Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6cc767d by security tracker role at 2023-05-05T08:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary
files wi ...)
+ TODO: check
+CVE-2023-31415 (Kibana version 8.7.0 contains an arbitrary code execution
flaw. An att ...)
+ TODO: check
+CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code
executio ...)
+ TODO: check
+CVE-2023-31413 (Filebeat versions through 7.17.9 and 8.6.2 have a flaw in
httpjson inp ...)
+ TODO: check
+CVE-2023-2535 (Sensitive information exposure in the Web Frontend of KNIME
Business H ...)
+ TODO: check
+CVE-2023-2531 (Improper Restriction of Excessive Authentication Attempts in
GitHub re ...)
+ TODO: check
+CVE-2017-20183 (A vulnerability was found in External Media without Import
Plugin up t ...)
+ TODO: check
CVE-2023-2524 (A vulnerability classified as critical has been found in
Control iD RH ...)
NOT-FOR-US: Control iD RHiD
CVE-2023-2523 (A vulnerability was found in Weaver E-Office 9.5. It has been
rated as ...)
@@ -3106,8 +3120,8 @@ CVE-2023-30401
RESERVED
CVE-2023-30400
RESERVED
-CVE-2023-30399
- RESERVED
+CVE-2023-30399 (Insecure permissions in the settings page of GARO Wallbox
GLB/GTB/GTC ...)
+ TODO: check
CVE-2023-30398
RESERVED
CVE-2023-30397
@@ -3248,8 +3262,8 @@ CVE-2023-30330
RESERVED
CVE-2023-30329
RESERVED
-CVE-2023-30328
- RESERVED
+CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN
Client for ma ...)
+ TODO: check
CVE-2023-30327
RESERVED
CVE-2023-30326
@@ -3343,8 +3357,8 @@ CVE-2023-30284
RESERVED
CVE-2023-30283
RESERVED
-CVE-2023-30282
- RESERVED
+CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to
Incorrect Acces ...)
+ TODO: check
CVE-2023-30281
RESERVED
CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900
v.1.0.2.26, R6700 ...)
@@ -3475,8 +3489,8 @@ CVE-2023-30218
RESERVED
CVE-2023-30217
RESERVED
-CVE-2023-30216
- RESERVED
+CVE-2023-30216 (Insecure permissions in the updateUserInfo function of
newbee-mall bef ...)
+ TODO: check
CVE-2023-30215
RESERVED
CVE-2023-30214
@@ -3638,8 +3652,8 @@ CVE-2023-30137
RESERVED
CVE-2023-30136
RESERVED
-CVE-2023-30135
- RESERVED
+CVE-2023-30135 (Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a
command ...)
+ TODO: check
CVE-2023-30134
RESERVED
CVE-2023-30133
@@ -3664,8 +3678,8 @@ CVE-2023-30124
RESERVED
CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in
the Mem ...)
NOT-FOR-US: wuzhicms
-CVE-2023-30122
- RESERVED
+CVE-2023-30122 (An arbitrary file upload vulnerability in the component
/admin/ajax.ph ...)
+ TODO: check
CVE-2023-30121
RESERVED
CVE-2023-30120
@@ -3722,14 +3736,14 @@ CVE-2023-30095 (A stored cross-site scripting (XSS)
vulnerability in TotalJS mes
NOT-FOR-US: TotalJS
CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS
Flow v10 ...)
NOT-FOR-US: TotalJS
-CVE-2023-30093
- RESERVED
+CVE-2023-30093 (An arbitrary file upload vulnerability in Open Networking
Foundation O ...)
+ TODO: check
CVE-2023-30092
RESERVED
CVE-2023-30091
RESERVED
-CVE-2023-30090
- RESERVED
+CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file
uplaod vu ...)
+ TODO: check
CVE-2023-30089
RESERVED
CVE-2023-30088
@@ -5434,8 +5448,7 @@ CVE-2023-1896
RESERVED
CVE-2023-1895
RESERVED
-CVE-2023-1894
- RESERVED
+CVE-2023-1894 (A Regular Expression Denial of Service (ReDoS) issue was
discovered in ...)
- puppet <not-affected> (Limit to Puppet Server 7)
- puppetserver <unfixed>
NOTE:
https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos
@@ -9979,8 +9992,8 @@ CVE-2023-28070 (Alienware Command Center Application,
versions 5.5.43.0 and prio
NOT-FOR-US: Alienware
CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open
Redirect vulne ...)
NOT-FOR-US: Dell
-CVE-2023-28068
- RESERVED
+CVE-2023-28068 (Dell Command Monitor, versions 10.9 and prior, contains an
improper fo ...)
+ TODO: check
CVE-2023-28067
RESERVED
CVE-2023-28066
@@ -17998,8 +18011,8 @@ CVE-2023-25291
RESERVED
CVE-2023-25290
RESERVED
-CVE-2023-25289
- RESERVED
+CVE-2023-25289 (Directory Traversal vulnerability in virtualreception Digital
Receptie ...)
+ TODO: check
CVE-2023-25288
RESERVED
CVE-2023-25287
@@ -29064,7 +29077,7 @@ CVE-2022-47650
RESERVED
CVE-2022-47649
RESERVED
-CVE-2022-47648 (Bosch Security Systems B420 firmware 02.02.0001 employs IP
based autho ...)
+CVE-2022-47648 (An Improper Access Control vulnerability allows an attacker to
access ...)
NOT-FOR-US: Bosch Security Systems B420 firmware
CVE-2022-47647
RESERVED
@@ -30868,8 +30881,8 @@ CVE-2022-38469 (An unauthorized user with network
access and the decryption key
NOT-FOR-US: GE Digital
CVE-2021-4245 (A vulnerability classified as problematic has been found in
chbrown rf ...)
NOT-FOR-US: rfc6902
-CVE-2022-47449
- RESERVED
+CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
RexTheme ...)
+ TODO: check
CVE-2022-47448
RESERVED
CVE-2022-47447
@@ -30898,8 +30911,8 @@ CVE-2022-47436
RESERVED
CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Oliv ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47434
- RESERVED
+CVE-2022-47434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in PB S ...)
+ TODO: check
CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel
Powney ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47432
@@ -37008,62 +37021,62 @@ CVE-2023-21513
RESERVED
CVE-2023-21512
RESERVED
-CVE-2023-21511
- RESERVED
-CVE-2023-21510
- RESERVED
-CVE-2023-21509
- RESERVED
-CVE-2023-21508
- RESERVED
-CVE-2023-21507
- RESERVED
-CVE-2023-21506
- RESERVED
-CVE-2023-21505
- RESERVED
-CVE-2023-21504
- RESERVED
-CVE-2023-21503
- RESERVED
-CVE-2023-21502
- RESERVED
-CVE-2023-21501
- RESERVED
-CVE-2023-21500
- RESERVED
-CVE-2023-21499
- RESERVED
-CVE-2023-21498
- RESERVED
-CVE-2023-21497
- RESERVED
-CVE-2023-21496
- RESERVED
-CVE-2023-21495
- RESERVED
-CVE-2023-21494
- RESERVED
-CVE-2023-21493
- RESERVED
-CVE-2023-21492
- RESERVED
-CVE-2023-21491
- RESERVED
-CVE-2023-21490
- RESERVED
-CVE-2023-21489
- RESERVED
-CVE-2023-21488
- RESERVED
-CVE-2023-21487
- RESERVED
-CVE-2023-21486
- RESERVED
-CVE-2023-21485
- RESERVED
-CVE-2023-21484
- RESERVED
+CVE-2023-21511 (Out-of-bounds Read vulnerability while processing
CMD_COLDWALLET_BTC_S ...)
+ TODO: check
+CVE-2023-21510 (Out-of-bounds Read vulnerability while processing
BC_TUI_CMD_UPDATE_SC ...)
+ TODO: check
+CVE-2023-21509 (Out-of-bounds Write vulnerability while processing
BC_TUI_CMD_UPDATE_S ...)
+ TODO: check
+CVE-2023-21508 (Out-of-bounds Write vulnerability while processing
BC_TUI_CMD_SEND_RES ...)
+ TODO: check
+CVE-2023-21507 (Out-of-bounds Read vulnerability while processing
BC_TUI_CMD_SEND_RESO ...)
+ TODO: check
+CVE-2023-21506 (Out-of-bounds Write vulnerability while processing
BC_TUI_CMD_SEND_RES ...)
+ TODO: check
+CVE-2023-21505 (Improper access control in Samsung Core Service prior to
version 2.1.0 ...)
+ TODO: check
+CVE-2023-21504 (Potential buffer overflow vulnerability in
mm_Plmncoordination.c in Sh ...)
+ TODO: check
+CVE-2023-21503 (Potential buffer overflow vulnerability in
mm_LteInterRatManagement.c ...)
+ TODO: check
+CVE-2023-21502 (Improper input validation vulnerability in FactoryTest
application pri ...)
+ TODO: check
+CVE-2023-21501 (Improper input validation vulnerability in mPOS fiserve
trustlet prior ...)
+ TODO: check
+CVE-2023-21500 (Double free validation vulnerability in setPinPadImages in
mPOS TUI tr ...)
+ TODO: check
+CVE-2023-21499 (Out-of-bounds write vulnerability in
TA_Communication_mpos_encrypt_pin ...)
+ TODO: check
+CVE-2023-21498 (Improper input validation vulnerability in setPartnerTAInfo in
mPOS TU ...)
+ TODO: check
+CVE-2023-21497 (Use of externally-controlled format string vulnerability in
mPOS TUI t ...)
+ TODO: check
+CVE-2023-21496 (Active Debug Code vulnerability in ActivityManagerService
prior to SMR ...)
+ TODO: check
+CVE-2023-21495 (Improper access control vulnerability in Knox Enrollment
Service prior ...)
+ TODO: check
+CVE-2023-21494 (Potential buffer overflow vulnerability in auth api in
mm_Authenticati ...)
+ TODO: check
+CVE-2023-21493 (Improper access control vulnerability in SemShareFileProvider
prior to ...)
+ TODO: check
+CVE-2023-21492 (Kernel pointers are printed in the log file prior to SMR
May-2023 Rele ...)
+ TODO: check
+CVE-2023-21491 (Improper access control vulnerability in ThemeManager prior to
SMR May ...)
+ TODO: check
+CVE-2023-21490 (Improper access control in GearManagerStub prior to SMR
May-2023 Relea ...)
+ TODO: check
+CVE-2023-21489 (Heap out-of-bounds write vulnerability in bootloader prior to
SMR May- ...)
+ TODO: check
+CVE-2023-21488 (Improper access control vulnerablility in Tips prior to SMR
May-2023 R ...)
+ TODO: check
+CVE-2023-21487 (Improper access control vulnerability in Telephony framework
prior to ...)
+ TODO: check
+CVE-2023-21486 (Improper export of android application components
vulnerability in Ima ...)
+ TODO: check
+CVE-2023-21485 (Improper export of android application components
vulnerability in Vid ...)
+ TODO: check
+CVE-2023-21484 (Improper access control vulnerability in AppLock prior to SMR
May-2023 ...)
+ TODO: check
CVE-2023-21483
RESERVED
CVE-2023-21482
@@ -38311,8 +38324,8 @@ CVE-2022-45050 (A reflected XSS vulnerability has been
found in Axiell Iguana CM
NOT-FOR-US: Axiell Iguana CMS
CVE-2022-45049 (A reflected XSS vulnerability has been found in Axiell Iguana
CMS, all ...)
NOT-FOR-US: Axiell Iguana CMS
-CVE-2022-45048
- RESERVED
+CVE-2022-45048 (Authenticated users with appropriate privileges can create
policies ha ...)
+ TODO: check
CVE-2022-45047 (Class
org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...)
NOT-FOR-US: Apache Mina SSHD
CVE-2022-45046
@@ -127871,8 +127884,8 @@ CVE-2021-3758 (bookstack is vulnerable to Server-Side
Request Forgery (SSRF))
CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of
Object Pr ...)
NOT-FOR-US: Node immer
NOTE: https://github.com/immerjs/immer
-CVE-2021-40331
- RESERVED
+CVE-2021-40331 (An Incorrect Permission Assignment for Critical Resource
vulnerability ...)
+ TODO: check
CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow)
- libmysofa 1.2.1~dfsg0-1
[bullseye] - libmysofa <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6cc767d5074bd4a9aa7c1efd20ddcf9e15b7758
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6cc767d5074bd4a9aa7c1efd20ddcf9e15b7758
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
