[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 19 21:12:17 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f0df28be by security tracker role at 2023-07-19T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-3765 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...)
+ TODO: check
+CVE-2023-3763 (A vulnerability was found in Intergard SGS 8.7.0. It has been declared ...)
+ TODO: check
+CVE-2023-3762 (A vulnerability was found in Intergard SGS 8.7.0. It has been classifi ...)
+ TODO: check
+CVE-2023-3761 (A vulnerability was found in Intergard SGS 8.7.0 and classified as pro ...)
+ TODO: check
+CVE-2023-3760 (A vulnerability has been found in Intergard SGS 8.7.0 and classified a ...)
+ TODO: check
+CVE-2023-3759 (A vulnerability, which was classified as critical, was found in Interg ...)
+ TODO: check
+CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ Script ...)
+ TODO: check
+CVE-2023-3756 (A vulnerability was found in Creativeitem Atlas Business Directory Lis ...)
+ TODO: check
+CVE-2023-3755 (A vulnerability has been found in Creativeitem Atlas Business Director ...)
+ TODO: check
+CVE-2023-3754 (A vulnerability, which was classified as problematic, was found in Cre ...)
+ TODO: check
+CVE-2023-3753 (A vulnerability classified as problematic has been found in Creativeit ...)
+ TODO: check
+CVE-2023-3752 (A vulnerability was found in Creativeitem Academy LMS 5.15. It has bee ...)
+ TODO: check
+CVE-2023-3751 (A vulnerability was found in Super Store Finder 3.6. It has been decla ...)
+ TODO: check
+CVE-2023-3722 (An OS command injection vulnerability was found in the Avaya Aura Devi ...)
+ TODO: check
+CVE-2023-3638 (In GeoVision GV-ADR2701 cameras, an attacker could edit the login resp ...)
+ TODO: check
+CVE-2023-3527 (A CSV injection vulnerability was found in theAvaya Call Management Sy ...)
+ TODO: check
+CVE-2023-3519 (Unauthenticated remote code execution)
+ TODO: check
+CVE-2023-3467 (Privilege Escalation to root administrator (nsroot))
+ TODO: check
+CVE-2023-3466 (Reflected Cross-Site Scripting (XSS))
+ TODO: check
+CVE-2023-3463 (All versions of GE Digital CIMPLICITY that are not adhering to SDG gui ...)
+ TODO: check
+CVE-2023-37899 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
+ TODO: check
+CVE-2023-37897 (Grav is a file-based Web-platform built in PHP. Grav is subject to a s ...)
+ TODO: check
+CVE-2023-37748 (ngiflib commit 5e7292 was discovered to contain an infinite loop via t ...)
+ TODO: check
+CVE-2023-37733 (An arbitrary file upload vulnerability in tduck-platform v4.0 allows a ...)
+ TODO: check
+CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2023-35900 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 a ...)
+ TODO: check
+CVE-2023-35898 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+ TODO: check
+CVE-2023-34034 (Using "**" as a pattern in Spring Security configuration for WebFlux ...)
+ TODO: check
+CVE-2023-33876 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...)
+ TODO: check
+CVE-2023-33866 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
+CVE-2023-33832 (IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user ...)
+ TODO: check
+CVE-2023-32664 (A type confusion vulnerability exists in the Javascript checkThisBox m ...)
+ TODO: check
+CVE-2023-32635 (XBRL data create application version 7.0 and earlier improperly restri ...)
+ TODO: check
+CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus Dimen ...)
+ TODO: check
+CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2023-3347 [SMB2 packet signing not enforced]
- samba 2:4.18.5+dfsg-1
[bullseye] - samba <not-affected> (Vulnerable code not present)
@@ -17,7 +87,7 @@ CVE-2023-3745
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1857
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b
-CVE-2023-3446
+CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters may be ...)
- openssl <unfixed>
[bookworm] - openssl <postponed> (Minor issue, fix along with future DSA)
[bullseye] - openssl <postponed> (Minor issue, fix along with future DSA)
@@ -407,7 +477,7 @@ CVE-2023-3685 (A vulnerability was found in Nesote Inout Search Engine AI Editio
NOT-FOR-US: Nesote Inout Search Engine AI Edition
CVE-2023-3684 (A vulnerability was found in LivelyWorks Articart 2.0.1 and classified ...)
NOT-FOR-US: LivelyWorks Articart
-CVE-2023-3674
+CVE-2023-3674 (A flaw was found in the keylime attestation verifier, which fails to f ...)
NOT-FOR-US: Keylime
CVE-2023-38379 (The web interface on the RIGOL MSO5000 digital oscilloscope with firmw ...)
NOT-FOR-US: RIGOL
@@ -2422,6 +2492,7 @@ CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that tak
CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...)
NOT-FOR-US: CometBFT
CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...)
+ {DLA-3500-1}
- python-django 3:3.2.20-1 (bug #1040225)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1
NOTE: https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
@@ -2910,7 +2981,7 @@ CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected ve
NOTE: Introduced with: https://github.com/py-pdf/pypdf/pull/969 (2.2.0)
NOTE: Fixed with: https://github.com/py-pdf/pypdf/pull/1828
NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932 (3.9.0)
-CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 ...)
+CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earl ...)
NOT-FOR-US: Snow Monkey Forms
CVE-2022-48505 (This issue was addressed with improved data protection. This issue is ...)
NOT-FOR-US: Apple
@@ -4346,9 +4417,9 @@ CVE-2023-35144 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not
NOT-FOR-US: Jenkins plugin
CVE-2023-35143 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32262
+CVE-2023-32262 (A potential vulnerability has been identified in the Micro Focus Dimen ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32261
+CVE-2023-32261 (A potential vulnerability has been identified in the Micro Focus Dimen ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-35142 (Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validat ...)
NOT-FOR-US: Jenkins plugin
@@ -9848,8 +9919,8 @@ CVE-2023-30801
RESERVED
CVE-2023-30800
RESERVED
-CVE-2023-30799
- RESERVED
+CVE-2023-30799 (MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 ar ...)
+ TODO: check
CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python framework bef ...)
- starlette 0.25.0-1
[bullseye] - starlette <no-dsa> (Minor issue)
@@ -11288,8 +11359,8 @@ CVE-2023-30435
RESERVED
CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 ...)
NOT-FOR-US: IBM
-CVE-2023-30433
- RESERVED
+CVE-2023-30433 (IBM Security Verify Access 10.0 could allow a remote attacker to condu ...)
+ TODO: check
CVE-2023-30432
RESERVED
CVE-2023-30431 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
@@ -14301,10 +14372,10 @@ CVE-2023-29262
RESERVED
CVE-2023-29261
RESERVED
-CVE-2023-29260
- RESERVED
-CVE-2023-29259
- RESERVED
+CVE-2023-29260 (IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side ...)
+ TODO: check
+CVE-2023-29259 (IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to ...)
+ TODO: check
CVE-2023-29258
RESERVED
CVE-2023-29257 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
@@ -15400,8 +15471,8 @@ CVE-2023-28936 (Attacker can access arbitrary recording/room Vendor: The Apache
NOT-FOR-US: Apache OpenMeetings
CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...)
NOT-FOR-US: Apache UIMA UICC
-CVE-2023-28744
- RESERVED
+CVE-2023-28744 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ TODO: check
CVE-2023-1672 (A race condition exists in the Tang server functionality for key gener ...)
- tang 14-1 (bug #1038119)
[bookworm] - tang <no-dsa> (Minor issue)
@@ -16108,8 +16179,8 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0
NOTE: Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4)
NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1)
NOTE: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
-CVE-2023-28754
- RESERVED
+CVE-2023-28754 (Deserialization of Untrusted Data vulnerability in Apache ShardingSphe ...)
+ TODO: check
CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in its pa ...)
NOT-FOR-US: netconsd
CVE-2023-28752
@@ -16916,8 +16987,8 @@ CVE-2023-28515
RESERVED
CVE-2023-28514 (IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive ...)
NOT-FOR-US: IBM
-CVE-2023-28513
- RESERVED
+CVE-2023-28513 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM ...)
+ TODO: check
CVE-2023-28512
RESERVED
CVE-2023-28511
@@ -19207,8 +19278,8 @@ CVE-2023-27890 (The Export User plugin through 2.0 for MyBB allows XSS during th
NOT-FOR-US: MyBB
CVE-2023-27878
RESERVED
-CVE-2023-27877
- RESERVED
+CVE-2023-27877 (IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects t ...)
+ TODO: check
CVE-2023-27876 (IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE ...)
NOT-FOR-US: IBM
CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other user's cred ...)
@@ -24359,14 +24430,14 @@ CVE-2023-26028
RESERVED
CVE-2023-26027
RESERVED
-CVE-2023-26026
- RESERVED
+CVE-2023-26026 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...)
+ TODO: check
CVE-2023-26025
RESERVED
CVE-2023-26024
RESERVED
-CVE-2023-26023
- RESERVED
+CVE-2023-26023 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...)
+ TODO: check
CVE-2023-26022 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...)
NOT-FOR-US: IBM
CVE-2023-26021 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
@@ -24849,10 +24920,10 @@ CVE-2023-25841
RESERVED
CVE-2023-25840
RESERVED
-CVE-2023-25839
- RESERVED
-CVE-2023-25838
- RESERVED
+CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights Desktop f ...)
+ TODO: check
+CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 2022.1 for ...)
+ TODO: check
CVE-2023-25837
RESERVED
CVE-2023-25836
@@ -35566,14 +35637,14 @@ CVE-2023-22510
RESERVED
CVE-2023-22509
RESERVED
-CVE-2023-22508
- RESERVED
+CVE-2023-22508 (This High severity RCE (Remote Code Execution) vulnerability known as ...)
+ TODO: check
CVE-2023-22507
RESERVED
-CVE-2023-22506
- RESERVED
-CVE-2023-22505
- RESERVED
+CVE-2023-22506 (This High severity Injection and RCE (Remote Code Execution) vulnerabi ...)
+ TODO: check
+CVE-2023-22505 (This High severity RCE (Remote Code Execution) vulnerability known as ...)
+ TODO: check
CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
NOT-FOR-US: Atlassian
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
@@ -38704,156 +38775,134 @@ CVE-2023-22064
RESERVED
CVE-2023-22063
RESERVED
-CVE-2023-22062
- RESERVED
-CVE-2023-22061
- RESERVED
-CVE-2023-22060
- RESERVED
+CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting product of Or ...)
+ TODO: check
+CVE-2023-22061 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyper ...)
+ TODO: check
CVE-2023-22059
RESERVED
-CVE-2023-22058
- RESERVED
+CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22057
- RESERVED
+CVE-2023-22057 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22056
- RESERVED
+CVE-2023-22056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22055
- RESERVED
-CVE-2023-22054
- RESERVED
+CVE-2023-22055 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ TODO: check
+CVE-2023-22054 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22053
- RESERVED
+CVE-2023-22053 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22052
- RESERVED
-CVE-2023-22051
- RESERVED
-CVE-2023-22050
- RESERVED
-CVE-2023-22049
- RESERVED
+CVE-2023-22052 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
+ TODO: check
+CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM ...)
+ TODO: check
+CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
+ TODO: check
+CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22048
- RESERVED
+CVE-2023-22048 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22047
- RESERVED
-CVE-2023-22046
- RESERVED
+CVE-2023-22047 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22045
- RESERVED
+CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22044
- RESERVED
+CVE-2023-22044 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-17 17.0.8+7-1
-CVE-2023-22043
- RESERVED
+CVE-2023-22043 (Vulnerability in Oracle Java SE (component: JavaFX). The supported v ...)
- openjfx 11+26-1
NOTE: This only affects JavaFX 8.x, so marking the first 11 upload as fixed
-CVE-2023-22042
- RESERVED
-CVE-2023-22041
- RESERVED
+CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22040
- RESERVED
-CVE-2023-22039
- RESERVED
-CVE-2023-22038
- RESERVED
+CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-22039 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...)
+ TODO: check
+CVE-2023-22038 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22037
- RESERVED
-CVE-2023-22036
- RESERVED
+CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
+ TODO: check
+CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22035
- RESERVED
-CVE-2023-22034
- RESERVED
-CVE-2023-22033
- RESERVED
+CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2023-22034 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
+ TODO: check
+CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22032
RESERVED
-CVE-2023-22031
- RESERVED
+CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
CVE-2023-22030
RESERVED
CVE-2023-22029
RESERVED
CVE-2023-22028
RESERVED
-CVE-2023-22027
- RESERVED
+CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
CVE-2023-22026
RESERVED
CVE-2023-22025
RESERVED
CVE-2023-22024
RESERVED
-CVE-2023-22023
- RESERVED
-CVE-2023-22022
- RESERVED
-CVE-2023-22021
- RESERVED
-CVE-2023-22020
- RESERVED
+CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data Management W ...)
+ TODO: check
+CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
CVE-2023-22019
RESERVED
-CVE-2023-22018
- RESERVED
+CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
-CVE-2023-22017
- RESERVED
+CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
-CVE-2023-22016
- RESERVED
+CVE-2023-22016 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
CVE-2023-22015
RESERVED
-CVE-2023-22014
- RESERVED
-CVE-2023-22013
- RESERVED
-CVE-2023-22012
- RESERVED
-CVE-2023-22011
- RESERVED
-CVE-2023-22010
- RESERVED
-CVE-2023-22009
- RESERVED
-CVE-2023-22008
- RESERVED
+CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-22012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-22011 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-22010 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...)
+ TODO: check
+CVE-2023-22009 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...)
+ TODO: check
+CVE-2023-22008 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22007
- RESERVED
+CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22006
- RESERVED
+CVE-2023-22006 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22005
- RESERVED
+CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22004
- RESERVED
+CVE-2023-22004 (Vulnerability in the Oracle Applications Technology product of Oracle ...)
+ TODO: check
CVE-2023-22003 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-22002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -38872,8 +38921,8 @@ CVE-2023-21996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
NOT-FOR-US: Oracle
CVE-2023-21995
RESERVED
-CVE-2023-21994
- RESERVED
+CVE-2023-21994 (Vulnerability in the Oracle Mobile Security Suite product of Oracle Fu ...)
+ TODO: check
CVE-2023-21993 (Vulnerability in the Oracle Clinical Remote Data Capture product of Or ...)
NOT-FOR-US: Oracle
CVE-2023-21992 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
@@ -38894,8 +38943,8 @@ CVE-2023-21985 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
NOT-FOR-US: Oracle
CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
-CVE-2023-21983
- RESERVED
+CVE-2023-21983 (Vulnerability in the Application Express Administration product of Ora ...)
+ TODO: check
CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
@@ -38910,10 +38959,10 @@ CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
-CVE-2023-21975
- RESERVED
-CVE-2023-21974
- RESERVED
+CVE-2023-21975 (Vulnerability in the Application Express Customers Plugin product of O ...)
+ TODO: check
+CVE-2023-21974 (Vulnerability in the Application Express Team Calendar Plugin product ...)
+ TODO: check
CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle E-Business ...)
NOT-FOR-US: Oracle
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -38946,8 +38995,8 @@ CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
- mysql-8.0 8.0.32-1
CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
-CVE-2023-21961
- RESERVED
+CVE-2023-21961 (Vulnerability in the Oracle Hyperion Essbase Administration Services p ...)
+ TODO: check
CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21959 (Vulnerability in the Oracle iReceivables product of Oracle E-Business ...)
@@ -38972,11 +39021,10 @@ CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise Edi
NOT-FOR-US: Oracle
CVE-2023-21951
RESERVED
-CVE-2023-21950
- RESERVED
+CVE-2023-21950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-21949
- RESERVED
+CVE-2023-21949 (Vulnerability in the Advanced Networking Option component of Oracle Da ...)
+ TODO: check
CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -46999,7 +47047,7 @@ CVE-2022-3924 (This issue can affect BIND 9 resolvers with `stale-answer-enable
- bind9 1:9.18.11-1
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
NOTE: https://kb.isc.org/docs/cve-2022-3924
-CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does ...)
+CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does not sanit ...)
NOT-FOR-US: WordPress plugin
@@ -52979,12 +53027,12 @@ CVE-2022-43912
RESERVED
CVE-2022-43911
RESERVED
-CVE-2022-43910
- RESERVED
+CVE-2022-43910 (IBM Security Guardium 11.3 could allow a local user to escalate their ...)
+ TODO: check
CVE-2022-43909
RESERVED
-CVE-2022-43908
- RESERVED
+CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user to cause ...)
+ TODO: check
CVE-2022-43907
RESERVED
CVE-2022-43906
@@ -61389,8 +61437,8 @@ CVE-2022-40897 (Python Packaging Authority (PyPA) setuptools before 65.5.1 allow
- setuptools 65.6.3-1
[bullseye] - setuptools <no-dsa> (Minor issue)
NOTE: https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be (v65.5.1)
-CVE-2022-40896
- RESERVED
+CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments ...)
+ TODO: check
CVE-2022-40895 (In certain Nedi products, a vulnerability in the web UI of NeDi login ...)
NOT-FOR-US: NeDi
CVE-2022-40894
@@ -111605,6 +111653,7 @@ CVE-2022-23529
CVE-2022-23528
RESERVED
CVE-2022-23527 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...)
+ {DLA-3499-1}
- libapache2-mod-auth-openidc 2.4.12.2-1 (bug #1026444)
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2
NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
@@ -139921,6 +139970,7 @@ CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to c
CVE-2021-39192 (Ghost is a Node.js content management system. An error in the implemen ...)
NOT-FOR-US: Ghost CMS
CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ {DLA-3499-1}
- libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648)
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u1
[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -140496,8 +140546,8 @@ CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users
NOT-FOR-US: IBM
CVE-2021-38934 (IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2021-38933
- RESERVED
+CVE-2021-38933 (IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cry ...)
+ TODO: check
CVE-2021-38932
RESERVED
CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0df28be5dddfb80c5b42e516222108c937bb22c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0df28be5dddfb80c5b42e516222108c937bb22c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230719/02c591c7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list