[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 3 21:21:33 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e19a95ef by security tracker role at 2023-08-03T20:21:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,177 @@
+CVE-2023-4145 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/custo ...)
+ TODO: check
+CVE-2023-4138 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+ TODO: check
+CVE-2023-4136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-4133 (A use-after-free vulnerability was found in the cxgb4 driver in the Li ...)
+ TODO: check
+CVE-2023-4132 (A use-after-free vulnerability was found in the siano smsusb module in ...)
+ TODO: check
+CVE-2023-4127 (Race Condition within a Thread in GitHub repository answerdev/answer p ...)
+ TODO: check
+CVE-2023-4126 (Insufficient Session Expiration in GitHub repository answerdev/answer ...)
+ TODO: check
+CVE-2023-4125 (Weak Password Requirements in GitHub repository answerdev/answer prior ...)
+ TODO: check
+CVE-2023-4124 (Missing Authorization in GitHub repository answerdev/answer prior to v ...)
+ TODO: check
+CVE-2023-4121 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...)
+ TODO: check
+CVE-2023-4120 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...)
+ TODO: check
+CVE-2023-4119 (A vulnerability has been found in Academy LMS 6.0 and classified as pr ...)
+ TODO: check
+CVE-2023-4118 (A vulnerability, which was classified as problematic, was found in Cut ...)
+ TODO: check
+CVE-2023-4117 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-4116 (A vulnerability classified as problematic was found in PHP Jabbers Tax ...)
+ TODO: check
+CVE-2023-4115 (A vulnerability classified as problematic has been found in PHP Jabber ...)
+ TODO: check
+CVE-2023-4114 (A vulnerability was found in PHP Jabbers Night Club Booking Software 1 ...)
+ TODO: check
+CVE-2023-4113 (A vulnerability was found in PHP Jabbers Service Booking Script 1.0. I ...)
+ TODO: check
+CVE-2023-4112 (A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. ...)
+ TODO: check
+CVE-2023-4111 (A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 an ...)
+ TODO: check
+CVE-2023-4110 (A vulnerability has been found in PHP Jabbers Availability Booking Cal ...)
+ TODO: check
+CVE-2023-3932 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2023-3766 (A vulnerability was discovered in the odoh-rs rust crate that stems fr ...)
+ TODO: check
+CVE-2023-3749 (A local user could edit the VideoEdge configuration file and interfere ...)
+ TODO: check
+CVE-2023-3669 (A missing Brute-Force protection in CODESYS Development System prior t ...)
+ TODO: check
+CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and before 3.5.1 ...)
+ TODO: check
+CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior to 3.5. ...)
+ TODO: check
+CVE-2023-3348 (The Wrangler command line tool (<=wrangler at 3.1.0) was affected by a di ...)
+ TODO: check
+CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+ TODO: check
+CVE-2023-3329 (SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable t ...)
+ TODO: check
+CVE-2023-3180 (A flaw was found in the QEMU virtual crypto device while handling data ...)
+ TODO: check
+CVE-2023-39144 (Element55 KnowMore appliances version 21 and older was discovered to s ...)
+ TODO: check
+CVE-2023-39121 (emlog v2.1.9 was discovered to contain a SQL injection vulnerability v ...)
+ TODO: check
+CVE-2023-39114 (ngiflib commit 84a75 was discovered to contain a segmentation violatio ...)
+ TODO: check
+CVE-2023-39113 (ngiflib commit fb271 was discovered to contain a segmentation violatio ...)
+ TODO: check
+CVE-2023-39097 (WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) v ...)
+ TODO: check
+CVE-2023-39096 (WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) v ...)
+ TODO: check
+CVE-2023-39075 (Renault Zoe EV 2021 automotive infotainment system versions 283C35202R ...)
+ TODO: check
+CVE-2023-38958 (An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthen ...)
+ TODO: check
+CVE-2023-38956 (A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows u ...)
+ TODO: check
+CVE-2023-38955 (ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain ...)
+ TODO: check
+CVE-2023-38954 (ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2023-38948 (An arbitrary file download vulnerability in the /c/PluginsController.p ...)
+ TODO: check
+CVE-2023-38947 (An arbitrary file upload vulnerability in the /languages/install.php c ...)
+ TODO: check
+CVE-2023-38942 (Dango-Translator v4.5.5 was discovered to contain a remote command exe ...)
+ TODO: check
+CVE-2023-38812
+ REJECTED
+CVE-2023-38748 (Use after free vulnerability exists in CX-Programmer Included in CX-On ...)
+ TODO: check
+CVE-2023-38747 (Heap-based buffer overflow vulnerability exists in CX-Programmer Inclu ...)
+ TODO: check
+CVE-2023-38746 (Out-of-bounds read vulnerability/issue exists in CX-Programmer Include ...)
+ TODO: check
+CVE-2023-38744 (Denial-of-service (DoS) vulnerability due to improper validation of sp ...)
+ TODO: check
+CVE-2023-37679 (A remote command execution (RCE) vulnerability in NextGen Mirth Connec ...)
+ TODO: check
+CVE-2023-37559 (After successful authentication as a user in multiple Codesys products ...)
+ TODO: check
+CVE-2023-37558 (After successful authentication as a user in multiple Codesys products ...)
+ TODO: check
+CVE-2023-37557 (After successful authentication as a user in multiple Codesys products ...)
+ TODO: check
+CVE-2023-37556 (In multiple versions of multiple Codesys products, after successful au ...)
+ TODO: check
+CVE-2023-37555 (In multiple versions of multiple Codesys products, after successful au ...)
+ TODO: check
+CVE-2023-37554 (In multiple versions of multiple Codesys products, after successful au ...)
+ TODO: check
+CVE-2023-37553 (In multiple versions of multiple Codesys products, after successful au ...)
+ TODO: check
+CVE-2023-37552 (In multiple versions of multiple Codesys products, after successful au ...)
+ TODO: check
+CVE-2023-37551 (In multiple Codesys products in multiple versions, after successful au ...)
+ TODO: check
+CVE-2023-37550 (In multiple Codesys products in multiple versions, after successful au ...)
+ TODO: check
+CVE-2023-37549 (In multiple Codesys products in multiple versions, after successful au ...)
+ TODO: check
+CVE-2023-37548 (In multiple Codesys products in multiple versions, after successful au ...)
+ TODO: check
+CVE-2023-37547 (In multiple Codesys products in multiple versions, after successful au ...)
+ TODO: check
+CVE-2023-37546 (In multiple Codesys products in multiple versions, after successful au ...)
+ TODO: check
+CVE-2023-37545 (In multiple Codesys products in multiple versions, after successful au ...)
+ TODO: check
+CVE-2023-37364 (In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapt ...)
+ TODO: check
+CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote attacke ...)
+ TODO: check
+CVE-2023-36298 (DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote co ...)
+ TODO: check
+CVE-2023-36255 (An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote ...)
+ TODO: check
+CVE-2023-36217 (Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remo ...)
+ TODO: check
+CVE-2023-36213 (SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacke ...)
+ TODO: check
+CVE-2023-36212 (File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacke ...)
+ TODO: check
+CVE-2023-36082 (An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a ...)
+ TODO: check
+CVE-2023-35081 (A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.1 ...)
+ TODO: check
+CVE-2023-34196 (In the Keyfactor EJBCA before 8.0.0, the RA web certificate distributi ...)
+ TODO: check
+CVE-2023-33666 (ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain ...)
+ TODO: check
+CVE-2023-33371 (Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic ...)
+ TODO: check
+CVE-2023-33370 (An uncaught exception vulnerability exists in Control ID IDSecure 4.7. ...)
+ TODO: check
+CVE-2023-33369 (A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 ...)
+ TODO: check
+CVE-2023-33368 (Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfi ...)
+ TODO: check
+CVE-2023-33366 (A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1 ...)
+ TODO: check
+CVE-2023-33365 (A path traversal vulnerability exists in Suprema BioStar 2 before 2.9. ...)
+ TODO: check
+CVE-2023-33364 (An OS Command injection vulnerability exists in Suprema BioStar 2 befo ...)
+ TODO: check
+CVE-2023-33363 (An authentication bypass vulnerability exists in Suprema BioStar 2 bef ...)
+ TODO: check
+CVE-2023-32764 (Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate ...)
+ TODO: check
+CVE-2023-2754 (The Cloudflare WARP client for Windows assigns loopback IPv4 addresses ...)
+ TODO: check
CVE-2023-4104
- mozillavpn <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/1
@@ -10,37 +184,37 @@ CVE-2023-34320 [arm: Guests can trigger a deadlock on Cortex-A77]
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/01/1
NOTE: https://xenbits.xen.org/xsa/advisory-436.html
-CVE-2023-4078
+CVE-2023-4078 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4077
+CVE-2023-4077 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4076
+CVE-2023-4076 (Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allo ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4075
+CVE-2023-4075 (Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowe ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4074
+CVE-2023-4074 (Use after free in Blink Task Scheduling in Google Chrome prior to 115. ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4073
+CVE-2023-4073 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4072
+CVE-2023-4072 (Out of bounds read and write in WebGL in Google Chrome prior to 115.0. ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4071
+CVE-2023-4071 (Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.1 ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4070
+CVE-2023-4070 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4069
+CVE-2023-4069 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4068
+CVE-2023-4068 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4067 (The Bus Ticket Booking with Seat Reservation plugin for WordPress is v ...)
@@ -135,7 +309,7 @@ CVE-2023-31426 (The Brocade Fabric OS Commands \u201cconfigupload\u201d and \u20
NOT-FOR-US: Brocade
CVE-2023-31425 (A vulnerability in the fosexec command of Brocade Fabric OS after Broc ...)
NOT-FOR-US: Brocade
-CVE-2023-4008
+CVE-2023-4008 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
CVE-2023-4011 (An issue has been discovered in GitLab EE affecting all versions from ...)
- gitlab <not-affected> (Specific to EE)
@@ -215,6 +389,7 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057
CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -224,6 +399,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Fir
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056
CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -255,6 +431,7 @@ CVE-2023-4051 (A website could have obscured the full screen notification by usi
- firefox 116.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -264,6 +441,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack bu
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050
CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -273,6 +451,7 @@ CVE-2023-4049 (Race conditions in reference counting code were found through cod
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049
CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -282,6 +461,7 @@ CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048
CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -291,6 +471,7 @@ CVE-2023-4047 (A bug in popup notifications delay calculation could have made it
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047
CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -300,6 +481,7 @@ CVE-2023-4046 (In some circumstances, a stale value could have been used for a g
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046
CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -318,7 +500,7 @@ CVE-2023-3825 (PTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to
NOT-FOR-US: PTC KEPServerEX
CVE-2023-3462 (HashiCorp's Vault and Vault Enterprise are vulnerable to user enumerat ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2023-39122 (BMC Control-M Software v9.0.20.200 was discovered to contain a SQL inj ...)
+CVE-2023-39122 (BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Serv ...)
NOT-FOR-US: BMC Control-M Software
CVE-2023-37772 (Online Shopping Portal Project v3.1 was discovered to contain a SQL in ...)
NOT-FOR-US: Online Shopping Portal Project
@@ -414,7 +596,7 @@ CVE-2023-34872 (A vulnerability in Outline.cc for Poppler prior to 23.06.0 allow
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
CVE-2023-34842 (Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows ...)
NOT-FOR-US: DedeCMS
-CVE-2023-34644 (A command injection vulnerability exists in the EWEB management system ...)
+CVE-2023-34644 (Remote code execution vulnerability in Ruijie Networks Product: RG-EW ...)
NOT-FOR-US: Ruijie
CVE-2023-34635 (Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injec ...)
NOT-FOR-US: Wifi Soft Unibox Administration
@@ -15121,8 +15303,8 @@ CVE-2023-22310
RESERVED
CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.11.11+ds1-1
-CVE-2023-1935
- RESERVED
+CVE-2023-1935 (ROC800-Series RTU devices are vulnerable to an authentication bypass, ...)
+ TODO: check
CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is afflicted by ...)
NOT-FOR-US: PnPSCADA
CVE-2023-1933
@@ -18652,8 +18834,8 @@ CVE-2023-1439 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: SourceCodester Medicine Tracker System
CVE-2023-1438
RESERVED
-CVE-2023-1437
- RESERVED
+CVE-2023-1437 (All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerabl ...)
+ TODO: check
CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing a JSO ...)
- libjettison-java 1.5.4-1 (bug #1033846)
[bookworm] - libjettison-java <no-dsa> (Minor issue)
@@ -18741,8 +18923,8 @@ CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoi
NOT-FOR-US: Couchbase Server
CVE-2023-28469 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
NOT-FOR-US: ARM
-CVE-2023-28468
- RESERVED
+CVE-2023-28468 (An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O w ...)
+ TODO: check
CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...)
NOT-FOR-US: MyBB
CVE-2023-28465
@@ -23356,8 +23538,8 @@ CVE-2023-26981
RESERVED
CVE-2023-26980 (PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition ...)
NOT-FOR-US: PAX Technology PAX A920 Pro PayDroid
-CVE-2023-26979
- RESERVED
+CVE-2023-26979 (Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 ...)
+ TODO: check
CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
NOT-FOR-US: TOTOLINK
CVE-2023-26977
@@ -25046,8 +25228,8 @@ CVE-2023-0958 (Several plugins for WordPress by Inisev are vulnerable to unautho
NOT-FOR-US: WordPress plugin
CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...)
NOT-FOR-US: Gitpod
-CVE-2023-0956
- RESERVED
+CVE-2023-0956 (External input could be used on TEL-STER TelWin SCADA WebInterface to ...)
+ TODO: check
CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and ...)
@@ -26450,7 +26632,7 @@ CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri Portal Site
NOT-FOR-US: Esri
CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...)
NOT-FOR-US: Esri
-CVE-2023-25835 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...)
+CVE-2023-25835 (There is a stored Cross-site Scripting vulnerabilityin Esri Portal for ...)
NOT-FOR-US: Esri
CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...)
NOT-FOR-US: Esri
@@ -27509,8 +27691,8 @@ CVE-2022-48318 (No authorisation controls in the RestAPI documentation for Tribe
- check-mk <removed>
CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for Tribe ...)
- check-mk <removed>
-CVE-2023-25600
- RESERVED
+CVE-2023-25600 (An issue was discovered in InsydeH2O. A malicious operating system can ...)
+ TODO: check
CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
NOT-FOR-US: Mitel
CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
@@ -27767,8 +27949,8 @@ CVE-2023-25526
RESERVED
CVE-2023-25525
RESERVED
-CVE-2023-25524
- RESERVED
+CVE-2023-25524 (NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a ...)
+ TODO: check
CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...)
- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1042766)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5469
@@ -38357,12 +38539,12 @@ CVE-2023-22366 (CX-Motion-MCH v2.32 and earlier contains an access of uninitiali
NOT-FOR-US: CX-Motion-MCH
CVE-2023-22357 (Active debug code exists in OMRON CP1L-EL20DR-D all versions, which ma ...)
NOT-FOR-US: OMROM
-CVE-2023-22317
- RESERVED
-CVE-2023-22314
- RESERVED
-CVE-2023-22277
- RESERVED
+CVE-2023-22317 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...)
+ TODO: check
+CVE-2023-22314 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...)
+ TODO: check
+CVE-2023-22277 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...)
+ TODO: check
CVE-2023-0026 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...)
NOT-FOR-US: Juniper
CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected and stor ...)
@@ -47392,8 +47574,8 @@ CVE-2022-4048 (Inadequate Encryption Strength in CODESYS Development System V3 v
NOT-FOR-US: CODESYS
CVE-2022-4047 (The Return Refund and Exchange For WooCommerce WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4046
- RESERVED
+CVE-2022-4046 (In CODESYS Control in multiple versions a improper restriction of oper ...)
+ TODO: check
CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an authenti ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authenticate ...)
@@ -49687,18 +49869,18 @@ CVE-2023-21414
RESERVED
CVE-2023-21413
RESERVED
-CVE-2023-21412
- RESERVED
-CVE-2023-21411
- RESERVED
-CVE-2023-21410
- RESERVED
-CVE-2023-21409
- RESERVED
-CVE-2023-21408
- RESERVED
-CVE-2023-21407
- RESERVED
+CVE-2023-21412 (User provided input is not sanitized on the AXIS License Plate Verifie ...)
+ TODO: check
+CVE-2023-21411 (User provided input is not sanitized in the \u201cSettings > Access Co ...)
+ TODO: check
+CVE-2023-21410 (User provided input is not sanitized on the AXIS License Plate Verifie ...)
+ TODO: check
+CVE-2023-21409 (Due to insufficient file permissions, unprivileged users could gain ac ...)
+ TODO: check
+CVE-2023-21408 (Due to insufficient file permissions, unprivileged users could gain ac ...)
+ TODO: check
+CVE-2023-21407 (A broken access control was found allowing for privileged escalation o ...)
+ TODO: check
CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A ...)
NOT-FOR-US: AXIS
CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network Door Contro ...)
@@ -57258,7 +57440,7 @@ CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before 1.
CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42986
- RESERVED
+ REJECTED
CVE-2022-42985 (The ScratchLogin extension through 1.1 for MediaWiki does not escape v ...)
NOT-FOR-US: MediaWiki extension ScratchLogin
CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL ...)
@@ -80849,8 +81031,8 @@ CVE-2022-34455
RESERVED
CVE-2022-34454 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buff ...)
NOT-FOR-US: Dell
-CVE-2022-34453
- RESERVED
+CVE-2022-34453 (Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper acc ...)
+ TODO: check
CVE-2022-34452 (PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* con ...)
NOT-FOR-US: Dell
CVE-2022-34451 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* co ...)
@@ -97429,8 +97611,8 @@ CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energ
NOT-FOR-US: HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware
CVE-2022-28610
RESERVED
-CVE-2022-26838
- RESERVED
+CVE-2022-26838 (Path traversal vulnerability in Importing Mobile Device Data of Cybozu ...)
+ TODO: check
CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...)
- plantuml <unfixed> (bug #1039989)
[bookworm] - plantuml <no-dsa> (Minor issue)
@@ -218956,8 +219138,8 @@ CVE-2020-20810
RESERVED
CVE-2020-20809
RESERVED
-CVE-2020-20808
- RESERVED
+CVE-2020-20808 (Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before ...)
+ TODO: check
CVE-2020-20807
RESERVED
CVE-2020-20806
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e19a95ef1ac80d4b42186ef6f8c29c06181847b7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e19a95ef1ac80d4b42186ef6f8c29c06181847b7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230803/50037310/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list