Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: ad393794 by security tracker role at 2023-05-30T20:12:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,4 +1,50 @@ -CVE-2023-2650 [openssl Possible DoS translating ASN.1 object identifiers] +CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + TODO: check +CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + TODO: check +CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + TODO: check +CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability ...) + TODO: check +CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes provider ve ...) + TODO: check +CVE-2023-33178 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) + TODO: check +CVE-2023-33177 (Xibo is a content management system (CMS). A path traversal vulnerabil ...) + TODO: check +CVE-2023-32699 (MeterSphere is an open source continuous testing platform. Version 2.9 ...) + TODO: check +CVE-2023-32696 (CKAN is an open-source data management system for powering data hubs a ...) + TODO: check +CVE-2023-32689 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for running ...) + TODO: check +CVE-2023-32448 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key St ...) + TODO: check +CVE-2023-32218 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection ...) + TODO: check +CVE-2023-2994 + REJECTED +CVE-2023-2984 (Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore pr ...) + TODO: check +CVE-2023-2983 (Privilege Defined With Unsafe Actions in GitHub repository pimcore/pim ...) + TODO: check +CVE-2023-2981 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-2980 (A vulnerability classified as critical was found in Abstrium Pydio Cel ...) + TODO: check +CVE-2023-2979 (A vulnerability classified as critical has been found in Abstrium Pydi ...) + TODO: check +CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been r ...) + TODO: check +CVE-2023-2973 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-2972 (Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.) + TODO: check +CVE-2023-2968 (A remote attacker can trigger a denial of service in the socket.remote ...) + TODO: check +CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object identifi ...) - openssl 3.0.9-1 NOTE: https://www.openssl.org/news/secadv/20230530.txt NOTE: https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 (OpenSSL_1_1_1u) @@ -2480,14 +2526,14 @@ CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbo NOT-FOR-US: Intel CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...) NOT-FOR-US: Intel -CVE-2023-31187 - RESERVED -CVE-2023-31186 - RESERVED -CVE-2023-31185 - RESERVED -CVE-2023-31184 - RESERVED +CVE-2023-31187 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently P ...) + TODO: check +CVE-2023-31186 (Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observ ...) + TODO: check +CVE-2023-31185 (ROZCOM server framework - Misconfiguration may allow information discl ...) + TODO: check +CVE-2023-31184 (ROZCOM client CWE-798: Use of Hard-coded Credentials) + TODO: check CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting (XSS) vuln ...) NOT-FOR-US: Cybonet PineApp Mail SecureA CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor Application ...) @@ -5485,8 +5531,8 @@ CVE-2023-30198 RESERVED CVE-2023-30197 RESERVED -CVE-2023-30196 - RESERVED +CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...) + TODO: check CVE-2023-30195 RESERVED CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...) @@ -6452,20 +6498,20 @@ CVE-2023-29739 RESERVED CVE-2023-29738 RESERVED -CVE-2023-29737 - RESERVED +CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...) + TODO: check CVE-2023-29736 RESERVED -CVE-2023-29735 - RESERVED -CVE-2023-29734 - RESERVED -CVE-2023-29733 - RESERVED -CVE-2023-29732 - RESERVED -CVE-2023-29731 - RESERVED +CVE-2023-29735 (An issue found in edjing Mix v.7.09.01 for Android allows a local atta ...) + TODO: check +CVE-2023-29734 (An issue found in edjing Mix v.7.09.01 for Android allows unauthorized ...) + TODO: check +CVE-2023-29733 (The Lock Master app 2.2.4 for Android allows unauthorized apps to modi ...) + TODO: check +CVE-2023-29732 (SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the co ...) + TODO: check +CVE-2023-29731 (SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that pr ...) + TODO: check CVE-2023-29730 RESERVED CVE-2023-29729 @@ -8664,8 +8710,8 @@ CVE-2023-1713 RESERVED CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub repository de ...) NOT-FOR-US: deepset-ai haystack -CVE-2023-1711 - RESERVED +CVE-2023-1711 (A vulnerability exists in a FOXMAN-UN and UNEM logging component, it o ...) + TODO: check CVE-2023-29032 (An attacker that has gained access to certain private information can ...) NOT-FOR-US: Apache OpenMeetings CVE-2023-29031 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) @@ -10666,7 +10712,7 @@ CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Award ...) NOT-FOR-US: WordPress plugin CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by network-adj ...) - {DLA-3397-1} + {DSA-5416-1 DLA-3397-1} - connman 1.41-3 (bug #1034393) NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488 NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138 @@ -12096,10 +12142,10 @@ CVE-2023-28082 RESERVED CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc21 ...) NOT-FOR-US: Facebook Hermes -CVE-2023-28080 - RESERVED -CVE-2023-28079 - RESERVED +CVE-2023-28080 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking ...) + TODO: check +CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File ...) + TODO: check CVE-2023-28078 RESERVED CVE-2023-28077 @@ -21455,10 +21501,10 @@ CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In ver NOT-FOR-US: Onedev CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...) NOT-FOR-US: syft -CVE-2023-24826 - RESERVED -CVE-2023-24825 - RESERVED +CVE-2023-24826 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + TODO: check +CVE-2023-24825 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + TODO: check CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) - cmark-gfm <unfixed> (bug #1034171) [bookworm] - cmark-gfm <no-dsa> (Minor issue) @@ -21490,8 +21536,8 @@ CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things de NOT-FOR-US: RIOT-OS CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things devices, ...) NOT-FOR-US: RIOT-OS -CVE-2023-24817 - RESERVED +CVE-2023-24817 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + TODO: check CVE-2023-24816 (IPython (Interactive Python) is a command shell for interactive comput ...) - ipython <not-affected> (Windows-specific) NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7 @@ -22268,8 +22314,8 @@ CVE-2023-24570 RESERVED CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior contain an I ...) NOT-FOR-US: Dell -CVE-2023-24568 - RESERVED +CVE-2023-24568 (Dell NetWorker, contains an Improper Validation of Certificate with Ho ...) + TODO: check CVE-2023-24567 (Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version di ...) NOT-FOR-US: Dell CVE-2023-24566 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) @@ -23997,8 +24043,8 @@ CVE-2023-23958 RESERVED CVE-2023-23957 RESERVED -CVE-2023-23956 - RESERVED +CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...) + TODO: check CVE-2023-23955 RESERVED CVE-2023-23954 @@ -24593,10 +24639,10 @@ CVE-2023-23757 RESERVED CVE-2023-23756 RESERVED -CVE-2023-23755 - RESERVED -CVE-2023-23754 - RESERVED +CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of ra ...) + TODO: check +CVE-2023-23754 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input ...) + TODO: check CVE-2023-0367 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...) NOT-FOR-US: WordPress plugin CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...) @@ -25381,8 +25427,8 @@ CVE-2023-23563 RESERVED CVE-2023-23562 RESERVED -CVE-2023-23561 - RESERVED +CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) + TODO: check CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...) NOT-FOR-US: Lexmark CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...) @@ -29472,9 +29518,9 @@ CVE-2022-48140 (DedeCMS v5.7.97 was discovered to contain a cross-site scripting CVE-2022-48139 RESERVED CVE-2022-48138 - RESERVED + REJECTED CVE-2022-48137 - RESERVED + REJECTED CVE-2022-48136 RESERVED CVE-2022-48135 @@ -34378,10 +34424,10 @@ CVE-2022-47031 RESERVED CVE-2022-47030 RESERVED -CVE-2022-47029 - RESERVED -CVE-2022-47028 - RESERVED +CVE-2022-47029 (An issue was found in Action Launcher v50.5 allows an attacker to esca ...) + TODO: check +CVE-2022-47028 (An issue discovered in Action Launcher for Android v50.5 allows an att ...) + TODO: check CVE-2022-47027 (Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized app ...) NOT-FOR-US: Timmystudios Fast Typing Keyboard CVE-2022-47026 @@ -36604,10 +36650,10 @@ CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao NOT-FOR-US: Kakao PotPlayer CVE-2022-46366 (Apache Tapestry 3.x allows deserialization of untrusted data, leading ...) NOT-FOR-US: Apache Tapestry -CVE-2022-46361 - RESERVED -CVE-2022-43485 - RESERVED +CVE-2022-46361 (An attacker having physical access to WDM can plug USB device to gain ...) + TODO: check +CVE-2022-43485 (Use of Insufficiently Random Values in Honeywell OneWireless. This vul ...) + TODO: check CVE-2022-4245 RESERVED CVE-2022-4244 @@ -36618,8 +36664,8 @@ CVE-2022-4242 (The WP Google Review Slider WordPress plugin before 11.6 does not NOT-FOR-US: WordPress plugin CVE-2022-4241 RESERVED -CVE-2022-4240 - RESERVED +CVE-2022-4240 (Missing Authentication for Critical Function vulnerability in Honeywel ...) + TODO: check CVE-2022-46359 (Potential vulnerabilities have been identified in HP Security Manager ...) NOT-FOR-US: HP CVE-2022-46358 (Potential vulnerabilities have been identified in HP Security Manager ...) @@ -38033,7 +38079,7 @@ CVE-2022-45855 CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...) NOT-FOR-US: Zyxel CVE-2022-45853 - RESERVED + REJECTED CVE-2022-45852 RESERVED CVE-2022-45851 @@ -42813,8 +42859,8 @@ CVE-2023-20886 RESERVED CVE-2023-20885 RESERVED -CVE-2023-20884 - RESERVED +CVE-2023-20884 (VMware Workspace ONE Access and VMware Identity Manager contain an ins ...) + TODO: check CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, ...) NOT-FOR-US: Spring Boot CVE-2023-20882 (In Cloud foundry routing release versions from 0.262.0 and prior to 0. ...) @@ -67261,22 +67307,22 @@ CVE-2022-36252 RESERVED CVE-2022-36251 (Clinic's Patient Management System v1.0 is vulnerable to Cross Site Sc ...) NOT-FOR-US: Clinic's Patient Management System -CVE-2022-36250 - RESERVED -CVE-2022-36249 - RESERVED +CVE-2022-36250 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + TODO: check +CVE-2022-36249 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + TODO: check CVE-2022-36248 RESERVED -CVE-2022-36247 - RESERVED -CVE-2022-36246 - RESERVED +CVE-2022-36247 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + TODO: check +CVE-2022-36246 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + TODO: check CVE-2022-36245 RESERVED -CVE-2022-36244 - RESERVED -CVE-2022-36243 - RESERVED +CVE-2022-36244 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + TODO: check +CVE-2022-36243 (Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + TODO: check CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL Injection ...) NOT-FOR-US: Clinic's Patient Management System CVE-2022-36241 @@ -195048,6 +195094,7 @@ CVE-2020-27509 (Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...) NOT-FOR-US: Frappe Framework CVE-2020-27507 (The Kamailio SIP before 5.5.0 server mishandles INVITE requests with d ...) + {DLA-3438-1} - kamailio 5.4.2-1 NOTE: https://github.com/kamailio/kamailio/issues/2503 NOTE: https://github.com/kamailio/kamailio/commit/f57c900b438f3233fa1e9a9d3ca8cd383a30baa6 (5.4.2) (5.4 branch) @@ -350472,7 +350519,7 @@ CVE-2018-8663 CVE-2018-8662 RESERVED CVE-2018-8661 - RESERVED + REJECTED CVE-2018-8660 RESERVED CVE-2018-8659 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad39379425774fc41436da30fbaf19d9e4d05016 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad39379425774fc41436da30fbaf19d9e4d05016 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits