Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6fe19af by security tracker role at 2023-04-26T08:10:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2023-31224
+ RESERVED
+CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated
author user ...)
+ TODO: check
+CVE-2023-2295
+ RESERVED
+CVE-2023-2294 (A vulnerability was found in UCMS 1.6.0. It has been classified
as pro ...)
+ TODO: check
+CVE-2023-2293 (A vulnerability was found in SourceCodester Purchase Order
Management ...)
+ TODO: check
+CVE-2023-2292
+ RESERVED
+CVE-2023-2291
+ RESERVED
+CVE-2023-2290
+ RESERVED
+CVE-2023-2289
+ RESERVED
+CVE-2023-2288
+ RESERVED
+CVE-2023-2287
+ RESERVED
+CVE-2023-2286
+ RESERVED
+CVE-2023-2285
+ RESERVED
+CVE-2023-2284
+ RESERVED
CVE-2023-31222
RESERVED
CVE-2023-31221
@@ -226,8 +254,7 @@ CVE-2023-24476
RESERVED
CVE-2023-2270
RESERVED
-CVE-2023-2269
- RESERVED
+CVE-2023-2269 (A denial of service problem was found, due to a possible
recursive loc ...)
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268
@@ -1025,8 +1052,8 @@ CVE-2023-30844
RESERVED
CVE-2023-30843
RESERVED
-CVE-2023-30842
- RESERVED
+CVE-2023-30842 (AVideo is an open-source video platform. Prior to version
12.4, AVideo ...)
+ TODO: check
CVE-2023-30841
RESERVED
CVE-2023-30840
@@ -1731,8 +1758,7 @@ CVE-2023-30611 (Discourse-reactions is a plugin that
allows user to add their re
NOT-FOR-US: Discourse-reactions plugin
CVE-2023-30610 (aws-sigv4 is a rust library for low level request signing in
the aws c ...)
NOT-FOR-US: aws-sigv4
-CVE-2023-30609
- RESERVED
+CVE-2023-30609 (matrix-react-sdk is a react-based SDK for inserting a Matrix
chat/VoIP ...)
NOT-FOR-US: Node matrix-react-sdk
NOTE:
https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw
CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In
affected ...)
@@ -2085,8 +2111,7 @@ CVE-2023-30551
RESERVED
CVE-2023-30550
RESERVED
-CVE-2023-30549
- RESERVED
+CVE-2023-30549 (Apptainer is an open source container platform for Linux.
There is an ...)
- singularity-container <unfixed>
NOTE:
https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg
CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which
exposes ...)
@@ -2531,8 +2556,8 @@ CVE-2023-30406 (Jerryscript commit 1a2c047 was discovered
to contain a segmentat
TODO: check
CVE-2023-30405
RESERVED
-CVE-2023-30404
- RESERVED
+CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was
discovered to co ...)
+ TODO: check
CVE-2023-30403
RESERVED
CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the
function ...)
@@ -3119,8 +3144,8 @@ CVE-2023-30113
RESERVED
CVE-2023-30112
RESERVED
-CVE-2023-30111
- RESERVED
+CVE-2023-30111 (Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross
Site Scrip ...)
+ TODO: check
CVE-2023-30110
RESERVED
CVE-2023-30109
@@ -3129,8 +3154,8 @@ CVE-2023-30108
RESERVED
CVE-2023-30107
RESERVED
-CVE-2023-30106
- RESERVED
+CVE-2023-30106 (Sourcecodester Medicine Tracker System in PHP 1.0.0 is
vulnerable to C ...)
+ TODO: check
CVE-2023-30105
RESERVED
CVE-2023-30104
@@ -6080,18 +6105,17 @@ CVE-2023-29014 (The Goobi viewer is a web application
that allows digitised mate
NOT-FOR-US: Goobi viewer
CVE-2023-29013 (Traefik (pronounced traffic) is a modern HTTP reverse proxy
and load b ...)
- traefik <itp> (bug #983289)
-CVE-2023-29012
- RESERVED
-CVE-2023-29011
- RESERVED
+CVE-2023-29012 (Git for Windows is the Windows port of Git. Prior to version
2.40.1, a ...)
+ TODO: check
+CVE-2023-29011 (Git for Windows, the Windows port of Git, ships with an
executable cal ...)
+ TODO: check
CVE-2023-29010 (Budibase is a low code platform for creating internal tools,
workflows ...)
NOT-FOR-US: budibase
CVE-2023-29009
RESERVED
CVE-2023-29008 (The SvelteKit framework offers developers an option to create
simple R ...)
NOT-FOR-US: SvelteKit
-CVE-2023-29007
- RESERVED
+CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9,
2.31.8, 2. ...)
- git 1:2.40.1-1 (bug #1034835)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/[email protected]/
@@ -10256,8 +10280,8 @@ CVE-2023-27845
RESERVED
CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite
v.1.0 and ...)
NOT-FOR-US: PrestaShop
-CVE-2023-27843
- RESERVED
+CVE-2023-27843 (SQL injection vulnerability found in PrestaShop askforaquote
v.5.4.2 a ...)
+ TODO: check
CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File
manager eXt ...)
- extplorer <removed>
CVE-2023-27841
@@ -13025,8 +13049,8 @@ CVE-2023-26737
RESERVED
CVE-2023-26736
RESERVED
-CVE-2023-26735
- RESERVED
+CVE-2023-26735 (blackbox_exporter v0.23.0 was discovered to contain an access
control ...)
+ TODO: check
CVE-2023-26734
RESERVED
CVE-2023-26733 (Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a
local a ...)
@@ -13366,8 +13390,8 @@ CVE-2023-26562
RESERVED
CVE-2023-26561
RESERVED
-CVE-2023-26560
- RESERVED
+CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a
subset of aut ...)
+ TODO: check
CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author
before 25 ...)
NOT-FOR-US: Oxygen XML Web Author
CVE-2023-26558
@@ -15584,8 +15608,7 @@ CVE-2023-25817 (Nextcloud server is an open source,
personal cloud implementatio
- nextcloud-server <itp> (bug #941708)
CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions
25.0.0 an ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2023-25815
- RESERVED
+CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized
messages are ...)
- git 1:2.40.1-1 (bug #1034835)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/[email protected]/
@@ -16322,8 +16345,7 @@ CVE-2023-25654 (baserCMS is a Content Management
system. Prior to version 4.7.5,
CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object
Signing an ...)
NOT-FOR-US: Cisco node-jose (different from src:node-jose)
NOTE:
https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw
-CVE-2023-25652
- RESERVED
+CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9,
2.31.8, 2. ...)
- git 1:2.40.1-1 (bug #1034835)
[bullseye] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/[email protected]/
@@ -16968,8 +16990,8 @@ CVE-2023-25463
RESERVED
CVE-2023-25462
RESERVED
-CVE-2023-25461
- RESERVED
+CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nami ...)
+ TODO: check
CVE-2023-25460
RESERVED
CVE-2023-25459
@@ -19624,8 +19646,8 @@ CVE-2022-4897 (The BackupBuddy WordPress plugin before
8.8.3 does not sanitise a
NOT-FOR-US: WordPress plugin
CVE-2023-24513 (On affected platforms running Arista CloudEOS an issue in the
Software ...)
NOT-FOR-US: Arista
-CVE-2023-24512
- RESERVED
+CVE-2023-24512 (On affected platforms running Arista EOS, an authorized
attacker with ...)
+ TODO: check
CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured,
a speci ...)
NOT-FOR-US: Arista
CVE-2023-24510
@@ -20926,8 +20948,8 @@ CVE-2023-24007
RESERVED
CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in
Link Softwa ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24005
- RESERVED
+CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Winw ...)
+ TODO: check
CVE-2023-24004 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPde ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24003 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -20946,8 +20968,8 @@ CVE-2023-23997
RESERVED
CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prof ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23995
- RESERVED
+CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tim ...)
+ TODO: check
CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Marc ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23993
@@ -21263,8 +21285,8 @@ CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-23890
RESERVED
-CVE-2023-23889
- RESERVED
+CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23888
RESERVED
CVE-2023-23887
@@ -21309,8 +21331,8 @@ CVE-2023-23868
RESERVED
CVE-2023-23867
RESERVED
-CVE-2023-23866
- RESERVED
+CVE-2023-23866 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout
Plugins St ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Micha ...)
@@ -21387,8 +21409,8 @@ CVE-2023-23841
RESERVED
CVE-2023-23840
RESERVED
-CVE-2023-23839
- RESERVED
+CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of
Sensitive I ...)
+ TODO: check
CVE-2023-23838 (Directory traversal and file enumeration vulnerability which
allowed u ...)
TODO: check
CVE-2023-23837 (No exception handling vulnerability which revealed sensitive
or excess ...)
@@ -21833,8 +21855,8 @@ CVE-2023-23712
RESERVED
CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting
A2 Optim ...)
NOT-FOR-US: A2 Hosting
-CVE-2023-23710
- RESERVED
+CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in mini ...)
+ TODO: check
CVE-2023-23709
RESERVED
CVE-2023-23708
@@ -25679,8 +25701,7 @@ CVE-2023-0047
REJECTED
CVE-2023-0046 (Improper Restriction of Names for Files and Other Resources in
GitHub ...)
NOT-FOR-US: lirantal/daloradius
-CVE-2023-0045
- RESERVED
+CVE-2023-0045 (The current implementation of the prctl syscall does not issue
an IBPB ...)
- linux 6.1.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/1
NOTE:
https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8#event-88245
@@ -39860,17 +39881,13 @@ CVE-2023-20874
RESERVED
CVE-2023-20873 (In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and
older unsup ...)
TODO: check
-CVE-2023-20872
- RESERVED
+CVE-2023-20872 (VMware Workstation and Fusion contain an out-of-bounds
read/write vuln ...)
NOT-FOR-US: VMware
-CVE-2023-20871
- RESERVED
+CVE-2023-20871 (VMware Fusion contains a local privilege escalation
vulnerability. A m ...)
NOT-FOR-US: VMware
-CVE-2023-20870
- RESERVED
+CVE-2023-20870 (VMware Workstation and Fusion contain an out-of-bounds read
vulnerabil ...)
NOT-FOR-US: VMware
-CVE-2023-20869
- RESERVED
+CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a
stack-bas ...)
NOT-FOR-US: VMware
CVE-2023-20868
RESERVED
@@ -49483,8 +49500,8 @@ CVE-2022-41741 (NGINX Open Source before versions
1.23.2 and 1.22.1, NGINX Open
NOTE: Only affects the nginx-extras binary package
CVE-2022-41740 (IBM Robotic Process Automation 20.12 through 21.0.6 could
allow an att ...)
NOT-FOR-US: IBM
-CVE-2022-41739
- RESERVED
+CVE-2022-41739 (IBM Spectrum Scale (IBM Spectrum Scale Container Native
Storage Access ...)
+ TODO: check
CVE-2022-41738
RESERVED
CVE-2022-41737
@@ -62844,8 +62861,8 @@ CVE-2022-36771 (IBM QRadar User Behavior Analytics
could allow an authenticated
NOT-FOR-US: IBM
CVE-2022-36770
RESERVED
-CVE-2022-36769
- RESERVED
+CVE-2022-36769 (IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged
user to up ...)
+ TODO: check
CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
NOT-FOR-US: IBM
CVE-2022-2546 (The All-in-One WP Migration WordPress plugin before 7.63 uses
the wron ...)
@@ -526096,10 +526113,10 @@ CVE-2012-5875 (Firefly Media Server 1.0.0.1359
allows remote attackers to cause
NOT-FOR-US: Firefly Media Server
CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1)
update_whosonline_re ...)
NOT-FOR-US: Elite Bulletin Board
-CVE-2012-5873
- RESERVED
-CVE-2012-5872
- RESERVED
+CVE-2012-5873 (ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the
end_poi ...)
+ TODO: check
+CVE-2012-5872 (ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in
getTri ...)
+ TODO: check
CVE-2012-5871
RESERVED
CVE-2012-5870
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fe19af5ea1188dc514aa56ee8d1a9383a68ce3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fe19af5ea1188dc514aa56ee8d1a9383a68ce3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
