Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a0e0a4df by security tracker role at 2023-03-30T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,119 @@
+CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code,
as explo ...)
+ TODO: check
+CVE-2023-29058
+ RESERVED
+CVE-2023-29057
+ RESERVED
+CVE-2023-29056
+ RESERVED
+CVE-2023-29055
+ RESERVED
+CVE-2023-29054
+ RESERVED
+CVE-2023-29053
+ RESERVED
+CVE-2023-29052
+ RESERVED
+CVE-2023-29051
+ RESERVED
+CVE-2023-29050
+ RESERVED
+CVE-2023-29049
+ RESERVED
+CVE-2023-29048
+ RESERVED
+CVE-2023-29047
+ RESERVED
+CVE-2023-29046
+ RESERVED
+CVE-2023-29045
+ RESERVED
+CVE-2023-29044
+ RESERVED
+CVE-2023-29043
+ RESERVED
+CVE-2023-29042
+ RESERVED
+CVE-2023-29041
+ RESERVED
+CVE-2023-29040
+ RESERVED
+CVE-2023-29039
+ RESERVED
+CVE-2023-29038
+ RESERVED
+CVE-2023-29037
+ RESERVED
+CVE-2023-29036
+ RESERVED
+CVE-2023-29035
+ RESERVED
+CVE-2023-29034
+ RESERVED
+CVE-2023-29033
+ RESERVED
+CVE-2023-1741
+ RESERVED
+CVE-2023-1740
+ RESERVED
+CVE-2023-1739
+ RESERVED
+CVE-2023-1738
+ RESERVED
+CVE-2023-1737
+ RESERVED
+CVE-2023-1736
+ RESERVED
+CVE-2023-1735
+ RESERVED
+CVE-2023-1734 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-1733
+ RESERVED
+CVE-2023-1732
+ RESERVED
+CVE-2023-1731
+ RESERVED
+CVE-2023-1730
+ RESERVED
+CVE-2023-1729
+ RESERVED
+CVE-2023-1728
+ RESERVED
+CVE-2023-1727
+ RESERVED
+CVE-2023-1726
+ RESERVED
+CVE-2023-1725 (Server-Side Request Forgery (SSRF) vulnerability in Infoline
Project M ...)
+ TODO: check
+CVE-2023-1724
+ RESERVED
+CVE-2023-1723
+ RESERVED
+CVE-2023-1722
+ RESERVED
+CVE-2023-1721
+ RESERVED
+CVE-2023-1720
+ RESERVED
+CVE-2023-1719
+ RESERVED
+CVE-2023-1718
+ RESERVED
+CVE-2023-1717
+ RESERVED
+CVE-2023-1716
+ RESERVED
+CVE-2023-1715
+ RESERVED
+CVE-2023-1714
+ RESERVED
+CVE-2023-1713
+ RESERVED
+CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub
repository de ...)
+ TODO: check
+CVE-2023-1711
+ RESERVED
CVE-2023-29032
RESERVED
CVE-2023-29031
@@ -168,8 +284,8 @@ CVE-2023-1701 (Cross-site Scripting (XSS) - Reflected in
GitHub repository pimco
NOT-FOR-US: pimcore
CVE-2023-1700
RESERVED
-CVE-2023-1699
- RESERVED
+CVE-2023-1699 (Rapid7 Nexpose versions 6.6.186 and below suffer from a forced
browsin ...)
+ TODO: check
CVE-2023-1698
RESERVED
CVE-2023-1697
@@ -300,8 +416,8 @@ CVE-2023-1673
RESERVED
CVE-2023-28936
RESERVED
-CVE-2023-28935
- RESERVED
+CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Special Ele ...)
+ TODO: check
CVE-2023-28744
RESERVED
CVE-2023-1672
@@ -637,12 +753,12 @@ CVE-2023-28837
RESERVED
CVE-2023-28836
RESERVED
-CVE-2023-28835
- RESERVED
+CVE-2023-28835 (Nextcloud server is an open source home cloud implementation.
In affec ...)
+ TODO: check
CVE-2023-28834
RESERVED
-CVE-2023-28833
- RESERVED
+CVE-2023-28833 (Nextcloud server is an open source home cloud implementation.
In affec ...)
+ TODO: check
CVE-2023-28832
RESERVED
CVE-2023-28831
@@ -929,12 +1045,12 @@ CVE-2023-28735
RESERVED
CVE-2023-28734
RESERVED
-CVE-2023-28733
- RESERVED
-CVE-2023-28732
- RESERVED
-CVE-2023-28731
- RESERVED
+CVE-2023-28733 (AnyMailing Joomla Plugin is vulnerable to stored cross site
scripting ...)
+ TODO: check
+CVE-2023-28732 (Missing access control in AnyMailing Joomla Plugin allows to
list and ...)
+ TODO: check
+CVE-2023-28731 (AnyMailing Joomla Plugin is vulnerable to unauthenticated
remote code ...)
+ TODO: check
CVE-2023-27882
RESERVED
CVE-2023-1583 (A NULL pointer dereference was found in io_file_bitmap_get in
io_uring ...)
@@ -1254,16 +1370,16 @@ CVE-2023-28652 (An authenticated malicious user could
successfully upload a mali
NOT-FOR-US: SAUTER
CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious
link and ...)
NOT-FOR-US: SAUTER
-CVE-2023-28647
- RESERVED
-CVE-2023-28646
- RESERVED
+CVE-2023-28647 (Nextcloud iOS is an ios application used to interface with the
nextclo ...)
+ TODO: check
+CVE-2023-28646 (Nextcloud android is an android app for interfacing with the
nextcloud ...)
+ TODO: check
CVE-2023-28645
RESERVED
-CVE-2023-28644
- RESERVED
-CVE-2023-28643
- RESERVED
+CVE-2023-28644 (Nextcloud server is an open source home cloud implementation.
In relea ...)
+ TODO: check
+CVE-2023-28643 (Nextcloud server is an open source home cloud implementation.
In affec ...)
+ TODO: check
CVE-2023-28642 (runc is a CLI tool for spawning and running containers
according to th ...)
{DLA-3369-1}
- runc 1.1.5+ds1-1
@@ -2880,6 +2996,7 @@ CVE-2023-1372 (The WH Testimonials plugin for WordPress
is vulnerable to Stored
CVE-2023-1371
RESERVED
CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a
performance f ...)
+ {DLA-3373-1}
- json-smart <unfixed> (bug #1033474)
[bullseye] - json-smart <no-dsa> (Minor issue)
NOTE:
https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/
@@ -3875,8 +3992,8 @@ CVE-2023-27854
RESERVED
CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and
prior ve ...)
NOT-FOR-US: OpenHarmony
-CVE-2023-25076
- RESERVED
+CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of
wildcard bac ...)
+ TODO: check
CVE-2023-24465 (Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and
prior vers ...)
NOT-FOR-US: OpenHarmony
CVE-2023-1246 (Files or Directories Accessible to External Parties
vulnerability in S ...)
@@ -7396,10 +7513,10 @@ CVE-2023-1016
RESERVED
CVE-2023-1015 (This CVE ID has been rejected or withdrawn by its CVE Numbering
Author ...)
NOT-FOR-US: Rejected CVE
-CVE-2023-1014
- RESERVED
-CVE-2023-1013
- RESERVED
+CVE-2023-1014 (Improper Protection for Outbound Error Messages and Alert
Signals vuln ...)
+ TODO: check
+CVE-2023-1013 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
CVE-2023-1012
RESERVED
CVE-2023-1011
@@ -7490,8 +7607,8 @@ CVE-2023-26484 (KubeVirt is a virtual machine management
add-on for Kubernetes.
NOT-FOR-US: KubeVirt
CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service
Provider ...)
- golang-github-russellhaering-gosaml2 <itp> (bug #948190)
-CVE-2023-26482
- RESERVED
+CVE-2023-26482 (Nextcloud server is an open source home cloud implementation.
In affec ...)
+ TODO: check
CVE-2023-26481 (authentik is an open-source Identity Provider. Due to an
insufficient ...)
NOT-FOR-US: authentik
CVE-2023-26480 (XWiki Platform is a generic wiki platform. Starting in version
12.10, ...)
@@ -11700,8 +11817,8 @@ CVE-2023-25042
RESERVED
CVE-2023-25041
RESERVED
-CVE-2023-25040
- RESERVED
+CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-25039
RESERVED
CVE-2023-25038
@@ -13198,12 +13315,12 @@ CVE-2023-24532 (The ScalarMult and ScalarBaseMult
methods of the P256 Curve may
NOTE:
https://github.com/golang/go/commit/639b67ed114151c0d786aa26e7faeab942400703
(go1.19.7)
CVE-2023-24531
RESERVED
-CVE-2023-24473
- RESERVED
-CVE-2023-24472
- RESERVED
-CVE-2023-22845
- RESERVED
+CVE-2023-24473 (An information disclosure vulnerability exists in the
TGAInput::read_t ...)
+ TODO: check
+CVE-2023-24472 (A denial of service vulnerability exists in the
FitsOutput::close() fu ...)
+ TODO: check
+CVE-2023-22845 (An out-of-bounds read vulnerability exists in the
TGAInput::decode_pix ...)
+ TODO: check
CVE-2023-0509 (Improper Certificate Validation in GitHub repository
pyload/pyload pri ...)
- pyload <itp> (bug #1001980)
CVE-2023-0508
@@ -13635,8 +13752,8 @@ CVE-2023-24401
RESERVED
CVE-2023-24400
RESERVED
-CVE-2023-24399
- RESERVED
+CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-24398
RESERVED
CVE-2023-24397
@@ -15560,20 +15677,20 @@ CVE-2023-23683
RESERVED
CVE-2023-23682
RESERVED
-CVE-2023-23681
- RESERVED
+CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23680
RESERVED
CVE-2023-23679
RESERVED
CVE-2023-23678
RESERVED
-CVE-2023-23677
- RESERVED
+CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix
GTmetri ...)
+ TODO: check
CVE-2023-23676
RESERVED
-CVE-2023-23675
- RESERVED
+CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Catc ...)
+ TODO: check
CVE-2023-23674
RESERVED
CVE-2023-23673
@@ -15582,8 +15699,8 @@ CVE-2023-23672
RESERVED
CVE-2023-23671
RESERVED
-CVE-2023-23670
- RESERVED
+CVE-2023-23670 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Team ...)
+ TODO: check
CVE-2023-23669
RESERVED
CVE-2023-23668
@@ -26076,8 +26193,8 @@ CVE-2022-43666
RESERVED
CVE-2022-43496
RESERVED
-CVE-2022-43473
- RESERVED
+CVE-2022-43473 (A blind XML External Entity (XXE) vulnerability exists in the
Add UCS ...)
+ TODO: check
CVE-2022-4295 (The Show All Comments WordPress plugin before 7.0.1 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46644
@@ -63074,7 +63191,7 @@ CVE-2022-2180 (The GREYD.SUITE WordPress theme does not
properly validate upload
NOT-FOR-US: WordPress theme
CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix
1100/1400 ...)
NOT-FOR-US: Rockwell
-CVE-2022-2178 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+CVE-2022-2178 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Saysis Computer Starcities
CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL
Injectio ...)
NOT-FOR-US: Kayrasoft
@@ -73989,10 +74106,10 @@ CVE-2022-30353
RESERVED
CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to
insufficient sanit ...)
NOT-FOR-US: phpABook
-CVE-2022-30351
- RESERVED
-CVE-2022-30350
- RESERVED
+CVE-2022-30351 (PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite
having w ...)
+ TODO: check
+CVE-2022-30350 (Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is
vulnerable t ...)
+ TODO: check
CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting
(XSS). ...)
NOT-FOR-US: siteserver SSCMS
CVE-2022-30348
@@ -87201,6 +87318,7 @@ CVE-2022-21803 (This affects the package nconf before
0.11.4. When using the mem
CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to
Cross-site Script ...)
NOT-FOR-US: grapejs
CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to
Arbitrary ...)
+ {DLA-3193-2}
- joblib 1.2.0-1 (bug #1020820)
[bullseye] - joblib <no-dsa> (Minor issue)
NOTE: https://github.com/joblib/joblib/issues/1128
@@ -94997,8 +95115,8 @@ CVE-2022-23524 (Helm is a tool for managing Charts,
pre-configured Kubernetes re
- helm-kubernetes <itp> (bug #910799)
CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the
offsets an ...)
NOT-FOR-US: Rust crate linux-loader
-CVE-2022-23522
- RESERVED
+CVE-2022-23522 (MindsDB is an open source machine learning platform. An unsafe
extract ...)
+ TODO: check
CVE-2022-23521 (Git is distributed revision control system. gitattributes are
a mechan ...)
{DSA-5332-1 DLA-3282-1}
- git 1:2.39.1-0.1 (bug #1029114)
@@ -142186,6 +142304,7 @@ CVE-2021-31686
CVE-2021-31685
RESERVED
CVE-2021-31684 (A vulnerability was discovered in the indexOf function of
JSONParserBy ...)
+ {DLA-3373-1}
- json-smart <unfixed> (unimportant)
NOTE: https://github.com/netplex/json-smart-v2/issues/67
NOTE:
https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0e0a4df88c401ffbe5fc10c4955fb86e74bf49a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0e0a4df88c401ffbe5fc10c4955fb86e74bf49a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
