[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 13 21:12:35 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a178e1e0 by security tracker role at 2023-07-13T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2023-3661 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
+ TODO: check
+CVE-2023-3660 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...)
+ TODO: check
+CVE-2023-3659 (A vulnerability has been found in SourceCodester AC Repair and Service ...)
+ TODO: check
+CVE-2023-3658 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-3657 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-37787 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 ...)
+ TODO: check
+CVE-2023-37786 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 ...)
+ TODO: check
+CVE-2023-37785 (A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and be ...)
+ TODO: check
+CVE-2023-37746 (A cross-site scripting (XSS) vulnerability in Maid Hiring Management S ...)
+ TODO: check
+CVE-2023-37745 (A cross-site scripting (XSS) vulnerability in Maid Hiring Management S ...)
+ TODO: check
+CVE-2023-37744 (Maid Hiring Management System v1.0 was discovered to contain a cross-s ...)
+ TODO: check
+CVE-2023-37743 (A cross-site scripting (XSS) vulnerability in Teacher Subject Allocati ...)
+ TODO: check
+CVE-2023-37463 (cmark-gfm is an extended version of the C reference implementation of ...)
+ TODO: check
+CVE-2023-37267 (Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco c ...)
+ TODO: check
+CVE-2023-35833 (An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When mo ...)
+ TODO: check
+CVE-2023-35070 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-34458 (mx-chain-go is the official implementation of the MultiversX blockchai ...)
+ TODO: check
+CVE-2023-33768 (Incorrect signature verification of the firmware during the Device Fir ...)
+ TODO: check
+CVE-2023-31825 (An issue found in Inageya v.13.4.1 allows a remote attacker to gain ac ...)
+ TODO: check
+CVE-2023-31824 (An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote at ...)
+ TODO: check
+CVE-2023-31823 (An issue found in Marui Co Marui Official app v.13.6.1 allows a remote ...)
+ TODO: check
+CVE-2023-31822 (An issue found in Entetsu Store v.13.4.1 allows a remote attacker to g ...)
+ TODO: check
+CVE-2023-31821 (An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to ...)
+ TODO: check
+CVE-2023-31820 (An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker t ...)
+ TODO: check
+CVE-2023-31819 (An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a ...)
+ TODO: check
+CVE-2023-31705 (A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester ...)
+ TODO: check
+CVE-2023-31704 (Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to I ...)
+ TODO: check
CVE-2023-3444 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
TODO: check
CVE-2023-3424 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
@@ -10091,20 +10145,20 @@ CVE-2023-30567
RESERVED
CVE-2023-30566
RESERVED
-CVE-2023-30565
- RESERVED
-CVE-2023-30564
- RESERVED
-CVE-2023-30563
- RESERVED
-CVE-2023-30562
- RESERVED
-CVE-2023-30561
- RESERVED
-CVE-2023-30560
- RESERVED
-CVE-2023-30559
- RESERVED
+CVE-2023-30565 (An insecure connection between Systems Manager and CQI Reporter applic ...)
+ TODO: check
+CVE-2023-30564 (Alaris Systems Manager does not perform input validation during the De ...)
+ TODO: check
+CVE-2023-30563 (A malicious file could be uploaded into a System Manager User Import F ...)
+ TODO: check
+CVE-2023-30562 (A GRE dataset file within Systems Manager can be tampered with and dis ...)
+ TODO: check
+CVE-2023-30561 (The data flowing between the PCU and its modules is insecure. A threat ...)
+ TODO: check
+CVE-2023-30560 (The configuration from the PCU can be modified without authentication ...)
+ TODO: check
+CVE-2023-30559 (The configuration from the PCU can be modified without authentication ...)
+ TODO: check
CVE-2023-30558 (Archery is an open source SQL audit platform. The Archery project cont ...)
NOT-FOR-US: Archery
CVE-2023-30557 (Archery is an open source SQL audit platform. The Archery project cont ...)
@@ -10185,8 +10239,8 @@ CVE-2023-2005 (Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Secu
NOT-FOR-US: Tenable
CVE-2023-2004
REJECTED
-CVE-2023-2003
- RESERVED
+CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the build 5 of ...)
+ TODO: check
CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due to a m ...)
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3
@@ -11126,8 +11180,8 @@ CVE-2023-30153
RESERVED
CVE-2023-30152
RESERVED
-CVE-2023-30151
- RESERVED
+CVE-2023-30151 (A SQL injection vulnerability in the Boxtal (envoimoinscher) module fo ...)
+ TODO: check
CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection ...)
NOT-FOR-US: PrestaShop leocustomajax
CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...)
@@ -12818,26 +12872,26 @@ CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell
NOT-FOR-US: Rockwell Automation
CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android exposes the ...)
NOT-FOR-US: laola.redbull
-CVE-2023-29458
- RESERVED
-CVE-2023-29457
- RESERVED
-CVE-2023-29456
- RESERVED
-CVE-2023-29455
- RESERVED
-CVE-2023-29454
- RESERVED
+CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a focus on ...)
+ TODO: check
+CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off ...)
+ TODO: check
+CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...)
+ TODO: check
+CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...)
+ TODO: check
+CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...)
+ TODO: check
CVE-2023-29453
RESERVED
-CVE-2023-29452
- RESERVED
-CVE-2023-29451
- RESERVED
-CVE-2023-29450
- RESERVED
-CVE-2023-29449
- RESERVED
+CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...)
+ TODO: check
+CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON parser ...)
+ TODO: check
+CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...)
+ TODO: check
+CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...)
+ TODO: check
CVE-2023-29448
RESERVED
CVE-2023-29447
@@ -19962,32 +20016,32 @@ CVE-2023-27299
RESERVED
CVE-2023-27297
RESERVED
-CVE-2023-26597
- RESERVED
+CVE-2023-26597 (Controller DoS due to buffer overflow in the handling of a specially c ...)
+ TODO: check
CVE-2023-26585
RESERVED
-CVE-2023-25948
- RESERVED
-CVE-2023-25770
- RESERVED
-CVE-2023-25178
- RESERVED
-CVE-2023-25078
- RESERVED
+CVE-2023-25948 (Server information leak of configuration data when an error is generat ...)
+ TODO: check
+CVE-2023-25770 (Controller DoS may occur due to buffer overflow when an error is gener ...)
+ TODO: check
+CVE-2023-25178 (Controller may be loaded with malicious firmware which could enable re ...)
+ TODO: check
+CVE-2023-25078 (Server or Console Station DoS due to heap overflow occurring during th ...)
+ TODO: check
CVE-2023-24589
RESERVED
-CVE-2023-24480
- RESERVED
-CVE-2023-24474
- RESERVED
+CVE-2023-24480 (Controller DoS due to stack overflow when decoding a message from the ...)
+ TODO: check
+CVE-2023-24474 (Experion server may experience a DoS due to a heap overflow which coul ...)
+ TODO: check
CVE-2023-23905
RESERVED
-CVE-2023-23585
- RESERVED
+CVE-2023-23585 (Experion server DoS due to heap overflow occurring during the handling ...)
+ TODO: check
CVE-2023-22658
RESERVED
-CVE-2023-22435
- RESERVED
+CVE-2023-22435 (Experion server may experience a DoS due to a stack overflow when hand ...)
+ TODO: check
CVE-2023-1109 (In Phoenix Contacts ENERGY AXC PU Web service an authenticated restric ...)
NOT-FOR-US: Phoenix Contacts ENERGY AXC PU Web service
CVE-2023-1108
@@ -57468,8 +57522,8 @@ CVE-2022-42047
RESERVED
CVE-2022-42046 (wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary ...)
NOT-FOR-US: HeavenBurnsRed
-CVE-2022-42045
- RESERVED
+CVE-2022-42045 (Certain Zemana products are vulnerable to Arbitrary code injection. Th ...)
+ TODO: check
CVE-2022-42044 (The d8s-asns package for Python, as distributed on PyPI, included a po ...)
NOT-FOR-US: d8s-asns
CVE-2022-42043 (The d8s-xml package for Python, as distributed on PyPI, included a pot ...)
@@ -105962,8 +106016,7 @@ CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogi
NOTE: https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
CVE-2022-24835
RESERVED
-CVE-2022-24834
- RESERVED
+CVE-2022-24834 (Redis is an in-memory database that persists on disk. A specially craf ...)
- redis 5:7.0.12-1
[bookworm] - redis <no-dsa> (Minor issue)
[bullseye] - redis <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a178e1e05509b606f633ef133527e82b59a04c58
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a178e1e05509b606f633ef133527e82b59a04c58
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230713/30361494/attachment.htm>
More information about the debian-security-tracker-commits
mailing list