[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 3 21:13:00 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6a06fff4 by security tracker role at 2023-07-03T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,56 @@
-CVE-2023-36053 [Potential regular expression denial of service vulnerability in EmailValidator/URLValidator]
+CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Google Chr ...)
+ TODO: check
+CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...)
+ TODO: check
+CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles acces ...)
+ TODO: check
+CVE-2023-36819 (Knowage is the professional open source suite for modern business anal ...)
+ TODO: check
+CVE-2023-36817 (`tktchurch/website` contains the codebase for The King's Temple Church ...)
+ TODO: check
+CVE-2023-36816 (2FA is a Web app to manage Two-Factor Authentication (2FA) accounts an ...)
+ TODO: check
+CVE-2023-36815 (Sealos is a Cloud Operating System designed for managing cloud-native ...)
+ TODO: check
+CVE-2023-36814 (Products.CMFCore are the key framework services for the Zope Content M ...)
+ TODO: check
+CVE-2023-36611 (The affected TBox RTUs allow low privilege users to access software se ...)
+ TODO: check
+CVE-2023-36610 (The affected TBox RTUs generate software security tokens using insuffi ...)
+ TODO: check
+CVE-2023-36609 (The affected TBox RTUs run OpenVPN with root privileges and can run us ...)
+ TODO: check
+CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 encryption, wh ...)
+ TODO: check
+CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and befor ...)
+ TODO: check
+CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a rem ...)
+ TODO: check
+CVE-2023-36262 (An issue in OBS Studio OBS-Studio v.29.1.2 allows a local attack to ob ...)
+ TODO: check
+CVE-2023-36258 (An issue in langchain v.0.0.199 allows an attacker to execute arbitrar ...)
+ TODO: check
+CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...)
+ TODO: check
+CVE-2023-36222 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...)
+ TODO: check
+CVE-2023-36183 (Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before all ...)
+ TODO: check
+CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remot ...)
+ TODO: check
+CVE-2023-35935 (@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vuln ...)
+ TODO: check
+CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...)
+ TODO: check
+CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...)
+ TODO: check
+CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...)
- python-django <unfixed> (bug #1040225)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1
NOTE: https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
NOTE: https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd (main)
NOTE: https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582 (3.2.20)
-CVE-2023-35797
+CVE-2023-35797 (Improper Input Validation vulnerability in Apache Software Foundation ...)
NOT-FOR-US: Hive provider for Apache Airflow
CVE-2023-3438 (An unquoted Windows search path vulnerability existed in the install t ...)
TODO: check
@@ -710,6 +756,7 @@ CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x thro
CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...)
NOT-FOR-US: INEX IXP-Manager
CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission validation f ...)
+ {DSA-5446-1}
- ghostscript 10.01.2~dfsg-1
[buster] - ghostscript <not-affected> (Vulnerable code not present; no path validaton at all)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706761
@@ -1644,13 +1691,13 @@ CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to by
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
NOTE: https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10
NOTE: https://github.com/kubernetes/kubernetes/issues/118690
-CVE-2023-2728
+CVE-2023-2728 (Users may be able to launch containers that bypass the mountable secre ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
NOTE: https://groups.google.com/g/kubernetes-security-announce/c/9oU_lW2cU_g
NOTE: https://github.com/kubernetes/kubernetes/issues/118640
-CVE-2023-2727
+CVE-2023-2727 (Users may be able to launch containers using images that are restricte ...)
- kubernetes 1.20.5+really1.20.2-1
NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
@@ -20364,8 +20411,8 @@ CVE-2023-26511 (A Hard Coded Admin Credentials issue in the Web-UI Admin Panel i
NOT-FOR-US: Propius MachineSelector
CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft ...)
NOT-FOR-US: Ghost CMS
-CVE-2023-26509
- RESERVED
+CVE-2023-26509 (AnyDesk 7.0.8 allows remote Denial of Service.)
+ TODO: check
CVE-2023-26508
RESERVED
CVE-2023-26507
@@ -21073,8 +21120,8 @@ CVE-2023-26260 (OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows sess
NOT-FOR-US: OXID eShop
CVE-2023-26259
RESERVED
-CVE-2023-26258
- RESERVED
+CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass. The method ...)
+ TODO: check
CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...)
NOT-FOR-US: Connected Vehicle Systems Alliance
CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...)
@@ -210582,8 +210629,8 @@ CVE-2020-22599
RESERVED
CVE-2020-22598
RESERVED
-CVE-2020-22597
- RESERVED
+CVE-2020-22597 (An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote at ...)
+ TODO: check
CVE-2020-22596
RESERVED
CVE-2020-22595
@@ -211498,12 +211545,12 @@ CVE-2020-22155
RESERVED
CVE-2020-22154
RESERVED
-CVE-2020-22153
- RESERVED
-CVE-2020-22152
- RESERVED
-CVE-2020-22151
- RESERVED
+CVE-2020-22153 (File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker ...)
+ TODO: check
+CVE-2020-22152 (Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4. ...)
+ TODO: check
+CVE-2020-22151 (Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker ...)
+ TODO: check
CVE-2020-22150 (A cross site scripting (XSS) vulnerability in /admin.php?page=permalin ...)
- piwigo <removed>
CVE-2020-22149
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a06fff4172517845c541775c7a09208565e78c7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a06fff4172517845c541775c7a09208565e78c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230703/c88a51eb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list