Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55b6436d by security tracker role at 2023-03-30T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-29032
+ RESERVED
+CVE-2023-29031
+ RESERVED
+CVE-2023-29030
+ RESERVED
+CVE-2023-29029
+ RESERVED
+CVE-2023-29028
+ RESERVED
+CVE-2023-29027
+ RESERVED
+CVE-2023-29026
+ RESERVED
+CVE-2023-29025
+ RESERVED
+CVE-2023-29024
+ RESERVED
+CVE-2023-29023
+ RESERVED
+CVE-2023-29022
+ RESERVED
+CVE-2023-1710
+ RESERVED
+CVE-2023-1709
+ RESERVED
CVE-2023-29021
RESERVED
CVE-2023-29020
@@ -401,8 +427,8 @@ CVE-2023-1658
RESERVED
CVE-2023-1657
RESERVED
-CVE-2023-1656
- RESERVED
+CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability
in Forge ...)
+ TODO: check
CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.4 ...)
- gpac <unfixed>
[buster] - gpac <end-of-life> (EOL in buster LTS)
@@ -415,8 +441,7 @@ CVE-2023-1654 (Denial of Service in GitHub repository
gpac/gpac prior to 2.4.0.
NOTE:
https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da
CVE-2023-1653
RESERVED
-CVE-2023-1652
- RESERVED
+CVE-2023-1652 (A use-after-free flaw was found in nfsd4_ssc_setup_dul in
fs/nfsd/nfs4 ...)
- linux 6.1.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1637,24 +1662,24 @@ CVE-2023-28511
RESERVED
CVE-2023-28510
RESERVED
-CVE-2023-28509
- RESERVED
-CVE-2023-28508
- RESERVED
-CVE-2023-28507
- RESERVED
-CVE-2023-28506
- RESERVED
-CVE-2023-28505
- RESERVED
-CVE-2023-28504
- RESERVED
-CVE-2023-28503
- RESERVED
-CVE-2023-28502
- RESERVED
-CVE-2023-28501
- RESERVED
+CVE-2023-28509 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
+CVE-2023-28508 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
+CVE-2023-28507 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
+CVE-2023-28506 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
+CVE-2023-28505 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
+CVE-2023-28504 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
+CVE-2023-28503 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
+CVE-2023-28502 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
+CVE-2023-28501 (Rocket Software UniData versions prior to 8.2.4 build 3003 and
UniVers ...)
+ TODO: check
CVE-2023-28500
RESERVED
CVE-2023-28499
@@ -8444,12 +8469,12 @@ CVE-2023-26120
RESERVED
CVE-2023-26119
RESERVED
-CVE-2023-26118
- RESERVED
-CVE-2023-26117
- RESERVED
-CVE-2023-26116
- RESERVED
+CVE-2023-26118 (All versions of the package angular are vulnerable to Regular
Expressi ...)
+ TODO: check
+CVE-2023-26117 (All versions of the package angular are vulnerable to Regular
Expressi ...)
+ TODO: check
+CVE-2023-26116 (All versions of the package angular are vulnerable to Regular
Expressi ...)
+ TODO: check
CVE-2023-26115
RESERVED
CVE-2023-26114 (Versions of the package code-server before 4.10.1 are
vulnerable to Mi ...)
@@ -9442,8 +9467,7 @@ CVE-2023-22379
RESERVED
CVE-2023-22297
RESERVED
-CVE-2023-0836
- RESERVED
+CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy
2.1, 2.2 b ...)
- haproxy 2.6.8-1
NOTE:
https://git.haproxy.org/?p=haproxy.git;a=commit;h=2e6bf0a2722866ae0128a4392fa2375bd1f03ff8
NOTE:
https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=f988992d16f45ef03d5bbb024a1042ed8123e4c5
(v2.6.8)
@@ -11355,10 +11379,9 @@ CVE-2023-0667
RESERVED
CVE-2023-0666
RESERVED
-CVE-2023-0665
- RESERVED
-CVE-2023-0664
- RESERVED
+CVE-2023-0665 (HashiCorp Vault's PKI mount issuer endpoints did not correctly
authori ...)
+ TODO: check
+CVE-2023-0664 (A flaw was found in the QEMU Guest Agent service for Windows. A
local ...)
- qemu <not-affected> (Windows specific issue)
CVE-2023-0663 (A vulnerability was found in Calendar Event Management System
2.3.0. I ...)
NOT-FOR-US: Calendar Event Management System
@@ -11829,10 +11852,10 @@ CVE-2023-0622 (Cscape Envision RV version 4.60 is
vulnerable to an out-of-bounds
NOT-FOR-US: Cscape Envision RV
CVE-2023-0621 (Cscape Envision RV version 4.60 is vulnerable to an
out-of-bounds read ...)
NOT-FOR-US: Cscape Envision RV
-CVE-2023-0620
- RESERVED
-CVE-2023-25000
- RESERVED
+CVE-2023-0620 (HashiCorp Vault and Vault Enterprise versions 0.8.0 through
1.13.1 are ...)
+ TODO: check
+CVE-2023-25000 (HashiCorp Vault's implementation of Shamir's secret sharing
used preco ...)
+ TODO: check
CVE-2023-24999 (HashiCorp Vault and Vault Enterprise’s approle auth
method allow ...)
NOT-FOR-US: Vault
CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number
of requ ...)
@@ -18615,8 +18638,8 @@ CVE-2023-22707 (Auth. (author+) Cross-Site Scripting
(XSS) vulnerability in Wpso
NOT-FOR-US: WordPress plugin
CVE-2023-22706
RESERVED
-CVE-2023-22705
- RESERVED
+CVE-2023-22705 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Collne I ...)
+ TODO: check
CVE-2023-22704 (Reflected Cross-Site Scripting (XSS) vulnerability in Michael
Winkler ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22703
@@ -21793,8 +21816,8 @@ CVE-2022-47604
RESERVED
CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
wpdevart ...)
TODO: check
-CVE-2022-47602
- RESERVED
+CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2022-47601
RESERVED
CVE-2022-47600
@@ -33358,8 +33381,7 @@ CVE-2022-3789 (A vulnerability has been found in Tim
Campus Confession Wall and
NOT-FOR-US: Tim Campus Confession Wall
CVE-2022-3788
REJECTED
-CVE-2022-3787
- RESERVED
+CVE-2022-3787 (A vulnerability was found in the device-mapper-multipath. The
device-m ...)
NOT-FOR-US: Red Hat Enterprise Linux specfic regression for
CVE-2022-41974 update
CVE-2022-3786 (A buffer overrun can be triggered in X.509 certificate
verification, s ...)
- openssl 3.0.7-1
@@ -33820,12 +33842,12 @@ CVE-2022-44372
RESERVED
CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can
cause Rem ...)
NOT-FOR-US: hope-boot
-CVE-2022-44370
- RESERVED
-CVE-2022-44369
- RESERVED
-CVE-2022-44368
- RESERVED
+CVE-2022-44370 (NASM v2.16 was discovered to contain a heap buffer overflow in
the com ...)
+ TODO: check
+CVE-2022-44369 (NASM 2.16 (development) is vulnerable to 476: Null Pointer
Dereference ...)
+ TODO: check
+CVE-2022-44368 (NASM v2.16 was discovered to contain a null pointer deference
in the N ...)
+ TODO: check
CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via
/goform ...)
NOT-FOR-US: Tenda
CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via
/goform ...)
@@ -78897,8 +78919,7 @@ CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in
GitHub repository mruby/mru
NOTE:
https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6
CVE-2022-1275 (The BannerMan WordPress plugin through 0.2.4 does not sanitize
or esca ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-1274
- RESERVED
+CVE-2022-1274 (A flaw was found in Keycloak in the execute-actions-email
endpoint. Th ...)
NOT-FOR-US: Keycloak
CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate
the impo ...)
NOT-FOR-US: WordPress plugin
@@ -117138,8 +117159,8 @@ CVE-2021-41528
RESERVED
CVE-2021-41527
RESERVED
-CVE-2021-41526
- RESERVED
+CVE-2021-41526 (A vulnerability has been reported in the windows installer
(MSI) built ...)
+ TODO: check
CVE-2021-41525 (An issue related to modification of otherwise restricted files
through ...)
NOT-FOR-US: FlexNet
CVE-2021-3821 (A potential security vulnerability has been identified for
certain HP ...)
@@ -215827,8 +215848,8 @@ CVE-2020-14142
RESERVED
CVE-2020-14141
RESERVED
-CVE-2020-14140
- RESERVED
+CVE-2020-14140 (When Xiaomi router firmware is updated in 2020, there is an
unauthenti ...)
+ TODO: check
CVE-2020-14139
RESERVED
CVE-2020-14138
@@ -286616,8 +286637,8 @@ CVE-2019-8965
RESERVED
CVE-2019-8964
RESERVED
-CVE-2019-8963
- RESERVED
+CVE-2019-8963 (A Denial of Service (DoS) vulnerability was discovered in
FlexNet Publ ...)
+ TODO: check
CVE-2019-8962
RESERVED
CVE-2019-8961 (A Denial of Service vulnerability related to stack exhaustion
has been ...)
@@ -397364,8 +397385,8 @@ CVE-2017-6896 (Privilege escalation vulnerability on
the DIGISOL DG-HR1400 1.00.
NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router
CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External
Entity ( ...)
NOT-FOR-US: USB Pratirodh
-CVE-2017-6894
- RESERVED
+CVE-2017-6894 (A vulnerability exists in FlexNet Manager Suite releases 2015
R2 SP3 a ...)
+ TODO: check
CVE-2017-6893
RESERVED
CVE-2017-6892 (In libsndfile version 1.0.28, an error in the
"aiff_read_chanmap()" fu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b6436d73fc06e6f6fb747b9d5c10adbd37f6df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/55b6436d73fc06e6f6fb747b9d5c10adbd37f6df
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
