Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b07be93 by security tracker role at 2023-04-24T20:10:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-31122
+ RESERVED
+CVE-2023-31121
+ RESERVED
+CVE-2023-31120
+ RESERVED
+CVE-2023-31119
+ RESERVED
+CVE-2023-31118
+ RESERVED
+CVE-2023-31117
+ RESERVED
+CVE-2023-31116
+ RESERVED
+CVE-2023-31115
+ RESERVED
+CVE-2023-31114
+ RESERVED
+CVE-2023-31113
+ RESERVED
+CVE-2023-31112
+ RESERVED
+CVE-2023-31111
+ RESERVED
+CVE-2023-31110
+ RESERVED
+CVE-2023-31109
+ RESERVED
+CVE-2023-31108
+ RESERVED
+CVE-2023-31107
+ RESERVED
+CVE-2023-31106
+ RESERVED
+CVE-2023-31105
+ RESERVED
+CVE-2023-31104
+ RESERVED
+CVE-2023-2257 (Authentication Bypass in Hub Business integration in
Devolutions Works ...)
+ TODO: check
+CVE-2023-2256
+ RESERVED
+CVE-2023-2255
+ RESERVED
+CVE-2023-2254
+ RESERVED
+CVE-2023-2253
+ RESERVED
+CVE-2023-2252
+ RESERVED
+CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to
2.2.2. ...)
+ TODO: check
+CVE-2023-2250
+ RESERVED
+CVE-2023-2249
+ RESERVED
+CVE-2023-2248
+ RESERVED
+CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth
Module in ...)
+ TODO: check
+CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the
`resolveResource` ...)
+ TODO: check
CVE-2023-31103
RESERVED
CVE-2023-31102
@@ -119,8 +181,8 @@ CVE-2023-31047
RESERVED
CVE-2023-31046
RESERVED
-CVE-2023-31045
- RESERVED
+CVE-2023-31045 (** DISPUTED ** A stored Cross-site scripting (XSS) issue in
Text Edito ...)
+ TODO: check
CVE-2023-31044
RESERVED
CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0
logs un ...)
@@ -153,10 +215,10 @@ CVE-2023-2241 (A vulnerability, which was classified as
critical, was found in P
[bullseye] - libpodofo <no-dsa> (Minor issue)
NOTE: https://github.com/podofo/podofo/issues/69
NOTE:
https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
-CVE-2012-10014
- RESERVED
-CVE-2012-10013
- RESERVED
+CVE-2012-10014 (A vulnerability classified as problematic has been found in
Kau-Boy Ba ...)
+ TODO: check
+CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization
Plugin up to ...)
+ TODO: check
CVE-2023-31037
RESERVED
CVE-2023-31036
@@ -948,8 +1010,8 @@ CVE-2023-30778
RESERVED
CVE-2023-30777
RESERVED
-CVE-2023-30776
- RESERVED
+CVE-2023-30776 (An authenticated user with specific data permissions could
access data ...)
+ TODO: check
CVE-2023-2129
RESERVED
CVE-2023-2128
@@ -1387,8 +1449,8 @@ CVE-2023-30624
RESERVED
CVE-2023-30623
RESERVED
-CVE-2023-30622
- RESERVED
+CVE-2023-30622 (Clusternet is a general-purpose system for controlling
Kubernetes clus ...)
+ TODO: check
CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as
modular and us ...)
NOT-FOR-US: Gipsy
CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers
build AI sol ...)
@@ -1405,8 +1467,8 @@ CVE-2023-30615
RESERVED
CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In
versions ...)
NOT-FOR-US: Pay (payments engine for Ruby on Rails)
-CVE-2023-30613
- RESERVED
+CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users
to uplo ...)
+ TODO: check
CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud
workloads. Thi ...)
NOT-FOR-US: Cloud hypervisor
CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their
reaction ...)
@@ -1771,8 +1833,8 @@ CVE-2023-30546
RESERVED
CVE-2023-30545
RESERVED
-CVE-2023-30544
- RESERVED
+CVE-2023-30544 (Kiwi TCMS is an open source test management system. In
versions of Kiw ...)
+ TODO: check
CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In
affected ve ...)
NOT-FOR-US: @web3-react
CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
@@ -1795,8 +1857,8 @@ CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4
driver that supports core
NOT-FOR-US: Snowflake JDBC
CVE-2023-30534
RESERVED
-CVE-2023-30533
- RESERVED
+CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype
Pollution via ...)
+ TODO: check
CVE-2023-2011
RESERVED
CVE-2023-2010
@@ -2075,8 +2137,8 @@ CVE-2023-30460
RESERVED
CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the
attacker ...)
NOT-FOR-US: SmartPTT SCADA
-CVE-2023-30458
- RESERVED
+CVE-2023-30458 (A username enumeration issue was discovered in Medicine
Tracker System ...)
+ TODO: check
CVE-2023-30457
RESERVED
CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the
Linux kern ...)
@@ -2252,28 +2314,28 @@ CVE-2023-30380
RESERVED
CVE-2023-30379
RESERVED
-CVE-2023-30378
- RESERVED
+CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a
stack-b ...)
+ TODO: check
CVE-2023-30377
RESERVED
-CVE-2023-30376
- RESERVED
-CVE-2023-30375
- RESERVED
+CVE-2023-30376 (In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user"
contains a ...)
+ TODO: check
+CVE-2023-30375 (In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a
stack-ba ...)
+ TODO: check
CVE-2023-30374
RESERVED
-CVE-2023-30373
- RESERVED
-CVE-2023-30372
- RESERVED
-CVE-2023-30371
- RESERVED
-CVE-2023-30370
- RESERVED
-CVE-2023-30369
- RESERVED
-CVE-2023-30368
- RESERVED
+CVE-2023-30373 (In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user"
contains a ...)
+ TODO: check
+CVE-2023-30372 (In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains
a stack ...)
+ TODO: check
+CVE-2023-30371 (In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a
stack-b ...)
+ TODO: check
+CVE-2023-30370 (In Tenda AC15 V15.03.05.19, the function GetValue contains a
stack-bas ...)
+ TODO: check
+CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. ...)
+ TODO: check
+CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via
the initWe ...)
+ TODO: check
CVE-2023-30367
RESERVED
CVE-2023-30366
@@ -3310,10 +3372,10 @@ CVE-2023-29851
RESERVED
CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does
not strip ...)
NOT-FOR-US: SENAYAN Library Management System (SLiMS) Bulia
-CVE-2023-29849
- RESERVED
-CVE-2023-29848
- RESERVED
+CVE-2023-29849 (Bang Resto 1.0 was discovered to contain multiple SQL
injection vulner ...)
+ TODO: check
+CVE-2023-29848 (Bang Resto 1.0 was discovered to contain a stored cross-site
scripting ...)
+ TODO: check
CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored
cross-site sc ...)
NOT-FOR-US: AeroCMS
CVE-2023-29846
@@ -3448,8 +3510,8 @@ CVE-2023-29782
RESERVED
CVE-2023-29781
RESERVED
-CVE-2023-29780
- RESERVED
+CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service
vulnera ...)
+ TODO: check
CVE-2023-29779
RESERVED
CVE-2023-29778
@@ -3842,10 +3904,10 @@ CVE-2023-29585
RESERVED
CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow
via the ...)
NOT-FOR-US: mp4v2
-CVE-2023-29583
- RESERVED
-CVE-2023-29582
- RESERVED
+CVE-2023-29583 (yasm 1.3.0.55.g101bc was discovered to contain a stack
overflow via th ...)
+ TODO: check
+CVE-2023-29582 (yasm 1.3.0.55.g101bc was discovered to contain a stack
overflow via th ...)
+ TODO: check
CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation
violatio ...)
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/216
@@ -3854,10 +3916,10 @@ CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to
contain a segmentation vi
- yasm <unfixed> (unimportant)
NOTE: https://github.com/yasm/yasm/issues/215
NOTE: Crash in CLI tool, no security impact
-CVE-2023-29579
- RESERVED
-CVE-2023-29578
- RESERVED
+CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack
overflow via th ...)
+ TODO: check
+CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow
via the ...)
+ TODO: check
CVE-2023-29577
RESERVED
CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation
violation v ...)
@@ -3872,16 +3934,16 @@ CVE-2023-29572
RESERVED
CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV
vulnerability via ...)
NOT-FOR-US: Cesenta MJS
-CVE-2023-29570
- RESERVED
+CVE-2023-29570 (Cesanta MJS v2.20.0 was discovered to contain a SEGV
vulnerability via ...)
+ TODO: check
CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV
vulnerability via ...)
NOT-FOR-US: Cesenta MJS
CVE-2023-29568
RESERVED
CVE-2023-29567
RESERVED
-CVE-2023-29566
- RESERVED
+CVE-2023-29566 (huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to
0.4.1 w ...)
+ TODO: check
CVE-2023-29565
RESERVED
CVE-2023-29564
@@ -3916,7 +3978,7 @@ CVE-2023-29551
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29551
CVE-2023-29550
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -3929,7 +3991,7 @@ CVE-2023-29549
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29549
CVE-2023-29548
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -3969,7 +4031,7 @@ CVE-2023-29542
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29542
CVE-2023-29541
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -3982,7 +4044,7 @@ CVE-2023-29540
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29540
CVE-2023-29539
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -3999,7 +4061,7 @@ CVE-2023-29537
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29537
CVE-2023-29536
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -4008,7 +4070,7 @@ CVE-2023-29536
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29536
CVE-2023-29535
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -4021,7 +4083,7 @@ CVE-2023-29534
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534
CVE-2023-29533
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox 112.0-1
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
@@ -4080,7 +4142,7 @@ CVE-2023-1946 (A vulnerability was found in
SourceCodester Survey Application Sy
NOT-FOR-US: SourceCodester Survey Application System
CVE-2023-1945
RESERVED
- {DSA-5392-1 DSA-5385-1 DLA-3391-1}
+ {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1}
- firefox-esr 102.10.0esr-1
- thunderbird 1:102.10.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945
@@ -4200,13 +4262,11 @@ CVE-2023-29482
RESERVED
CVE-2023-29481
RESERVED
-CVE-2023-29480
- RESERVED
+CVE-2023-29480 (Ribose RNP before 0.16.3 sometimes lets secret keys remain
unlocked af ...)
- rnp <unfixed> (bug #1034558)
NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/
-CVE-2023-29479
- RESERVED
- {DSA-5392-1}
+CVE-2023-29479 (Ribose RNP before 0.16.3 may hang when the input is malformed.
...)
+ {DSA-5392-1 DLA-3400-1}
- rnp <unfixed> (bug #1034558)
- thunderbird 1:102.10.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29479
@@ -5471,19 +5531,19 @@ CVE-2023-1765 (Improper Neutralization of Special
Elements used in an SQL Comman
NOT-FOR-US: Akbim Computer Panon
CVE-2023-29092
RESERVED
-CVE-2023-29091 (An issue was discovered in Exynos Mobile Processor, Automotive
Process ...)
+CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29090 (An issue was discovered in Exynos Mobile Processor, Automotive
Process ...)
+CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29089 (An issue was discovered in Exynos Mobile Processor, Automotive
Process ...)
+CVE-2023-29089 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29088 (An issue was discovered in Exynos Mobile Processor, Automotive
Process ...)
+CVE-2023-29088 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29087 (An issue was discovered in Exynos Mobile Processor, Automotive
Process ...)
+CVE-2023-29087 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29086 (An issue was discovered in Exynos Mobile Processor, Automotive
Process ...)
+CVE-2023-29086 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29085 (An issue was discovered in Exynos Mobile Processor, Automotive
Process ...)
+CVE-2023-29085 (An issue was discovered in Samsung Exynos Mobile Processor,
Automotive ...)
NOT-FOR-US: Samsung
CVE-2023-29084 (Zoho ManageEngine ADManager Plus through 7180 allows for
authenticated ...)
NOT-FOR-US: Zoho ManageEngine
@@ -5655,8 +5715,8 @@ CVE-2023-1733 (A denial of service condition exists in
the Prometheus server bun
- gitlab <unfixed>
CVE-2023-1732
RESERVED
-CVE-2023-1731
- RESERVED
+CVE-2023-1731 (In LTOS versions prior to V7.06.013, the configuration file
upload fun ...)
+ TODO: check
CVE-2023-1730
RESERVED
CVE-2023-1729
@@ -6426,10 +6486,10 @@ CVE-2023-1625 [information leak in API]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621
NOTE: https://review.opendev.org/c/openstack/heat/+/868166
NOTE:
https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf
(20.0.0.0rc1)
-CVE-2023-1624
- RESERVED
-CVE-2023-1623
- RESERVED
+CVE-2023-1624 (The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when
deleti ...)
+ TODO: check
+CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not
proper ...)
+ TODO: check
CVE-2023-1622
REJECTED
CVE-2023-1621
@@ -7589,8 +7649,8 @@ CVE-2023-1436 (An infinite recursion is triggered in
Jettison when constructing
NOTE: https://github.com/jettison-json/jettison/pull/62
NOTE:
https://github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f
(jettison-1.5.4)
NOTE: Introduced by:
https://github.com/jettison-json/jettison/commit/be193159085b9fc2bc3526f8655871f9b0472d06
(jettison-1.3.1)
-CVE-2023-1435
- RESERVED
+CVE-2023-1435 (The Ajax Search Pro WordPress plugin before 4.26.2 does not
sanitise a ...)
+ TODO: check
CVE-2023-1434
RESERVED
CVE-2023-1433 (A vulnerability was found in SourceCodester Gadget Works Online
Orderi ...)
@@ -7794,7 +7854,7 @@ CVE-2023-28428 (PDFio is a C library for reading and
writing PDF files. In versi
NOTE:
https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31
(v1.1.1)
NOTE:
https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf
CVE-2023-28427 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK
for Jav ...)
- {DSA-5392-1}
+ {DSA-5392-1 DLA-3400-1}
- node-matrix-js-sdk <unfixed> (bug #1033621)
[bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
[buster] - node-matrix-js-sdk <no-dsa> (Minor issue)
@@ -7936,8 +7996,8 @@ CVE-2023-22361
RESERVED
CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an
unquote ...)
NOT-FOR-US: WAB-MAT
-CVE-2023-1420
- RESERVED
+CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax
Search Pro W ...)
+ TODO: check
CVE-2023-1419
RESERVED
CVE-2023-1418 (A vulnerability classified as problematic was found in
SourceCodester ...)
@@ -7948,8 +8008,8 @@ CVE-2023-1416 (A vulnerability classified as critical has
been found in Simple A
NOT-FOR-US: Simple Art Gallery
CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has
been decla ...)
NOT-FOR-US: Simple Art Gallery
-CVE-2023-1414
- RESERVED
+CVE-2023-1414 (The WP VR WordPress plugin before 8.3.0 does not have
authorisation an ...)
+ TODO: check
CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and
escape s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access
Contro ...)
@@ -9144,8 +9204,8 @@ CVE-2023-1326 (A privilege escalation attack was found in
apport-cli 2.26.0 and
NOT-FOR-US: Apport
CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does
not va ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1324
- RESERVED
+CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does
not sa ...)
+ TODO: check
CVE-2023-1323
RESERVED
CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as
critical. A ...)
@@ -9269,10 +9329,10 @@ CVE-2023-27993
RESERVED
CVE-2023-27992
RESERVED
-CVE-2023-27991
- RESERVED
-CVE-2023-27990
- RESERVED
+CVE-2023-27991 (The post-authentication command injection vulnerability in the
CLI com ...)
+ TODO: check
+CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions
4.32 throu ...)
+ TODO: check
CVE-2023-27989
RESERVED
CVE-2023-27988
@@ -9906,10 +9966,10 @@ CVE-2023-XXXX [Transaction cache overrides the current
user]
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/12108
NOTE: Fixed by:
https://foss.heptapod.net/tryton/tryton/-/commit/107b68af389a2cb5c95f663f7a3107fc12aecaf7
NOTE: Fixed by:
https://foss.heptapod.net/tryton/tryton/-/commit/1ce8523f11aa78a88dd03e1f0ae2e2b076b6fdb0
(trytond-6.0.29)
-CVE-2023-27849
- RESERVED
-CVE-2023-27848
- RESERVED
+CVE-2023-27849 (rails-routes-to-json v1.0.0 was discovered to contain a remote
code ex ...)
+ TODO: check
+CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote
code execut ...)
+ TODO: check
CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog
v.2.0.1 and be ...)
NOT-FOR-US: PrestaShop
CVE-2023-27846
@@ -10773,8 +10833,8 @@ CVE-2023-27526
RESERVED
CVE-2023-27525 (An authenticated user with Gamma role authorization could have
access ...)
NOT-FOR-US: Apache Superset
-CVE-2023-27524
- RESERVED
+CVE-2023-27524 (Session Validation attacks in Apache Superset versions up to
and inclu ...)
+ TODO: check
CVE-2023-27523
RESERVED
CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server
via mod_pr ...)
@@ -11098,8 +11158,8 @@ CVE-2023-24463
RESERVED
CVE-2023-22312
RESERVED
-CVE-2023-1129
- RESERVED
+CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not
ensures tha ...)
+ TODO: check
CVE-2023-1128
RESERVED
CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
...)
@@ -11107,8 +11167,8 @@ CVE-2023-1127 (Divide By Zero in GitHub repository
vim/vim prior to 9.0.1367. ..
NOTE: https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
NOTE:
https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c
(v9.0.1367)
NOTE: Crash in CLI tool, no security impact
-CVE-2023-1126
- RESERVED
+CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not
sanitise an ...)
+ TODO: check
CVE-2023-1125
RESERVED
CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before
5.4.3 ...)
@@ -12413,8 +12473,8 @@ CVE-2023-26867
RESERVED
CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware
versions ...)
NOT-FOR-US: GreenPacket
-CVE-2023-26865
- RESERVED
+CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy
v.2.2.12 and b ...)
+ TODO: check
CVE-2023-26864 (SQL injection vulnerability found in PrestaShop
smplredirectionsmanage ...)
NOT-FOR-US: PrestaShop
CVE-2023-26863
@@ -13249,8 +13309,8 @@ CVE-2023-1022 (The WP Meta SEO plugin for WordPress is
vulnerable to unauthorize
NOT-FOR-US: WP Meta SEO plugin for WordPress
CVE-2023-1021
RESERVED
-CVE-2023-1020
- RESERVED
+CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
+ TODO: check
CVE-2023-1019
RESERVED
CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module
Library ...)
@@ -13337,8 +13397,8 @@ CVE-2023-26496 (An issue was discovered in Samsung
Baseband Modem Chipset for Ex
NOT-FOR-US: Samsung
CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK
before 20 ...)
NOT-FOR-US: Open Design Alliance Drawings SDK
-CVE-2023-26494
- RESERVED
+CVE-2023-26494 (lorawan-stack is an open source LoRaWAN network server. Prior
to versi ...)
+ TODO: check
CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D &
3D real ...)
NOT-FOR-US: Cocos Engine
CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
@@ -14428,12 +14488,12 @@ CVE-2023-26101 (In Progress Flowmon Packet
Investigator before 12.1.0, a Flowmon
NOT-FOR-US: Progress Flowmon Packet Investigator
CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint
failed to s ...)
NOT-FOR-US: Progress Flowmon
-CVE-2023-26099
- RESERVED
+CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The
consult ...)
+ TODO: check
CVE-2023-26098
RESERVED
-CVE-2023-26097
- RESERVED
+CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b.
Unauthorize ...)
+ TODO: check
CVE-2023-26096
RESERVED
CVE-2023-26095
@@ -14507,12 +14567,12 @@ CVE-2023-26063 (Certain Lexmark devices through
2023-02-19 access a Resource By
NOT-FOR-US: Lexmark
CVE-2023-26062
RESERVED
-CVE-2023-26061
- RESERVED
-CVE-2023-26060
- RESERVED
-CVE-2023-26059
- RESERVED
+CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On
the Sched ...)
+ TODO: check
+CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On
the Worki ...)
+ TODO: check
+CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On
the Site ...)
+ TODO: check
CVE-2023-26058
RESERVED
CVE-2023-26057
@@ -14688,8 +14748,8 @@ CVE-2023-0901 (Exposure of Sensitive Information to an
Unauthorized Actor in Git
NOT-FOR-US: pixelfed
CVE-2023-0900
RESERVED
-CVE-2023-0899
- RESERVED
+CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through
1.4.2 does ...)
+ TODO: check
CVE-2023-0898
RESERVED
CVE-2023-0897
@@ -17419,12 +17479,12 @@ CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an
unauthenticated remote atta
NOT-FOR-US: vBulletin
CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an
adversary (with ...)
NOT-FOR-US: McAfee
-CVE-2023-25133
- RESERVED
-CVE-2023-25132
- RESERVED
-CVE-2023-25131
- RESERVED
+CVE-2023-25133 (Improper privilege management vulnerability in default.cmd
file in Pow ...)
+ TODO: check
+CVE-2023-25132 (Unrestricted upload of file with dangerous type vulnerability
in defau ...)
+ TODO: check
+CVE-2023-25131 (Use of default password vulnerability in PowerPanel Business
Local/Rem ...)
+ TODO: check
CVE-2023-25130
REJECTED
CVE-2023-25129
@@ -18261,18 +18321,18 @@ CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark,
a CommonMark parsing and re
[buster] - ruby-commonmarker <no-dsa> (Minor issue)
NOTE:
https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh
NOTE:
https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59
(0.29.0.gfm.10)
-CVE-2023-24823
- RESERVED
-CVE-2023-24822
- RESERVED
-CVE-2023-24821
- RESERVED
-CVE-2023-24820
- RESERVED
-CVE-2023-24819
- RESERVED
-CVE-2023-24818
- RESERVED
+CVE-2023-24823 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
+ TODO: check
+CVE-2023-24822 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
+ TODO: check
+CVE-2023-24821 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
+ TODO: check
+CVE-2023-24820 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
+ TODO: check
+CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
+ TODO: check
+CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
+ TODO: check
CVE-2023-24817
RESERVED
CVE-2023-24816 (IPython (Interactive Python) is a command shell for
interactive comput ...)
@@ -18928,7 +18988,7 @@ CVE-2023-0548 (The Namaste! LMS WordPress plugin before
2.5.9.4 does not sanitiz
NOT-FOR-US: WordPress plugin
CVE-2023-0547
RESERVED
- {DSA-5392-1}
+ {DSA-5392-1 DLA-3400-1}
- thunderbird 1:102.10.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547
CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not
proper ...)
@@ -20685,20 +20745,20 @@ CVE-2023-0426
RESERVED
CVE-2023-0425
RESERVED
-CVE-2023-0424
- RESERVED
+CVE-2023-0424 (The MS-Reviews WordPress plugin through 1.5 does not sanitise
and esca ...)
+ TODO: check
CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does
not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not
properly s ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0421
RESERVED
-CVE-2023-0420
- RESERVED
+CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin
through ...)
+ TODO: check
CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1
does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0418
- RESERVED
+CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not
validate ...)
+ TODO: check
CVE-2022-4894
RESERVED
CVE-2022-4893
@@ -20912,8 +20972,8 @@ CVE-2023-23894
RESERVED
CVE-2023-23893
RESERVED
-CVE-2023-23892
- RESERVED
+CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23890
@@ -21233,8 +21293,8 @@ CVE-2023-0390
RESERVED
CVE-2023-0389
RESERVED
-CVE-2023-0388
- RESERVED
+CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not
properly sanit ...)
+ TODO: check
CVE-2023-0387
RESERVED
CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access
to the ...)
@@ -22082,8 +22142,8 @@ CVE-2023-0278 (The GeoDirectory WordPress plugin before
2.2.24 does not properly
NOT-FOR-US: WordPress plugin
CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not
properly ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0276
- RESERVED
+CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7
does not ...)
+ TODO: check
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before
4.9.10 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0274
@@ -24028,18 +24088,18 @@ CVE-2023-22920 (A security misconfiguration
vulnerability exists in the Zyxel LT
NOT-FOR-US: Zyxel
CVE-2023-22919
RESERVED
-CVE-2023-22918
- RESERVED
-CVE-2023-22917
- RESERVED
-CVE-2023-22916
- RESERVED
-CVE-2023-22915
- RESERVED
-CVE-2023-22914
- RESERVED
-CVE-2023-22913
- RESERVED
+CVE-2023-22918 (A post-authentication information exposure vulnerability in
the CGI pr ...)
+ TODO: check
+CVE-2023-22917 (A buffer overflow vulnerability in the
“sdwan_iface_ipc” b ...)
+ TODO: check
+CVE-2023-22916 (The configuration parser of Zyxel ATP series firmware versions
5.10 th ...)
+ TODO: check
+CVE-2023-22915 (A buffer overflow vulnerability in the
“fbwifi_forward.cgi” ...)
+ TODO: check
+CVE-2023-22914 (A path traversal vulnerability in the
“account_print.cgi” ...)
+ TODO: check
+CVE-2023-22913 (A post-authentication command injection vulnerability in the
“ac ...)
+ TODO: check
CVE-2023-22912 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x
through 1.3 ...)
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x
through 1.3 ...)
@@ -25414,16 +25474,16 @@ CVE-2023-22583
RESERVED
CVE-2023-22582
RESERVED
-CVE-2023-22581
- RESERVED
+CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it
possible f ...)
+ TODO: check
CVE-2023-22580 (Due to improper input filtering in the sequalize js library,
can malic ...)
NOT-FOR-US: DIVD
CVE-2023-22579 (Due to improper parameter filtering in the sequalize js
library, can a ...)
NOT-FOR-US: DIVD
CVE-2023-22578 (Due to improper artibute filtering in the sequalize js
library, can a ...)
NOT-FOR-US: DIVD
-CVE-2023-22577
- RESERVED
+CVE-2023-22577 (Within White Rabbit Switch it's possible as an unauthenticated
user to ...)
+ TODO: check
CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to
a form ...)
NOT-FOR-US: AsyncHTTPClient
CVE-2023-0039 (Duplicate. Please use CVE-2022-4060 instead. ...)
@@ -28116,8 +28176,8 @@ CVE-2022-47600
RESERVED
CVE-2022-47599
RESERVED
-CVE-2022-47598
- RESERVED
+CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP P ...)
+ TODO: check
CVE-2022-47597
RESERVED
CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jeff ...)
@@ -30783,8 +30843,8 @@ CVE-2022-47160
RESERVED
CVE-2022-47159
RESERVED
-CVE-2022-47158
- RESERVED
+CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pakp ...)
+ TODO: check
CVE-2022-47157
RESERVED
CVE-2022-47156
@@ -37105,8 +37165,8 @@ CVE-2022-45086 (Improper Neutralization of Input During
Web Page Generation ('Cr
NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge
Energy ...)
NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
-CVE-2022-45084
- RESERVED
+CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Softacul ...)
+ TODO: check
CVE-2022-45083
RESERVED
CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
@@ -45146,7 +45206,8 @@ CVE-2022-43130
RESERVED
CVE-2022-43129
RESERVED
-CVE-2022-43128 (Dreamer CMS 4.0.1 allows SQL injection via ArchivesMapper.xml.
...)
+CVE-2022-43128
+ REJECTED
NOT-FOR-US: Dreamer CMS
CVE-2022-43127 (Online Diagnostic Lab Management System v1.0 was discovered to
contain ...)
NOT-FOR-US: Online Diagnostic Lab Management System
@@ -49398,8 +49459,8 @@ CVE-2022-41616
RESERVED
CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery
(CSRF) vulne ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-41612
- RESERVED
+CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Shar ...)
+ TODO: check
CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41608
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b07be937283891e3e23cd97fb056c90ad2b09b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b07be937283891e3e23cd97fb056c90ad2b09b3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
