 (A POST based reflected Cross Site Scripting vulnerability on
has been ...)
NOT-FOR-US: Keycloak
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49b3767a97813d17875235cae51287015c727bbf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49b3767a97813d17875235cae51287015c727bbf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
