Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0edb1c50 by security tracker role at 2023-05-27T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,50 @@
-CVE-2023-2898
+CVE-2023-33199 (Rekor's goals are to provide an immutable tamper resistant
ledger of m ...)
+ TODO: check
+CVE-2023-33196 (Craft is a CMS for creating custom digital experiences. Cross
site scr ...)
+ TODO: check
+CVE-2023-33195 (Craft is a CMS for creating custom digital experiences on the
web. A m ...)
+ TODO: check
+CVE-2023-33194 (Craft is a CMS for creating custom digital experiences on the
web.The ...)
+ TODO: check
+CVE-2023-33192 (ntpd-rs is an NTP implementation written in Rust. ntpd-rs does
not val ...)
+ TODO: check
+CVE-2023-33188 (Omni-notes is an open source note-taking application for
Android. The ...)
+ TODO: check
+CVE-2023-33187 (Highlight is an open source, full-stack monitoring platform.
Highlight ...)
+ TODO: check
+CVE-2023-33184 (Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack
allowed ...)
+ TODO: check
+CVE-2023-32688 (parse-server-push-adapter is the official Push Notification
adapter fo ...)
+ TODO: check
+CVE-2023-32686 (Kiwi TCMS is an open source test management system for both
manual and ...)
+ TODO: check
+CVE-2023-32676 (Autolab is a course management service that enables
auto-graded progra ...)
+ TODO: check
+CVE-2023-32325 (PostHog-js is a library to interface with the PostHog
analytics tool. ...)
+ TODO: check
+CVE-2023-32321 (CKAN is an open-source data management system for powering
data hubs a ...)
+ TODO: check
+CVE-2023-32319 (Nextcloud server is an open source personal cloud
implementation. Miss ...)
+ TODO: check
+CVE-2023-32317 (Autolab is a course management service that enables
auto-graded progra ...)
+ TODO: check
+CVE-2023-32316 (CloudExplorer Lite is an open source cloud management tool. In
affecte ...)
+ TODO: check
+CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source
Apache Licen ...)
+ TODO: check
+CVE-2023-32311 (CloudExplorer Lite is an open source cloud management
platform. In Clo ...)
+ TODO: check
+CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant
with the ...)
+ TODO: check
+CVE-2023-2924 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-2923 (A vulnerability classified as critical was found in Tenda AC6
US_AC6V1 ...)
+ TODO: check
+CVE-2023-2922 (A vulnerability classified as problematic has been found in
SourceCode ...)
+ TODO: check
+CVE-2023-2825 (An issue has been discovered in GitLab CE/EE affecting only
version 16 ...)
+ TODO: check
+CVE-2023-2898 (There is a null-pointer-dereference flaw found in
f2fs_write_end_io in ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://lore.kernel.org/linux-f2fs-devel/[email protected]/
@@ -28,40 +74,40 @@ CVE-2023-32318 (Nextcloud server provides a home for data.
A regression in the s
TODO: check
CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability
exists ...)
NOT-FOR-US: Craft CMS
-CVE-2023-2854
+CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to
3.6.13 ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-17.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084
-CVE-2023-2856
+CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5
and 3.6.0 ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083
-CVE-2023-2858
+CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and
3.6.0 to 3 ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081
-CVE-2023-2879
+CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to
3.6.13 al ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-14.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068
-CVE-2023-2857
+CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to
3.6.13 ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-13.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19063
-CVE-2023-2855
+CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0
to 3.6. ...)
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -2363,8 +2409,8 @@ CVE-2023-31130 (c-ares is an asynchronous resolver
library. ares_inet_net_pton()
NOTE:
https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2
(cares-1_19_1)
CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be
triggere ...)
NOT-FOR-US: Contiki-NG
-CVE-2023-31128
- RESERVED
+CVE-2023-31128 (NextCloud Cookbook is a recipe library app. Prior to commit
a46d9855 o ...)
+ TODO: check
CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM
specific ...)
NOT-FOR-US: libspdm
CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used
by the op ...)
@@ -8370,6 +8416,7 @@ CVE-2023-1731 (In Meinbergs LTOS versions prior to
V7.06.013, the configuration
CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in
raw2image_ex() c ...)
+ {DLA-3433-1}
- libraw 0.20.2-2.1 (bug #1036281)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240
NOTE: https://github.com/LibRaw/LibRaw/issues/557
@@ -11009,24 +11056,21 @@ CVE-2023-28324
RESERVED
CVE-2023-28323
RESERVED
-CVE-2023-28322 [more POST-after-PUT confusion]
- RESERVED
+CVE-2023-28322 (An information disclosure vulnerability exists in curl <v8.1.0
when do ...)
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28322.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/546572da0457f37c698c02d0a08d90fdfcbeedec
(curl-7_7)
NOTE: Fixed by:
https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de6c5e61272c496b
(curl-8_1_0)
-CVE-2023-28321 [IDN wildcard match]
- RESERVED
+CVE-2023-28321 (An improper certificate validation vulnerability exists in
curl <v8.1. ...)
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <no-dsa> (Minor issue)
[buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2023-28321.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/9631fa740708b1890197fad01e25b34b7e8eb80e
(curl-7_12_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/199f2d440d8659b42670c1b796220792b01a97bf
(curl-8_1_0)
-CVE-2023-28320 [siglongjmp race condition]
- RESERVED
+CVE-2023-28320 (A denial of service vulnerability exists in curl <v8.1.0 in
the way li ...)
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <ignored> (Minor issue; Upstream changes drop
curl_jmpenv symbol)
[buster] - curl <ignored> (Minor issue; Upstream changes drop
curl_jmpenv symbol)
@@ -11034,8 +11078,7 @@ CVE-2023-28320 [siglongjmp race condition]
NOTE: Introduced by:
https://github.com/curl/curl/commit/3c49b405de4fbf1fd7127f91908261268640e54f
(curl-7_9_8)
NOTE: Fixed by:
https://github.com/curl/curl/commit/13718030ad4b3209a7583b4f27f683cd3a6fa5f2
(curl-8_1_0)
NOTE: Follow-up:
https://github.com/curl/curl/commit/f446258f0269a62289cca0210157cb8558d0edc3
(curl-8_1_0)
-CVE-2023-28319 [UAF in SSH sha256 fingerprint check]
- RESERVED
+CVE-2023-28319 (A use after free vulnerability exists in curl <v8.1.0 in the
way libcu ...)
- curl 7.88.1-10 (bug #1036239)
[bullseye] - curl <not-affected> (Vulnerable code not present)
[buster] - curl <not-affected> (Vulnerable code not present)
@@ -14172,8 +14215,8 @@ CVE-2023-27313
RESERVED
CVE-2023-27312
RESERVED
-CVE-2023-27311
- RESERVED
+CVE-2023-27311 (NetApp Blue XP Connector versions prior to 3.9.25 expose
information v ...)
+ TODO: check
CVE-2023-27310 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All
version ...)
NOT-FOR-US: Siemens
CVE-2023-27309 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All
version ...)
@@ -17194,12 +17237,12 @@ CVE-2023-26131
RESERVED
CVE-2023-26130
RESERVED
-CVE-2023-26129
- RESERVED
-CVE-2023-26128
- RESERVED
-CVE-2023-26127
- RESERVED
+CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command
Injection ...)
+ TODO: check
+CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable
to Comma ...)
+ TODO: check
+CVE-2023-26127 (All versions of the package n158 are vulnerable to Command
Injection d ...)
+ TODO: check
CVE-2023-26126 (All versions of the package m.static are vulnerable to
Directory Trave ...)
NOT-FOR-US: m.static
CVE-2023-26125 (Versions of the package github.com/gin-gonic/gin before 1.9.0
are vuln ...)
@@ -38948,12 +38991,12 @@ CVE-2023-21518
RESERVED
CVE-2023-21517
RESERVED
-CVE-2023-21516
- RESERVED
-CVE-2023-21515
- RESERVED
-CVE-2023-21514
- RESERVED
+CVE-2023-21516 (XSS vulnerability from InstantPlay in Galaxy Store prior to
version 4. ...)
+ TODO: check
+CVE-2023-21515 (InstantPlay which included vulnerable script which could
execute javas ...)
+ TODO: check
+CVE-2023-21514 (Improper scheme validation from InstantPlay Deeplink in Galaxy
Store p ...)
+ TODO: check
CVE-2023-21513
RESERVED
CVE-2023-21512
@@ -98489,7 +98532,7 @@ CVE-2022-0639 (Authorization Bypass Through
User-Controlled Key in NPM url-parse
NOTE:
https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788
(1.5.7)
CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist
microweber/microweber p ...)
NOT-FOR-US: microweber
-CVE-2022-0637 (There was an open redirection vulnerability pollbot, which was
used in ...)
+CVE-2022-0637 (open redirect in pollbot (pollbot.services.mozilla.com) in
versions be ...)
NOT-FOR-US: pollbot
CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin
Installe ...)
NOT-FOR-US: Lenovo
@@ -150429,6 +150472,7 @@ CVE-2021-32144
CVE-2021-32143
RESERVED
CVE-2021-32142 (Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0
allows atta ...)
+ {DLA-3433-1}
[experimental] - libraw 0.21.1-1
- libraw 0.20.2-2.1 (bug #1031790)
[bullseye] - libraw <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0edb1c507cd604c14eb23b97e964e9d45a3b3788
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0edb1c507cd604c14eb23b97e964e9d45a3b3788
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
