[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 28 09:13:18 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8dd7679f by security tracker role at 2023-08-28T08:13:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
+	TODO: check
+CVE-2023-4560 (Improper Authorization of Index Containing Sensitive Information in Gi ...)
+	TODO: check
+CVE-2023-4559 (A vulnerability, which was classified as critical, has been found in B ...)
+	TODO: check
+CVE-2023-4558 (A vulnerability classified as critical was found in SourceCodester Inv ...)
+	TODO: check
+CVE-2023-4557 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2023-40195 (Deserialization of Untrusted Data, Inclusion of Functionality from Unt ...)
+	TODO: check
+CVE-2023-38730 (IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker  ...)
+	TODO: check
+CVE-2023-38030 (Saho\u2019s attendance devices ADM100 and ADM-100FP have a vulnerabili ...)
+	TODO: check
+CVE-2023-38029 (Saho\u2019s attendance devices ADM100 and ADM-100FP has insufficient f ...)
+	TODO: check
+CVE-2023-38028 (Saho\u2019s attendance devices ADM100 and ADM-100FP have insufficient  ...)
+	TODO: check
+CVE-2023-38027 (SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vu ...)
+	TODO: check
+CVE-2023-38026 (SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-code ...)
+	TODO: check
+CVE-2023-38025 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vu ...)
+	TODO: check
+CVE-2023-38024 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vu ...)
+	TODO: check
+CVE-2023-33852 (IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote at ...)
+	TODO: check
+CVE-2016-15035 (A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified ...)
+	TODO: check
 CVE-2023-4556 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...)
 	NOT-FOR-US: SourceCodester Online Graduate Tracer System
 CVE-2023-4555 (A vulnerability has been found in SourceCodester Inventory Management  ...)
@@ -16255,12 +16287,12 @@ CVE-2023-30439
 	RESERVED
 CVE-2023-30438 (An internally discovered vulnerability in PowerVM on IBM Power9 and Po ...)
 	NOT-FOR-US: IBM
-CVE-2023-30437
-	RESERVED
-CVE-2023-30436
-	RESERVED
-CVE-2023-30435
-	RESERVED
+CVE-2023-30437 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized ...)
+	TODO: check
+CVE-2023-30436 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site ...)
+	TODO: check
+CVE-2023-30435 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cro ...)
+	TODO: check
 CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 ...)
 	NOT-FOR-US: IBM
 CVE-2023-30433 (IBM Security Verify Access 10.0 could allow a remote attacker to condu ...)
@@ -25038,8 +25070,7 @@ CVE-2023-27605
 	RESERVED
 CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab 15.10.8+ds1-2
-CVE-2023-27604
-	RESERVED
+CVE-2023-27604 (Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a ...)
 	NOT-FOR-US: Apache Airflow Sqoop Provider
 CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn materia ...)
 	NOT-FOR-US: Apache Linkis
@@ -28628,12 +28659,12 @@ CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Thi
 	NOT-FOR-US: IBM
 CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform una ...)
 	NOT-FOR-US: IBM
-CVE-2023-26272
-	RESERVED
-CVE-2023-26271
-	RESERVED
-CVE-2023-26270
-	RESERVED
+CVE-2023-26272 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager  ...)
+	TODO: check
+CVE-2023-26271 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager  ...)
+	TODO: check
+CVE-2023-26270 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager  ...)
+	TODO: check
 CVE-2023-26269 (Apache James server version 3.7.3 and earlier provides a JMX managemen ...)
 	NOT-FOR-US: Apache James
 CVE-2023-26268 (Design documents with matching document IDs, from databases on the sam ...)
@@ -32796,8 +32827,8 @@ CVE-2023-24961
 	RESERVED
 CVE-2023-24960 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
 	NOT-FOR-US: IBM
-CVE-2023-24959
-	RESERVED
+CVE-2023-24959 (IBM InfoSphere Information Systems 11.7 could expose information about ...)
+	TODO: check
 CVE-2023-24958 (A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52 ...)
 	NOT-FOR-US: IBM
 CVE-2023-24957 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
@@ -37342,8 +37373,8 @@ CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-si
 	NOT-FOR-US: IBM
 CVE-2023-23474
 	RESERVED
-CVE-2023-23473
-	RESERVED
+CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...)
+	TODO: check
 CVE-2023-23472
 	RESERVED
 CVE-2023-23471
@@ -39270,8 +39301,8 @@ CVE-2023-22879
 	RESERVED
 CVE-2023-22878 (IBM InfoSphere Information Server 11.7 stores user credentials in plai ...)
 	NOT-FOR-US: IBM
-CVE-2023-22877
-	RESERVED
+CVE-2023-22877 (IBM InfoSphere Information Server 11.7 is potentially vulnerable to CS ...)
+	TODO: check
 CVE-2023-22876 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...)
 	NOT-FOR-US: IBM
 CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/T ...)
@@ -57686,6 +57717,7 @@ CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS
 CVE-2023-20198
 	RESERVED
 CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...)
+	{DLA-3544-1}
 	- clamav 1.0.2+dfsg-1 (bug #1050057)
 	[bookworm] - clamav <no-dsa> (clamav is updated via -updates)
 	[bullseye] - clamav <no-dsa> (clamav is updated via -updates)
@@ -58270,18 +58302,18 @@ CVE-2022-43911
 	RESERVED
 CVE-2022-43910 (IBM Security Guardium 11.3 could allow a local user to escalate their  ...)
 	NOT-FOR-US: IBM
-CVE-2022-43909
-	RESERVED
+CVE-2022-43909 (IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This ...)
+	TODO: check
 CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user to cause  ...)
 	NOT-FOR-US: IBM
-CVE-2022-43907
-	RESERVED
+CVE-2022-43907 (IBM Security Guardium 11.4 could allow a remote authenticated attacker ...)
+	TODO: check
 CVE-2022-43906
 	RESERVED
 CVE-2022-43905
 	RESERVED
-CVE-2022-43904
-	RESERVED
+CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive informati ...)
+	TODO: check
 CVE-2022-43903
 	RESERVED
 CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial  ...)
@@ -224708,7 +224740,7 @@ CVE-2020-19911
 	RESERVED
 CVE-2020-19910
 	RESERVED
-CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via cr ...)
+CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a  ...)
 	- curl 7.66.0-1 (unimportant)
 	NOTE: https://github.com/curl/curl/pull/4166
 	NOTE: Fixed by: https://github.com/curl/curl/commit/db0a0dfb0eb41d39273b0590b992df58f38b9a4d (curl-7_66_0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd7679f67237b40883550e50db5f73b3ad07fe3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dd7679f67237b40883550e50db5f73b3ad07fe3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230828/3b473de3/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list