[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 17 09:13:05 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
284c9e3c by security tracker role at 2023-08-17T08:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2023-4395 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...)
+ TODO: check
+CVE-2023-4392 (A vulnerability was found in Control iD Gerencia Web 1.30 and classifi ...)
+ TODO: check
+CVE-2023-40281 (EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerabili ...)
+ TODO: check
+CVE-2023-40252 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2023-40251 (Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Ge ...)
+ TODO: check
+CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In affected ver ...)
+ TODO: check
+CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by a vulne ...)
+ TODO: check
+CVE-2023-40021 (Oppia is an online learning platform. When comparing a received CSRF t ...)
+ TODO: check
+CVE-2023-3244 (The Comments Like Dislike plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2023-39846 (An issue in Konga v0.14.9 allows attackers to bypass authentication vi ...)
+ TODO: check
+CVE-2023-38894 (A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before all ...)
+ TODO: check
+CVE-2023-35893 (IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote ...)
+ TODO: check
+CVE-2023-35011 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to serve ...)
+ TODO: check
+CVE-2023-35009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote a ...)
+ TODO: check
+CVE-2023-34217 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+ TODO: check
+CVE-2023-34216 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+ TODO: check
+CVE-2023-34215 (TN-5900 Series firmware versions v3.3 and prior are vulnerable to the ...)
+ TODO: check
+CVE-2023-34214 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+ TODO: check
+CVE-2023-34213 (TN-5900 Series firmware versions v3.3 and prior are vulnerable to comm ...)
+ TODO: check
+CVE-2023-33239 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+ TODO: check
+CVE-2023-33238 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...)
+ TODO: check
+CVE-2023-33237 (TN-5900 Series firmware version v3.3 and prior is vulnerable to improp ...)
+ TODO: check
CVE-2023-4389 (A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the bt ...)
- linux 5.17.6-1
[bullseye] - linux 5.10.113-1
@@ -577,9 +621,9 @@ CVE-2023-40260 (EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (
NOT-FOR-US: EmpowerID
CVE-2023-40256 (A vulnerability was discovered in Veritas NetBackup Snapshot Manager b ...)
NOT-FOR-US: Veritas
-CVE-2023-40254 (Download of Code Without Integrity Check vulnerability in Genians Geni ...)
+CVE-2023-40254 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: Genians
-CVE-2023-40253 (Improper Authentication vulnerability in Genians Genian NAC V4.0, Geni ...)
+CVE-2023-40253 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: Genians
CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0 ...)
NOT-FOR-US: ArchiMate Archi
@@ -3571,6 +3615,7 @@ CVE-2023-34394 (In Keysight Geolocation Server v2.4.2 and prior, an attacker cou
CVE-2023-32657 (Weintek Weincloud v0.13.6 could allow an attacker to efficiently d ...)
NOT-FOR-US: Weincloud
CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insuff ...)
+ {DLA-3532-1}
- openssh 1:9.3p2-1 (bug #1042460)
[bookworm] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
[bullseye] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
@@ -13429,8 +13474,8 @@ CVE-2023-30878
RESERVED
CVE-2023-30877
RESERVED
-CVE-2023-30876
- RESERVED
+CVE-2023-30876 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave ...)
+ TODO: check
CVE-2023-30875
RESERVED
CVE-2023-30874
@@ -20398,8 +20443,8 @@ CVE-2023-28624
RESERVED
CVE-2023-28623 (Zulip is an open-source team collaboration tool with unique topic-base ...)
NOT-FOR-US: Zulip
-CVE-2023-28622
- RESERVED
+CVE-2023-28622 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Tri ...)
+ TODO: check
CVE-2023-28621
RESERVED
CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...)
@@ -20725,8 +20770,8 @@ CVE-2023-28535 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pa
TODO: check
CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28533
- RESERVED
+CVE-2023-28533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Wi ...)
+ TODO: check
CVE-2023-28532
RESERVED
CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...)
@@ -29587,8 +29632,8 @@ CVE-2023-25649
RESERVED
CVE-2023-25648
RESERVED
-CVE-2023-25647
- RESERVED
+CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...)
+ TODO: check
CVE-2023-25646
RESERVED
CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...)
@@ -34488,8 +34533,8 @@ CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does
NOT-FOR-US: WordPress plugin
CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not validate ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4894
- RESERVED
+CVE-2022-4894 (Certain HP and Samsung Printer software packages may potentially be vu ...)
+ TODO: check
CVE-2022-4893
REJECTED
CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...)
@@ -56338,8 +56383,8 @@ CVE-2023-20244
RESERVED
CVE-2023-20243
RESERVED
-CVE-2023-20242
- RESERVED
+CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2023-20241
RESERVED
CVE-2023-20240
@@ -56348,8 +56393,8 @@ CVE-2023-20239
RESERVED
CVE-2023-20238
RESERVED
-CVE-2023-20237
- RESERVED
+CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...)
+ TODO: check
CVE-2023-20236
RESERVED
CVE-2023-20235
@@ -56358,38 +56403,38 @@ CVE-2023-20234
RESERVED
CVE-2023-20233
RESERVED
-CVE-2023-20232
- RESERVED
+CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...)
+ TODO: check
CVE-2023-20231
RESERVED
CVE-2023-20230
RESERVED
-CVE-2023-20229
- RESERVED
-CVE-2023-20228
- RESERVED
+CVE-2023-20229 (A vulnerability in the CryptoService function of Cisco Duo Device Heal ...)
+ TODO: check
+CVE-2023-20228 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ TODO: check
CVE-2023-20227
RESERVED
CVE-2023-20226
RESERVED
CVE-2023-20225
RESERVED
-CVE-2023-20224
- RESERVED
+CVE-2023-20224 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...)
+ TODO: check
CVE-2023-20223
RESERVED
-CVE-2023-20222
- RESERVED
-CVE-2023-20221
- RESERVED
+CVE-2023-20222 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
+CVE-2023-20221 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
+ TODO: check
CVE-2023-20220
RESERVED
CVE-2023-20219
RESERVED
CVE-2023-20218 (A vulnerability in web-based management interface of Cisco SPA500 Seri ...)
NOT-FOR-US: Cisco
-CVE-2023-20217
- RESERVED
+CVE-2023-20217 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...)
+ TODO: check
CVE-2023-20216 (A vulnerability in the privilege management functionality of all Cisco ...)
NOT-FOR-US: Cisco
CVE-2023-20215 (A vulnerability in the scanning engines of Cisco AsyncOS Software for ...)
@@ -56400,36 +56445,36 @@ CVE-2023-20213
RESERVED
CVE-2023-20212
RESERVED
-CVE-2023-20211
- RESERVED
+CVE-2023-20211 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated, loca ...)
NOT-FOR-US: Cisco
-CVE-2023-20209
- RESERVED
+CVE-2023-20209 (A vulnerability in the web-based management interface of Cisco Express ...)
+ TODO: check
CVE-2023-20208
RESERVED
CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...)
NOT-FOR-US: Cisco
CVE-2023-20206
RESERVED
-CVE-2023-20205
- RESERVED
+CVE-2023-20205 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
NOT-FOR-US: Cisco
-CVE-2023-20203
- RESERVED
+CVE-2023-20203 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2023-20202
RESERVED
-CVE-2023-20201
- RESERVED
+CVE-2023-20201 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2023-20200
RESERVED
CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS could ...)
NOT-FOR-US: Cisco
CVE-2023-20198
RESERVED
-CVE-2023-20197
- RESERVED
+CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...)
+ TODO: check
CVE-2023-20196
RESERVED
CVE-2023-20195
@@ -56600,8 +56645,8 @@ CVE-2023-20113 (A vulnerability in the web-based management interface of Cisco S
NOT-FOR-US: Cisco
CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow an una ...)
NOT-FOR-US: Cisco
-CVE-2023-20111
- RESERVED
+CVE-2023-20111 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco Smart S ...)
NOT-FOR-US: Cisco
CVE-2023-20109
@@ -56795,16 +56840,16 @@ CVE-2023-20019 (A vulnerability in the web-based management interface of Cisco B
NOT-FOR-US: Cisco
CVE-2023-20018 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
NOT-FOR-US: Cisco
-CVE-2023-20017
- RESERVED
+CVE-2023-20017 (Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance ...)
+ TODO: check
CVE-2023-20016 (A vulnerability in the backup configuration feature of Cisco UCS Manag ...)
NOT-FOR-US: Cisco
CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firep ...)
NOT-FOR-US: Cisco
CVE-2023-20014 (A vulnerability in the DNS functionality of Cisco Nexus Dashboard Soft ...)
NOT-FOR-US: Cisco
-CVE-2023-20013
- RESERVED
+CVE-2023-20013 (Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance ...)
+ TODO: check
CVE-2023-20012 (A vulnerability in the CLI console login authentication of Cisco Nexus ...)
NOT-FOR-US: Cisco
CVE-2023-20011 (A vulnerability in the web-based management interface of Cisco Applica ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/284c9e3cc2aa11af0b53ed621b804a1379211400
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/284c9e3cc2aa11af0b53ed621b804a1379211400
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/b6ef022a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list