[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 4 21:12:39 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0984464e by security tracker role at 2023-08-04T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2023-4159 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...)
+ TODO: check
+CVE-2023-4158 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
+ TODO: check
+CVE-2023-4157 (Improper Input Validation in GitHub repository omeka/omeka-s prior to ...)
+ TODO: check
+CVE-2023-4135 (A heap out-of-bounds memory read flaw was found in the virtual nvme de ...)
+ TODO: check
+CVE-2023-39552 (PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to ...)
+ TODO: check
+CVE-2023-39551 (PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to ...)
+ TODO: check
+CVE-2023-39379 (Fujitsu Software Infrastructure Manager (ISM) stores sensitive informa ...)
+ TODO: check
+CVE-2023-39344 (social-media-skeleton is an uncompleted social media project. A SQL in ...)
+ TODO: check
+CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path trave ...)
+ TODO: check
+CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion vulnerability in th ...)
+ TODO: check
+CVE-2023-39107 (An arbitrary file overwrite vulnerability in NoMachine Free Edition an ...)
+ TODO: check
+CVE-2023-38964 (Creative Item Academy LMS 6.0 was discovered to contain a cross-site s ...)
+ TODO: check
+CVE-2023-38707
+ REJECTED
+CVE-2023-38702 (Knowage is an open source analytics and business intelligence suite. S ...)
+ TODO: check
+CVE-2023-38700 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...)
+ TODO: check
+CVE-2023-38699 (MindsDB's AI Virtual Database allows developers to connect any AI/ML m ...)
+ TODO: check
+CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and extensible nam ...)
+ TODO: check
+CVE-2023-38697 (protocol-http1 provides a low-level implementation of the HTTP/1 proto ...)
+ TODO: check
+CVE-2023-38696
+ REJECTED
+CVE-2023-38695 (cypress-image-snapshot shows visual regressions in Cypress with jest-i ...)
+ TODO: check
+CVE-2023-38692 (CloudExplorer Lite is an open source, lightweight cloud management pla ...)
+ TODO: check
+CVE-2023-38691 (matrix-appservice-bridge provides an API for setting up bridges. Start ...)
+ TODO: check
+CVE-2023-38690 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...)
+ TODO: check
+CVE-2023-38689 (Logistics Pipes is a modification (a.k.a. mod) for the computer game M ...)
+ TODO: check
+CVE-2023-38688 (twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, ...)
+ TODO: check
+CVE-2023-38686 (Sydent is an identity server for the Matrix communications protocol. P ...)
+ TODO: check
+CVE-2023-38494 (MeterSphere is an open-source continuous testing platform. Prior to ve ...)
+ TODO: check
+CVE-2023-38487 (HedgeDoc is software for creating real-time collaborative markdown not ...)
+ TODO: check
+CVE-2023-38332 (Zoho ManageEngine ADManager Plus through 7201 allow authenticated user ...)
+ TODO: check
+CVE-2023-37896 (Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security ...)
+ TODO: check
+CVE-2023-37470 (Metabase is an open-source business intelligence and analytics platfor ...)
+ TODO: check
+CVE-2023-36480 (The Aerospike Java client is a Java application that implements a netw ...)
+ TODO: check
+CVE-2023-34038 (VMware Horizon Server contains an information disclosure vulnerability ...)
+ TODO: check
+CVE-2023-34037 (VMware Horizon Server contains a HTTP request smuggling vulnerability. ...)
+ TODO: check
+CVE-2023-33379 (Connected IO v2.1.0 and prior has a misconfiguration in their MQTT bro ...)
+ TODO: check
+CVE-2023-33378 (Connected IO v2.1.0 and prior has an argument injection vulnerability ...)
+ TODO: check
+CVE-2023-33377 (Connected IO v2.1.0 and prior has an OS command injection vulnerabilit ...)
+ TODO: check
+CVE-2023-33376 (Connected IO v2.1.0 and prior has an argument injection vulnerability ...)
+ TODO: check
+CVE-2023-33375 (Connected IO v2.1.0 and prior has a stack-based buffer overflow vulner ...)
+ TODO: check
+CVE-2023-33374 (Connected IO v2.1.0 and prior has a command as part of its communicati ...)
+ TODO: check
+CVE-2023-33373 (Connected IO v2.1.0 and prior keeps passwords and credentials in clear ...)
+ TODO: check
+CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded username/password pair ...)
+ TODO: check
+CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior to 108 ...)
+ TODO: check
CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...)
NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress
CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...)
@@ -58,7 +144,7 @@ CVE-2023-36131 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to In
NOT-FOR-US: PHPJabbers
CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL injection ...)
NOT-FOR-US: ai-dev aitable
-CVE-2023-38497 [Cargo does not respect umask when extracting packages]
+CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compiles the ...)
- rustc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
TODO: check details
@@ -265,36 +351,47 @@ CVE-2023-34320 [arm: Guests can trigger a deadlock on Cortex-A77]
NOTE: https://www.openwall.com/lists/oss-security/2023/08/01/1
NOTE: https://xenbits.xen.org/xsa/advisory-436.html
CVE-2023-4078 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4077 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4076 (Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allo ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4075 (Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowe ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4074 (Use after free in Blink Task Scheduling in Google Chrome prior to 115. ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4073 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4072 (Out of bounds read and write in WebGL in Google Chrome prior to 115.0. ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4071 (Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.1 ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4070 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4069 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4068 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4067 (The Bus Ticket Booking with Seat Reservation plugin for WordPress is v ...)
@@ -2248,6 +2345,7 @@ CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer over
CVE-2023-37472 (Knowage is an open source suite for business analytics. The applicatio ...)
NOT-FOR-US: Knowage
CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript Object Signin ...)
+ {DLA-3515-1}
- cjose 0.6.2.2-1 (bug #1041423)
NOTE: https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj
NOTE: https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e (v0.6.2.2)
@@ -14721,8 +14819,8 @@ CVE-2023-29691
RESERVED
CVE-2023-29690
RESERVED
-CVE-2023-29689
- RESERVED
+CVE-2023-29689 (PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that ...)
+ TODO: check
CVE-2023-29688
RESERVED
CVE-2023-29687
@@ -15229,8 +15327,8 @@ CVE-2023-29507 (XWiki Commons are technical libraries common to several other to
NOT-FOR-US: XWiki
CVE-2023-29506 (XWiki Commons are technical libraries common to several other top leve ...)
NOT-FOR-US: XWiki
-CVE-2023-29505
- RESERVED
+CVE-2023-29505 (An issue was discovered in Zoho ManageEngine Network Configuration Man ...)
+ TODO: check
CVE-2023-28393
RESERVED
CVE-2023-1942 (A vulnerability has been found in SourceCodester Online Computer and L ...)
@@ -34087,8 +34185,7 @@ CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in
NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to execut ...)
NOT-FOR-US: Uvdesk
-CVE-2023-0264
- RESERVED
+CVE-2023-0264 (A flaw was found in Keycloaks OpenID Connect user authentication, whic ...)
NOT-FOR-US: Keycloak
CVE-2023-0263 (The WP Yelp Review Slider WordPress plugin before 7.1 does not properl ...)
NOT-FOR-US: WordPress plugin
@@ -62079,8 +62176,8 @@ CVE-2022-41403 (OpenCart 3.x Newsletter Custom Popup was discovered to contain a
NOT-FOR-US: OpenCart plugin
CVE-2022-41402
RESERVED
-CVE-2022-41401
- RESERVED
+CVE-2022-41401 (OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vul ...)
+ TODO: check
CVE-2022-41400 (Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encryp ...)
NOT-FOR-US: Sage
CVE-2022-41399 (The optional Web Screens feature for Sage 300 through version 2022 use ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0984464e0ebbaba6da5ddfad050e3155dee75ae7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0984464e0ebbaba6da5ddfad050e3155dee75ae7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230804/dbb58fd2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list