Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
50ddda23 by security tracker role at 2023-04-24T08:10:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2023-31103
+ RESERVED
+CVE-2023-31102
+ RESERVED
+CVE-2023-31101
+ RESERVED
+CVE-2023-31100
+ RESERVED
+CVE-2023-31099
+ RESERVED
+CVE-2023-31098
+ RESERVED
+CVE-2023-31097
+ RESERVED
+CVE-2023-31096
+ RESERVED
+CVE-2023-31095
+ RESERVED
+CVE-2023-31094
+ RESERVED
+CVE-2023-31093
+ RESERVED
+CVE-2023-31092
+ RESERVED
+CVE-2023-31091
+ RESERVED
+CVE-2023-31090
+ RESERVED
+CVE-2023-31089
+ RESERVED
+CVE-2023-31088
+ RESERVED
+CVE-2023-31087
+ RESERVED
+CVE-2023-31086
+ RESERVED
+CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux
kernel ...)
+ TODO: check
+CVE-2023-31084 (An issue was discovered in
drivers/media/dvb-core/dvb_frontend.c in th ...)
+ TODO: check
+CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in
the Linux ...)
+ TODO: check
+CVE-2023-31082 (An issue was discovered in drivers/tty/n_gsm.c in the Linux
kernel 6.2 ...)
+ TODO: check
+CVE-2023-31081 (An issue was discovered in
drivers/media/test-drivers/vidtv/vidtv_brid ...)
+ TODO: check
+CVE-2023-31080
+ RESERVED
+CVE-2023-31079
+ RESERVED
+CVE-2023-31078
+ RESERVED
+CVE-2023-31077
+ RESERVED
+CVE-2023-31076
+ RESERVED
+CVE-2023-31075
+ RESERVED
+CVE-2023-31074
+ RESERVED
+CVE-2023-31073
+ RESERVED
+CVE-2023-31072
+ RESERVED
+CVE-2023-31071
+ RESERVED
+CVE-2023-31070
+ RESERVED
+CVE-2023-31069
+ RESERVED
+CVE-2023-31068
+ RESERVED
+CVE-2023-31067
+ RESERVED
+CVE-2023-31066
+ RESERVED
+CVE-2023-31065
+ RESERVED
+CVE-2023-31064
+ RESERVED
+CVE-2023-31063
+ RESERVED
+CVE-2023-31062
+ RESERVED
+CVE-2023-31061 (Repetier Server through 1.4.10 does not have CSRF protection.
...)
+ TODO: check
+CVE-2023-31060 (Repetier Server through 1.4.10 executes as SYSTEM. This can be
leverag ...)
+ TODO: check
+CVE-2023-31059 (Repetier Server through 1.4.10 allows ..%5c directory
traversal for re ...)
+ TODO: check
+CVE-2023-31058
+ RESERVED
+CVE-2023-31057
+ RESERVED
+CVE-2023-31056 (CloverDX before 5.17.3 writes passwords to the audit log in
certain si ...)
+ TODO: check
+CVE-2023-31055
+ RESERVED
+CVE-2023-31054
+ RESERVED
+CVE-2023-31053
+ RESERVED
+CVE-2023-31052
+ RESERVED
+CVE-2023-31051
+ RESERVED
+CVE-2023-31050
+ RESERVED
+CVE-2023-31049
+ RESERVED
+CVE-2023-31048
+ RESERVED
+CVE-2023-31047
+ RESERVED
+CVE-2023-31046
+ RESERVED
+CVE-2023-31045
+ RESERVED
+CVE-2023-31044
+ RESERVED
+CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0
logs un ...)
+ TODO: check
+CVE-2023-2247
+ RESERVED
CVE-2023-31042
RESERVED
CVE-2023-31041
@@ -8731,8 +8855,8 @@ CVE-2023-28133
RESERVED
CVE-2023-28132
RESERVED
-CVE-2023-28131
- RESERVED
+CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to
take ov ...)
+ TODO: check
CVE-2023-28130
RESERVED
CVE-2023-28129
@@ -19771,6 +19895,7 @@ CVE-2023-24293
CVE-2023-24292
RESERVED
CVE-2023-24291 [A crafted save file can cause a buffer overrun in Simon
Tatham's Portable Puzzle Collection]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
@@ -19779,26 +19904,32 @@ CVE-2023-24290
CVE-2023-24289
RESERVED
CVE-2023-24288 [A crafted save file can cause a buffer overrun in Simon
Tatham's Portable Puzzle Collection]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
CVE-2023-24287 [A crafted save file can cause a buffer overrun in the Undead
puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
CVE-2023-24286 [A crafted save file can cause a buffer overrun in the Mosaic
puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <not-affected> (Vulnerable code introduced
later)
[buster] - sgt-puzzles <not-affected> (Vulnerable code introduced later)
CVE-2023-24285 [A crafted save file can cause a buffer overrun in the Netslide
puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
CVE-2023-24284 [A crafted save file can cause a buffer overrun in the Guess
puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
CVE-2023-24283 [A crafted save file can cause a buffer overrun in the Guess
puzzle]
+ RESERVED
- sgt-puzzles 20230122.806ae71-1 (bug #1028986)
[bullseye] - sgt-puzzles <no-dsa> (Minor issue)
[buster] - sgt-puzzles <no-dsa> (Minor issue)
@@ -21251,8 +21382,8 @@ CVE-2023-0343 (Akuvox E11 contains a function that
encrypts messages which are t
NOT-FOR-US: Akuvox E11
CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated
as critic ...)
NOT-FOR-US: frioux ptome
-CVE-2023-23753
- RESERVED
+CVE-2023-23753 (The 'Visforms Base Package for Joomla 3' extension is
vulnerable to SQ ...)
+ TODO: check
CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An
improper ac ...)
NOT-FOR-US: Joomla!
CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A
missing ACL ...)
@@ -58035,6 +58166,7 @@ CVE-2022-38369 (Apache IoTDB version 0.13.0 is
vulnerable by session id attack.
CVE-2022-2851
RESERVED
CVE-2022-2850 (A flaw was found In 389-ds-base. When the Content
Synchronization plug ...)
+ {DLA-3399-1}
- 389-ds-base 2.3.1-1 (bug #1018054)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2118691
NOTE:
https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979
@@ -89578,6 +89710,7 @@ CVE-2022-0998 (An integer overflow flaw was found in
the Linux kernel’s vi
CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and
Sensor co ...)
NOT-FOR-US: Fidelis
CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that
allows expi ...)
+ {DLA-3399-1}
- 389-ds-base 2.0.15-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769
NOTE: https://github.com/389ds/389-ds-base/issues/5221
@@ -90689,6 +90822,7 @@ CVE-2022-0920 (The Salon booking system Free and Pro
WordPress plugins before 7.
CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before
7.6.3 d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that
allows ...)
+ {DLA-3399-1}
- 389-ds-base 2.0.15-1.1 (bug #1016445)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815
NOTE: https://github.com/389ds/389-ds-base/issues/5242
@@ -110709,6 +110843,7 @@ CVE-2021-4093 (A flaw was found in the KVM's AMD code
for supporting the Secure
CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
...)
NOT-FOR-US: yetiforcecrm
CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual
attribu ...)
+ {DLA-3399-1}
- 389-ds-base 2.0.15-1
[stretch] - 389-ds-base <not-affected> (Vulnerable code introduced
later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
@@ -135603,6 +135738,7 @@ CVE-2021-36769 (A reordering issue exists in Telegram
before 7.8.1 for Android,
CVE-2021-36768
RESERVED
CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as
passwor ...)
+ {DLA-3399-1}
- 389-ds-base 1.4.4.17-1 (bug #991405)
[bullseye] - 389-ds-base <no-dsa> (Minor issue)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
@@ -148054,6 +148190,7 @@ CVE-2021-3515 (A shell injection flaw was found in
pglogical in versions before
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112
NOTE:
https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated
attacke ...)
+ {DLA-3399-1}
- 389-ds-base 1.4.4.11-2 (bug #988727)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://github.com/389ds/389-ds-base/issues/4711
@@ -273750,7 +273887,7 @@ CVE-2019-14826 (A flaw was found in FreeIPA versions
4.5.0 and later. Session co
CVE-2019-14825 (A cleartext password storage issue was discovered in Katello,
versions ...)
NOT-FOR-US: Katello
CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it
could u ...)
- {DLA-2004-1}
+ {DLA-3399-1 DLA-2004-1}
- 389-ds-base 1.4.2.4-1 (bug #944150)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448
@@ -288156,6 +288293,7 @@ CVE-2019-10226 (HTML Injection has been discovered in
the v0.19.0 version of the
CVE-2019-10225 (A flaw was found in atomic-openshift of openshift-4.2 where
the basic- ...)
NOT-FOR-US: OpenShift
CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before
1.4.1.3. ...)
+ {DLA-3399-1}
- 389-ds-base 1.4.1.5-1
[stretch] - 389-ds-base <not-affected> (vulnerable code not present)
[jessie] - 389-ds-base <not-affected> (vulnerable code not present)
@@ -305547,7 +305685,7 @@ CVE-2019-3885 (A use-after-free flaw was found in
pacemaker up to and including
CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of
atomic-o ...)
NOT-FOR-US: atomic-openshift
CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by
workers ...)
- {DLA-1779-1}
+ {DLA-3399-1 DLA-1779-1}
- 389-ds-base 1.4.1.5-1 (bug #927939)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50ddda23ed5e7c7ce241a1b796c2d35feec7e4b0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50ddda23ed5e7c7ce241a1b796c2d35feec7e4b0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
