Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d7d1d167 by security tracker role at 2023-04-26T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2023-31269
+ RESERVED
+CVE-2023-31268
+ RESERVED
+CVE-2023-31267
+ RESERVED
+CVE-2023-31266
+ RESERVED
+CVE-2023-31265
+ RESERVED
+CVE-2023-31264
+ RESERVED
+CVE-2023-31263
+ RESERVED
+CVE-2023-31262
+ RESERVED
+CVE-2023-31261
+ RESERVED
+CVE-2023-31260
+ RESERVED
+CVE-2023-31259
+ RESERVED
+CVE-2023-31258
+ RESERVED
+CVE-2023-31257
+ RESERVED
+CVE-2023-31256
+ RESERVED
+CVE-2023-31255
+ RESERVED
+CVE-2023-31254
+ RESERVED
+CVE-2023-31253
+ RESERVED
+CVE-2023-31252
+ RESERVED
+CVE-2023-31251
+ RESERVED
+CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file
paths in ...)
+ TODO: check
+CVE-2023-31238
+ RESERVED
+CVE-2023-31237
+ RESERVED
+CVE-2023-31236
+ RESERVED
+CVE-2023-31235
+ RESERVED
+CVE-2023-31234
+ RESERVED
+CVE-2023-31233
+ RESERVED
+CVE-2023-31232
+ RESERVED
+CVE-2023-31231
+ RESERVED
+CVE-2023-31230
+ RESERVED
+CVE-2023-31229
+ RESERVED
+CVE-2023-31228
+ RESERVED
+CVE-2023-31227
+ RESERVED
+CVE-2023-31226
+ RESERVED
+CVE-2023-31225
+ RESERVED
+CVE-2023-31194
+ RESERVED
+CVE-2023-27390
+ RESERVED
+CVE-2023-2314
+ RESERVED
+CVE-2023-2313
+ RESERVED
+CVE-2023-2312
+ RESERVED
+CVE-2023-2311
+ RESERVED
+CVE-2023-2310
+ RESERVED
+CVE-2023-2309
+ RESERVED
+CVE-2023-2308
+ RESERVED
+CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository
builderio/qwik ...)
+ TODO: check
+CVE-2023-2306
+ RESERVED
+CVE-2023-2305
+ RESERVED
+CVE-2023-2304
+ RESERVED
+CVE-2023-2303
+ RESERVED
+CVE-2023-2302
+ RESERVED
+CVE-2023-2301
+ RESERVED
+CVE-2023-2300
+ RESERVED
+CVE-2023-2299
+ RESERVED
+CVE-2023-2298
+ RESERVED
+CVE-2023-2297
+ RESERVED
+CVE-2023-2296
+ RESERVED
+CVE-2022-4945
+ RESERVED
+CVE-2022-48480
+ RESERVED
+CVE-2022-48479
+ RESERVED
+CVE-2022-48478
+ RESERVED
+CVE-2021-46887
+ RESERVED
+CVE-2021-46886
+ RESERVED
+CVE-2021-46885
+ RESERVED
+CVE-2021-46884
+ RESERVED
+CVE-2021-46883
+ RESERVED
+CVE-2021-46882
+ RESERVED
+CVE-2021-46881
+ RESERVED
CVE-2023-31224
RESERVED
CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated
author user ...)
@@ -78,8 +210,8 @@ CVE-2023-2275
RESERVED
CVE-2023-2274
RESERVED
-CVE-2023-2273
- RESERVED
+CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below,
suffer fr ...)
+ TODO: check
CVE-2023-2272
RESERVED
CVE-2023-2271
@@ -1055,8 +1187,8 @@ CVE-2023-30843
RESERVED
CVE-2023-30842 (AVideo is an open-source video platform. Prior to version
12.4, AVideo ...)
NOT-FOR-US: AVideo
-CVE-2023-30841
- RESERVED
+CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning
integration ...)
+ TODO: check
CVE-2023-30840
RESERVED
CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application.
Versions prio ...)
@@ -2119,8 +2251,8 @@ CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the
gatsby framework which e
NOT-FOR-US: gatsby-plugin-sharp
CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted
Node's b ...)
NOT-FOR-US: Node vm2
-CVE-2023-30546
- RESERVED
+CVE-2023-30546 (Contiki-NG is an operating system for Internet of Things
devices. An o ...)
+ TODO: check
CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior
to vers ...)
NOT-FOR-US: PrestaShop
CVE-2023-30544 (Kiwi TCMS is an open source test management system. In
versions of Kiw ...)
@@ -2837,16 +2969,16 @@ CVE-2023-30271
RESERVED
CVE-2023-30270
RESERVED
-CVE-2023-30269
- RESERVED
+CVE-2023-30269 (CLTPHP <=6.0 is vulnerable to Improper Input Validation via
applica ...)
+ TODO: check
CVE-2023-30268
RESERVED
-CVE-2023-30267
- RESERVED
-CVE-2023-30266
- RESERVED
-CVE-2023-30265
- RESERVED
+CVE-2023-30267 (CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS)
via applic ...)
+ TODO: check
+CVE-2023-30266 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File
with Dang ...)
+ TODO: check
+CVE-2023-30265 (CLTPHP <=6.0 is vulnerable to Directory Traversal. ...)
+ TODO: check
CVE-2023-30264
RESERVED
CVE-2023-30263
@@ -2951,12 +3083,12 @@ CVE-2023-30214
RESERVED
CVE-2023-30213
RESERVED
-CVE-2023-30212
- RESERVED
-CVE-2023-30211
- RESERVED
-CVE-2023-30210
- RESERVED
+CVE-2023-30212 (OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS)
via /cli ...)
+ TODO: check
+CVE-2023-30211 (OURPHP <= 7.2.0 is vulnerable to SQL Injection. ...)
+ TODO: check
+CVE-2023-30210 (OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS)
via our ...)
+ TODO: check
CVE-2023-30209
RESERVED
CVE-2023-30208
@@ -3151,8 +3283,8 @@ CVE-2023-30114
RESERVED
CVE-2023-30113
RESERVED
-CVE-2023-30112
- RESERVED
+CVE-2023-30112 (Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL
Injection. ...)
+ TODO: check
CVE-2023-30111 (Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross
Site Scrip ...)
NOT-FOR-US: Medicine Tracker System
CVE-2023-30110
@@ -5293,8 +5425,8 @@ CVE-2023-29270
RESERVED
CVE-2023-29269
RESERVED
-CVE-2023-29268
- RESERVED
+CVE-2023-29268 (The Splus Server component of TIBCO Software Inc.'s TIBCO
Spotfire Sta ...)
+ TODO: check
CVE-2023-29267
RESERVED
CVE-2023-29266
@@ -5315,8 +5447,8 @@ CVE-2023-29259
RESERVED
CVE-2023-29258
RESERVED
-CVE-2023-29257
- RESERVED
+CVE-2023-29257 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
CVE-2023-29256
RESERVED
CVE-2023-29255
@@ -5911,7 +6043,7 @@ CVE-2023-1763
RESERVED
CVE-2023-1762 (Improper Privilege Management in GitHub repository
thorsten/phpmyfaq p ...)
NOT-FOR-US: phpmyfaq
-CVE-2023-1761 (Code Injection in GitHub repository thorsten/phpmyfaq prior to
3.1.12. ...)
+CVE-2023-1761 (Cross-site Scripting in GitHub repository thorsten/phpmyfaq
prior to 3 ...)
NOT-FOR-US: phpmyfaq
CVE-2023-1760 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
NOT-FOR-US: phpmyfaq
@@ -5925,7 +6057,7 @@ CVE-2023-1756 (Cross-site Scripting (XSS) - Stored in
GitHub repository thorsten
NOT-FOR-US: phpmyfaq
CVE-2023-1755 (Cross-site Scripting (XSS) - Generic in GitHub repository
thorsten/php ...)
NOT-FOR-US: phpmyfaq
-CVE-2023-1754 (Improper Input Validation in GitHub repository
thorsten/phpmyfaq prior ...)
+CVE-2023-1754 (Improper Neutralization of Input During Web Page Generation in
GitHub ...)
NOT-FOR-US: phpmyfaq
CVE-2023-1753 (Weak Password Requirements in GitHub repository
thorsten/phpmyfaq prio ...)
NOT-FOR-US: phpmyfaq
@@ -7352,7 +7484,7 @@ CVE-2023-1541 (Business Logic Errors in GitHub repository
answerdev/answer prior
NOT-FOR-US: answer
CVE-2023-1540 (Observable Response Discrepancy in GitHub repository
answerdev/answer ...)
NOT-FOR-US: answer
-CVE-2023-1539 (Guessable CAPTCHA in GitHub repository answerdev/answer prior
to 1.0.6 ...)
+CVE-2023-1539 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
NOT-FOR-US: answer
CVE-2023-1538 (Observable Timing Discrepancy in GitHub repository
answerdev/answer pr ...)
NOT-FOR-US: answer
@@ -7893,7 +8025,7 @@ CVE-2023-1465
RESERVED
CVE-2023-1464 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Medicine Tracker System
-CVE-2023-1463 (Improper Authorization in GitHub repository
nilsteampassnet/teampass p ...)
+CVE-2023-1463 (Authorization Bypass Through User-Controlled Key in GitHub
repository ...)
- teampass <itp> (bug #730180)
CVE-2023-1462 (Authorization Bypass Through User-Controlled Key vulnerability
in Vadi ...)
NOT-FOR-US: Vadi Corporate Information Systems DigiKent
@@ -8567,8 +8699,8 @@ CVE-2023-1389 (TP-Link Archer AX21 (AX1800) firmware
versions before 1.1.4 Build
NOT-FOR-US: TP-Link
CVE-2023-1388
RESERVED
-CVE-2023-1387
- RESERVED
+CVE-2023-1387 (Grafana is an open-source platform for monitoring and
observability. S ...)
+ TODO: check
CVE-2023-1386
RESERVED
CVE-2023-1385
@@ -9844,7 +9976,7 @@ CVE-2023-1272
RESERVED
CVE-2023-1271 (Duplicate. Please use CVE-2023-24421. ...)
NOT-FOR-US: Duplicated CVE entry
-CVE-2023-1270 (Command Injection in GitHub repository
btcpayserver/btcpayserver prior ...)
+CVE-2023-1270 (Cross-site Scripting in GitHub repository
btcpayserver/btcpayserver pr ...)
NOT-FOR-US: btcpayserver
CVE-2023-1269 (Use of Hard-coded Credentials in GitHub repository
alextselegidis/easy ...)
NOT-FOR-US: alextselegidis easyappointments
@@ -11009,8 +11141,8 @@ CVE-2023-27560 (Math/PrimeField.php in phpseclib 3.x
before 3.0.19 has an infini
- php-phpseclib3 3.0.19-1 (bug #1032371)
NOTE: Introduced by:
https://github.com/phpseclib/phpseclib/commit/0398f7a81550a487170edca0ed39f360d4509e83
(3.0.0)
NOTE: Fixed by:
https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440
(3.0.19)
-CVE-2023-27559
- RESERVED
+CVE-2023-27559 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
CVE-2023-27558
RESERVED
CVE-2023-27557
@@ -12629,24 +12761,24 @@ CVE-2023-26940
RESERVED
CVE-2023-26939
RESERVED
-CVE-2023-26938
- RESERVED
-CVE-2023-26937
- RESERVED
-CVE-2023-26936
- RESERVED
-CVE-2023-26935
- RESERVED
-CVE-2023-26934
- RESERVED
+CVE-2023-26938 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+ TODO: check
+CVE-2023-26937 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+ TODO: check
+CVE-2023-26936 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+ TODO: check
+CVE-2023-26935 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+ TODO: check
+CVE-2023-26934 (An issue found in XPDF v.4.04 allows an attacker to cause a
denial of ...)
+ TODO: check
CVE-2023-26933
RESERVED
CVE-2023-26932
RESERVED
-CVE-2023-26931
- RESERVED
-CVE-2023-26930
- RESERVED
+CVE-2023-26931 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+ TODO: check
+CVE-2023-26930 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an
attacker ...)
+ TODO: check
CVE-2023-26929
RESERVED
CVE-2023-26928
@@ -13816,7 +13948,7 @@ CVE-2023-0996 (There is a vulnerability in the strided
image data parsing code i
NOTE:
https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html
CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in GitHub repository
unilogies/bum ...)
NOT-FOR-US: Bumsys
-CVE-2023-0994 (Improper Access Control in GitHub repository
francoisjacquet/rosariosi ...)
+CVE-2023-0994 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
NOT-FOR-US: RosarioSIS
CVE-2023-0993
RESERVED
@@ -14312,8 +14444,8 @@ CVE-2023-26288
RESERVED
CVE-2023-26287
RESERVED
-CVE-2023-26286
- RESERVED
+CVE-2023-26286 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a
non-privileged local ...)
+ TODO: check
CVE-2023-26285
RESERVED
CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0
through ...)
@@ -18739,8 +18871,8 @@ CVE-2023-24798 (D-Link DIR878 DIR_878_FW120B05 was
discovered to contain a stack
NOT-FOR-US: D-Link
CVE-2023-24797 (D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a
stack over ...)
NOT-FOR-US: D-Link
-CVE-2023-24796
- RESERVED
+CVE-2023-24796 (Password vulnerability found in Vinga WR-AC1200 81.102.1.4370
and befo ...)
+ TODO: check
CVE-2023-24795 (Command execution vulnerability was discovered in JHR-N916R
router fir ...)
NOT-FOR-US: JHR-N916R
CVE-2023-24794
@@ -19862,8 +19994,7 @@ CVE-2023-0459
- linux 6.1.15-1
NOTE:
https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
NOTE:
https://git.kernel.org/linus/74e19ef0ff8061ef55957c3abd71614ef0f42f47 (6.3-rc1)
-CVE-2023-0458
- RESERVED
+CVE-2023-0458 (A speculative pointer dereference problem exists in the Linux
Kernel o ...)
- linux 6.1.8-1
NOTE:
https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
NOTE:
https://git.kernel.org/linus/739790605705ddcf18f21782b9c99ad7d53a8c11 (6.2-rc5)
@@ -25222,10 +25353,10 @@ CVE-2023-22731 (Shopware is an open source commerce
platform based on Symfony Fr
NOT-FOR-US: Shopware
CVE-2023-22730 (Shopware is an open source commerce platform based on Symfony
Framewor ...)
NOT-FOR-US: Shopware
-CVE-2023-22729
- RESERVED
-CVE-2023-22728
- RESERVED
+CVE-2023-22729 (Silverstripe Framework is the Model-View-Controller framework
that pow ...)
+ TODO: check
+CVE-2023-22728 (Silverstripe Framework is the Model-View-Controller framework
that pow ...)
+ TODO: check
CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In
affected versi ...)
NOT-FOR-US: CakePHP
CVE-2023-22726 (act is a project which allows for local running of github
actions. The ...)
@@ -40841,8 +40972,8 @@ CVE-2022-44234
RESERVED
CVE-2022-44233
RESERVED
-CVE-2022-44232
- RESERVED
+CVE-2022-44232 (libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In
getInt() in d ...)
+ TODO: check
CVE-2022-44231
RESERVED
CVE-2022-44230
@@ -53959,8 +54090,8 @@ CVE-2022-39991
RESERVED
CVE-2022-39990
RESERVED
-CVE-2022-39989
- RESERVED
+CVE-2022-39989 (An issue was discovered in Fighting Cock Information System
1.0, which ...)
+ TODO: check
CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0
allows ...)
- centreon-web <itp> (bug #913903)
CVE-2022-39987
@@ -87968,10 +88099,10 @@ CVE-2022-27981
RESERVED
CVE-2022-27980
RESERVED
-CVE-2022-27979
- RESERVED
-CVE-2022-27978
- RESERVED
+CVE-2022-27979 (A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0
allows at ...)
+ TODO: check
+CVE-2022-27978 (Tooljet v1.6 does not properly handle missing values in the
API, allow ...)
+ TODO: check
CVE-2022-27977
RESERVED
CVE-2022-27976
@@ -95629,18 +95760,18 @@ CVE-2022-25280
RESERVED
CVE-2022-25279
RESERVED
-CVE-2022-25278
- RESERVED
-CVE-2022-25277
- RESERVED
-CVE-2022-25276
- RESERVED
-CVE-2022-25275
- RESERVED
-CVE-2022-25274
- RESERVED
-CVE-2022-25273
- RESERVED
+CVE-2022-25278 (Under certain circumstances, the Drupal core form API
evaluates form e ...)
+ TODO: check
+CVE-2022-25277 (Drupal core sanitizes filenames with dangerous extensions upon
upload ...)
+ TODO: check
+CVE-2022-25276 (The Media oEmbed iframe route does not properly validate the
iframe do ...)
+ TODO: check
+CVE-2022-25275 (In some situations, the Image module does not correctly check
access t ...)
+ TODO: check
+CVE-2022-25274 (Drupal 9.3 implemented a generic entity access API for entity
revision ...)
+ TODO: check
+CVE-2022-25273 (Drupal core's form API has a vulnerability where certain
contributed o ...)
+ TODO: check
CVE-2022-25272
RESERVED
CVE-2022-25270 (The Quick Edit module does not properly check entity access in
some ci ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7d1d167761137d2846c8cac7551058c6041d859
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7d1d167761137d2846c8cac7551058c6041d859
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
