Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0d3a2aeb by security tracker role at 2023-07-27T20:14:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-3982 (Cross-site Scripting (XSS) - Stored in GitHub repository
omeka/omeka-s ...)
+ TODO: check
+CVE-2023-3981 (Server-Side Request Forgery (SSRF) in GitHub repository
omeka/omeka-s ...)
+ TODO: check
+CVE-2023-3980 (Cross-site Scripting (XSS) - Stored in GitHub repository
omeka/omeka-s ...)
+ TODO: check
+CVE-2023-3975 (OS Command Injection in GitHub repository jgraph/drawio prior
to 21.5. ...)
+ TODO: check
+CVE-2023-3974 (OS Command Injection in GitHub repository jgraph/drawio prior
to 21.4. ...)
+ TODO: check
+CVE-2023-3973 (Cross-site Scripting (XSS) - Reflected in GitHub repository
jgraph/dra ...)
+ TODO: check
+CVE-2023-3970 (A vulnerability, which was classified as problematic, was found
in GZ ...)
+ TODO: check
+CVE-2023-3969 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-38512 (Cross-Site Request Forgery (CSRF) vulnerability in Wpstream
WpStream \ ...)
+ TODO: check
+CVE-2023-38510 (Tolgee is an open-source localization platform. Starting in
version 3. ...)
+ TODO: check
+CVE-2023-38509 (XWiki Platform is a generic wiki platform. In
org.xwiki.platform:xwiki ...)
+ TODO: check
+CVE-2023-38505 (DietPi-Dashboard is a web dashboard for the operating system
DietPi. T ...)
+ TODO: check
+CVE-2023-38504 (Sails is a realtime MVC Framework for Node.js. In Sails apps
prior to ...)
+ TODO: check
+CVE-2023-38495 (Crossplane is a framework for building cloud native control
planes wit ...)
+ TODO: check
+CVE-2023-38492 (Kirby is a content management system. A vulnerability in
versions prio ...)
+ TODO: check
+CVE-2023-38491 (Kirby is a content management system. A vulnerability in
versions prio ...)
+ TODO: check
+CVE-2023-38490 (Kirby is a content management system. A vulnerability in
versions prio ...)
+ TODO: check
+CVE-2023-38489 (Kirby is a content management system. A vulnerability in
versions prio ...)
+ TODO: check
+CVE-2023-38488 (Kirby is a content management system. A vulnerability in
versions prio ...)
+ TODO: check
+CVE-2023-37993 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in
maennchen1.De ...)
+ TODO: check
+CVE-2023-37981 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPKube A ...)
+ TODO: check
+CVE-2023-37980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Grav ...)
+ TODO: check
+CVE-2023-37979 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Saturday ...)
+ TODO: check
+CVE-2023-37977 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPFunnel ...)
+ TODO: check
+CVE-2023-37976 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Radio Fo ...)
+ TODO: check
+CVE-2023-37975 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
RadiusTh ...)
+ TODO: check
+CVE-2023-37970 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-37900 (Crossplane is a framework for building cloud native control
planes wit ...)
+ TODO: check
+CVE-2023-37894 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
RadiusTh ...)
+ TODO: check
+CVE-2023-36942 (A cross-site scripting (XSS) vulnerability in PHPGurukul
Online Fire R ...)
+ TODO: check
+CVE-2023-36941 (A cross-site scripting (XSS) vulnerability in PHPGurukul
Online Fire R ...)
+ TODO: check
CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable
to unau ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to
unauthorized ...)
@@ -3676,7 +3738,7 @@ CVE-2023-3389 (A use-after-free vulnerability in the
Linux Kernel io_uring subsy
NOTE:
https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8
NOTE: https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel
ipvlan ne ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)
CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the
/admin fun ...)
@@ -4528,6 +4590,7 @@ CVE-2023-34340 (Improper Authentication vulnerability in
Apache Software Foundat
CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees
System ...)
NOT-FOR-US: SourceCodester Online School Fees System
CVE-2023-3338 (A null pointer dereference flaw was found in the Linux kernel's
DECnet ...)
+ {DLA-3508-1}
- linux 6.1.4-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/24/3
NOTE:
https://git.kernel.org/linus/1202cdd665315c525b5237e96e0bedc76d7e754f (6.1-rc1)
@@ -4796,6 +4859,7 @@ CVE-2023-31239 (Stack-based buffer overflow vulnerability
in V-Server v4.0.15.0
CVE-2023-30759 (The driver installation package created by Printer Driver
Packager NX ...)
NOT-FOR-US: Ricoh
CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A
use-after- ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE:
https://git.kernel.org/linus/2b947f8769be8b8181dc795fd292d3e7120f5204 (6.4-rc1)
@@ -4814,11 +4878,13 @@ CVE-2023-35826 (An issue was discovered in the Linux
kernel before 6.3.2. A use-
CVE-2023-35825
REJECTED
CVE-2023-35824 (An issue was discovered in the Linux kernel before 6.3.2. A
use-after- ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE:
https://git.kernel.org/linus/5abda7a16698d4d1f47af1168d8fa2c640116b4a (6.4-rc1)
NOTE: Only "exploitable" by removing the module which needs root
privileges
CVE-2023-35823 (An issue was discovered in the Linux kernel before 6.3.2. A
use-after- ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE:
https://git.kernel.org/linus/30cf57da176cca80f11df0d9b7f71581fe601389 (6.4-rc1)
@@ -4869,7 +4935,7 @@ CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub
repository saleor/reac
CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository
salesagility/ ...)
NOT-FOR-US: salesagility/suitecrm-core
CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in
net/sched/cls_flower.c ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
NOTE:
https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
@@ -4935,7 +5001,7 @@ CVE-2023-3269 (A vulnerability exists in the memory
management subsystem of the
NOTE: https://github.com/lrh2000/StackRot
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/1
CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the
Linux kerne ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6
(13.1.6 ...)
@@ -5616,6 +5682,7 @@ CVE-2023-3184 (A vulnerability was found in
SourceCodester Sales Tracker Managem
CVE-2023-3183 (A vulnerability was found in SourceCodester Performance
Indicator Syst ...)
NOT-FOR-US: SourceCodester Performance Indicator System
CVE-2023-3141 (A use-after-free flaw was found in r592_remove in
drivers/memstick/hos ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE:
https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1)
@@ -6303,6 +6370,7 @@ CVE-2023-2589 (An issue has been discovered in GitLab EE
affecting all versions
CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 15.10.8+ds1-2
CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate
in fs/ ...)
+ {DLA-3508-1}
- linux 5.19.6-1
NOTE:
https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2)
CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository
admidio/admid ...)
@@ -6764,6 +6832,7 @@ CVE-2023-34258 (An issue was discovered in BMC Patrol
before 22.1.00. The agent'
CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The
agent's con ...)
NOT-FOR-US: BMC Patrol
CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3.
There is an ...)
+ {DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
NOTE:
https://git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31 (6.4-rc2)
@@ -8990,7 +9059,7 @@ CVE-2023-32269 (An issue was discovered in the Linux
kernel before 6.1.11. In ne
CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary
files wi ...)
NOT-FOR-US: Ghost CMS
CVE-2023-32233 (In the Linux kernel through 6.3.1, a use-after-free in
Netfilter nf_ta ...)
- {DSA-5402-1 DLA-3446-1}
+ {DSA-5402-1 DLA-3508-1 DLA-3446-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/4
NOTE:
https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab (6.4-rc1)
@@ -9766,7 +9835,7 @@ CVE-2023-24476 (An attacker with local access to the
machine could record the tr
CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges
accepts ...)
NOT-FOR-US: Netskope
CVE-2023-2269 (A denial of service problem was found, due to a possible
recursive loc ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view
all sto ...)
@@ -9905,7 +9974,7 @@ CVE-2023-31085 (An issue was discovered in
drivers/mtd/ubi/cdev.c in the Linux k
NOTE:
https://lore.kernel.org/all/[email protected]/
NOTE: Negligible security impact
CVE-2023-31084 (An issue was discovered in
drivers/media/dvb-core/dvb_frontend.c in th ...)
- {DSA-5448-1}
+ {DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE:
https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+odyq85tzy1x+tkt-6ovbl6k...@mail.gmail.com/
CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in
the Linux ...)
@@ -11784,6 +11853,7 @@ CVE-2023-2008 (A flaw was found in the Linux kernel's
udmabuf device driver. The
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-441/
NOTE:
https://git.kernel.org/linus/05b252cccb2e5c3f56119d25de684b4f810ba40a (5.19-rc4)
CVE-2023-2007 (The specific flaw exists within the DPT I2O Controller driver.
The iss ...)
+ {DLA-3508-1}
- linux 6.0.2-1
NOTE:
https://git.kernel.org/linus/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 (6.0-rc1)
CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network
protoco ...)
@@ -11799,6 +11869,7 @@ CVE-2023-2004
CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the
build 5 of ...)
NOT-FOR-US: Vision120
CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due
to a m ...)
+ {DLA-3508-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3
NOTE: Fixed by:
https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18
@@ -12291,7 +12362,7 @@ CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable
to Buffer Overflow.)
NOT-FOR-US: Tenda
CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via
the initWe ...)
NOT-FOR-US: Tenda
-CVE-2023-30367 (mRemoteNG configuration files can be stored in an encrypted
state on d ...)
+CVE-2023-30367 (Multi-Remote Next Generation Connection Manager (mRemoteNG) is
free so ...)
NOT-FOR-US: mRemoteNG
CVE-2023-30366
RESERVED
@@ -13391,7 +13462,7 @@ CVE-2023-29847 (AeroCMS v0.0.1 was discovered to
contain multiple stored cross-s
CVE-2023-29846
RESERVED
CVE-2023-29845
- RESERVED
+ REJECTED
CVE-2023-29844
RESERVED
CVE-2023-29843
@@ -19032,6 +19103,7 @@ CVE-2023-28159 (The fullscreen notification could have
been hidden on Firefox fo
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159
CVE-2023-1380 (A slab-out-of-bound read problem was found in
brcmf_get_assoc_ies in d ...)
+ {DLA-3508-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1
NOTE:
https://lore.kernel.org/linux-wireless/[email protected]/T/#u
@@ -52427,7 +52499,7 @@ CVE-2023-20595
CVE-2023-20594
RESERVED
CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific
microarchitectural ...)
- {DSA-5459-1}
+ {DSA-5459-1 DLA-3508-1}
- linux <unfixed>
- amd64-microcode 3.20230719.1 (bug #1041863)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1
@@ -88802,8 +88874,8 @@ CVE-2022-31202 (The export function in SoftGuard Web
(SGW) before 5.1.5 allows d
NOT-FOR-US: SoftGuard Web
CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection.)
NOT-FOR-US: SoftGuard Web
-CVE-2022-31200
- RESERVED
+CVE-2022-31200 (Atmail 5.62 allows XSS via the
mail/parse.php?file=html/$this-%3ELangu ...)
+ TODO: check
CVE-2022-31199 (Remote code execution vulnerabilities exist in the Netwrix
Auditor Use ...)
NOT-FOR-US: Netwrix Auditor
CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a
cached c ...)
@@ -147385,8 +147457,8 @@ CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible
to upload a remote shell (
NOT-FOR-US: Kooboo CMS
CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It
is possib ...)
NOT-FOR-US: Kooboo CMS
-CVE-2021-36580
- RESERVED
+CVE-2021-36580 (Open Redirect vulnerability exists in IceWarp MailServer
IceWarp Serve ...)
+ TODO: check
CVE-2021-36579
RESERVED
CVE-2021-36578
@@ -214102,8 +214174,8 @@ CVE-2020-22625
RESERVED
CVE-2020-22624
RESERVED
-CVE-2020-22623
- RESERVED
+CVE-2020-22623 (Directory traversal vulnerability in Jinfornet Jreport 15.6
allows una ...)
+ TODO: check
CVE-2020-22622
RESERVED
CVE-2020-22621
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d3a2aeb02f47f3d791bcd490137f90c8229149b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d3a2aeb02f47f3d791bcd490137f90c8229149b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
