[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 9 21:12:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13e211d9 by security tracker role at 2023-08-09T20:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2023-4273 (A flaw was found in the exFAT driver of the Linux kernel. The vulnerab ...)
+	TODO: check
+CVE-2023-40012 (uthenticode is a small cross-platform library for partially verifying  ...)
+	TODO: check
+CVE-2023-3953 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+	TODO: check
+CVE-2023-3518 (HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for  ...)
+	TODO: check
+CVE-2023-39969 (uthenticode is a small cross-platform library for partially verifying  ...)
+	TODO: check
+CVE-2023-39531 (Sentry is an error tracking and performance monitoring platform. Start ...)
+	TODO: check
+CVE-2023-39008 (A command injection vulnerability in the component /api/cron/settings/ ...)
+	TODO: check
+CVE-2023-39007 (/ui/cron/item/open in the Cron component of OPNsense before 23.7 allow ...)
+	TODO: check
+CVE-2023-39006 (The Crash Reporter (crash_reporter.php) component of OPNsense before 2 ...)
+	TODO: check
+CVE-2023-39005 (Insecure permissions exist for configd.socket in OPNsense before 23.7.)
+	TODO: check
+CVE-2023-39004 (Insecure permissions in the configuration directory (/conf/) of OPNsen ...)
+	TODO: check
+CVE-2023-39003 (OPNsense before 23.7 was discovered to contain insecure permissions in ...)
+	TODO: check
+CVE-2023-39002 (A cross-site scripting (XSS) vulnerability in the act parameter of sys ...)
+	TODO: check
+CVE-2023-39001 (A command injection vulnerability in the component diag_backup.php of  ...)
+	TODO: check
+CVE-2023-39000 (A reflected cross-site scripting (XSS) vulnerability in the component  ...)
+	TODO: check
+CVE-2023-38999 (A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/ha ...)
+	TODO: check
+CVE-2023-38998 (An open redirect in the Login page of OPNsense before 23.7 allows atta ...)
+	TODO: check
+CVE-2023-38997 (A directory traversal vulnerability in the Captive Portal templates of ...)
+	TODO: check
+CVE-2023-38348 (A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.)
+	TODO: check
+CVE-2023-38347 (An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attacker ...)
+	TODO: check
+CVE-2023-38213 (Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vul ...)
+	TODO: check
+CVE-2023-38212 (Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overf ...)
+	TODO: check
+CVE-2023-38211 (Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerab ...)
+	TODO: check
+CVE-2023-37068 (Code-Projects Gym Management System V1.0 allows remote attackers to ex ...)
+	TODO: check
+CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers  ...)
+	TODO: check
+CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...)
+	TODO: check
+CVE-2023-33469 (In instances where the screen is visible and remote mouse connection i ...)
+	TODO: check
+CVE-2023-33468 (KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior t ...)
+	TODO: check
+CVE-2023-32782 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. ...)
+	TODO: check
+CVE-2023-32781 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. ...)
+	TODO: check
+CVE-2023-31452 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760  ...)
+	TODO: check
+CVE-2023-31450 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760  ...)
+	TODO: check
+CVE-2023-31449 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760  ...)
+	TODO: check
+CVE-2023-31448 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760  ...)
+	TODO: check
+CVE-2022-48604 (A SQL injection vulnerability exists in the \u201clogging export\u201d ...)
+	TODO: check
+CVE-2022-48603 (A SQL injection vulnerability exists in the \u201cmessage viewer ifram ...)
+	TODO: check
+CVE-2022-48602 (A SQL injection vulnerability exists in the \u201cmessage viewer print ...)
+	TODO: check
+CVE-2022-48601 (A SQL injection vulnerability exists in the \u201cnetwork print report ...)
+	TODO: check
+CVE-2022-48600 (A SQL injection vulnerability exists in the \u201cnotes view\u201d fea ...)
+	TODO: check
+CVE-2022-48599 (A SQL injection vulnerability exists in the \u201creporter events type ...)
+	TODO: check
+CVE-2022-48598 (A SQL injection vulnerability exists in the \u201creporter events type ...)
+	TODO: check
+CVE-2022-48597 (A SQL injection vulnerability exists in the \u201cticket event report\ ...)
+	TODO: check
+CVE-2022-48596 (A SQL injection vulnerability exists in the \u201cticket queue watcher ...)
+	TODO: check
+CVE-2022-48595 (A SQL injection vulnerability exists in the \u201cticket template watc ...)
+	TODO: check
+CVE-2022-48594 (A SQL injection vulnerability exists in the \u201cticket watchers emai ...)
+	TODO: check
+CVE-2022-48593 (A SQL injection vulnerability exists in the \u201ctopology data servic ...)
+	TODO: check
+CVE-2022-48592 (A SQL injection vulnerability exists in the vendor_country parameter o ...)
+	TODO: check
+CVE-2022-48591 (A SQL injection vulnerability exists in the vendor_state parameter of  ...)
+	TODO: check
+CVE-2022-48590 (A SQL injection vulnerability exists in the \u201cadmin dynamic app mi ...)
+	TODO: check
+CVE-2022-48589 (A SQL injection vulnerability exists in the \u201creporting job editor ...)
+	TODO: check
+CVE-2022-48588 (A SQL injection vulnerability exists in the \u201cschedule editor deco ...)
+	TODO: check
+CVE-2022-48587 (A SQL injection vulnerability exists in the \u201cschedule editor\u201 ...)
+	TODO: check
+CVE-2022-48586 (A SQL injection vulnerability exists in the \u201cjson walker\u201d fe ...)
+	TODO: check
+CVE-2022-48585 (A SQL injection vulnerability exists in the \u201cadmin brand portal\u ...)
+	TODO: check
+CVE-2022-48584 (A command injection vulnerability exists in the download and convert r ...)
+	TODO: check
+CVE-2022-48583 (A command injection vulnerability exists in the dashboard scheduler fe ...)
+	TODO: check
+CVE-2022-48582 (A command injection vulnerability exists in the ticket report generate ...)
+	TODO: check
+CVE-2022-48581 (A command injection vulnerability exists in the \u201cdash export\u201 ...)
+	TODO: check
+CVE-2022-48580 (A command injection vulnerability exists in the ARP ping device tool f ...)
+	TODO: check
 CVE-2023-4243 (The FULL - Customer plugin for WordPress is vulnerable to Arbitrary Fi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4242 (The FULL - Customer plugin for WordPress is vulnerable to Information  ...)
@@ -1285,7 +1403,7 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057
 CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox  ...)
-	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -1295,7 +1413,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Fir
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056
 CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...)
-	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -1327,7 +1445,7 @@ CVE-2023-4051 (A website could have obscured the full screen notification by usi
 	- firefox 116.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
 CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer  ...)
-	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -1337,7 +1455,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack bu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050
 CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...)
-	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -1347,7 +1465,7 @@ CVE-2023-4049 (Race conditions in reference counting code were found through cod
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049
 CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...)
-	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -1357,7 +1475,7 @@ CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048
 CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...)
-	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -1367,7 +1485,7 @@ CVE-2023-4047 (A bug in popup notifications delay calculation could have made it
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047
 CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...)
-	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -1377,7 +1495,7 @@ CVE-2023-4046 (In some circumstances, a stale value could have been used for a g
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046
 CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
-	{DSA-5469-1 DSA-5464-1 DLA-3521-1}
+	{DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -32059,16 +32177,16 @@ CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All versions
 	NOT-FOR-US: Siemens
 CVE-2023-24477 (In certain conditions, depending on timing and the usage of the Chrome ...)
 	TODO: check
-CVE-2023-24471
-	RESERVED
-CVE-2023-24015
-	RESERVED
-CVE-2023-23903
-	RESERVED
-CVE-2023-23574
-	RESERVED
-CVE-2023-22843
-	RESERVED
+CVE-2023-24471 (An access control vulnerability was found, due to the restrictions tha ...)
+	TODO: check
+CVE-2023-24015 (A partial DoS vulnerability has been detected in the Reports section,  ...)
+	TODO: check
+CVE-2023-23903 (An authenticated administrator can upload a SAML configuration file wi ...)
+	TODO: check
+CVE-2023-23574 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...)
+	TODO: check
+CVE-2023-22843 (An authenticated attacker with administrative access to the appliance  ...)
+	TODO: check
 CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...)
 	TODO: check
 CVE-2023-0479
@@ -35404,10 +35522,10 @@ CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29 2.0.0
 	NOT-FOR-US: Huawei
 CVE-2023-23348 (HCL Launch could disclose sensitive information if a manual edit of a  ...)
 	NOT-FOR-US: HCL
-CVE-2023-23347
-	RESERVED
-CVE-2023-23346
-	RESERVED
+CVE-2023-23347 (HCL DRYiCE iAutomate is affected by the use of a broken cryptographic  ...)
+	TODO: check
+CVE-2023-23346 (HCL DRYiCE MyCloud is affected by the use of a broken cryptographic al ...)
+	TODO: check
 CVE-2023-23345
 	RESERVED
 CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14 allows an  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e211d9d55c5046ef6ad87240f79baf3decab4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e211d9d55c5046ef6ad87240f79baf3decab4c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230809/89abeae1/attachment.htm>

More information about the debian-security-tracker-commits mailing list