[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 7 21:12:32 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b3dfab70 by security tracker role at 2023-07-07T20:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,84 @@
+CVE-2023-3544 (A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP ...)
+ TODO: check
+CVE-2023-3543 (A vulnerability was found in GZ Scripts Availability Booking Calendar ...)
+ TODO: check
+CVE-2023-3542 (A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as ...)
+ TODO: check
+CVE-2023-3541 (A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classifie ...)
+ TODO: check
+CVE-2023-3540 (A vulnerability, which was classified as problematic, was found in Sim ...)
+ TODO: check
+CVE-2023-3539 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-3538 (A vulnerability classified as problematic was found in SimplePHPscript ...)
+ TODO: check
+CVE-2023-3537 (A vulnerability classified as problematic has been found in SimplePHPs ...)
+ TODO: check
+CVE-2023-3536 (A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. ...)
+ TODO: check
+CVE-2023-3535 (A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It h ...)
+ TODO: check
+CVE-2023-3534 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...)
+ TODO: check
+CVE-2023-37308 (Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username ...)
+ TODO: check
+CVE-2023-37264 (Tekton Pipelines project provides k8s-style resources for declaring CI ...)
+ TODO: check
+CVE-2023-37173 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2023-37172 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2023-37171 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...)
+ TODO: check
+CVE-2023-37170 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an u ...)
+ TODO: check
+CVE-2023-37149 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...)
+ TODO: check
+CVE-2023-37148 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...)
+ TODO: check
+CVE-2023-37146 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...)
+ TODO: check
+CVE-2023-37145 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...)
+ TODO: check
+CVE-2023-37144 (Tenda AC10 v15.03.06.26 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2023-37067 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...)
+ TODO: check
+CVE-2023-37066 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...)
+ TODO: check
+CVE-2023-37065 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...)
+ TODO: check
+CVE-2023-37064 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...)
+ TODO: check
+CVE-2023-37063 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...)
+ TODO: check
+CVE-2023-37062 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...)
+ TODO: check
+CVE-2023-37061 (Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege acco ...)
+ TODO: check
+CVE-2023-36994 (In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installat ...)
+ TODO: check
+CVE-2023-36993 (The cryptographically insecure random number generator being used in T ...)
+ TODO: check
+CVE-2023-36992 (PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the ...)
+ TODO: check
+CVE-2023-36256 (The Online Examination System Project 1.0 version is vulnerable to Cro ...)
+ TODO: check
+CVE-2023-36201 (An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker ...)
+ TODO: check
+CVE-2023-34197 (Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP ...)
+ TODO: check
+CVE-2023-33715 (A buffer overflow in ACDSee Free v2.0.2.227 allows attackers to cause ...)
+ TODO: check
+CVE-2023-33664 (ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a S ...)
+ TODO: check
+CVE-2023-32183 (Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed ...)
+ TODO: check
CVE-2023-34442
NOT-FOR-US: Apache Camel JIRA
CVE-2023-35887
NOT-FOR-US: Apache Mina SSHD
-CVE-2023-33008
+CVE-2023-33008 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...)
NOT-FOR-US: Apache Johnzon
CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...)
NOT-FOR-US: Outline
@@ -338,6 +414,7 @@ CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs sh
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212
CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ...)
+ {DSA-5450-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
@@ -351,6 +428,7 @@ CVE-2023-37209 (A use-after-free condition existed in `NotifyOnHistoryReload` wh
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209
CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that these f ...)
+ {DSA-5450-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
@@ -358,6 +436,7 @@ CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that t
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208
CVE-2023-37207 (A website could have obscured the fullscreen notification by using a U ...)
+ {DSA-5450-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
@@ -377,6 +456,7 @@ CVE-2023-37203 (Insufficient validation in the Drag and Drop API in conjunction
- firefox 115.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203
CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have caused ...)
+ {DSA-5450-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
@@ -384,6 +464,7 @@ CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202
CVE-2023-37201 (An attacker could have triggered a use-after-free condition when creat ...)
+ {DSA-5450-1}
- firefox 115.0-1
- firefox-esr 102.13.0esr-1
- thunderbird <unfixed>
@@ -427,6 +508,7 @@ CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Googl
CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...)
NOT-FOR-US: TWinSoft Configuration Tool
CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles acces ...)
+ {DLA-3483-1}
- nsis <unfixed>
[bookworm] - nsis <no-dsa> (Minor issue)
[bullseye] - nsis <no-dsa> (Minor issue)
@@ -10238,8 +10320,8 @@ CVE-2023-30000
RESERVED
CVE-2023-29999
RESERVED
-CVE-2023-29998
- RESERVED
+CVE-2023-29998 (A Cross-site scripting (XSS) vulnerability in the content editor in Gi ...)
+ TODO: check
CVE-2023-29997
RESERVED
CVE-2023-29996 (In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occur ...)
@@ -17481,8 +17563,8 @@ CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1
NOT-FOR-US: PrestaShop
CVE-2023-27846
RESERVED
-CVE-2023-27845
- RESERVED
+CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs before v ...)
+ TODO: check
CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and ...)
NOT-FOR-US: PrestaShop
CVE-2023-27843 (SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 a ...)
@@ -24896,8 +24978,8 @@ CVE-2023-25203
RESERVED
CVE-2023-25202
RESERVED
-CVE-2023-25201
- RESERVED
+CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit A ...)
+ TODO: check
CVE-2023-25200
RESERVED
CVE-2023-25199
@@ -39740,8 +39822,7 @@ CVE-2022-4363
RESERVED
CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4361
- RESERVED
+CVE-2022-4361 (Keycloak, an open-source identity and access management solution, has ...)
NOT-FOR-US: Keycloak
CVE-2022-4360 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...)
NOT-FOR-US: WordPress plugin
@@ -43633,7 +43714,7 @@ CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly va
NOT-FOR-US: WordPress plugin
CVE-2022-4060 (The User Post Gallery WordPress plugin through 2.19 does not limit wha ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 does no ...)
+CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not vali ...)
NOT-FOR-US: WordPress plugin
@@ -50391,8 +50472,8 @@ CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software
NOT-FOR-US: Cisco
CVE-2023-20181
RESERVED
-CVE-2023-20180
- RESERVED
+CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings could all ...)
+ TODO: check
CVE-2023-20179
RESERVED
CVE-2023-20178 (A vulnerability in the client update process of Cisco AnyConnect Secur ...)
@@ -50485,8 +50566,8 @@ CVE-2023-20135
RESERVED
CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
-CVE-2023-20133
- RESERVED
+CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings could all ...)
+ TODO: check
CVE-2023-20132 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2023-20131 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -138249,8 +138330,8 @@ CVE-2021-39016 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6
NOT-FOR-US: IBM
CVE-2021-39015 (IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7. ...)
NOT-FOR-US: IBM
-CVE-2021-39014
- RESERVED
+CVE-2021-39014 (IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site s ...)
+ TODO: check
CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...)
NOT-FOR-US: IBM
CVE-2021-39012
@@ -151128,15 +151209,15 @@ CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain fu
NOT-FOR-US: Alibaba Druid
CVE-2021-33799
RESERVED
-CVE-2021-33798
- RESERVED
+CVE-2021-33798 (A null pointer dereference was found in libpano13, version libpano13-2 ...)
+ TODO: check
CVE-2021-33797 (Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1 ...)
- mujs 1.1.3-2
[bullseye] - mujs <no-dsa> (Minor issue)
NOTE: https://github.com/ccxvii/mujs/issues/148
NOTE: https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550 (1.1.2)
-CVE-2021-33796
- RESERVED
+CVE-2021-33796 (In MuJS before version 1.1.2, a use-after-free flaw in the regexp sour ...)
+ TODO: check
CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...)
{DLA-2690-1 DLA-2689-1}
- linux 5.10.46-1
@@ -154612,10 +154693,10 @@ CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any
NOT-FOR-US: SICK SOPAS ET
CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
NOT-FOR-US: SICK Visionary-S CX
-CVE-2021-32495
- RESERVED
-CVE-2021-32494
- RESERVED
+CVE-2021-32495 (Radare2 has a use-after-free vulnerability in pyc parser's get_none_ob ...)
+ TODO: check
+CVE-2021-32494 (Radare2 has a division by zero vulnerability in Mach-O parser's rebase ...)
+ TODO: check
CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
NOT-FOR-US: Yubico yubihsm-shell
CVE-2021-32488
@@ -245679,8 +245760,8 @@ CVE-2020-8936 (An arbitrary memory overwrite vulnerability in Asylo versions up
NOT-FOR-US: Asylo
CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
NOT-FOR-US: Asylo
-CVE-2020-8934
- RESERVED
+CVE-2020-8934 (The Site Kit by Google plugin for WordPress is vulnerable to Sensitive ...)
+ TODO: check
CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
- google-compute-image-packages <removed> (bug #987353)
[buster] - google-compute-image-packages <ignored> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3dfab705b5a74f86e357dd2b33775799bc94708
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3dfab705b5a74f86e357dd2b33775799bc94708
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230707/f9a7e6a9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list