[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 24 09:12:31 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f0178dc by security tracker role at 2023-08-24T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to  ...)
+	TODO: check
+CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...)
+	TODO: check
+CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...)
+	TODO: check
+CVE-2023-4230 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...)
+	TODO: check
+CVE-2023-4229 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...)
+	TODO: check
+CVE-2023-4228 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...)
+	TODO: check
+CVE-2023-4227 (A vulnerability has been identified in the ioLogik 4000 Series (ioLogi ...)
+	TODO: check
+CVE-2023-4042 (A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostsc ...)
+	TODO: check
+CVE-2023-41126
+	REJECTED
+CVE-2023-41125
+	REJECTED
+CVE-2023-41124
+	REJECTED
+CVE-2023-41123
+	REJECTED
+CVE-2023-41122
+	REJECTED
+CVE-2023-41028 (A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi route ...)
+	TODO: check
+CVE-2023-40612 (In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file e ...)
+	TODO: check
+CVE-2023-40573 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-40572 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-40273 (The session fixation vulnerability allowed the authenticated user to c ...)
+	TODO: check
+CVE-2023-40270
+	REJECTED
+CVE-2023-40185 (shescape is simple shell escape library for JavaScript. This may impac ...)
+	TODO: check
+CVE-2023-40178 (Node-SAML is a SAML library not dependent on any frameworks that runs  ...)
+	TODO: check
+CVE-2023-40177 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-40176 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-40035 (Craft is a CMS for creating custom digital experiences on the web and  ...)
+	TODO: check
+CVE-2023-40025 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+	TODO: check
+CVE-2023-3705 (The vulnerability exists in CP-Plus NVR due to an improper input handl ...)
+	TODO: check
+CVE-2023-3704 (The vulnerability exists in CP-Plus DVR due to an improper input valid ...)
+	TODO: check
+CVE-2023-3453 (ETIC Telecom RAS versions 4.7.0 and prior the web management portal au ...)
+	TODO: check
+CVE-2023-39583
+	REJECTED
+CVE-2023-39441 (Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provide ...)
+	TODO: check
+CVE-2023-38831 (RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code  ...)
+	TODO: check
+CVE-2023-38422 (Walchem Intuition 9 firmware versions prior to v4.21 are missing authe ...)
+	TODO: check
+CVE-2023-37379 (Apache Airflow, in versions prior to 2.7.0, contains a security vulner ...)
+	TODO: check
+CVE-2023-36317 (Cross Site Scripting (XSS) vulnerability in sourcecodester Student Stu ...)
+	TODO: check
+CVE-2023-32509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van ...)
+	TODO: check
+CVE-2023-32505 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arsh ...)
+	TODO: check
+CVE-2023-32499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeo ...)
+	TODO: check
+CVE-2023-32498 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy ...)
+	TODO: check
+CVE-2023-32497 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supe ...)
+	TODO: check
+CVE-2023-32496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill ...)
+	TODO: check
+CVE-2023-32300 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yo ...)
+	TODO: check
+CVE-2023-32236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking  ...)
+	TODO: check
+CVE-2023-32202 (Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to ...)
+	TODO: check
+CVE-2023-32119 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | ...)
+	TODO: check
 CVE-2023-3893
 	- kubernetes 1.20.5+really1.20.2-1
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
@@ -10,7 +98,7 @@ CVE-2023-3676
 	- kubernetes 1.20.5+really1.20.2-1
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
 	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
-CVE-2023-3899
+CVE-2023-3899 (A vulnerability was found in subscription-manager that allows local pr ...)
 	NOT-FOR-US: Red Hat Licence Manager
 CVE-2023-4404 (The Donation Forms by Charitable plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: Donation Forms by Charitable plugin for WordPress
@@ -1539,7 +1627,7 @@ CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might all
 	NOT-FOR-US: Crypto wallets implementing the Lindell17 TSS protocol
 CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol might allow  ...)
 	NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol
-CVE-2023-32559
+CVE-2023-32559 (A privilege escalation vulnerability exists in the experimental policy ...)
 	- nodejs <unfixed>
 	[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
 	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559
@@ -19768,8 +19856,8 @@ CVE-2023-28996
 	RESERVED
 CVE-2023-28995 (Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Confi ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-28994
-	RESERVED
+CVE-2023-28994 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-theme ...)
+	TODO: check
 CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...)
@@ -22044,8 +22132,8 @@ CVE-2023-1411
 	RESERVED
 CVE-2023-1410 (Grafana is an open-source platform for monitoring and observability.   ...)
 	- grafana <removed>
-CVE-2023-1409
-	RESERVED
+CVE-2023-1409 (If the MongoDB Server running on Windows or macOS is configured to use ...)
+	TODO: check
 CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfr ...)
 	- linux 6.3.7-1 (unimportant)
 	[bookworm] - linux 6.1.37-1
@@ -52827,7 +52915,7 @@ CVE-2022-44730 (Server-Side Request Forgery (SSRF) vulnerability in Apache Softw
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/3
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1347
 CVE-2022-44729 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...)
-	 - batik <unfixed>
+	- batik <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/2
 	NOTE: https://issues.apache.org/jira/browse/BATIK-1349
 CVE-2022-44728
@@ -55799,16 +55887,16 @@ CVE-2022-3748 (Improper Authorization vulnerability in ForgeRock Inc. Access Man
 	NOT-FOR-US: ForgeRock
 CVE-2022-3747 (The Becustom plugin for WordPress is vulnerable to Cross-Site Request  ...)
 	NOT-FOR-US: Becustom plugin for WordPress
-CVE-2022-3746
-	RESERVED
-CVE-2022-3745
-	RESERVED
-CVE-2022-3744
-	RESERVED
-CVE-2022-3743
-	RESERVED
-CVE-2022-3742
-	RESERVED
+CVE-2022-3746 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo  ...)
+	TODO: check
+CVE-2022-3745 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo  ...)
+	TODO: check
+CVE-2022-3744 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo  ...)
+	TODO: check
+CVE-2022-3743 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo  ...)
+	TODO: check
+CVE-2022-3742 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo  ...)
+	TODO: check
 CVE-2022-3741 (Impact varies for each individual vulnerability in the application. Fo ...)
 	NOT-FOR-US: chatwoot
 CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -57148,16 +57236,16 @@ CVE-2023-20236
 	RESERVED
 CVE-2023-20235
 	RESERVED
-CVE-2023-20234
-	RESERVED
+CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
+	TODO: check
 CVE-2023-20233
 	RESERVED
 CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20231
 	RESERVED
-CVE-2023-20230
-	RESERVED
+CVE-2023-20230 (A vulnerability in the restricted security domain implementation of Ci ...)
+	TODO: check
 CVE-2023-20229 (A vulnerability in the CryptoService function of Cisco Duo Device Heal ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20228 (A vulnerability in the web-based management interface of Cisco Integra ...)
@@ -57219,8 +57307,8 @@ CVE-2023-20202
 	RESERVED
 CVE-2023-20201 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20200
-	RESERVED
+CVE-2023-20200 (A vulnerability in the Simple Network Management Protocol (SNMP) servi ...)
+	TODO: check
 CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS could ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20198
@@ -57284,10 +57372,10 @@ CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE)
 	NOT-FOR-US: Cisco
 CVE-2023-20170
 	RESERVED
-CVE-2023-20169
-	RESERVED
-CVE-2023-20168
-	RESERVED
+CVE-2023-20169 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...)
+	TODO: check
+CVE-2023-20168 (A vulnerability in TACACS+ and RADIUS remote authentication for Cisco  ...)
+	TODO: check
 CVE-2023-20167 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
 	NOT-FOR-US: Cisco
 CVE-2023-20166 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
@@ -57392,8 +57480,8 @@ CVE-2023-20117 (Multiple vulnerabilities in the web-based management interface o
 	NOT-FOR-US: Cisco
 CVE-2023-20116 (A vulnerability in the Administrative XML Web Service (AXL) API of Cis ...)
 	NOT-FOR-US: Cisco
-CVE-2023-20115
-	RESERVED
+CVE-2023-20115 (A vulnerability in the SFTP server implementation for Cisco Nexus 3000 ...)
+	TODO: check
 CVE-2023-20114
 	RESERVED
 CVE-2023-20113 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
@@ -223615,7 +223703,8 @@ CVE-2020-20147
 	RESERVED
 CVE-2020-20146
 	RESERVED
-CVE-2020-20145 (An issue was discovered in /src/helper.c in Dnsmasq up to and includin ...)
+CVE-2020-20145
+	REJECTED
 	TODO: check
 CVE-2020-20144
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f0178dc71f8d191f2b25d503d3fa688d2653cc2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f0178dc71f8d191f2b25d503d3fa688d2653cc2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230824/4cb794dd/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list