[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 13 20:12:39 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e2068295 by security tracker role at 2023-12-13T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,191 @@
+CVE-2023-6795 (An OS command injection vulnerability in Palo Alto Networks PAN-OS sof ...)
+ TODO: check
+CVE-2023-6794 (An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS so ...)
+ TODO: check
+CVE-2023-6793 (An improper privilege management vulnerability in Palo Alto Networks P ...)
+ TODO: check
+CVE-2023-6792 (An OS command injection vulnerability in the XML API of Palo Alto Netw ...)
+ TODO: check
+CVE-2023-6791 (A credential disclosure vulnerability in Palo Alto Networks PAN-OS sof ...)
+ TODO: check
+CVE-2023-6790 (A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Netw ...)
+ TODO: check
+CVE-2023-6789 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
+ TODO: check
+CVE-2023-6774 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...)
+ TODO: check
+CVE-2023-6773 (A vulnerability has been found in CodeAstro POS and Inventory Manageme ...)
+ TODO: check
+CVE-2023-6772 (A vulnerability, which was classified as critical, was found in OTCMS ...)
+ TODO: check
+CVE-2023-6771 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-6767 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-6766 (A vulnerability classified as problematic has been found in PHPGurukul ...)
+ TODO: check
+CVE-2023-6765 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
+ TODO: check
+CVE-2023-6762 (A vulnerability, which was classified as critical, was found in Thecos ...)
+ TODO: check
+CVE-2023-6761 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-6760 (A vulnerability classified as critical was found in Thecosy IceCMS up ...)
+ TODO: check
+CVE-2023-6759 (A vulnerability classified as problematic has been found in Thecosy Ic ...)
+ TODO: check
+CVE-2023-6758 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated a ...)
+ TODO: check
+CVE-2023-6757 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declare ...)
+ TODO: check
+CVE-2023-6756 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classif ...)
+ TODO: check
+CVE-2023-6755 (A vulnerability was found in DedeBIZ 6.2 and classified as critical. T ...)
+ TODO: check
+CVE-2023-6723 (An unrestricted file upload vulnerability has been identified in Repbo ...)
+ TODO: check
+CVE-2023-6722 (A path traversal vulnerability has been detected in Repox, which allow ...)
+ TODO: check
+CVE-2023-6721 (An XEE vulnerability has been found in Repox, which allows a remote at ...)
+ TODO: check
+CVE-2023-6720 (An XSS vulnerability stored in Repox has been identified, which allows ...)
+ TODO: check
+CVE-2023-6719 (An XSS vulnerability has been detected in Repox, which allows an attac ...)
+ TODO: check
+CVE-2023-6718 (An authentication bypass vulnerability has been found in Repox, which ...)
+ TODO: check
+CVE-2023-6660 (When a program running on an affected system appends data to a file vi ...)
+ TODO: check
+CVE-2023-6534 (In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2 ...)
+ TODO: check
+CVE-2023-6381 (Improper input validation vulnerability in Newsletter Software SuperMa ...)
+ TODO: check
+CVE-2023-6380 (Open redirect vulnerability has been found in the Open CMS product aff ...)
+ TODO: check
+CVE-2023-6379 (Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, ...)
+ TODO: check
+CVE-2023-50779 (Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 an ...)
+ TODO: check
+CVE-2023-50778 (A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane ...)
+ TODO: check
+CVE-2023-50777 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSL ...)
+ TODO: check
+CVE-2023-50776 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane aut ...)
+ TODO: check
+CVE-2023-50775 (A cross-site request forgery (CSRF) vulnerability in Jenkins Deploymen ...)
+ TODO: check
+CVE-2023-50774 (A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResou ...)
+ TODO: check
+CVE-2023-50773 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask acce ...)
+ TODO: check
+CVE-2023-50772 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access toke ...)
+ TODO: check
+CVE-2023-50771 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperl ...)
+ TODO: check
+CVE-2023-50770 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a ...)
+ TODO: check
+CVE-2023-50769 (Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 a ...)
+ TODO: check
+CVE-2023-50768 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Pla ...)
+ TODO: check
+CVE-2023-50767 (Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 a ...)
+ TODO: check
+CVE-2023-50766 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Pla ...)
+ TODO: check
+CVE-2023-50765 (A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f ...)
+ TODO: check
+CVE-2023-50764 (Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restr ...)
+ TODO: check
+CVE-2023-50441 (Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.20 ...)
+ TODO: check
+CVE-2023-49363 (Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in th ...)
+ TODO: check
+CVE-2023-49296 (The Arduino Create Agent allows users to use the Arduino Create applic ...)
+ TODO: check
+CVE-2023-48639 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...)
+ TODO: check
+CVE-2023-48638 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...)
+ TODO: check
+CVE-2023-48637 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...)
+ TODO: check
+CVE-2023-48636 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...)
+ TODO: check
+CVE-2023-48635 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...)
+ TODO: check
+CVE-2023-48634 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...)
+ TODO: check
+CVE-2023-48633 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...)
+ TODO: check
+CVE-2023-48632 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...)
+ TODO: check
+CVE-2023-48630 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...)
+ TODO: check
+CVE-2023-48629 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...)
+ TODO: check
+CVE-2023-48628 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...)
+ TODO: check
+CVE-2023-48627 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...)
+ TODO: check
+CVE-2023-48626 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...)
+ TODO: check
+CVE-2023-48625 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...)
+ TODO: check
+CVE-2023-47327 (The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for ...)
+ TODO: check
+CVE-2023-47326 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSR ...)
+ TODO: check
+CVE-2023-47325 (Silverpeas Core 6.3.1 administrative "Bin" feature is affected by brok ...)
+ TODO: check
+CVE-2023-47324 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via ...)
+ TODO: check
+CVE-2023-47323 (The notification/messaging feature of Silverpeas Core 6.3.1 does not e ...)
+ TODO: check
+CVE-2023-47322 (The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cro ...)
+ TODO: check
+CVE-2023-47321 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via th ...)
+ TODO: check
+CVE-2023-47320 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An at ...)
+ TODO: check
+CVE-2023-47081 (Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-47080 (Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-47079 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...)
+ TODO: check
+CVE-2023-47078 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...)
+ TODO: check
+CVE-2023-47077 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) ar ...)
+ TODO: check
+CVE-2023-47076 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) ar ...)
+ TODO: check
+CVE-2023-47075 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...)
+ TODO: check
+CVE-2023-47074 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...)
+ TODO: check
+CVE-2023-47063 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...)
+ TODO: check
+CVE-2023-47062 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...)
+ TODO: check
+CVE-2023-47061 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...)
+ TODO: check
+CVE-2023-46727 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2023-46726 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2023-46247 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
+ TODO: check
+CVE-2023-44362 (Adobe Prelude versions 22.6 and earlier are affected by an Access of U ...)
+ TODO: check
+CVE-2023-44252 (** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerabilit ...)
+ TODO: check
+CVE-2023-44251 (** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to ...)
+ TODO: check
+CVE-2023-43813 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutraliz ...)
+ TODO: check
+CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...)
+ TODO: check
CVE-2023-6707
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1244,7 +1432,7 @@ CVE-2023-45285 (Using go get to fetch a module with the ".git" suffix may unexpe
NOTE: https://go.dev/issue/63845
NOTE: https://github.com/golang/go/commit/23c943e5296c6fa3a6f9433bd929306c4dbf2aa3 (go1.21.5)
NOTE: https://github.com/golang/go/commit/46bc33819ac86a9596b8059235842f0e0c7469bd (go1.20.12)
-CVE-2023-6448 (Unitronics Vision Series PLCs and HMIs use default administrative pass ...)
+CVE-2023-6448 (Unitronics VisiLogic before version 9.9.00, used in Vision and Samba P ...)
NOT-FOR-US: Unitronics Vision
CVE-2023-6357 (A low-privileged remote attacker could exploit the vulnerability and i ...)
NOT-FOR-US: CODESYS
@@ -31423,8 +31611,8 @@ CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-31211
RESERVED
-CVE-2023-31210
- RESERVED
+CVE-2023-31210 (Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 ...)
+ TODO: check
CVE-2023-31209 (Improper neutralization of active check command arguments in Checkmk < ...)
- check-mk <removed>
CVE-2023-31208 (Improper neutralization of livestatus command delimiters in the RestAP ...)
@@ -44291,7 +44479,7 @@ CVE-2023-27173
CVE-2023-27172
RESERVED
CVE-2023-27171
- RESERVED
+ REJECTED
CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a direc ...)
NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...)
@@ -137366,8 +137554,7 @@ CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site scriptin
NOT-FOR-US: VMware
CVE-2022-22943 (VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains ...)
NOT-FOR-US: VMware
-CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
- RESERVED
+CVE-2022-22942 (The vmwgfx driver contains a local privilege escalation vulnerability ...)
{DSA-5096-1 DSA-5092-1 DLA-2941-1}
- linux 5.15.15-2
[stretch] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e20682956884f8579cf75ccd45dd8bf286e010c5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e20682956884f8579cf75ccd45dd8bf286e010c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231213/2f4638ea/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list