[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 17 09:13:05 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
284c9e3c by security tracker role at 2023-08-17T08:12:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2023-4395 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...)
+	TODO: check
+CVE-2023-4392 (A vulnerability was found in Control iD Gerencia Web 1.30 and classifi ...)
+	TODO: check
+CVE-2023-40281 (EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerabili ...)
+	TODO: check
+CVE-2023-40252 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2023-40251 (Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Ge ...)
+	TODO: check
+CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In affected ver ...)
+	TODO: check
+CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by a vulne ...)
+	TODO: check
+CVE-2023-40021 (Oppia is an online learning platform. When comparing a received CSRF t ...)
+	TODO: check
+CVE-2023-3244 (The Comments Like Dislike plugin for WordPress is vulnerable to unauth ...)
+	TODO: check
+CVE-2023-39846 (An issue in Konga v0.14.9 allows attackers to bypass authentication vi ...)
+	TODO: check
+CVE-2023-38894 (A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before all ...)
+	TODO: check
+CVE-2023-35893 (IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote  ...)
+	TODO: check
+CVE-2023-35011 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to serve ...)
+	TODO: check
+CVE-2023-35009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote a ...)
+	TODO: check
+CVE-2023-34217 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+	TODO: check
+CVE-2023-34216 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+	TODO: check
+CVE-2023-34215 (TN-5900 Series firmware versions v3.3 and prior are vulnerable to the  ...)
+	TODO: check
+CVE-2023-34214 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+	TODO: check
+CVE-2023-34213 (TN-5900 Series firmware versions v3.3 and prior are vulnerable to comm ...)
+	TODO: check
+CVE-2023-33239 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+	TODO: check
+CVE-2023-33238 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+	TODO: check
+CVE-2023-33237 (TN-5900 Series firmware version v3.3 and prior is vulnerable to improp ...)
+	TODO: check
 CVE-2023-4389 (A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the bt ...)
 	- linux 5.17.6-1
 	[bullseye] - linux 5.10.113-1
@@ -577,9 +621,9 @@ CVE-2023-40260 (EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (
 	NOT-FOR-US: EmpowerID
 CVE-2023-40256 (A vulnerability was discovered in Veritas NetBackup Snapshot Manager b ...)
 	NOT-FOR-US: Veritas
-CVE-2023-40254 (Download of Code Without Integrity Check vulnerability in Genians Geni ...)
+CVE-2023-40254 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: Genians
-CVE-2023-40253 (Improper Authentication vulnerability in Genians Genian NAC V4.0, Geni ...)
+CVE-2023-40253 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: Genians
 CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0 ...)
 	NOT-FOR-US: ArchiMate Archi
@@ -3571,6 +3615,7 @@ CVE-2023-34394 (In Keysight Geolocation Server v2.4.2 and prior, an attacker cou
 CVE-2023-32657 (Weintek Weincloud v0.13.6     could allow an attacker to efficiently d ...)
 	NOT-FOR-US: Weincloud
 CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insuff ...)
+	{DLA-3532-1}
 	- openssh 1:9.3p2-1 (bug #1042460)
 	[bookworm] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
 	[bullseye] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
@@ -13429,8 +13474,8 @@ CVE-2023-30878
 	RESERVED
 CVE-2023-30877
 	RESERVED
-CVE-2023-30876
-	RESERVED
+CVE-2023-30876 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave ...)
+	TODO: check
 CVE-2023-30875
 	RESERVED
 CVE-2023-30874
@@ -20398,8 +20443,8 @@ CVE-2023-28624
 	RESERVED
 CVE-2023-28623 (Zulip is an open-source team collaboration tool with unique topic-base ...)
 	NOT-FOR-US: Zulip
-CVE-2023-28622
-	RESERVED
+CVE-2023-28622 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Tri ...)
+	TODO: check
 CVE-2023-28621
 	RESERVED
 CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...)
@@ -20725,8 +20770,8 @@ CVE-2023-28535 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pa
 	TODO: check
 CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-28533
-	RESERVED
+CVE-2023-28533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Wi ...)
+	TODO: check
 CVE-2023-28532
 	RESERVED
 CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...)
@@ -29587,8 +29632,8 @@ CVE-2023-25649
 	RESERVED
 CVE-2023-25648
 	RESERVED
-CVE-2023-25647
-	RESERVED
+CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...)
+	TODO: check
 CVE-2023-25646
 	RESERVED
 CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...)
@@ -34488,8 +34533,8 @@ CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not validate ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4894
-	RESERVED
+CVE-2022-4894 (Certain HP and Samsung Printer software packages may potentially be vu ...)
+	TODO: check
 CVE-2022-4893
 	REJECTED
 CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...)
@@ -56338,8 +56383,8 @@ CVE-2023-20244
 	RESERVED
 CVE-2023-20243
 	RESERVED
-CVE-2023-20242
-	RESERVED
+CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...)
+	TODO: check
 CVE-2023-20241
 	RESERVED
 CVE-2023-20240
@@ -56348,8 +56393,8 @@ CVE-2023-20239
 	RESERVED
 CVE-2023-20238
 	RESERVED
-CVE-2023-20237
-	RESERVED
+CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...)
+	TODO: check
 CVE-2023-20236
 	RESERVED
 CVE-2023-20235
@@ -56358,38 +56403,38 @@ CVE-2023-20234
 	RESERVED
 CVE-2023-20233
 	RESERVED
-CVE-2023-20232
-	RESERVED
+CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...)
+	TODO: check
 CVE-2023-20231
 	RESERVED
 CVE-2023-20230
 	RESERVED
-CVE-2023-20229
-	RESERVED
-CVE-2023-20228
-	RESERVED
+CVE-2023-20229 (A vulnerability in the CryptoService function of Cisco Duo Device Heal ...)
+	TODO: check
+CVE-2023-20228 (A vulnerability in the web-based management interface of Cisco Integra ...)
+	TODO: check
 CVE-2023-20227
 	RESERVED
 CVE-2023-20226
 	RESERVED
 CVE-2023-20225
 	RESERVED
-CVE-2023-20224
-	RESERVED
+CVE-2023-20224 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...)
+	TODO: check
 CVE-2023-20223
 	RESERVED
-CVE-2023-20222
-	RESERVED
-CVE-2023-20221
-	RESERVED
+CVE-2023-20222 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+	TODO: check
+CVE-2023-20221 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
+	TODO: check
 CVE-2023-20220
 	RESERVED
 CVE-2023-20219
 	RESERVED
 CVE-2023-20218 (A vulnerability in web-based management interface of Cisco SPA500 Seri ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20217
-	RESERVED
+CVE-2023-20217 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...)
+	TODO: check
 CVE-2023-20216 (A vulnerability in the privilege management functionality of all Cisco ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20215 (A vulnerability in the scanning engines of Cisco AsyncOS Software for  ...)
@@ -56400,36 +56445,36 @@ CVE-2023-20213
 	RESERVED
 CVE-2023-20212
 	RESERVED
-CVE-2023-20211
-	RESERVED
+CVE-2023-20211 (A vulnerability in the web-based management interface of Cisco Unified ...)
+	TODO: check
 CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated, loca ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20209
-	RESERVED
+CVE-2023-20209 (A vulnerability in the web-based management interface of Cisco Express ...)
+	TODO: check
 CVE-2023-20208
 	RESERVED
 CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20206
 	RESERVED
-CVE-2023-20205
-	RESERVED
+CVE-2023-20205 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
 CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20203
-	RESERVED
+CVE-2023-20203 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
 CVE-2023-20202
 	RESERVED
-CVE-2023-20201
-	RESERVED
+CVE-2023-20201 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
 CVE-2023-20200
 	RESERVED
 CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS could ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20198
 	RESERVED
-CVE-2023-20197
-	RESERVED
+CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...)
+	TODO: check
 CVE-2023-20196
 	RESERVED
 CVE-2023-20195
@@ -56600,8 +56645,8 @@ CVE-2023-20113 (A vulnerability in the web-based management interface of Cisco S
 	NOT-FOR-US: Cisco
 CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow an una ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20111
-	RESERVED
+CVE-2023-20111 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
 CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco Smart S ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20109
@@ -56795,16 +56840,16 @@ CVE-2023-20019 (A vulnerability in the web-based management interface of Cisco B
 	NOT-FOR-US: Cisco
 CVE-2023-20018 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20017
-	RESERVED
+CVE-2023-20017 (Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance ...)
+	TODO: check
 CVE-2023-20016 (A vulnerability in the backup configuration feature of Cisco UCS Manag ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firep ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20014 (A vulnerability in the DNS functionality of Cisco Nexus Dashboard Soft ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20013
-	RESERVED
+CVE-2023-20013 (Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance ...)
+	TODO: check
 CVE-2023-20012 (A vulnerability in the CLI console login authentication of Cisco Nexus ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20011 (A vulnerability in the web-based management interface of Cisco Applica ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/284c9e3cc2aa11af0b53ed621b804a1379211400

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/284c9e3cc2aa11af0b53ed621b804a1379211400
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/b6ef022a/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list