[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 16 21:13:27 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3118d130 by security tracker role at 2023-08-16T20:13:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,38 +1,94 @@
+CVE-2023-4389 (A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the bt ...)
+ TODO: check
+CVE-2023-4387 (A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/ ...)
+ TODO: check
+CVE-2023-4385 (A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap ...)
+ TODO: check
+CVE-2023-4384 (A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.1 ...)
+ TODO: check
+CVE-2023-4383 (A vulnerability, which was classified as critical, was found in MicroW ...)
+ TODO: check
+CVE-2023-4382 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-4381 (Unverified Password Change in GitHub repository instantsoft/icms2 prio ...)
+ TODO: check
+CVE-2023-4241 (lol-html can cause panics on certain HTML inputs. Anyone processing ar ...)
+ TODO: check
+CVE-2023-4204 (NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected ...)
+ TODO: check
+CVE-2023-39975 (kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a ...)
+ TODO: check
+CVE-2023-39507 (Improper authorization in the custom URL scheme handler in "Rikunabi N ...)
+ TODO: check
+CVE-2023-39250 (Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain ...)
+ TODO: check
+CVE-2023-39115 (install/aiz-uploader/upload in Campcodes Online Matrimonial Website Sy ...)
+ TODO: check
+CVE-2023-38904 (A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 a ...)
+ TODO: check
+CVE-2023-38737 (IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is ...)
+ TODO: check
+CVE-2023-33663 (In the module \u201cCustomization fields fee for your store\u201d (aic ...)
+ TODO: check
+CVE-2023-32495 (Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive i ...)
+ TODO: check
+CVE-2023-32494 (Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of i ...)
+ TODO: check
+CVE-2023-32493 (Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass ...)
+ TODO: check
+CVE-2023-32492 (Dell PowerScale OneFS 9.5.0.x contains an incorrect default permission ...)
+ TODO: check
+CVE-2023-32491 (Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive info ...)
+ TODO: check
+CVE-2023-32490 (Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege manage ...)
+ TODO: check
+CVE-2023-32489 (Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulne ...)
+ TODO: check
+CVE-2023-32488 (Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosu ...)
+ TODO: check
+CVE-2023-32487 (Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privi ...)
+ TODO: check
+CVE-2023-32486 (Dell PowerScale OneFS 9.5.x version contain a privilege escalation vul ...)
+ TODO: check
+CVE-2023-32453 (Dell BIOS contains an improper authentication vulnerability. A malicio ...)
+ TODO: check
+CVE-2023-2737 (Improper log permissions in SafeNet Authentication ServiceVersion 3.4. ...)
+ TODO: check
CVE-2023-4302
NOT-FOR-US: Jenkins plugin
CVE-2023-4301
NOT-FOR-US: Jenkins plugin
-CVE-2023-40351
+CVE-2023-40351 (A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40350
+CVE-2023-40350 (Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values re ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40349
+CVE-2023-40349 (Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an optio ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40348
+CVE-2023-40348 (The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provide ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40347
+CVE-2023-40347 (Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40346
+CVE-2023-40346 (Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortc ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40345
+CVE-2023-40345 (Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40344
+CVE-2023-40344 (A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40343
+CVE-2023-40343 (Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-con ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40342
+CVE-2023-40342 (Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JU ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40341
+CVE-2023-40341 (A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40340
+CVE-2023-40340 (Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40339
+CVE-2023-40339 (Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier d ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40338
+CVE-2023-40338 (Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an err ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40337
+CVE-2023-40337 (A cross-site request forgery (CSRF) vulnerability in Jenkins Folders P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40336
+CVE-2023-40336 (A cross-site request forgery (CSRF) vulnerability in Jenkins Folders P ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-4374 (The WP Remote Users Sync plugin for WordPress is vulnerable to unautho ...)
NOT-FOR-US: WP Remote Users Sync plugin for WordPress
@@ -891,17 +947,17 @@ CVE-2023-33469 (In instances where the screen is visible and remote mouse connec
NOT-FOR-US: KramerAV
CVE-2023-33468 (KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior t ...)
NOT-FOR-US: KramerAV
-CVE-2023-32782 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. ...)
+CVE-2023-32782 (A command injection was identified in PRTG 23.2.84.1566 and earlier ve ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-32781 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. ...)
+CVE-2023-32781 (A command injection vulnerability was identified in PRTG 23.2.84.1566 ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-31452 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 ...)
+CVE-2023-31452 (A cross-site request forgery (CSRF) token bypass was identified in PRT ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-31450 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 ...)
+CVE-2023-31450 (A path traversal vulnerability was identified in the SQL v2 sensors in ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-31449 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 ...)
+CVE-2023-31449 (A path traversal vulnerability was identified in the WMI Custom sensor ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-31448 (An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 ...)
+CVE-2023-31448 (A path traversal vulnerability was identified in the HL7 sensor in PRT ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2022-48604 (A SQL injection vulnerability exists in the \u201clogging export\u201d ...)
NOT-FOR-US: ScienceLogic SL1
@@ -12446,10 +12502,10 @@ CVE-2023-2274
RESERVED
CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer fr ...)
NOT-FOR-US: Rapid7
-CVE-2023-2272
- RESERVED
-CVE-2023-2271
- RESERVED
+CVE-2023-2272 (The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and es ...)
+ TODO: check
+CVE-2023-2271 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...)
+ TODO: check
CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...)
NOT-FOR-US: Apache InLong
CVE-2023-31205
@@ -12707,8 +12763,8 @@ CVE-2023-2255 (Improper access control in editor components of The Document Foun
{DSA-5415-1 DLA-3526-1}
- libreoffice 4:7.4.5-3
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
-CVE-2023-2254
- RESERVED
+CVE-2023-2254 (The Ko-fi Button WordPress plugin before 1.3.3 does not properly some ...)
+ TODO: check
CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in distribution/distri ...)
{DSA-5414-1 DLA-3473-1}
- docker-registry 2.8.2+ds1-1 (bug #1035956)
@@ -13191,8 +13247,8 @@ CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior
NOT-FOR-US: Modoboa
CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in Rapid7's V ...)
NOT-FOR-US: Rapid7
-CVE-2023-2225
- RESERVED
+CVE-2023-2225 (The SEO ALert WordPress plugin through 1.59 does not sanitise and esca ...)
+ TODO: check
CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...)
@@ -13355,8 +13411,8 @@ CVE-2023-30873
RESERVED
CVE-2023-30872
RESERVED
-CVE-2023-30871
- RESERVED
+CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo P ...)
+ TODO: check
CVE-2023-30870
RESERVED
CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...)
@@ -13716,22 +13772,22 @@ CVE-2023-30788 (MonicaHQ version 4.0.0 allows an authenticated remote attacker t
NOT-FOR-US: MonicaHQ
CVE-2023-30787 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...)
NOT-FOR-US: MonicaHQ
-CVE-2023-30786
- RESERVED
-CVE-2023-30785
- RESERVED
-CVE-2023-30784
- RESERVED
+CVE-2023-30786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benj ...)
+ TODO: check
+CVE-2023-30785 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
+ TODO: check
+CVE-2023-30784 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-30783
RESERVED
-CVE-2023-30782
- RESERVED
+CVE-2023-30782 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...)
+ TODO: check
CVE-2023-30781
RESERVED
CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30779
- RESERVED
+CVE-2023-30779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan ...)
+ TODO: check
CVE-2023-30778 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
TODO: check
CVE-2023-30777 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engin ...)
@@ -13754,10 +13810,10 @@ CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE: https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
NOTE: https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1)
-CVE-2023-2123
- RESERVED
-CVE-2023-2122
- RESERVED
+CVE-2023-2123 (The WP Inventory Manager WordPress plugin before 2.1.0.13 does not san ...)
+ TODO: check
+CVE-2023-2122 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...)
+ TODO: check
CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer ...)
NOT-FOR-US: HashiCorp Vault
CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...)
@@ -14873,8 +14929,8 @@ CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in El
NOT-FOR-US: WordPress plugin
CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultima ...)
NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow
-CVE-2023-30473
- RESERVED
+CVE-2023-30473 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...)
+ TODO: check
CVE-2023-30472
RESERVED
CVE-2023-30471
@@ -14920,8 +14976,8 @@ CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built
NOT-FOR-US: WordPress plugin
CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1977
- RESERVED
+CVE-2023-1977 (The Booking Manager WordPress plugin before 2.0.29 does not validate U ...)
+ TODO: check
CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository answerdev/ans ...)
NOT-FOR-US: answer
CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub repository ...)
@@ -20757,8 +20813,8 @@ CVE-2023-1467 (A vulnerability classified as critical has been found in SourceCo
NOT-FOR-US: SourceCodester Student Study Center Desk Management System
CVE-2023-1466 (A vulnerability was found in SourceCodester Student Study Center Desk ...)
NOT-FOR-US: SourceCodester Student Study Center Desk Management System
-CVE-2023-1465
- RESERVED
+CVE-2023-1465 (The WP EasyPay WordPress plugin before 4.1 does not escape some genera ...)
+ TODO: check
CVE-2023-1464 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Medicine Tracker System
CVE-2023-1463 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
@@ -22321,8 +22377,8 @@ CVE-2023-28077
RESERVED
CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...)
NOT-FOR-US: Dell
-CVE-2023-28075
- RESERVED
+CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A ...)
+ TODO: check
CVE-2023-28074
RESERVED
CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...)
@@ -24484,8 +24540,8 @@ CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload C
NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form
CVE-2023-1111
RESERVED
-CVE-2023-1110
- RESERVED
+CVE-2023-1110 (The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not vali ...)
+ TODO: check
CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on Android ...)
{DSA-5328-1}
- chromium 109.0.5414.119-1
@@ -31966,8 +32022,8 @@ CVE-2023-0581 (The PrivateContent plugin for WordPress is vulnerable to protecti
NOT-FOR-US: PrivateContent plugin for WordPress
CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB My Cont ...)
NOT-FOR-US: ABB
-CVE-2023-0579
- RESERVED
+CVE-2023-0579 (The YARPP WordPress plugin before 5.30.3 does not validate and escape ...)
+ TODO: check
CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: ASOS
CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -32541,8 +32597,8 @@ CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to S
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not proper ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0551
- RESERVED
+CVE-2023-0551 (The REST API TO MiniProgram WordPress plugin through 4.6.1 does not ha ...)
+ TODO: check
CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecu ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...)
@@ -35787,8 +35843,8 @@ CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 doe
NOT-FOR-US: WordPress plugin
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0274
- RESERVED
+CVE-2023-0274 (The URL Params WordPress plugin before 2.5 does not validate and escap ...)
+ TODO: check
CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate and esca ...)
@@ -38986,8 +39042,8 @@ CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does no
NOT-FOR-US: WordPress plugin
CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0058
- RESERVED
+CVE-2023-0058 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...)
+ TODO: check
CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...)
- pyload <itp> (bug #1001980)
CVE-2023-0056 (An uncontrolled resource consumption vulnerability was discovered in H ...)
@@ -40319,8 +40375,8 @@ CVE-2022-4784 (The Hueman Addons WordPress plugin through 2.3.3 does not validat
NOT-FOR-US: WordPress plugin
CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4782
- RESERVED
+CVE-2022-4782 (The ClickFunnels WordPress plugin through 3.1.1 does not validate and ...)
+ TODO: check
CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credential ...)
@@ -42595,7 +42651,7 @@ CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle G
CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
NOT-FOR-US: Oracle
CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-8 8u382-ga-1
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
@@ -42606,7 +42662,7 @@ CVE-2023-22047 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.34-1 (bug #1041819)
CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-8 8u382-ga-1
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
@@ -42619,7 +42675,7 @@ CVE-2023-22043 (Vulnerability in Oracle Java SE (component: JavaFX). The suppo
CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
NOT-FOR-US: Oracle
CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -42631,7 +42687,7 @@ CVE-2023-22038 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
NOT-FOR-US: Oracle
CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
@@ -42693,7 +42749,7 @@ CVE-2023-22008 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.34-1 (bug #1041819)
CVE-2023-22006 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -42771,13 +42827,13 @@ CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analy
CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). Supp ...)
NOT-FOR-US: Oracle
CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -42807,7 +42863,7 @@ CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -42841,19 +42897,19 @@ CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analy
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -42871,7 +42927,7 @@ CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Service
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -53432,6 +53488,7 @@ CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a sta
CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...)
NOT-FOR-US: VMware
CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail to authen ...)
+ {DLA-3531-1}
- open-vm-tools 2:12.2.5-1 (bug #1037546)
[bookworm] - open-vm-tools <no-dsa> (Minor issue)
[bullseye] - open-vm-tools <no-dsa> (Minor issue)
@@ -209369,8 +209426,8 @@ CVE-2020-26039
RESERVED
CVE-2020-26038
RESERVED
-CVE-2020-26037
- RESERVED
+CVE-2020-26037 (Directory Traversal vulnerability in Server functionalty in Even Balan ...)
+ TODO: check
CVE-2020-26036
RESERVED
CVE-2020-26035 (An issue was discovered in Zammad before 3.4.1. There is Stored XSS vi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3118d130388a63e36fc720bb88583fcf26ce77e3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3118d130388a63e36fc720bb88583fcf26ce77e3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230816/abe9d9d8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list