[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 6 09:12:33 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11dc4690 by security tracker role at 2023-07-06T08:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-3521 (Cross-site Scripting (XSS) - Reflected in GitHub repository fossbillin ...)
+	TODO: check
+CVE-2023-3520 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
+	TODO: check
+CVE-2023-36828 (Statamic is a flat-first, Laravel and Git powered content management s ...)
+	TODO: check
+CVE-2023-36827 (Fides is an open-source privacy engineering platform for managing the  ...)
+	TODO: check
+CVE-2023-36822 (Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulne ...)
+	TODO: check
+CVE-2023-36821 (Uptime Kuma, a self-hosted monitoring tool, allows an authenticated at ...)
+	TODO: check
+CVE-2023-36809 (Kiwi TCMS, an open source test management system allows users to uploa ...)
+	TODO: check
+CVE-2023-36808 (GLPI is a free asset and IT management software package. Starting in v ...)
+	TODO: check
+CVE-2023-36458 (1Panel is an open source Linux server operation and maintenance manage ...)
+	TODO: check
+CVE-2023-36457 (1Panel is an open source Linux server operation and maintenance manage ...)
+	TODO: check
+CVE-2023-35940 (GLPI is a free asset and IT management software package. Starting in v ...)
+	TODO: check
+CVE-2023-35939 (GLPI is a free asset and IT management software package. Starting in v ...)
+	TODO: check
+CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup format to a ...)
+	TODO: check
 CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.)
 	- gitea <removed>
 CVE-2023-3455 (Key management vulnerability on system. Successful exploitation of thi ...)
@@ -188,7 +214,7 @@ CVE-2023-2321 (The WPForms Google Sheet Connector WordPress plugin before 3.4.6,
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-goo ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-36813 [Multiple Authenticated SQL Injections]
+CVE-2023-36813 (Kanboard is project management software that focuses on the Kanban met ...)
 	- kanboard 1.2.31+ds-1 (bug #1040265)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
 CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Google Chr ...)
@@ -8143,84 +8169,84 @@ CVE-2023-30680
 	RESERVED
 CVE-2023-30679
 	RESERVED
-CVE-2023-30678
-	RESERVED
-CVE-2023-30677
-	RESERVED
-CVE-2023-30676
-	RESERVED
-CVE-2023-30675
-	RESERVED
-CVE-2023-30674
-	RESERVED
-CVE-2023-30673
-	RESERVED
-CVE-2023-30672
-	RESERVED
-CVE-2023-30671
-	RESERVED
-CVE-2023-30670
-	RESERVED
-CVE-2023-30669
-	RESERVED
-CVE-2023-30668
-	RESERVED
-CVE-2023-30667
-	RESERVED
-CVE-2023-30666
-	RESERVED
-CVE-2023-30665
-	RESERVED
-CVE-2023-30664
-	RESERVED
-CVE-2023-30663
-	RESERVED
-CVE-2023-30662
-	RESERVED
-CVE-2023-30661
-	RESERVED
-CVE-2023-30660
-	RESERVED
-CVE-2023-30659
-	RESERVED
-CVE-2023-30658
-	RESERVED
-CVE-2023-30657
-	RESERVED
-CVE-2023-30656
-	RESERVED
-CVE-2023-30655
-	RESERVED
+CVE-2023-30678 (Potential zip path traversal vulnerability in Calendar application pri ...)
+	TODO: check
+CVE-2023-30677 (Improper access control vulnerability in Samsung Pass prior to version ...)
+	TODO: check
+CVE-2023-30676 (Improper access control vulnerability in Samsung Pass prior to version ...)
+	TODO: check
+CVE-2023-30675 (Improper authentication in Samsung Pass prior to version 4.2.03.1 allo ...)
+	TODO: check
+CVE-2023-30674 (Improper configuration in Samsung Internet prior to version 21.0.0.41  ...)
+	TODO: check
+CVE-2023-30673 (Improper validation of integrity check vulnerability in Smart Switch P ...)
+	TODO: check
+CVE-2023-30672 (Improper privilege management vulnerability in Samsung Smart Switch fo ...)
+	TODO: check
+CVE-2023-30671 (Logic error in package installation via adb command prior to SMR Jul-2 ...)
+	TODO: check
+CVE-2023-30670 (Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril pr ...)
+	TODO: check
+CVE-2023-30669 (Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril ...)
+	TODO: check
+CVE-2023-30668 (Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril pri ...)
+	TODO: check
+CVE-2023-30667 (Improper access control in Audio system service prior to SMR Jul-2023  ...)
+	TODO: check
+CVE-2023-30666 (Improper input validation vulnerability in DoOemImeiSetPreconfig in li ...)
+	TODO: check
+CVE-2023-30665 (Improper input validation vulnerability in OnOemServiceMode in libsec- ...)
+	TODO: check
+CVE-2023-30664 (Improper input validation vulnerability in RegisteredMSISDN prior to S ...)
+	TODO: check
+CVE-2023-30663 (Improper input validation vulnerability in OemPersonalizationSetLock i ...)
+	TODO: check
+CVE-2023-30662 (Exposure of Sensitive Information vulnerability in getChipIds in UwbAo ...)
+	TODO: check
+CVE-2023-30661 (Exposure of Sensitive Information vulnerability in getChipInfos in Uwb ...)
+	TODO: check
+CVE-2023-30660 (Exposure of Sensitive Information vulnerability in getDefaultChipId in ...)
+	TODO: check
+CVE-2023-30659 (Improper input validation vulnerability in Transaction prior to SMR Ju ...)
+	TODO: check
+CVE-2023-30658 (Improper input validation vulnerability in DataProfile prior to SMR Ju ...)
+	TODO: check
+CVE-2023-30657 (Improper input validation vulnerability in EnhancedAttestationResult p ...)
+	TODO: check
+CVE-2023-30656 (Improper input validation vulnerability in LSOItemData prior to SMR Ju ...)
+	TODO: check
+CVE-2023-30655 (Improper input validation vulnerability in SCEPProfile prior to SMR Ju ...)
+	TODO: check
 CVE-2023-30654
 	RESERVED
-CVE-2023-30653
-	RESERVED
-CVE-2023-30652
-	RESERVED
-CVE-2023-30651
-	RESERVED
-CVE-2023-30650
-	RESERVED
-CVE-2023-30649
-	RESERVED
-CVE-2023-30648
-	RESERVED
-CVE-2023-30647
-	RESERVED
-CVE-2023-30646
-	RESERVED
-CVE-2023-30645
-	RESERVED
-CVE-2023-30644
-	RESERVED
-CVE-2023-30643
-	RESERVED
-CVE-2023-30642
-	RESERVED
-CVE-2023-30641
-	RESERVED
-CVE-2023-30640
-	RESERVED
+CVE-2023-30653 (Out of bounds read and write in enableTspDevice of sysinput HAL servic ...)
+	TODO: check
+CVE-2023-30652 (Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL se ...)
+	TODO: check
+CVE-2023-30651 (Out of bounds read and write in callgetTspsysfs of sysinput HAL servic ...)
+	TODO: check
+CVE-2023-30650 (Out of bounds read and write in callrunTspCmd of sysinput HAL service  ...)
+	TODO: check
+CVE-2023-30649 (Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior  ...)
+	TODO: check
+CVE-2023-30648 (Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of  ...)
+	TODO: check
+CVE-2023-30647 (Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RIL ...)
+	TODO: check
+CVE-2023-30646 (Heap out of bound write vulnerability in BroadcastSmsConfig of RILD pr ...)
+	TODO: check
+CVE-2023-30645 (Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD pr ...)
+	TODO: check
+CVE-2023-30644 (Stack out of bound write vulnerability in CdmaSmsParser of RILD prior  ...)
+	TODO: check
+CVE-2023-30643 (Missing authentication vulnerability in Galaxy Themes Service prior to ...)
+	TODO: check
+CVE-2023-30642 (Improper privilege management vulnerability in Galaxy Themes Service p ...)
+	TODO: check
+CVE-2023-30641 (Improper access control vulnerability in Settings prior to SMR Jul-202 ...)
+	TODO: check
+CVE-2023-30640 (Improper access control vulnerability in PersonaManagerService prior t ...)
+	TODO: check
 CVE-2023-30639 (Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored  ...)
 	NOT-FOR-US: Archer
 CVE-2023-30638 (Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 befor ...)
@@ -9565,8 +9591,8 @@ CVE-2023-30209
 	RESERVED
 CVE-2023-30208
 	RESERVED
-CVE-2023-30207
-	RESERVED
+CVE-2023-30207 (A divide by zero issue discovered in Kodi Home Theater Software 19.5 a ...)
+	TODO: check
 CVE-2023-30206
 	RESERVED
 CVE-2023-30205 (A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allow ...)
@@ -10721,8 +10747,8 @@ CVE-2023-29658
 	RESERVED
 CVE-2023-29657 (eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in ...)
 	- extplorer <removed>
-CVE-2023-29656
-	RESERVED
+CVE-2023-29656 (An improper authorization vulnerability in Darktrace mobile app (Andro ...)
+	TODO: check
 CVE-2023-29655
 	RESERVED
 CVE-2023-29654
@@ -18993,8 +19019,8 @@ CVE-2023-27227
 	RESERVED
 CVE-2023-27226
 	RESERVED
-CVE-2023-27225
-	RESERVED
+CVE-2023-27225 (A cross-site scripting (XSS) vulnerability in User Registration & Logi ...)
+	TODO: check
 CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an attacker to exe ...)
 	NOT-FOR-US: NginxProxyManager
 CVE-2023-27223
@@ -21702,10 +21728,10 @@ CVE-2023-26140
 	RESERVED
 CVE-2023-26139
 	RESERVED
-CVE-2023-26138
-	RESERVED
-CVE-2023-26137
-	RESERVED
+CVE-2023-26138 (All versions of the package drogonframework/drogon are vulnerable to C ...)
+	TODO: check
+CVE-2023-26137 (All versions of the package drogonframework/drogon are vulnerable to H ...)
+	TODO: check
 CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...)
 	TODO: check
 CVE-2023-26135 (All versions of the package flatnest are vulnerable to Prototype Pollu ...)
@@ -27582,8 +27608,8 @@ CVE-2023-24258 (SPIP v4.1.5 and earlier was discovered to contain a SQL injectio
 	NOTE: https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md
 CVE-2023-24257
 	RESERVED
-CVE-2023-24256
-	RESERVED
+CVE-2023-24256 (An issue in the com.nextev.datastatistic component of NIO EC6 Aspen be ...)
+	TODO: check
 CVE-2023-24255
 	RESERVED
 CVE-2023-24254
@@ -41861,8 +41887,8 @@ CVE-2022-46082
 	RESERVED
 CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session wouldn't preve ...)
 	NOT-FOR-US: Garmin
-CVE-2022-46080
-	RESERVED
+CVE-2022-46080 (Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and comm ...)
+	TODO: check
 CVE-2022-46079
 	RESERVED
 CVE-2022-46078
@@ -63721,6 +63747,7 @@ CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions sta
 CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...)
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amount ...)
+	{DLA-3479-1}
 	- golang-yaml.v2 2.2.8-1
 	NOTE: https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5 (v2.2.4)
 CVE-2022-3063
@@ -69590,6 +69617,7 @@ CVE-2021-4237
 CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...)
 	NOT-FOR-US: ecnepsnai/web
 CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...)
+	{DLA-3479-1}
 	- golang-yaml.v2 2.2.8-1
 	NOTE: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 (v2.2.3)
 	NOTE: https://github.com/go-yaml/yaml/pull/375



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11dc469084d279b185f3077a2114ce3355e18a4a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11dc469084d279b185f3077a2114ce3355e18a4a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230706/8ce128e6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list