[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 16 Jun 2023 13:12:45 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a9210ea3 by security tracker role at 2023-06-16T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,61 @@
+CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository 
saleor/react-sto ...)
+       TODO: check
+CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository 
salesagility/ ...)
+       TODO: check
+CVE-2023-35784 (A double free or use after free could occur after SSL_clear in 
OpenBSD ...)
+       TODO: check
+CVE-2023-35783 (The ke_search (aka Faceted Search) extension before 4.0.3, 
4.1.x throu ...)
+       TODO: check
+CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3 
allows SQL  ...)
+       TODO: check
+CVE-2023-34832 (TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain 
a buffer ...)
+       TODO: check
+CVE-2023-34795 (xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of 
uninitial ...)
+       TODO: check
+CVE-2023-34733 (A lack of exception handling in the Volkswagen Discover Media 
Infotain ...)
+       TODO: check
+CVE-2023-34660 (jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload 
in /jeecg ...)
+       TODO: check
+CVE-2023-34659 (jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability 
the id p ...)
+       TODO: check
+CVE-2023-34645 (jfinal CMS 5.1.0 has an arbitrary file read vulnerability.)
+       TODO: check
+CVE-2023-34548 (Simple Customer Relationship Management 1.0 is vulnerable to 
SQL Injec ...)
+       TODO: check
+CVE-2023-33307 (A null pointer dereference in Fortinet FortiOS before 7.2.5 
and before ...)
+       TODO: check
+CVE-2023-33306 (A null pointer dereference in Fortinet FortiOS before 7.2.5,  
before 7 ...)
+       TODO: check
+CVE-2023-2918
+       REJECTED
+CVE-2023-2831 (Mattermost fails to unescape Markdown strings in a 
memory-efficient wa ...)
+       TODO: check
+CVE-2023-2797 (Mattermost fails to sanitize code permalinks, allowing an 
attacker to  ...)
+       TODO: check
+CVE-2023-2793 (Mattermost fails to validate links on external websites when 
construct ...)
+       TODO: check
+CVE-2023-2792 (Mattermost fails to sanitize ephemeral error messages, allowing 
an att ...)
+       TODO: check
+CVE-2023-2791 (When creating a playbook run via the /dialog API, Mattermost 
fails to  ...)
+       TODO: check
+CVE-2023-2788 (Mattermost fails to check if an admin user account active after 
an oau ...)
+       TODO: check
+CVE-2023-2787 (Mattermost fails to check channel membership when accessing 
message th ...)
+       TODO: check
+CVE-2023-2786 (Mattermost fails to properly check thepermissions when 
executing comma ...)
+       TODO: check
+CVE-2023-2785 (Mattermost fails to properly truncate the postgres error log 
message o ...)
+       TODO: check
+CVE-2023-2784 (Mattermost fails to verify if the requestor is a sysadmin or 
not, befo ...)
+       TODO: check
+CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret 
provided in th ...)
+       TODO: check
 CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior 
to 2.2 ...)
        TODO: check
-CVE-2023-3268 [relayfs: fix out-of-bounds access in relay_file_read]
+CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the 
Linux kerne ...)
        - linux 6.3.7-1
        NOTE: 
https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
-CVE-2023-35708 (Progress MOVEit Transfer has a privilege escalation 
vulnerability that ...)
+CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 
(13.1.6 ...)
        NOT-FOR-US: MOVEit
 CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file 
upload vuln ...)
        NOT-FOR-US: Bludit
@@ -540,10 +592,10 @@ CVE-2023-34581 (Sourcecodester Service Provider 
Management System v1.0 is vulner
        NOT-FOR-US: Sourcecodester Service Provider Management System
 CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the 
nano_ctx_sen ...)
        NOT-FOR-US: NanoMQ
-CVE-2023-34475 [heap use-after-free issue in ReplaceXmpValue() function in 
MagickCore/profile.c]
+CVE-2023-34475 (A heap use after free issue was discovered in ImageMagick's 
ReplaceXmp ...)
        - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0
 (7.1.1-10)
-CVE-2023-34474 [heap-based buffer overflow in ReadTIM2ImageData() function in 
coders/tim2.c]
+CVE-2023-34474 (A heap-based buffer overflow issue was discovered in 
ImageMagick's Rea ...)
        - imagemagick <not-affected> (Vulnerable code not present)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0
 (7.1.1-10)
 CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the 
conn_handle ...)
@@ -624,7 +676,7 @@ CVE-2020-36732 (The crypto-js package before 3.2.1 for 
Node.js generates random
        TODO: check
 CVE-2015-10118 (A vulnerability classified as problematic was found in 
cchetanonline W ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-3195 [stack overflow when parsing malicious tiff image]
+CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's 
coders/ ...)
        - imagemagick <unfixed>
        [buster] - imagemagick <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1
@@ -2210,7 +2262,7 @@ CVE-2023-32315 (Openfire is an XMPP server licensed under 
the Open Source Apache
 CVE-2023-32311 (CloudExplorer Lite is an open source cloud management 
platform. In Clo ...)
        NOT-FOR-US: CloudExplorer Lite
 CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant 
with the ...)
-       {DLA-3441-1}
+       {DSA-5431-1 DLA-3441-1}
        - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-6 (bug #1036847)
        NOTE: 
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c
        NOTE: https://github.com/freeswitch/sofia-sip/pull/214
@@ -5720,16 +5772,16 @@ CVE-2022-48475
        RESERVED
 CVE-2022-48474
        RESERVED
-CVE-2022-48473
-       RESERVED
-CVE-2022-48472
-       RESERVED
-CVE-2022-48471
-       RESERVED
+CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei 
Printer. ...)
+       TODO: check
+CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. 
Success ...)
+       TODO: check
+CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei 
Printer. ...)
+       TODO: check
 CVE-2022-48470
        RESERVED
-CVE-2022-48469
-       RESERVED
+CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. 
Successf ...)
+       TODO: check
 CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up 
to 3.7.2  ...)
        NOT-FOR-US: I Recommend This Plugin
 CVE-2023-30794
@@ -6239,8 +6291,8 @@ CVE-2023-30627 (jellyfin-web is the web client for 
Jellyfin, a free-software med
        NOT-FOR-US: jellyfin-web
 CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting 
with 10.8. ...)
        - jellyfin <itp> (bug #994189)
-CVE-2023-30625
-       RESERVED
+CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer 
Data Pla ...)
+       TODO: check
 CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to 
versions 6. ...)
        NOT-FOR-US: wasmtime
 CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to 
version 2,  ...)
@@ -6999,8 +7051,8 @@ CVE-2023-30455 (An issue was discovered in ebankIT before 
7. A Denial-of-Service
        NOT-FOR-US: ebankIT
 CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object 
Model bas ...)
        NOT-FOR-US: ebankIT
-CVE-2023-30453
-       RESERVED
+CVE-2023-30453 (The Teamlead Reminder plugin through 2.6.5 for Jira allows 
persistent  ...)
+       TODO: check
 CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for 
Confluen ...)
        NOT-FOR-US: MoroSystems EasyMind
 CVE-2023-1964 (A vulnerability classified as critical has been found in 
PHPGurukul Ba ...)
@@ -7493,10 +7545,10 @@ CVE-2023-30225
        RESERVED
 CVE-2023-30224
        RESERVED
-CVE-2023-30223
-       RESERVED
-CVE-2023-30222
-       RESERVED
+CVE-2023-30223 (A broken authentication vulnerability in 4D SAS 4D Server 
software v17 ...)
+       TODO: check
+CVE-2023-30222 (An information disclosure vulnerability in 4D SAS 4D Server 
Applicatio ...)
+       TODO: check
 CVE-2023-30221
        RESERVED
 CVE-2023-30220
@@ -16273,8 +16325,8 @@ CVE-2023-27422
        RESERVED
 CVE-2023-27421
        RESERVED
-CVE-2023-27420
-       RESERVED
+CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Everest  ...)
+       TODO: check
 CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Everest  ...)
        NOT-FOR-US: WordPress theme
 CVE-2023-27418
@@ -18454,16 +18506,16 @@ CVE-2023-26543
        RESERVED
 CVE-2023-26542
        RESERVED
-CVE-2023-26541
-       RESERVED
+CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Alex ...)
+       TODO: check
 CVE-2023-26540
        RESERVED
 CVE-2023-26539
        RESERVED
 CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Kamy ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-26537
-       RESERVED
+CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in nico ...)
+       TODO: check
 CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability 
in Jonk  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-26535
@@ -18482,8 +18534,8 @@ CVE-2023-26529 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
        NOT-FOR-US: WordPress plugin
 CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in jini ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-26527
-       RESERVED
+CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WPIn ...)
+       TODO: check
 CVE-2023-26526
        RESERVED
 CVE-2023-26525
@@ -18506,8 +18558,8 @@ CVE-2023-26517 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
        NOT-FOR-US: WordPress plugin
 CVE-2023-26516
        RESERVED
-CVE-2023-26515
-       RESERVED
+CVE-2023-26515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Ko T ...)
+       TODO: check
 CVE-2023-26514
        RESERVED
 CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software 
Foundation Apache ...)
@@ -19723,8 +19775,8 @@ CVE-2023-0922 (The Samba AD DC administration tool, 
when operating against a rem
        NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html
 CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all 
versions fro ...)
        - gitlab 15.10.8+ds1-2
-CVE-2022-48330
-       RESERVED
+CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write 
vulnerability. A ...)
+       TODO: check
 CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a 
Flowmon user  ...)
        NOT-FOR-US: Progress Flowmon Packet Investigator
 CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint 
failed to s ...)
@@ -20034,8 +20086,8 @@ CVE-2023-26015
        RESERVED
 CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel 
Minify HT ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-26013
-       RESERVED
+CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
 CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Denz ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel 
Read More ...)
@@ -20112,8 +20164,8 @@ CVE-2023-25976 (Cross-Site Request Forgery (CSRF) 
vulnerability in CRM Perks Int
        NOT-FOR-US: WordPress plugin
 CVE-2023-25975
        RESERVED
-CVE-2023-25974
-       RESERVED
+CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in psic ...)
+       TODO: check
 CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian 
Apostol Auto ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in IKSW ...)
@@ -20134,8 +20186,8 @@ CVE-2023-25965
        RESERVED
 CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Noah ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-25963
-       RESERVED
+CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Joom ...)
+       TODO: check
 CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Bipl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Catch Th ...)
@@ -21290,8 +21342,8 @@ CVE-2023-25647
        RESERVED
 CVE-2023-25646
        RESERVED
-CVE-2023-25645
-       RESERVED
+CVE-2023-25645 (There is a permission and access control vulnerability in some 
ZTE And ...)
+       TODO: check
 CVE-2023-25644
        RESERVED
 CVE-2023-25643
@@ -22126,8 +22178,8 @@ CVE-2023-25368 (Siglent SDS 1104X-E 
SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to In
        NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
 CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered 
user in ...)
        NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
-CVE-2023-25366
-       RESERVED
+CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI 
interfa ...)
+       TODO: check
 CVE-2023-25365
        RESERVED
 CVE-2023-25364
@@ -22573,14 +22625,14 @@ CVE-2017-20175 (A vulnerability classified as 
problematic has been found in DaSc
        NOT-FOR-US: Mamoto extension for MediaWiki
 CVE-2023-25189
        RESERVED
-CVE-2023-25188
-       RESERVED
-CVE-2023-25187
-       RESERVED
-CVE-2023-25186
-       RESERVED
-CVE-2023-25185
-       RESERVED
+CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
+       TODO: check
+CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
+       TODO: check
+CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
+       TODO: check
+CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN 
devices bef ...)
+       TODO: check
 CVE-2023-25074
        RESERVED
 CVE-2023-24590
@@ -25430,8 +25482,8 @@ CVE-2023-24245
        RESERVED
 CVE-2023-24244
        RESERVED
-CVE-2023-24243
-       RESERVED
+CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a 
Server-Side R ...)
+       TODO: check
 CVE-2023-24242
        RESERVED
 CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL 
injectio ...)
@@ -34438,11 +34490,13 @@ CVE-2023-21970 (Vulnerability in the Oracle BI 
Publisher product of Oracle Analy
 CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: 
Installation).  Supp ...)
        NOT-FOR-US: Oracle
 CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5430-1}
        - openjdk-8 8u372-ga-1
        - openjdk-11 11.0.19+7-1 (bug #1036280)
        - openjdk-17 17.0.7+7-1 (bug #1035957)
        - openjdk-20 20.0.1+9-2
 CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5430-1}
        - openjdk-8 8u372-ga-1
        - openjdk-11 11.0.19+7-1 (bug #1036280)
        - openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34472,6 +34526,7 @@ CVE-2023-21956 (Vulnerability in the Oracle WebLogic 
Server product of Oracle Fu
 CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.33-1 (bug #1034719)
 CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5430-1}
        - openjdk-8 8u372-ga-1
        - openjdk-11 11.0.19+7-1 (bug #1036280)
        - openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34505,16 +34560,19 @@ CVE-2023-21941 (Vulnerability in the Oracle BI 
Publisher product of Oracle Analy
 CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.33-1 (bug #1034719)
 CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5430-1}
        - openjdk-8 8u372-ga-1
        - openjdk-11 11.0.19+7-1 (bug #1036280)
        - openjdk-17 17.0.7+7-1 (bug #1035957)
        - openjdk-20 20.0.1+9-2
 CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5430-1}
        - openjdk-8 8u372-ga-1
        - openjdk-11 11.0.19+7-1 (bug #1036280)
        - openjdk-17 17.0.7+7-1 (bug #1035957)
        - openjdk-20 20.0.1+9-2
 CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5430-1}
        - openjdk-8 8u372-ga-1
        - openjdk-11 11.0.19+7-1 (bug #1036280)
        - openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34532,6 +34590,7 @@ CVE-2023-21932 (Vulnerability in the Oracle Hospitality 
OPERA 5 Property Service
 CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
        NOT-FOR-US: Oracle
 CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5430-1}
        - openjdk-8 8u372-ga-1
        - openjdk-11 11.0.19+7-1 (bug #1036280)
        - openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -44969,8 +45028,8 @@ CVE-2023-20887 (Aria Operations for Networks contains a 
command injection vulner
        NOT-FOR-US: VMware
 CVE-2023-20886
        RESERVED
-CVE-2023-20885
-       RESERVED
+CVE-2023-20885 (Vulnerability in Cloud Foundry Notifications, Cloud Foundry 
SMB-volume ...)
+       TODO: check
 CVE-2023-20884 (VMware Workspace ONE Access and VMware Identity Manager 
contain an ins ...)
        NOT-FOR-US: VMware
 CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 
2.6.14, ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9210ea344484f0c8644709dfe48d6410ea87c9f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9210ea344484f0c8644709dfe48d6410ea87c9f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to