[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 29 21:13:48 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
20a17e2e by security tracker role at 2023-08-29T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 ...)
+ TODO: check
+CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...)
+ TODO: check
+CVE-2023-41376 (Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when ...)
+ TODO: check
+CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain high pr ...)
+ TODO: check
+CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In ...)
+ TODO: check
+CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...)
+ TODO: check
+CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_centers fun ...)
+ TODO: check
+CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...)
+ TODO: check
+CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...)
+ TODO: check
+CVE-2023-3253 (An improper authorization vulnerability exists where an authenticated, ...)
+ TODO: check
+CVE-2023-3252 (An arbitrary file write vulnerability exists where an authenticated, r ...)
+ TODO: check
+CVE-2023-3251 (A pass-back vulnerability exists where an authenticated, remote attack ...)
+ TODO: check
+CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web interface ...)
+ TODO: check
+CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expression ...)
+ TODO: check
+CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...)
+ TODO: check
+CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer over ...)
+ TODO: check
+CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected versions ...)
+ TODO: check
+CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead to unau ...)
+ TODO: check
+CVE-2023-39267 (An authenticated remote code execution vulnerability exists in the com ...)
+ TODO: check
+CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface could a ...)
+ TODO: check
+CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...)
+ TODO: check
+CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (length ...)
+ TODO: check
+CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass vulnera ...)
+ TODO: check
CVE-2023-4585
- firefox <unfixed>
- firefox-esr <unfixed>
@@ -3392,7 +3438,7 @@ CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and before
NOT-FOR-US: Codesys
CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior to 3.5. ...)
NOT-FOR-US: Codesys
-CVE-2023-3348 (The Wrangler command line tool (<=wrangler at 3.1.0) was affected by a di ...)
+CVE-2023-3348 (The Wrangler command line tool (<=wrangler at 3.1.0 or <=wrangler at 2.20.1) ...)
NOT-FOR-US: Wrangler
CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
NOT-FOR-US: Mitsubishi
@@ -32866,8 +32912,8 @@ CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows
NOT-FOR-US: SonicOS
CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...)
NOT-FOR-US: SonicWall
-CVE-2023-0654
- RESERVED
+CVE-2023-0654 (Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android ...)
+ TODO: check
CVE-2023-0653
RESERVED
CVE-2023-0652 (Due to a hardlink created in the ProgramData folder during the repair ...)
@@ -34314,8 +34360,8 @@ CVE-2023-24550 (A vulnerability has been identified in Solid Edge SE2022 (All ve
NOT-FOR-US: Siemens
CVE-2023-24549 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...)
NOT-FOR-US: Siemens
-CVE-2023-24548
- RESERVED
+CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN configured, malfor ...)
+ TODO: check
CVE-2023-24547
RESERVED
CVE-2023-24546 (On affected versions of the CloudVision Portal improper access control ...)
@@ -36594,16 +36640,16 @@ CVE-2014-125083 (A vulnerability has been found in Anant Labs google-enterprise-
NOT-FOR-US: Anant Labs google-enterprise-connect
CVE-2013-10014 (A vulnerability classified as critical has been found in oktora24 2moo ...)
NOT-FOR-US: oktora24 2moons
-CVE-2023-23774
- RESERVED
-CVE-2023-23773
- RESERVED
-CVE-2023-23772
- RESERVED
-CVE-2023-23771
- RESERVED
-CVE-2023-23770
- RESERVED
+CVE-2023-23774 (Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled ...)
+ TODO: check
+CVE-2023-23773 (Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. Th ...)
+ TODO: check
+CVE-2023-23772 (Motorola MBTS Site Controller fails to check firmware update authentic ...)
+ TODO: check
+CVE-2023-23771 (Motorola MBTS Base Radio accepts hard-coded backdoor password. The Mot ...)
+ TODO: check
+CVE-2023-23770 (Motorola MBTS Site Controller accepts hard-coded backdoor password. Th ...)
+ TODO: check
CVE-2023-23769
RESERVED
CVE-2023-23768
@@ -37739,8 +37785,8 @@ CVE-2023-0240 (There is a logic error in io_uring's implementation which can be
NOTE: https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93
CVE-2023-0239
RESERVED
-CVE-2023-0238
- RESERVED
+CVE-2023-0238 (Due to lack of a security policy, the WARP Mobile Client (<=6.29) for ...)
+ TODO: check
CVE-2023-0237
REJECTED
CVE-2023-0236 (The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and esc ...)
@@ -55046,8 +55092,8 @@ CVE-2023-20892 (The vCenter Server contains a heap overflow vulnerability due to
NOT-FOR-US: VMware
CVE-2023-20891 (The VMware Tanzu Application Service for VMs and Isolation Segment con ...)
NOT-FOR-US: VMware
-CVE-2023-20890
- RESERVED
+CVE-2023-20890 (Aria Operations for Networks contains an arbitrary file write vulnerab ...)
+ TODO: check
CVE-2023-20889 (Aria Operations for Networks contains an information disclosure vulner ...)
NOT-FOR-US: VMware
CVE-2023-20888 (Aria Operations for Networks contains an authenticated deserialization ...)
@@ -163709,8 +163755,8 @@ CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3
NOTE: Only an issue in combination with python3.9 3.9.5+
CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...)
NOT-FOR-US: Hexagon G!nius Auskunftsportal
-CVE-2021-32050
- RESERVED
+CVE-2021-32050 (Some MongoDB Drivers may erroneously publish events containing authent ...)
+ TODO: check
CVE-2021-32049
RESERVED
CVE-2021-32048
@@ -171078,7 +171124,7 @@ CVE-2021-29392
RESERVED
CVE-2021-29391
RESERVED
-CVE-2021-29390 (libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow v ...)
+CVE-2021-29390 (libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 byte ...)
- libjpeg-turbo <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943797
TODO: check, no sensible information and RHBZ#1943797 is restricted
@@ -179858,8 +179904,8 @@ CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter
NOT-FOR-US: cxuucms
CVE-2021-3263
RESERVED
-CVE-2021-3262
- RESERVED
+CVE-2021-3262 (TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2. ...)
+ TODO: check
CVE-2021-3261
RESERVED
CVE-2021-3260
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20a17e2e4385c1539c3cdcf90d76de39ccb1955d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20a17e2e4385c1539c3cdcf90d76de39ccb1955d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230829/23084287/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list