Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a9210ea3 by security tracker role at 2023-06-16T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,9 +1,61 @@ +CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-sto ...) + TODO: check +CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...) + TODO: check +CVE-2023-35784 (A double free or use after free could occur after SSL_clear in OpenBSD ...) + TODO: check +CVE-2023-35783 (The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x throu ...) + TODO: check +CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL ...) + TODO: check +CVE-2023-34832 (TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer ...) + TODO: check +CVE-2023-34795 (xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitial ...) + TODO: check +CVE-2023-34733 (A lack of exception handling in the Volkswagen Discover Media Infotain ...) + TODO: check +CVE-2023-34660 (jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg ...) + TODO: check +CVE-2023-34659 (jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id p ...) + TODO: check +CVE-2023-34645 (jfinal CMS 5.1.0 has an arbitrary file read vulnerability.) + TODO: check +CVE-2023-34548 (Simple Customer Relationship Management 1.0 is vulnerable to SQL Injec ...) + TODO: check +CVE-2023-33307 (A null pointer dereference in Fortinet FortiOS before 7.2.5 and before ...) + TODO: check +CVE-2023-33306 (A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7 ...) + TODO: check +CVE-2023-2918 + REJECTED +CVE-2023-2831 (Mattermost fails to unescape Markdown strings in a memory-efficient wa ...) + TODO: check +CVE-2023-2797 (Mattermost fails to sanitize code permalinks, allowing an attacker to ...) + TODO: check +CVE-2023-2793 (Mattermost fails to validate links on external websites when construct ...) + TODO: check +CVE-2023-2792 (Mattermost fails to sanitize ephemeral error messages, allowing an att ...) + TODO: check +CVE-2023-2791 (When creating a playbook run via the /dialog API, Mattermost fails to ...) + TODO: check +CVE-2023-2788 (Mattermost fails to check if an admin user account active after an oau ...) + TODO: check +CVE-2023-2787 (Mattermost fails to check channel membership when accessing message th ...) + TODO: check +CVE-2023-2786 (Mattermost fails to properly check thepermissions when executing comma ...) + TODO: check +CVE-2023-2785 (Mattermost fails to properly truncate the postgres error log message o ...) + TODO: check +CVE-2023-2784 (Mattermost fails to verify if the requestor is a sysadmin or not, befo ...) + TODO: check +CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided in th ...) + TODO: check CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...) TODO: check -CVE-2023-3268 [relayfs: fix out-of-bounds access in relay_file_read] +CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the Linux kerne ...) - linux 6.3.7-1 NOTE: https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1) -CVE-2023-35708 (Progress MOVEit Transfer has a privilege escalation vulnerability that ...) +CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6 ...) NOT-FOR-US: MOVEit CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: Bludit @@ -540,10 +592,10 @@ CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is vulner NOT-FOR-US: Sourcecodester Service Provider Management System CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_sen ...) NOT-FOR-US: NanoMQ -CVE-2023-34475 [heap use-after-free issue in ReplaceXmpValue() function in MagickCore/profile.c] +CVE-2023-34475 (A heap use after free issue was discovered in ImageMagick's ReplaceXmp ...) - imagemagick <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10) -CVE-2023-34474 [heap-based buffer overflow in ReadTIM2ImageData() function in coders/tim2.c] +CVE-2023-34474 (A heap-based buffer overflow issue was discovered in ImageMagick's Rea ...) - imagemagick <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10) CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...) @@ -624,7 +676,7 @@ CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random TODO: check CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...) NOT-FOR-US: WordPress plugin -CVE-2023-3195 [stack overflow when parsing malicious tiff image] +CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...) - imagemagick <unfixed> [buster] - imagemagick <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1 @@ -2210,7 +2262,7 @@ CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source Apache CVE-2023-32311 (CloudExplorer Lite is an open source cloud management platform. In Clo ...) NOT-FOR-US: CloudExplorer Lite CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...) - {DLA-3441-1} + {DSA-5431-1 DLA-3441-1} - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-6 (bug #1036847) NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c NOTE: https://github.com/freeswitch/sofia-sip/pull/214 @@ -5720,16 +5772,16 @@ CVE-2022-48475 RESERVED CVE-2022-48474 RESERVED -CVE-2022-48473 - RESERVED -CVE-2022-48472 - RESERVED -CVE-2022-48471 - RESERVED +CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) + TODO: check +CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. Success ...) + TODO: check +CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) + TODO: check CVE-2022-48470 RESERVED -CVE-2022-48469 - RESERVED +CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. Successf ...) + TODO: check CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...) NOT-FOR-US: I Recommend This Plugin CVE-2023-30794 @@ -6239,8 +6291,8 @@ CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software med NOT-FOR-US: jellyfin-web CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with 10.8. ...) - jellyfin <itp> (bug #994189) -CVE-2023-30625 - RESERVED +CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer Data Pla ...) + TODO: check CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6. ...) NOT-FOR-US: wasmtime CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, ...) @@ -6999,8 +7051,8 @@ CVE-2023-30455 (An issue was discovered in ebankIT before 7. A Denial-of-Service NOT-FOR-US: ebankIT CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object Model bas ...) NOT-FOR-US: ebankIT -CVE-2023-30453 - RESERVED +CVE-2023-30453 (The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent ...) + TODO: check CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluen ...) NOT-FOR-US: MoroSystems EasyMind CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGurukul Ba ...) @@ -7493,10 +7545,10 @@ CVE-2023-30225 RESERVED CVE-2023-30224 RESERVED -CVE-2023-30223 - RESERVED -CVE-2023-30222 - RESERVED +CVE-2023-30223 (A broken authentication vulnerability in 4D SAS 4D Server software v17 ...) + TODO: check +CVE-2023-30222 (An information disclosure vulnerability in 4D SAS 4D Server Applicatio ...) + TODO: check CVE-2023-30221 RESERVED CVE-2023-30220 @@ -16273,8 +16325,8 @@ CVE-2023-27422 RESERVED CVE-2023-27421 RESERVED -CVE-2023-27420 - RESERVED +CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) + TODO: check CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) NOT-FOR-US: WordPress theme CVE-2023-27418 @@ -18454,16 +18506,16 @@ CVE-2023-26543 RESERVED CVE-2023-26542 RESERVED -CVE-2023-26541 - RESERVED +CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) + TODO: check CVE-2023-26540 RESERVED CVE-2023-26539 RESERVED CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...) NOT-FOR-US: WordPress plugin -CVE-2023-26537 - RESERVED +CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nico ...) + TODO: check CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...) NOT-FOR-US: WordPress plugin CVE-2023-26535 @@ -18482,8 +18534,8 @@ CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...) NOT-FOR-US: WordPress plugin -CVE-2023-26527 - RESERVED +CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIn ...) + TODO: check CVE-2023-26526 RESERVED CVE-2023-26525 @@ -18506,8 +18558,8 @@ CVE-2023-26517 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-26516 RESERVED -CVE-2023-26515 - RESERVED +CVE-2023-26515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko T ...) + TODO: check CVE-2023-26514 RESERVED CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...) @@ -19723,8 +19775,8 @@ CVE-2023-0922 (The Samba AD DC administration tool, when operating against a rem NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...) - gitlab 15.10.8+ds1-2 -CVE-2022-48330 - RESERVED +CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write vulnerability. A ...) + TODO: check CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...) NOT-FOR-US: Progress Flowmon Packet Investigator CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...) @@ -20034,8 +20086,8 @@ CVE-2023-26015 RESERVED CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HT ...) NOT-FOR-US: WordPress plugin -CVE-2023-26013 - RESERVED +CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denz ...) NOT-FOR-US: WordPress plugin CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More ...) @@ -20112,8 +20164,8 @@ CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Int NOT-FOR-US: WordPress plugin CVE-2023-25975 RESERVED -CVE-2023-25974 - RESERVED +CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psic ...) + TODO: check CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) NOT-FOR-US: WordPress plugin CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...) @@ -20134,8 +20186,8 @@ CVE-2023-25965 RESERVED CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...) NOT-FOR-US: WordPress plugin -CVE-2023-25963 - RESERVED +CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...) + TODO: check CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...) NOT-FOR-US: WordPress plugin CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Th ...) @@ -21290,8 +21342,8 @@ CVE-2023-25647 RESERVED CVE-2023-25646 RESERVED -CVE-2023-25645 - RESERVED +CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...) + TODO: check CVE-2023-25644 RESERVED CVE-2023-25643 @@ -22126,8 +22178,8 @@ CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to In NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...) NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS -CVE-2023-25366 - RESERVED +CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...) + TODO: check CVE-2023-25365 RESERVED CVE-2023-25364 @@ -22573,14 +22625,14 @@ CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSc NOT-FOR-US: Mamoto extension for MediaWiki CVE-2023-25189 RESERVED -CVE-2023-25188 - RESERVED -CVE-2023-25187 - RESERVED -CVE-2023-25186 - RESERVED -CVE-2023-25185 - RESERVED +CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) + TODO: check +CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) + TODO: check +CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) + TODO: check +CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) + TODO: check CVE-2023-25074 RESERVED CVE-2023-24590 @@ -25430,8 +25482,8 @@ CVE-2023-24245 RESERVED CVE-2023-24244 RESERVED -CVE-2023-24243 - RESERVED +CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a Server-Side R ...) + TODO: check CVE-2023-24242 RESERVED CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) @@ -34438,11 +34490,13 @@ CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analy CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). Supp ...) NOT-FOR-US: Oracle CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5430-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5430-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) @@ -34472,6 +34526,7 @@ CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5430-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) @@ -34505,16 +34560,19 @@ CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analy CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.33-1 (bug #1034719) CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5430-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5430-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) - openjdk-20 20.0.1+9-2 CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5430-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) @@ -34532,6 +34590,7 @@ CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Service CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5430-1} - openjdk-8 8u372-ga-1 - openjdk-11 11.0.19+7-1 (bug #1036280) - openjdk-17 17.0.7+7-1 (bug #1035957) @@ -44969,8 +45028,8 @@ CVE-2023-20887 (Aria Operations for Networks contains a command injection vulner NOT-FOR-US: VMware CVE-2023-20886 RESERVED -CVE-2023-20885 - RESERVED +CVE-2023-20885 (Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume ...) + TODO: check CVE-2023-20884 (VMware Workspace ONE Access and VMware Identity Manager contain an ins ...) NOT-FOR-US: VMware CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9210ea344484f0c8644709dfe48d6410ea87c9f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9210ea344484f0c8644709dfe48d6410ea87c9f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits