Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad393794 by security tracker role at 2023-05-30T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,50 @@
-CVE-2023-2650 [openssl Possible DoS translating ASN.1 object identifiers]
+CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
+ TODO: check
+CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
+ TODO: check
+CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
+ TODO: check
+CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The
vulnerability ...)
+ TODO: check
+CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes
provider ve ...)
+ TODO: check
+CVE-2023-33178 (Xibo is a content management system (CMS). An SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2023-33177 (Xibo is a content management system (CMS). A path traversal
vulnerabil ...)
+ TODO: check
+CVE-2023-32699 (MeterSphere is an open source continuous testing platform.
Version 2.9 ...)
+ TODO: check
+CVE-2023-32696 (CKAN is an open-source data management system for powering
data hubs a ...)
+ TODO: check
+CVE-2023-32689 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for
running ...)
+ TODO: check
+CVE-2023-32448 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains
License Key St ...)
+ TODO: check
+CVE-2023-32218 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL
Redirection ...)
+ TODO: check
+CVE-2023-2994
+ REJECTED
+CVE-2023-2984 (Path Traversal: '\..\filename' in GitHub repository
pimcore/pimcore pr ...)
+ TODO: check
+CVE-2023-2983 (Privilege Defined With Unsafe Actions in GitHub repository
pimcore/pim ...)
+ TODO: check
+CVE-2023-2981 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-2980 (A vulnerability classified as critical was found in Abstrium
Pydio Cel ...)
+ TODO: check
+CVE-2023-2979 (A vulnerability classified as critical has been found in
Abstrium Pydi ...)
+ TODO: check
+CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has
been r ...)
+ TODO: check
+CVE-2023-2973 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-2972 (Prototype Pollution in GitHub repository antfu/utils prior to
0.7.3.)
+ TODO: check
+CVE-2023-2968 (A remote attacker can trigger a denial of service in the
socket.remote ...)
+ TODO: check
+CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object
identifi ...)
- openssl 3.0.9-1
NOTE: https://www.openssl.org/news/secadv/20230530.txt
NOTE:
https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098
(OpenSSL_1_1_1u)
@@ -2480,14 +2526,14 @@ CVE-2023-31199 (Improper access control in the Intel(R)
Solid State Drive Toolbo
NOT-FOR-US: Intel
CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and
Collector ...)
NOT-FOR-US: Intel
-CVE-2023-31187
- RESERVED
-CVE-2023-31186
- RESERVED
-CVE-2023-31185
- RESERVED
-CVE-2023-31184
- RESERVED
+CVE-2023-31187 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522:
Insufficiently P ...)
+ TODO: check
+CVE-2023-31186 (Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration
- Observ ...)
+ TODO: check
+CVE-2023-31185 (ROZCOM server framework - Misconfiguration may allow
information discl ...)
+ TODO: check
+CVE-2023-31184 (ROZCOM client CWE-798: Use of Hard-coded Credentials)
+ TODO: check
CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting
(XSS) vuln ...)
NOT-FOR-US: Cybonet PineApp Mail SecureA
CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor
Application ...)
@@ -5485,8 +5531,8 @@ CVE-2023-30198
RESERVED
CVE-2023-30197
RESERVED
-CVE-2023-30196
- RESERVED
+CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect
Access Co ...)
+ TODO: check
CVE-2023-30195
RESERVED
CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL
Injection via ...)
@@ -6452,20 +6498,20 @@ CVE-2023-29739
RESERVED
CVE-2023-29738
RESERVED
-CVE-2023-29737
- RESERVED
+CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for
Android al ...)
+ TODO: check
CVE-2023-29736
RESERVED
-CVE-2023-29735
- RESERVED
-CVE-2023-29734
- RESERVED
-CVE-2023-29733
- RESERVED
-CVE-2023-29732
- RESERVED
-CVE-2023-29731
- RESERVED
+CVE-2023-29735 (An issue found in edjing Mix v.7.09.01 for Android allows a
local atta ...)
+ TODO: check
+CVE-2023-29734 (An issue found in edjing Mix v.7.09.01 for Android allows
unauthorized ...)
+ TODO: check
+CVE-2023-29733 (The Lock Master app 2.2.4 for Android allows unauthorized apps
to modi ...)
+ TODO: check
+CVE-2023-29732 (SoLive 1.6.14 thru 1.6.20 for Android exists exposed
component, the co ...)
+ TODO: check
+CVE-2023-29731 (SoLive 1.6.14 thru 1.6.20 for Android has an exposed component
that pr ...)
+ TODO: check
CVE-2023-29730
RESERVED
CVE-2023-29729
@@ -8664,8 +8710,8 @@ CVE-2023-1713
RESERVED
CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub
repository de ...)
NOT-FOR-US: deepset-ai haystack
-CVE-2023-1711
- RESERVED
+CVE-2023-1711 (A vulnerability exists in a FOXMAN-UN and UNEM logging
component, it o ...)
+ TODO: check
CVE-2023-29032 (An attacker that has gained access to certain private
information can ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2023-29031 (A cross site scripting vulnerability was discovered in
Rockwell Automa ...)
@@ -10666,7 +10712,7 @@ CVE-2023-1426 (The WP Tiles WordPress plugin through
1.1.2 does not ensure that
CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress |
Award ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by
network-adj ...)
- {DLA-3397-1}
+ {DSA-5416-1 DLA-3397-1}
- connman 1.41-3 (bug #1034393)
NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488
NOTE:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138
@@ -12096,10 +12142,10 @@ CVE-2023-28082
RESERVED
CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit
e6ed9c1a4b02dc21 ...)
NOT-FOR-US: Facebook Hermes
-CVE-2023-28080
- RESERVED
-CVE-2023-28079
- RESERVED
+CVE-2023-28080 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL
Hijacking ...)
+ TODO: check
+CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains
Insecure File ...)
+ TODO: check
CVE-2023-28078
RESERVED
CVE-2023-28077
@@ -21455,10 +21501,10 @@ CVE-2023-24828 (Onedev is a self-hosted Git Server
with CI/CD and Kanban. In ver
NOT-FOR-US: Onedev
CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software
Bill of ...)
NOT-FOR-US: syft
-CVE-2023-24826
- RESERVED
-CVE-2023-24825
- RESERVED
+CVE-2023-24826 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
+ TODO: check
+CVE-2023-24825 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
+ TODO: check
CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and
renderin ...)
- cmark-gfm <unfixed> (bug #1034171)
[bookworm] - cmark-gfm <no-dsa> (Minor issue)
@@ -21490,8 +21536,8 @@ CVE-2023-24819 (RIOT-OS, an operating system that
supports Internet of Things de
NOT-FOR-US: RIOT-OS
CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things
devices, ...)
NOT-FOR-US: RIOT-OS
-CVE-2023-24817
- RESERVED
+CVE-2023-24817 (RIOT-OS, an operating system for Internet of Things (IoT)
devices, con ...)
+ TODO: check
CVE-2023-24816 (IPython (Interactive Python) is a command shell for
interactive comput ...)
- ipython <not-affected> (Windows-specific)
NOTE:
https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7
@@ -22268,8 +22314,8 @@ CVE-2023-24570
RESERVED
CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior
contain an I ...)
NOT-FOR-US: Dell
-CVE-2023-24568
- RESERVED
+CVE-2023-24568 (Dell NetWorker, contains an Improper Validation of Certificate
with Ho ...)
+ TODO: check
CVE-2023-24567 (Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ'
version di ...)
NOT-FOR-US: Dell
CVE-2023-24566 (A vulnerability has been identified in Solid Edge SE2022 (All
versions ...)
@@ -23997,8 +24043,8 @@ CVE-2023-23958
RESERVED
CVE-2023-23957
RESERVED
-CVE-2023-23956
- RESERVED
+CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will
be exec ...)
+ TODO: check
CVE-2023-23955
RESERVED
CVE-2023-23954
@@ -24593,10 +24639,10 @@ CVE-2023-23757
RESERVED
CVE-2023-23756
RESERVED
-CVE-2023-23755
- RESERVED
-CVE-2023-23754
- RESERVED
+CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The
lack of ra ...)
+ TODO: check
+CVE-2023-23754 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack
of input ...)
+ TODO: check
CVE-2023-0367 (The Pricing Tables For WPBakery Page Builder (formerly Visual
Composer ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not
validate an ...)
@@ -25381,8 +25427,8 @@ CVE-2023-23563
RESERVED
CVE-2023-23562
RESERVED
-CVE-2023-23561
- RESERVED
+CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has
Incorrect Access ...)
+ TODO: check
CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur
because ...)
NOT-FOR-US: Lexmark
CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the
Linux k ...)
@@ -29472,9 +29518,9 @@ CVE-2022-48140 (DedeCMS v5.7.97 was discovered to
contain a cross-site scripting
CVE-2022-48139
RESERVED
CVE-2022-48138
- RESERVED
+ REJECTED
CVE-2022-48137
- RESERVED
+ REJECTED
CVE-2022-48136
RESERVED
CVE-2022-48135
@@ -34378,10 +34424,10 @@ CVE-2022-47031
RESERVED
CVE-2022-47030
RESERVED
-CVE-2022-47029
- RESERVED
-CVE-2022-47028
- RESERVED
+CVE-2022-47029 (An issue was found in Action Launcher v50.5 allows an attacker
to esca ...)
+ TODO: check
+CVE-2022-47028 (An issue discovered in Action Launcher for Android v50.5
allows an att ...)
+ TODO: check
CVE-2022-47027 (Timmystudios Fast Typing Keyboard v1.275.1.162 allows
unauthorized app ...)
NOT-FOR-US: Timmystudios Fast Typing Keyboard
CVE-2022-47026
@@ -36604,10 +36650,10 @@ CVE-2022-4246 (A vulnerability classified as
problematic has been found in Kakao
NOT-FOR-US: Kakao PotPlayer
CVE-2022-46366 (Apache Tapestry 3.x allows deserialization of untrusted data,
leading ...)
NOT-FOR-US: Apache Tapestry
-CVE-2022-46361
- RESERVED
-CVE-2022-43485
- RESERVED
+CVE-2022-46361 (An attacker having physical access to WDM can plug USB device
to gain ...)
+ TODO: check
+CVE-2022-43485 (Use of Insufficiently Random Values in Honeywell OneWireless.
This vul ...)
+ TODO: check
CVE-2022-4245
RESERVED
CVE-2022-4244
@@ -36618,8 +36664,8 @@ CVE-2022-4242 (The WP Google Review Slider WordPress
plugin before 11.6 does not
NOT-FOR-US: WordPress plugin
CVE-2022-4241
RESERVED
-CVE-2022-4240
- RESERVED
+CVE-2022-4240 (Missing Authentication for Critical Function vulnerability in
Honeywel ...)
+ TODO: check
CVE-2022-46359 (Potential vulnerabilities have been identified in HP Security
Manager ...)
NOT-FOR-US: HP
CVE-2022-46358 (Potential vulnerabilities have been identified in HP Security
Manager ...)
@@ -38033,7 +38079,7 @@ CVE-2022-45855
CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX
firmware ve ...)
NOT-FOR-US: Zyxel
CVE-2022-45853
- RESERVED
+ REJECTED
CVE-2022-45852
RESERVED
CVE-2022-45851
@@ -42813,8 +42859,8 @@ CVE-2023-20886
RESERVED
CVE-2023-20885
RESERVED
-CVE-2023-20884
- RESERVED
+CVE-2023-20884 (VMware Workspace ONE Access and VMware Identity Manager
contain an ins ...)
+ TODO: check
CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 -
2.6.14, ...)
NOT-FOR-US: Spring Boot
CVE-2023-20882 (In Cloud foundry routing release versions from 0.262.0 and
prior to 0. ...)
@@ -67261,22 +67307,22 @@ CVE-2022-36252
RESERVED
CVE-2022-36251 (Clinic's Patient Management System v1.0 is vulnerable to Cross
Site Sc ...)
NOT-FOR-US: Clinic's Patient Management System
-CVE-2022-36250
- RESERVED
-CVE-2022-36249
- RESERVED
+CVE-2022-36250 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
+ TODO: check
+CVE-2022-36249 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
+ TODO: check
CVE-2022-36248
RESERVED
-CVE-2022-36247
- RESERVED
-CVE-2022-36246
- RESERVED
+CVE-2022-36247 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
+ TODO: check
+CVE-2022-36246 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
+ TODO: check
CVE-2022-36245
RESERVED
-CVE-2022-36244
- RESERVED
-CVE-2022-36243
- RESERVED
+CVE-2022-36244 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
+ TODO: check
+CVE-2022-36243 (Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up
to 3.2. ...)
+ TODO: check
CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL
Injection ...)
NOT-FOR-US: Clinic's Patient Management System
CVE-2022-36241
@@ -195048,6 +195094,7 @@ CVE-2020-27509 (Persistent XSS in Galaxkey Secure
Mail Client in Galaxkey up to
CVE-2020-27508 (In two-factor authentication, the system also sending 2fa
secret key i ...)
NOT-FOR-US: Frappe Framework
CVE-2020-27507 (The Kamailio SIP before 5.5.0 server mishandles INVITE
requests with d ...)
+ {DLA-3438-1}
- kamailio 5.4.2-1
NOTE: https://github.com/kamailio/kamailio/issues/2503
NOTE:
https://github.com/kamailio/kamailio/commit/f57c900b438f3233fa1e9a9d3ca8cd383a30baa6
(5.4.2) (5.4 branch)
@@ -350472,7 +350519,7 @@ CVE-2018-8663
CVE-2018-8662
RESERVED
CVE-2018-8661
- RESERVED
+ REJECTED
CVE-2018-8660
RESERVED
CVE-2018-8659
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad39379425774fc41436da30fbaf19d9e4d05016
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad39379425774fc41436da30fbaf19d9e4d05016
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
