Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c55917d4 by security tracker role at 2023-05-31T08:11:51+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,51 @@ +CVE-2023-33962 (JStachio is a type-safe Java Mustache templating engine. Prior to ver ...) + TODO: check +CVE-2023-33961 (Leantime is a lean open source project management system. Starting in ...) + TODO: check +CVE-2023-33741 (Macrovideo v380pro v1.4.97 shares the device id and password when shar ...) + TODO: check +CVE-2023-33740 (Incorrect access control in luowice v3.5.18 allows attackers to access ...) + TODO: check +CVE-2023-33734 (BlueCMS v1.6 was discovered to contain a SQL injection vulnerability v ...) + TODO: check +CVE-2023-33181 (Xibo is a content management system (CMS). Starting in version 3.0.0 a ...) + TODO: check +CVE-2023-33180 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) + TODO: check +CVE-2023-33179 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) + TODO: check +CVE-2023-32342 (IBM GSKit could allow a remote attacker to obtain sensitive informatio ...) + TODO: check +CVE-2023-2999 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + TODO: check +CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + TODO: check +CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...) + TODO: check +CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) + TODO: check +CVE-2023-2836 (The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-2612 (Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ub ...) + TODO: check +CVE-2023-2549 (The Feather Login Page plugin for WordPress is vulnerable to Cross-Sit ...) + TODO: check +CVE-2023-2547 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2023-2545 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...) + TODO: check +CVE-2023-2436 (The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Si ...) + TODO: check +CVE-2023-2435 (The Blog-in-Blog plugin for WordPress is vulnerable to Local File Incl ...) + TODO: check +CVE-2023-2434 (The Nested Pages plugin for WordPress is vulnerable to unauthorized lo ...) + TODO: check +CVE-2015-10107 (A vulnerability was found in Simplr Registration Form Plus+ Plugin up ...) + TODO: check +CVE-2014-125103 (A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on ...) + TODO: check +CVE-2012-10015 (A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on ...) + TODO: check CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) NOT-FOR-US: RIOT-OS CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) @@ -106,7 +154,7 @@ CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not saniti NOT-FOR-US: WordPress plugin CVE-2014-125102 (A vulnerability classified as problematic was found in Bestwebsoft Rel ...) NOT-FOR-US: WordPress plugin -CVE-2023-2953 [potential null pointer dereference flaw] +CVE-2023-2953 (A vulnerability was found in openldap. This security flaw causes a nul ...) [experimental] - openldap 2.6.4+dfsg-1~exp1 - openldap <unfixed> [bookworm] - openldap <no-dsa> (Minor issue) @@ -118,13 +166,13 @@ CVE-2023-2953 [potential null pointer dereference flaw] NOTE: https://git.openldap.org/openldap/openldap/-/commit/840944e26f734bb03d925f26c4ef11a6cedcbb9c (OPENLDAP_REL_ENG_2_6_4) NOTE: https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce (OPENLDAP_REL_ENG_2_5_14) NOTE: https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b (OPENLDAP_REL_ENG_2_5_14) -CVE-2023-34153 [Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding] +CVE-2023-34153 (A vulnerability was found in ImageMagick. This security flaw causes a ...) - imagemagick <not-affected> (Vulnerable code introduced later in ImageMagick7) NOTE: https://github.com/ImageMagick/ImageMagick/issues/6338 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d31c80d15a2c82fc1dd8e889e0f97b0219079a57 (7.1.1-10) NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/8fdb81b3c551a37f41a6370fe7d1634406eb1cef NOTE: introduces the vsync and pix_fmt features, without introducing the vulnerability. -CVE-2023-34152 [RCE vulnerability in OpenBlob with --enable-pipes configured] +CVE-2023-34152 (A vulnerability was found in ImageMagick. This security flaw cause a r ...) - imagemagick <unfixed> (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339 NOTE: Only an issue when configured with --enable-pipes. Enabling pipes are @@ -202,43 +250,43 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0. NOT-FOR-US: OpenEMR CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) NOT-FOR-US: OpenEMR -CVE-2023-2941 +CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome prior ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2940 +CVE-2023-2940 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2939 +CVE-2023-2939 (Insufficient data validation in Installer in Google Chrome on Windows ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2938 +CVE-2023-2938 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2937 +CVE-2023-2937 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2936 +CVE-2023-2936 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2935 +CVE-2023-2935 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2934 +CVE-2023-2934 (Out of bounds memory access in Mojo in Google Chrome prior to 114.0.57 ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2933 +CVE-2023-2933 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2932 +CVE-2023-2932 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2931 +CVE-2023-2931 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2930 +CVE-2023-2930 (Use after free in Extensions in Google Chrome prior to 114.0.5735.90 a ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-2929 +CVE-2023-2929 (Out of bounds write in Swiftshader in Google Chrome prior to 114.0.573 ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been declar ...) @@ -2434,8 +2482,8 @@ CVE-2023-2306 RESERVED CVE-2023-2305 RESERVED -CVE-2023-2304 - RESERVED +CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) + TODO: check CVE-2023-2303 RESERVED CVE-2023-2302 @@ -5582,8 +5630,8 @@ CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect A NOT-FOR-US: Prestashop CVE-2023-30198 RESERVED -CVE-2023-30197 - RESERVED +CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinventory) <= ...) + TODO: check CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...) NOT-FOR-US: Prestashop CVE-2023-30195 @@ -6535,22 +6583,22 @@ CVE-2023-29747 RESERVED CVE-2023-29746 RESERVED -CVE-2023-29745 - RESERVED +CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) + TODO: check CVE-2023-29744 RESERVED -CVE-2023-29743 - RESERVED -CVE-2023-29742 - RESERVED -CVE-2023-29741 - RESERVED -CVE-2023-29740 - RESERVED -CVE-2023-29739 - RESERVED -CVE-2023-29738 - RESERVED +CVE-2023-29743 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) + TODO: check +CVE-2023-29742 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) + TODO: check +CVE-2023-29741 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) + TODO: check +CVE-2023-29740 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...) + TODO: check +CVE-2023-29739 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...) + TODO: check +CVE-2023-29738 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...) + TODO: check CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...) TODO: check CVE-2023-29736 @@ -6569,12 +6617,12 @@ CVE-2023-29730 RESERVED CVE-2023-29729 RESERVED -CVE-2023-29728 - RESERVED -CVE-2023-29727 - RESERVED -CVE-2023-29726 - RESERVED +CVE-2023-29728 (The Call Blocker application 6.6.3 for Android allows attackers to tam ...) + TODO: check +CVE-2023-29727 (The Call Blocker application 6.6.3 for Android allows unauthorized app ...) + TODO: check +CVE-2023-29726 (The Call Blocker application 6.6.3 for Android incorrectly opens a key ...) + TODO: check CVE-2023-29725 RESERVED CVE-2023-29724 @@ -9223,8 +9271,8 @@ CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced brow NOT-FOR-US: Coverity CVE-2023-1662 RESERVED -CVE-2023-1661 - RESERVED +CVE-2023-1661 (The Display post meta, term meta, comment meta, and user meta plugin f ...) + TODO: check CVE-2023-1660 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...) NOT-FOR-US: WordPress plugin CVE-2023-1659 @@ -11183,26 +11231,26 @@ CVE-2023-28355 RESERVED CVE-2023-28354 RESERVED -CVE-2023-28353 - RESERVED -CVE-2023-28352 - RESERVED -CVE-2023-28351 - RESERVED -CVE-2023-28350 - RESERVED -CVE-2023-28349 - RESERVED -CVE-2023-28348 - RESERVED -CVE-2023-28347 - RESERVED -CVE-2023-28346 - RESERVED -CVE-2023-28345 - RESERVED -CVE-2023-28344 - RESERVED +CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. An ...) + TODO: check +CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. By ...) + TODO: check +CVE-2023-28351 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Eve ...) + TODO: check +CVE-2023-28350 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Att ...) + TODO: check +CVE-2023-28349 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) + TODO: check +CVE-2023-28348 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. A s ...) + TODO: check +CVE-2023-28347 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) + TODO: check +CVE-2023-28346 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) + TODO: check +CVE-2023-28345 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...) + TODO: check +CVE-2023-28344 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...) + TODO: check CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...) NOT-FOR-US: Altenergy Power Control Software CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not properly ...) @@ -17585,8 +17633,8 @@ CVE-2023-26133 RESERVED CVE-2023-26132 RESERVED -CVE-2023-26131 - RESERVED +CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...) + TODO: check CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...) TODO: check CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command Injection ...) @@ -19180,8 +19228,8 @@ CVE-2015-10078 (A vulnerability, which was classified as problematic, has been f NOT-FOR-US: Resend Welcome Email Plugin CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) -CVE-2023-0779 - RESERVED +CVE-2023-0779 (At the most basic level, an invalid pointer can be input that crashes ...) + TODO: check CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...) - libpod 4.3.1+ds1-7 (bug #1032099) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256 @@ -19625,8 +19673,8 @@ CVE-2023-25541 RESERVED CVE-2023-25540 (Dell PowerScale OneFS 9.4.0.x contains an incorrect default permission ...) NOT-FOR-US: Dell -CVE-2023-25539 - RESERVED +CVE-2023-25539 (Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerabilit ...) + TODO: check CVE-2023-25538 RESERVED CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Preci ...) @@ -25483,8 +25531,8 @@ CVE-2023-23564 RESERVED CVE-2023-23563 RESERVED -CVE-2023-23562 - RESERVED +CVE-2023-23562 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) + TODO: check CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) NOT-FOR-US: Stormshield Endpoint Security CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...) @@ -31821,10 +31869,10 @@ CVE-2022-47528 RESERVED CVE-2022-47527 RESERVED -CVE-2022-47526 - RESERVED -CVE-2022-47525 - RESERVED +CVE-2022-47526 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path travers ...) + TODO: check +CVE-2022-47525 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Ze ...) + TODO: check CVE-2022-47524 (F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homog ...) NOT-FOR-US: F-Secure SAFE Browser CVE-2022-47523 (Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pr ...) @@ -59367,16 +59415,16 @@ CVE-2022-39077 RESERVED CVE-2022-39076 RESERVED -CVE-2022-39075 - RESERVED -CVE-2022-39074 - RESERVED +CVE-2022-39075 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) + TODO: check +CVE-2022-39074 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) + TODO: check CVE-2022-39073 (There is a command injection vulnerability in ZTE MF286R, Due to insuf ...) NOT-FOR-US: ZTE CVE-2022-39072 (There is a SQL injection vulnerability in Some ZTE Mobile Internet pro ...) NOT-FOR-US: ZTE -CVE-2022-39071 - RESERVED +CVE-2022-39071 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) + TODO: check CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT products. ...) NOT-FOR-US: ZTE CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...) @@ -77262,7 +77310,7 @@ CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'do NOTE: https://github.com/ImageMagick/ImageMagick/pull/5034 NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45) -CVE-2023-34151 [Undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546)] +CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw ouccers a ...) - imagemagick <unfixed> NOTE: https://github.com/ImageMagick/ImageMagick/issues/6341 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158 (7.1.1-10) @@ -153463,8 +153511,8 @@ CVE-2021-31235 RESERVED CVE-2021-31234 RESERVED -CVE-2021-31233 - RESERVED +CVE-2021-31233 (SQL Injection vulnerability found in Fighting Cock Information System ...) + TODO: check CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...) NOT-FOR-US: CNCF Cortex CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c55917d4ff3830bcb19e099235967bdbfd3ce75f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c55917d4ff3830bcb19e099235967bdbfd3ce75f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits