[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 12 21:13:07 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2e30a4d by security tracker role at 2023-07-12T20:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,52 +1,164 @@
-CVE-2023-37965
+CVE-2023-3644 (A vulnerability was found in SourceCodester Service Provider Managemen ...)
+ TODO: check
+CVE-2023-3643 (A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been c ...)
+ TODO: check
+CVE-2023-3642 (A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 an ...)
+ TODO: check
+CVE-2023-3641 (A vulnerability has been found in khodakhah NodCMS 3.4.1 and classifie ...)
+ TODO: check
+CVE-2023-3635 (GzipSource does not handle an exception that might be raised when pars ...)
+ TODO: check
+CVE-2023-3596 (Where this vulnerability exists in the Rockwell Automation 1756-EN4* E ...)
+ TODO: check
+CVE-2023-3595 (Where this vulnerability exists in the Rockwell Automation 1756 EN2* a ...)
+ TODO: check
+CVE-2023-3106 (A NULL pointer dereference vulnerability was found in netlink_dump. Th ...)
+ TODO: check
+CVE-2023-38069 (In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be sup ...)
+ TODO: check
+CVE-2023-38068 (In JetBrains YouTrack before 2023.1.16597 captcha was not properly val ...)
+ TODO: check
+CVE-2023-38067 (In JetBrains TeamCity before 2023.05.1 build parameters of the "passwo ...)
+ TODO: check
+CVE-2023-38066 (In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer h ...)
+ TODO: check
+CVE-2023-38065 (In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the bu ...)
+ TODO: check
+CVE-2023-38064 (In JetBrains TeamCity before 2023.05.1 build chain parameters of the " ...)
+ TODO: check
+CVE-2023-38063 (In JetBrains TeamCity before 2023.05.1 stored XSS while running custom ...)
+ TODO: check
+CVE-2023-38062 (In JetBrains TeamCity before 2023.05.1 parameters of the "password" ty ...)
+ TODO: check
+CVE-2023-38061 (In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom ...)
+ TODO: check
+CVE-2023-38046 (A vulnerability exists in Palo Alto Networks PAN-OS software that enab ...)
+ TODO: check
+CVE-2023-37630 (Online Piggery Management System 1.0 is vulnerable to Cross Site Scrip ...)
+ TODO: check
+CVE-2023-37629 (Online Piggery Management System 1.0 is vulnerable to File Upload. An ...)
+ TODO: check
+CVE-2023-37628 (Online Piggery Management System 1.0 is vulnerable to SQL Injection.)
+ TODO: check
+CVE-2023-37627 (Code-projects Online Restaurant Management System 1.0 is vulnerable to ...)
+ TODO: check
+CVE-2023-37582 (The RocketMQ NameServer component still has a remote command execution ...)
+ TODO: check
+CVE-2023-37456 (The session restore helper crashed whenever there was no parameter sen ...)
+ TODO: check
+CVE-2023-37455 (The permission request prompt from the site in the background tab was ...)
+ TODO: check
+CVE-2023-36266 (An issue was discovered in Keeper Password Manager for Desktop version ...)
+ TODO: check
+CVE-2023-33905 (In iwnpi server, there is a possible out of bounds write due to a miss ...)
+ TODO: check
+CVE-2023-33904 (In hci_server, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2023-33903 (In FM service, there is a possible missing params check. This could l ...)
+ TODO: check
+CVE-2023-33902 (In bluetooth service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33901 (In bluetooth service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33900 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33899 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33898 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33897 (In libimpl-ril, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2023-33896 (In libimpl-ril, there is a possible out of bounds write due to a missi ...)
+ TODO: check
+CVE-2023-33895 (In fastDial service, there is a missing permission check. This could l ...)
+ TODO: check
+CVE-2023-33894 (In fastDial service, there is a missing permission check. This could l ...)
+ TODO: check
+CVE-2023-33893 (In fastDial service, there is a missing permission check. This could l ...)
+ TODO: check
+CVE-2023-33892 (In fastDial service, there is a missing permission check. This could l ...)
+ TODO: check
+CVE-2023-33891 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33890 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33889 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33888 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33887 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33886 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33885 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33884 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33883 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33882 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33881 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-33880 (In music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2023-33879 (In music service, there is a missing permission check. This could lead ...)
+ TODO: check
+CVE-2023-33668 (DigiExam up to v14.0.2 lacks integrity checks for native modules, allo ...)
+ TODO: check
+CVE-2023-32789 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-32788 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-37965 (A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37964
+CVE-2023-37964 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37963
+CVE-2023-37963 (A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37962
+CVE-2023-37962 (A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37961
+CVE-2023-37961 (A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37960
+CVE-2023-37960 (Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37959
+CVE-2023-37959 (A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37958
+CVE-2023-37958 (A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37957
+CVE-2023-37957 (A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37956
+CVE-2023-37956 (A missing permission check in Jenkins Test Results Aggregator Plugin 1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37955
+CVE-2023-37955 (A cross-site request forgery (CSRF) vulnerability in Jenkins Test Resu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37954
+CVE-2023-37954 (A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37953
+CVE-2023-37953 (A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37952
+CVE-2023-37952 (A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37951
+CVE-2023-37951 (Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate co ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37950
+CVE-2023-37950 (A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37949
+CVE-2023-37949 (A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37948
+CVE-2023-37948 (Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37947
+CVE-2023-37947 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier i ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37946
+CVE-2023-37946 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier d ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37945
+CVE-2023-37945 (A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37944
+CVE-2023-37944 (A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37943
+CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37942
+CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-3618
+CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can lead to ...)
- tiff <unfixed> (bug #1040945)
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -190,7 +302,7 @@ CVE-2020-36752 (The Coming Soon & Maintenance Mode Page plugin for WordPress is
NOT-FOR-US: Coming Soon & Maintenance Mode Page plugin for WordPress
CVE-2020-36750 (The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-S ...)
NOT-FOR-US: EWWW Image Optimizer plugin for WordPress
-CVE-2023-37579
+CVE-2023-37579 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/su ...)
NOT-FOR-US: SuiteCRM core
@@ -601,9 +713,9 @@ CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark Innovationsis
TODO: check
CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through ...)
TODO: check
-CVE-2023-36543
+CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...)
- airflow <itp> (bug #819700)
-CVE-2023-35908
+CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...)
- airflow <itp> (bug #819700)
CVE-2023-XXXX [ESNET-SECADV-2023-0001: iperf3 memory allocation hazard and crash]
- iperf3 3.14-1 (bug #1040830)
@@ -665,7 +777,7 @@ CVE-2023-31405 (SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE
NOT-FOR-US: SAP
CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...)
NOT-FOR-US: PHPGurukul Online Shopping Portal
-CVE-2023-3600
+CVE-2023-3600 (During the worker lifecycle, a use-after-free condition could have occ ...)
- firefox 115.0.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/#CVE-2023-3600
CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...)
@@ -3727,6 +3839,7 @@ CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an u
CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...)
NOT-FOR-US: AMI BMC
CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ...)
+ {DLA-3494-1}
[experimental] - ruby-doorkeeper 5.6.6-1
- ruby-doorkeeper <unfixed> (bug #1038950)
NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w
@@ -8274,8 +8387,7 @@ CVE-2023-31009
RESERVED
CVE-2023-31008
RESERVED
-CVE-2023-31007
- RESERVED
+CVE-2023-31007 (Improper Authentication vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-31006
RESERVED
@@ -8405,66 +8517,66 @@ CVE-2023-30944 (The vulnerability was found Moodle which exists due to insuffici
- moodle <removed>
CVE-2023-30943 (The vulnerability was found Moodle which exists because the applicatio ...)
- moodle <removed>
-CVE-2023-30942
- RESERVED
-CVE-2023-30941
- RESERVED
-CVE-2023-30940
- RESERVED
-CVE-2023-30939
- RESERVED
-CVE-2023-30938
- RESERVED
-CVE-2023-30937
- RESERVED
-CVE-2023-30936
- RESERVED
-CVE-2023-30935
- RESERVED
-CVE-2023-30934
- RESERVED
-CVE-2023-30933
- RESERVED
-CVE-2023-30932
- RESERVED
-CVE-2023-30931
- RESERVED
-CVE-2023-30930
- RESERVED
-CVE-2023-30929
- RESERVED
-CVE-2023-30928
- RESERVED
-CVE-2023-30927
- RESERVED
-CVE-2023-30926
- RESERVED
-CVE-2023-30925
- RESERVED
-CVE-2023-30924
- RESERVED
-CVE-2023-30923
- RESERVED
-CVE-2023-30922
- RESERVED
-CVE-2023-30921
- RESERVED
-CVE-2023-30920
- RESERVED
-CVE-2023-30919
- RESERVED
-CVE-2023-30918
- RESERVED
-CVE-2023-30917
- RESERVED
-CVE-2023-30916
- RESERVED
+CVE-2023-30942 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30941 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30940 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30939 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30938 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30937 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30936 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30935 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30934 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30933 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30932 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30931 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30930 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30929 (In telephony service, there is a possible missing permission check. Th ...)
+ TODO: check
+CVE-2023-30928 (In telephony service, there is a possible missing permission check. Th ...)
+ TODO: check
+CVE-2023-30927 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30926 (In opm service, there is a missing permission check. This could lead t ...)
+ TODO: check
+CVE-2023-30925 (In opm service, there is a missing permission check. This could lead t ...)
+ TODO: check
+CVE-2023-30924 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30923 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30922 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30921 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30920 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30919 (In messaging service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30918 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
+CVE-2023-30917 (In DMService, there is a possible missing permission check. This could ...)
+ TODO: check
+CVE-2023-30916 (In DMService, there is a possible missing permission check. This could ...)
+ TODO: check
CVE-2023-30915 (In email service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
CVE-2023-30914 (In email service, there is a missing permission check. This could lead ...)
NOT-FOR-US: Unisoc
-CVE-2023-30913
- RESERVED
+CVE-2023-30913 (In telephony service, there is a missing permission check. This could ...)
+ TODO: check
CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...)
NOT-FOR-US: microweber
CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
@@ -9834,10 +9946,10 @@ CVE-2022-48453
RESERVED
CVE-2022-48452
RESERVED
-CVE-2022-48451
- RESERVED
-CVE-2022-48450
- RESERVED
+CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write due to r ...)
+ TODO: check
+CVE-2022-48450 (In bluetooth service, there is a possible missing params check. This ...)
+ TODO: check
CVE-2022-48449
RESERVED
CVE-2022-48448 (In telephony service, there is a possible missing permission check. Th ...)
@@ -10333,11 +10445,9 @@ CVE-2012-10012 (A vulnerability has been found in BestWebSoft Facebook Like Butt
NOT-FOR-US: BestWebSoft
CVE-2009-10004 (A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has ...)
NOT-FOR-US: Turante Sandbox Theme
-CVE-2023-30429
- RESERVED
+CVE-2023-30429 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
-CVE-2023-30428
- RESERVED
+CVE-2023-30428 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-30427
RESERVED
@@ -12759,8 +12869,8 @@ CVE-2023-29415 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A d
- bzip3 1.2.2-2 (bug #1034177)
NOTE: https://github.com/kspalaiologos/bzip3/issues/95
NOTE: https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465 (1.3.0)
-CVE-2023-29414
- RESERVED
+CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer ...)
+ TODO: check
CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
NOT-FOR-US: Schneider
CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability exists t ...)
@@ -13153,30 +13263,30 @@ CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earl
NOT-FOR-US: Adobe
CVE-2023-29320
RESERVED
-CVE-2023-29319
- RESERVED
-CVE-2023-29318
- RESERVED
-CVE-2023-29317
- RESERVED
-CVE-2023-29316
- RESERVED
-CVE-2023-29315
- RESERVED
-CVE-2023-29314
- RESERVED
-CVE-2023-29313
- RESERVED
-CVE-2023-29312
- RESERVED
-CVE-2023-29311
- RESERVED
-CVE-2023-29310
- RESERVED
-CVE-2023-29309
- RESERVED
-CVE-2023-29308
- RESERVED
+CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29317 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29316 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29315 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29314 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29313 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29312 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29311 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29310 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29309 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
+CVE-2023-29308 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...)
+ TODO: check
CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29306
@@ -13189,14 +13299,14 @@ CVE-2023-29303
RESERVED
CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
-CVE-2023-29301
- RESERVED
-CVE-2023-29300
- RESERVED
+CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
+ TODO: check
+CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
+ TODO: check
CVE-2023-29299
RESERVED
-CVE-2023-29298
- RESERVED
+CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...)
+ TODO: check
CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
NOT-FOR-US: Adobe
CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...)
@@ -33035,11 +33145,9 @@ CVE-2023-22890 (SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticate
NOT-FOR-US: SmartBear Zephyr Enterprise
CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined inp ...)
NOT-FOR-US: SmartBear Zephyr Enterprise
-CVE-2023-22888
- RESERVED
+CVE-2023-22888 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...)
- airflow <itp> (bug #819700)
-CVE-2023-22887
- RESERVED
+CVE-2023-22887 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...)
- airflow <itp> (bug #819700)
CVE-2023-22886 (Improper Input Validation vulnerability in Apache Software Foundation ...)
NOT-FOR-US: Apache Airflow JDBC Provider
@@ -41288,8 +41396,7 @@ CVE-2022-46663 (In GNU Less before 609, crafted data can result in "less -R" not
NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/7
NOTE: Introduced by: https://github.com/gwsw/less/commit/0f810ef16781bf0f59690be63af876bddabf68bf (v566)
NOTE: Fixed by: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
-CVE-2022-46651
- RESERVED
+CVE-2022-46651 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...)
- airflow <itp> (bug #819700)
CVE-2022-46650 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...)
NOT-FOR-US: ALEOS
@@ -43674,8 +43781,7 @@ CVE-2022-45857 (An incorrect user management vulnerability [CWE-286] in the Fort
NOT-FOR-US: Fortinet
CVE-2022-45856
RESERVED
-CVE-2022-45855
- RESERVED
+CVE-2022-45855 (SpringEL injection in the metrics source in Apache Ambari version 2.7. ...)
NOT-FOR-US: Apache Ambari
CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...)
NOT-FOR-US: Zyxel
@@ -51341,14 +51447,14 @@ CVE-2023-20212
RESERVED
CVE-2023-20211
RESERVED
-CVE-2023-20210
- RESERVED
+CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated, loca ...)
+ TODO: check
CVE-2023-20209
RESERVED
CVE-2023-20208
RESERVED
-CVE-2023-20207
- RESERVED
+CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...)
+ TODO: check
CVE-2023-20206
RESERVED
CVE-2023-20205
@@ -51391,8 +51497,8 @@ CVE-2023-20187
RESERVED
CVE-2023-20186
RESERVED
-CVE-2023-20185
- RESERVED
+CVE-2023-20185 (A vulnerability in the Cisco ACI Multi-Site CloudSec encryption featur ...)
+ TODO: check
CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
NOT-FOR-US: Cisco
CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
@@ -51523,7 +51629,7 @@ CVE-2023-20121 (Multiple vulnerabilities in the restricted shell of Cisco Evolve
NOT-FOR-US: Cisco
CVE-2023-20120 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2023-20119 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+CVE-2023-20119 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2023-20118 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
@@ -51551,7 +51657,7 @@ CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG)
NOT-FOR-US: Cisco
CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...)
NOT-FOR-US: Cisco
-CVE-2023-20105 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...)
+CVE-2023-20105 (A vulnerability in the change password functionality of Cisco Expressw ...)
NOT-FOR-US: Cisco
CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...)
NOT-FOR-US: Cisco
@@ -57349,8 +57455,7 @@ CVE-2022-42010 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14
NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916
CVE-2022-3390
RESERVED
-CVE-2022-42009
- RESERVED
+CVE-2022-42009 (SpringEL injection in the server agent in Apache Ambari version 2.7.0 ...)
NOT-FOR-US: Apache Ambari
CVE-2022-3389 (Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.)
- rdiffweb <itp> (bug #969974)
@@ -69893,7 +69998,7 @@ CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate
NOT-FOR-US: WordPress plugin
CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storag ...)
NOT-FOR-US: Hitachi
-CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...)
+CVE-2022-2636 (Improper Control of Generation of Code ('Code Injection') in GitHub re ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
@@ -120436,8 +120541,8 @@ CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlie
NOT-FOR-US: Adobe
CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
NOT-FOR-US: Adobe
-CVE-2021-44696
- RESERVED
+CVE-2021-44696 (Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bo ...)
+ TODO: check
CVE-2021-44695 (A vulnerability has been identified in SIMATIC Drive Controller CPU 15 ...)
NOT-FOR-US: Siemens
CVE-2021-44694 (A vulnerability has been identified in SIMATIC Drive Controller CPU 15 ...)
@@ -124576,14 +124681,14 @@ CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and b
NOT-FOR-US: Adobe
CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
NOT-FOR-US: Adobe
-CVE-2021-43760
- RESERVED
-CVE-2021-43759
- RESERVED
-CVE-2021-43758
- RESERVED
-CVE-2021-43757
- RESERVED
+CVE-2021-43760 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...)
+ TODO: check
+CVE-2021-43759 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...)
+ TODO: check
+CVE-2021-43758 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...)
+ TODO: check
+CVE-2021-43757 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...)
+ TODO: check
CVE-2021-43756 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...)
NOT-FOR-US: Adobe
CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
@@ -217776,8 +217881,8 @@ CVE-2020-20023
RESERVED
CVE-2020-20022
RESERVED
-CVE-2020-20021
- RESERVED
+CVE-2020-20021 (An issue discovered in MikroTik Router v6.46.3 and earlier allows atta ...)
+ TODO: check
CVE-2020-20020
RESERVED
CVE-2020-20019
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2e30a4de9d57f8d70d046e8d19c394fef9c0648
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2e30a4de9d57f8d70d046e8d19c394fef9c0648
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230712/976c647c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list