Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9210ea3 by security tracker role at 2023-06-16T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,61 @@
+CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository
saleor/react-sto ...)
+ TODO: check
+CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository
salesagility/ ...)
+ TODO: check
+CVE-2023-35784 (A double free or use after free could occur after SSL_clear in
OpenBSD ...)
+ TODO: check
+CVE-2023-35783 (The ke_search (aka Faceted Search) extension before 4.0.3,
4.1.x throu ...)
+ TODO: check
+CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3
allows SQL ...)
+ TODO: check
+CVE-2023-34832 (TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain
a buffer ...)
+ TODO: check
+CVE-2023-34795 (xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of
uninitial ...)
+ TODO: check
+CVE-2023-34733 (A lack of exception handling in the Volkswagen Discover Media
Infotain ...)
+ TODO: check
+CVE-2023-34660 (jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload
in /jeecg ...)
+ TODO: check
+CVE-2023-34659 (jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability
the id p ...)
+ TODO: check
+CVE-2023-34645 (jfinal CMS 5.1.0 has an arbitrary file read vulnerability.)
+ TODO: check
+CVE-2023-34548 (Simple Customer Relationship Management 1.0 is vulnerable to
SQL Injec ...)
+ TODO: check
+CVE-2023-33307 (A null pointer dereference in Fortinet FortiOS before 7.2.5
and before ...)
+ TODO: check
+CVE-2023-33306 (A null pointer dereference in Fortinet FortiOS before 7.2.5,
before 7 ...)
+ TODO: check
+CVE-2023-2918
+ REJECTED
+CVE-2023-2831 (Mattermost fails to unescape Markdown strings in a
memory-efficient wa ...)
+ TODO: check
+CVE-2023-2797 (Mattermost fails to sanitize code permalinks, allowing an
attacker to ...)
+ TODO: check
+CVE-2023-2793 (Mattermost fails to validate links on external websites when
construct ...)
+ TODO: check
+CVE-2023-2792 (Mattermost fails to sanitize ephemeral error messages, allowing
an att ...)
+ TODO: check
+CVE-2023-2791 (When creating a playbook run via the /dialog API, Mattermost
fails to ...)
+ TODO: check
+CVE-2023-2788 (Mattermost fails to check if an admin user account active after
an oau ...)
+ TODO: check
+CVE-2023-2787 (Mattermost fails to check channel membership when accessing
message th ...)
+ TODO: check
+CVE-2023-2786 (Mattermost fails to properly check thepermissions when
executing comma ...)
+ TODO: check
+CVE-2023-2785 (Mattermost fails to properly truncate the postgres error log
message o ...)
+ TODO: check
+CVE-2023-2784 (Mattermost fails to verify if the requestor is a sysadmin or
not, befo ...)
+ TODO: check
+CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret
provided in th ...)
+ TODO: check
CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.2 ...)
TODO: check
-CVE-2023-3268 [relayfs: fix out-of-bounds access in relay_file_read]
+CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the
Linux kerne ...)
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
-CVE-2023-35708 (Progress MOVEit Transfer has a privilege escalation
vulnerability that ...)
+CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6
(13.1.6 ...)
NOT-FOR-US: MOVEit
CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file
upload vuln ...)
NOT-FOR-US: Bludit
@@ -540,10 +592,10 @@ CVE-2023-34581 (Sourcecodester Service Provider
Management System v1.0 is vulner
NOT-FOR-US: Sourcecodester Service Provider Management System
CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the
nano_ctx_sen ...)
NOT-FOR-US: NanoMQ
-CVE-2023-34475 [heap use-after-free issue in ReplaceXmpValue() function in
MagickCore/profile.c]
+CVE-2023-34475 (A heap use after free issue was discovered in ImageMagick's
ReplaceXmp ...)
- imagemagick <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0
(7.1.1-10)
-CVE-2023-34474 [heap-based buffer overflow in ReadTIM2ImageData() function in
coders/tim2.c]
+CVE-2023-34474 (A heap-based buffer overflow issue was discovered in
ImageMagick's Rea ...)
- imagemagick <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0
(7.1.1-10)
CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the
conn_handle ...)
@@ -624,7 +676,7 @@ CVE-2020-36732 (The crypto-js package before 3.2.1 for
Node.js generates random
TODO: check
CVE-2015-10118 (A vulnerability classified as problematic was found in
cchetanonline W ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-3195 [stack overflow when parsing malicious tiff image]
+CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's
coders/ ...)
- imagemagick <unfixed>
[buster] - imagemagick <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1
@@ -2210,7 +2262,7 @@ CVE-2023-32315 (Openfire is an XMPP server licensed under
the Open Source Apache
CVE-2023-32311 (CloudExplorer Lite is an open source cloud management
platform. In Clo ...)
NOT-FOR-US: CloudExplorer Lite
CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant
with the ...)
- {DLA-3441-1}
+ {DSA-5431-1 DLA-3441-1}
- sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-6 (bug #1036847)
NOTE:
https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c
NOTE: https://github.com/freeswitch/sofia-sip/pull/214
@@ -5720,16 +5772,16 @@ CVE-2022-48475
RESERVED
CVE-2022-48474
RESERVED
-CVE-2022-48473
- RESERVED
-CVE-2022-48472
- RESERVED
-CVE-2022-48471
- RESERVED
+CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei
Printer. ...)
+ TODO: check
+CVE-2022-48472 (A Huawei printer has a system command injection vulnerability.
Success ...)
+ TODO: check
+CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei
Printer. ...)
+ TODO: check
CVE-2022-48470
RESERVED
-CVE-2022-48469
- RESERVED
+CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers.
Successf ...)
+ TODO: check
CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up
to 3.7.2 ...)
NOT-FOR-US: I Recommend This Plugin
CVE-2023-30794
@@ -6239,8 +6291,8 @@ CVE-2023-30627 (jellyfin-web is the web client for
Jellyfin, a free-software med
NOT-FOR-US: jellyfin-web
CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting
with 10.8. ...)
- jellyfin <itp> (bug #994189)
-CVE-2023-30625
- RESERVED
+CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer
Data Pla ...)
+ TODO: check
CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to
versions 6. ...)
NOT-FOR-US: wasmtime
CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to
version 2, ...)
@@ -6999,8 +7051,8 @@ CVE-2023-30455 (An issue was discovered in ebankIT before
7. A Denial-of-Service
NOT-FOR-US: ebankIT
CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object
Model bas ...)
NOT-FOR-US: ebankIT
-CVE-2023-30453
- RESERVED
+CVE-2023-30453 (The Teamlead Reminder plugin through 2.6.5 for Jira allows
persistent ...)
+ TODO: check
CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for
Confluen ...)
NOT-FOR-US: MoroSystems EasyMind
CVE-2023-1964 (A vulnerability classified as critical has been found in
PHPGurukul Ba ...)
@@ -7493,10 +7545,10 @@ CVE-2023-30225
RESERVED
CVE-2023-30224
RESERVED
-CVE-2023-30223
- RESERVED
-CVE-2023-30222
- RESERVED
+CVE-2023-30223 (A broken authentication vulnerability in 4D SAS 4D Server
software v17 ...)
+ TODO: check
+CVE-2023-30222 (An information disclosure vulnerability in 4D SAS 4D Server
Applicatio ...)
+ TODO: check
CVE-2023-30221
RESERVED
CVE-2023-30220
@@ -16273,8 +16325,8 @@ CVE-2023-27422
RESERVED
CVE-2023-27421
RESERVED
-CVE-2023-27420
- RESERVED
+CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Everest ...)
+ TODO: check
CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Everest ...)
NOT-FOR-US: WordPress theme
CVE-2023-27418
@@ -18454,16 +18506,16 @@ CVE-2023-26543
RESERVED
CVE-2023-26542
RESERVED
-CVE-2023-26541
- RESERVED
+CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
+ TODO: check
CVE-2023-26540
RESERVED
CVE-2023-26539
RESERVED
CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kamy ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26537
- RESERVED
+CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nico ...)
+ TODO: check
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability
in Jonk ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26535
@@ -18482,8 +18534,8 @@ CVE-2023-26529 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in jini ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26527
- RESERVED
+CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WPIn ...)
+ TODO: check
CVE-2023-26526
RESERVED
CVE-2023-26525
@@ -18506,8 +18558,8 @@ CVE-2023-26517 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-26516
RESERVED
-CVE-2023-26515
- RESERVED
+CVE-2023-26515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Ko T ...)
+ TODO: check
CVE-2023-26514
RESERVED
CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software
Foundation Apache ...)
@@ -19723,8 +19775,8 @@ CVE-2023-0922 (The Samba AD DC administration tool,
when operating against a rem
NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html
CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all
versions fro ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-48330
- RESERVED
+CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write
vulnerability. A ...)
+ TODO: check
CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a
Flowmon user ...)
NOT-FOR-US: Progress Flowmon Packet Investigator
CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint
failed to s ...)
@@ -20034,8 +20086,8 @@ CVE-2023-26015
RESERVED
CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel
Minify HT ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26013
- RESERVED
+CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Denz ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel
Read More ...)
@@ -20112,8 +20164,8 @@ CVE-2023-25976 (Cross-Site Request Forgery (CSRF)
vulnerability in CRM Perks Int
NOT-FOR-US: WordPress plugin
CVE-2023-25975
RESERVED
-CVE-2023-25974
- RESERVED
+CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in psic ...)
+ TODO: check
CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian
Apostol Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in IKSW ...)
@@ -20134,8 +20186,8 @@ CVE-2023-25965
RESERVED
CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Noah ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25963
- RESERVED
+CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Joom ...)
+ TODO: check
CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bipl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Catch Th ...)
@@ -21290,8 +21342,8 @@ CVE-2023-25647
RESERVED
CVE-2023-25646
RESERVED
-CVE-2023-25645
- RESERVED
+CVE-2023-25645 (There is a permission and access control vulnerability in some
ZTE And ...)
+ TODO: check
CVE-2023-25644
RESERVED
CVE-2023-25643
@@ -22126,8 +22178,8 @@ CVE-2023-25368 (Siglent SDS 1104X-E
SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to In
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered
user in ...)
NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS
-CVE-2023-25366
- RESERVED
+CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI
interfa ...)
+ TODO: check
CVE-2023-25365
RESERVED
CVE-2023-25364
@@ -22573,14 +22625,14 @@ CVE-2017-20175 (A vulnerability classified as
problematic has been found in DaSc
NOT-FOR-US: Mamoto extension for MediaWiki
CVE-2023-25189
RESERVED
-CVE-2023-25188
- RESERVED
-CVE-2023-25187
- RESERVED
-CVE-2023-25186
- RESERVED
-CVE-2023-25185
- RESERVED
+CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN
devices bef ...)
+ TODO: check
+CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN
devices bef ...)
+ TODO: check
+CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN
devices bef ...)
+ TODO: check
+CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN
devices bef ...)
+ TODO: check
CVE-2023-25074
RESERVED
CVE-2023-24590
@@ -25430,8 +25482,8 @@ CVE-2023-24245
RESERVED
CVE-2023-24244
RESERVED
-CVE-2023-24243
- RESERVED
+CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a
Server-Side R ...)
+ TODO: check
CVE-2023-24242
RESERVED
CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL
injectio ...)
@@ -34438,11 +34490,13 @@ CVE-2023-21970 (Vulnerability in the Oracle BI
Publisher product of Oracle Analy
CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component:
Installation). Supp ...)
NOT-FOR-US: Oracle
CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34472,6 +34526,7 @@ CVE-2023-21956 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34505,16 +34560,19 @@ CVE-2023-21941 (Vulnerability in the Oracle BI
Publisher product of Oracle Analy
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -34532,6 +34590,7 @@ CVE-2023-21932 (Vulnerability in the Oracle Hospitality
OPERA 5 Property Service
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
+ {DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -44969,8 +45028,8 @@ CVE-2023-20887 (Aria Operations for Networks contains a
command injection vulner
NOT-FOR-US: VMware
CVE-2023-20886
RESERVED
-CVE-2023-20885
- RESERVED
+CVE-2023-20885 (Vulnerability in Cloud Foundry Notifications, Cloud Foundry
SMB-volume ...)
+ TODO: check
CVE-2023-20884 (VMware Workspace ONE Access and VMware Identity Manager
contain an ins ...)
NOT-FOR-US: VMware
CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 -
2.6.14, ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9210ea344484f0c8644709dfe48d6410ea87c9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9210ea344484f0c8644709dfe48d6410ea87c9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
