Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3dfbae1 by security tracker role at 2023-05-01T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-2451 (A vulnerability was found in SourceCodester Online DJ
Management Syste ...)
+ TODO: check
CVE-2018-25085 (A vulnerability classified as problematic was found in
Responsive Menu ...)
NOT-FOR-US: Responsive Menus on Drupal
CVE-2015-10105 (A vulnerability, which was classified as critical, was found
in IP Bla ...)
@@ -715,8 +717,7 @@ CVE-2023-2250 (A flaw was found in the Open Cluster
Management (OCM) when a user
NOT-FOR-US: Open Cluster Management (OCM)
CVE-2023-2249
RESERVED
-CVE-2023-2248
- RESERVED
+CVE-2023-2248 (A heap out-of-bounds read/write vulnerability in the Linux
Kernel traf ...)
- linux <unfixed>
[buster] - linux 4.19.282-1
NOTE:
https://git.kernel.org/linus/3037933448f60f9acb705997eae62013ecb81e0d (6.3)
@@ -1144,14 +1145,12 @@ CVE-2023-2238
RESERVED
CVE-2023-2237
RESERVED
-CVE-2023-2236
- RESERVED
+CVE-2023-2236 (A use-after-free vulnerability in the Linux Kernel io_uring
subsystem ...)
- linux 6.0.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9d94c04c0db024922e886c9fd429659f22f48ea4 (6.1-rc7)
-CVE-2023-2235
- RESERVED
+CVE-2023-2235 (A use-after-free vulnerability in the Linux Kernel Performance
Events ...)
- linux 6.1.25-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1262,8 +1261,8 @@ CVE-2023-30899
RESERVED
CVE-2023-30898
RESERVED
-CVE-2023-2197
- RESERVED
+CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to
a padd ...)
+ TODO: check
CVE-2023-2196
RESERVED
CVE-2023-2195
@@ -1412,8 +1411,8 @@ CVE-2023-30861
RESERVED
CVE-2023-30860
RESERVED
-CVE-2023-30859
- RESERVED
+CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that
helps you ...)
+ TODO: check
CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs.
Starting in ...)
NOT-FOR-US: Denosaurs emoji package
CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for
JavaScr ...)
@@ -3673,12 +3672,12 @@ CVE-2023-30065
RESERVED
CVE-2023-30064
RESERVED
-CVE-2023-30063
- RESERVED
+CVE-2023-30063 (D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication
bypass.)
+ TODO: check
CVE-2023-30062
RESERVED
-CVE-2023-30061
- RESERVED
+CVE-2023-30061 (D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass
via phpcg ...)
+ TODO: check
CVE-2023-30060
RESERVED
CVE-2023-30059
@@ -4514,24 +4513,24 @@ CVE-2023-29645
RESERVED
CVE-2023-29644
RESERVED
-CVE-2023-29643
- RESERVED
+CVE-2023-29643 (Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2
allows a ...)
+ TODO: check
CVE-2023-29642
RESERVED
-CVE-2023-29641
- RESERVED
+CVE-2023-29641 (Cross Site Scripting (XSS) vulnerability in pandao editor.md
thru 1.5. ...)
+ TODO: check
CVE-2023-29640
RESERVED
-CVE-2023-29639
- RESERVED
-CVE-2023-29638
- RESERVED
-CVE-2023-29637
- RESERVED
-CVE-2023-29636
- RESERVED
-CVE-2023-29635
- RESERVED
+CVE-2023-29639 (Cross site scripting (XSS) vulnerability in ZHENFENG13
My-Blog, allows ...)
+ TODO: check
+CVE-2023-29638 (Cross Site Scripting (XSS) vulnerability in WinterChenS
my-site before ...)
+ TODO: check
+CVE-2023-29637 (Cross Site Scripting (XSS) vulnerability in Qbian61
forum-java, allows ...)
+ TODO: check
+CVE-2023-29636 (Cross site scripting (XSS) vulnerability in ZHENFENG13
My-Blog, allows ...)
+ TODO: check
+CVE-2023-29635 (File upload vulnerability in Antabot White-Jotter v0.2.2,
allows remot ...)
+ TODO: check
CVE-2023-29634
RESERVED
CVE-2023-29633
@@ -9801,8 +9800,8 @@ CVE-2023-28094
RESERVED
CVE-2023-28093 (A user with a compromised configuration can start an unsigned
binary a ...)
NOT-FOR-US: Pegasystems
-CVE-2023-28092
- RESERVED
+CVE-2023-28092 (A potential security vulnerability has been identified in HPE
ProLiant ...)
+ TODO: check
CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option
may exp ...)
NOT-FOR-US: HPE
CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read
credentials)
@@ -15715,8 +15714,8 @@ CVE-2023-25077 (Cross-site scripting vulnerability in
Authentication Key Setting
NOT-FOR-US: EC-CUBE
CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and
Product ...)
NOT-FOR-US: EC-CUBE
-CVE-2023-0896
- RESERVED
+CVE-2023-0896 (A default password was reported in Lenovo Smart Clock Essential
with A ...)
+ TODO: check
CVE-2023-0895 (The WP Coder \u2013 add custom html, css and js code plugin for
WordPr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0894
@@ -17436,8 +17435,8 @@ CVE-2023-25494
RESERVED
CVE-2023-25493
RESERVED
-CVE-2023-25492
- RESERVED
+CVE-2023-25492 (A valid, authenticated user may be able to trigger a denial of
service ...)
+ TODO: check
CVE-2023-25491
RESERVED
CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Eric ...)
@@ -18053,8 +18052,8 @@ CVE-2023-0685 (The Wicked Folders plugin for WordPress
is vulnerable to Cross-Si
NOT-FOR-US: Wicked Folders plugin for WordPress
CVE-2023-0684 (The Wicked Folders plugin for WordPress is vulnerable to
authorization ...)
NOT-FOR-US: Wicked Folders plugin for WordPress
-CVE-2023-0683
- RESERVED
+CVE-2023-0683 (A valid, authenticated XCC user with read only access may gain
elevate ...)
+ TODO: check
CVE-2023-0682
RESERVED
CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an
open redir ...)
@@ -24905,18 +24904,18 @@ CVE-2015-10036 (A vulnerability was found in
kylebebak dronfelipe. It has been d
NOT-FOR-US: kylebebak dronfelipe
CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart. It
has been ...)
NOT-FOR-US: backdrop-contrib Basic Cart
-CVE-2023-22924
- RESERVED
-CVE-2023-22923
- RESERVED
-CVE-2023-22922
- RESERVED
-CVE-2023-22921
- RESERVED
+CVE-2023-22924 (A buffer overflow vulnerability in the Zyxel NBG-418N v2
firmware vers ...)
+ TODO: check
+CVE-2023-22923 (A format string vulnerability in a binary of the Zyxel
NBG-418N v2 fir ...)
+ TODO: check
+CVE-2023-22922 (A buffer overflow vulnerability in the Zyxel NBG-418N v2
firmware vers ...)
+ TODO: check
+CVE-2023-22921 (A cross-site scripting (XSS) vulnerability in the Zyxel
NBG-418N v2 fi ...)
+ TODO: check
CVE-2023-22920 (A security misconfiguration vulnerability exists in the Zyxel
LTE3316- ...)
NOT-FOR-US: Zyxel
-CVE-2023-22919
- RESERVED
+CVE-2023-22919 (The post-authentication command injection vulnerability in the
Zyxel N ...)
+ TODO: check
CVE-2023-22918 (A post-authentication information exposure vulnerability in
the CGI pr ...)
NOT-FOR-US: Zyxel
CVE-2023-22917 (A buffer overflow vulnerability in the
\u201csdwan_iface_ipc\u201d bin ...)
@@ -26585,8 +26584,8 @@ CVE-2023-22505
RESERVED
CVE-2023-22504
RESERVED
-CVE-2023-22503
- RESERVED
+CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data
Center allow ...)
+ TODO: check
CVE-2023-22502
RESERVED
CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service
Managem ...)
@@ -26883,8 +26882,8 @@ CVE-2022-48188
RESERVED
CVE-2022-48187
RESERVED
-CVE-2022-48186
- RESERVED
+CVE-2022-48186 (A certificate validation vulnerability exists in the Baiying
Android a ...)
+ TODO: check
CVE-2022-48185
RESERVED
CVE-2022-48184
@@ -30383,8 +30382,8 @@ CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3
does not validate and es
NOT-FOR-US: WordPress plugin
CVE-2022-4569
RESERVED
-CVE-2022-4568
- RESERVED
+CVE-2022-4568 (A directory permissions management vulnerability in Lenovo
System Upda ...)
+ TODO: check
CVE-2022-4567 (Improper Access Control in GitHub repository openemr/openemr
prior to ...)
NOT-FOR-US: OpenEMR
CVE-2021-46866
@@ -33915,8 +33914,7 @@ CVE-2022-46368 (Rumpus - FTP server version 9.0.7.1
Cross-site request forgery (
NOT-FOR-US: Rumpus - FTP server
CVE-2022-46367 (Rumpus - FTP server Cross-site request forgery (CSRF) \u2013
Privilege ...)
NOT-FOR-US: Rumpus - FTP server
-CVE-2022-46365
- RESERVED
+CVE-2022-46365 (Apache StreamPark 1.0.0 before 2.0.0 When the user
successfully logs i ...)
NOT-FOR-US: Apache StreamPark
CVE-2022-46364 (A SSRF vulnerability in parsing thehref attribute of
XOP:Include in MT ...)
NOT-FOR-US: Apache CXF
@@ -35720,11 +35718,9 @@ CVE-2022-45804 (Cross-Site Request Forgery (CSRF)
vulnerability in RoboSoft Phot
NOT-FOR-US: WordPress plugin
CVE-2022-45803
RESERVED
-CVE-2022-45802
- RESERVED
+CVE-2022-45802 (Streampark allows any users to upload a jar as application,
but there ...)
NOT-FOR-US: Apache StreamPark
-CVE-2022-45801
- RESERVED
+CVE-2022-45801 (Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection
vulnerability. ...)
NOT-FOR-US: Apache StreamPark
CVE-2022-4131 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
@@ -65647,8 +65643,8 @@ CVE-2022-35900 (An issue was discovered in Bentley
MicroStation before 10.17.0.x
NOT-FOR-US: Bantley MicroStation
CVE-2022-35899 (There is an unquoted service path in ASUSTeK Aura Ready Game
SDK servi ...)
NOT-FOR-US: ASUSTeK
-CVE-2022-35898
- RESERVED
+CVE-2022-35898 (OpenText BizManager before 16.6.0.1 does not perform proper
validation ...)
+ TODO: check
CVE-2022-35897 (An stack buffer overflow vulnerability leads to arbitrary code
executi ...)
NOT-FOR-US: Insyde
CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM
was discov ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dfbae1d2c3b9d07d765a12d88ae0fbb4a29846
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dfbae1d2c3b9d07d765a12d88ae0fbb4a29846
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
