[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 20 09:12:11 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31eca1c6 by security tracker role at 2023-07-20T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,32 @@
-CVE-2023-38408 [Remote Code Execution in OpenSSH's forwarded ssh-agent]
+CVE-2023-3784 (A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has ...)
+	TODO: check
+CVE-2023-3783 (A vulnerability was found in Webile 1.0.1. It has been classified as p ...)
+	TODO: check
+CVE-2023-3782 (DoS of the OkHttp client when using a BrotliInterceptor and surfing to ...)
+	TODO: check
+CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP ...)
+	TODO: check
+CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies ...)
+	TODO: check
+CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL  ...)
+	TODO: check
+CVE-2023-37362 (Weintek Weincloud v0.13.6     could allow an attacker to abuse the reg ...)
+	TODO: check
+CVE-2023-37289 (It is identified a vulnerability of Unrestricted Upload of File with D ...)
+	TODO: check
+CVE-2023-36853 (In Keysight Geolocation Server v2.4.2 and prior, a low privileged atta ...)
+	TODO: check
+CVE-2023-35134 (Weintek Weincloud v0.13.6   could allow an attacker to reset a passwor ...)
+	TODO: check
+CVE-2023-34429 (Weintek Weincloud v0.13.6     could allow an attacker to cause a denia ...)
+	TODO: check
+CVE-2023-34394 (In Keysight Geolocation Server v2.4.2 and prior, an attacker could upl ...)
+	TODO: check
+CVE-2023-32657 (Weintek Weincloud v0.13.6     could allow an attacker to efficiently d ...)
+	TODO: check
+CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insuff ...)
 	- openssh 1:9.3p2-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9
 	NOTE: https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
@@ -210,9 +238,9 @@ CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a
 	NOT-FOR-US: Iagona ScrutisWeb
 CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote ...)
 	NOT-FOR-US: Iagona ScrutisWeb
-CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a User may cause a i ...)
+CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a user may inject co ...)
 	NOT-FOR-US: AMI SPx
-CVE-2023-34329 (AMI SPx contains a vulnerability in BMC where a User may cause an auth ...)
+CVE-2023-34329 (AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cau ...)
 	NOT-FOR-US: AMI SPx
 CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 6.0.5,and 6.1p ...)
 	- libspring-security-2.0-java <removed>
@@ -23815,8 +23843,8 @@ CVE-2023-26219
 	RESERVED
 CVE-2023-26218
 	RESERVED
-CVE-2023-26217
-	RESERVED
+CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX  ...)
+	TODO: check
 CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
 	NOT-FOR-US: TIBCO
 CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
@@ -95339,40 +95367,35 @@ CVE-2022-28738 (A double free was found in the Regexp compiler in Ruby 3.x befor
 	NOTE: https://github.com/ruby/ruby/commit/052ec6d2585c3ace95671013d336f5543624ef3d (v3_0_4)
 	NOTE: https://github.com/ruby/ruby/commit/73f45e5e96ccc13a131f7c0122cf8600ce5b930f (v3_1_2)
 	NOTE: https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/
-CVE-2022-28737
-	RESERVED
+CVE-2022-28737 (There's a possible overflow in handle_image() when shim tries to load  ...)
 	- shim 15.6-1
 	[bullseye] - shim 15.6-1~deb11u1
 	[buster] - shim <no-dsa> (Fix via point update)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
 	NOTE: https://github.com/rhboot/shim/commit/e99bdbb827a50cde019393d3ca1e89397db221a7 (15.6)
 	NOTE: https://github.com/rhboot/shim/commit/159151b6649008793d6204a34d7b9c41221fb4b0 (15.6)
-CVE-2022-28736
-	RESERVED
+CVE-2022-28736 (There's a use-after-free vulnerability in grub_cmd_chainloader() funct ...)
 	- grub2 2.06-3
 	[bullseye] - grub2 2.06-3~deb11u1
 	[buster] - grub2 2.06-3~deb10u1
 	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	[jessie] - grub2 <ignored> (No SecureBoot support in jessie)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2022-28735
-	RESERVED
+CVE-2022-28735 (The GRUB2's shim_lock verifier allows non-kernel files to be loaded on ...)
 	- grub2 2.06-3 (bug #1001057)
 	[bullseye] - grub2 2.06-3~deb11u1
 	[buster] - grub2 2.06-3~deb10u1
 	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	[jessie] - grub2 <ignored> (No SecureBoot support in jessie)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2022-28734
-	RESERVED
+CVE-2022-28734 (Out-of-bounds write when handling split HTTP headers; When handling sp ...)
 	- grub2 2.06-3
 	[bullseye] - grub2 2.06-3~deb11u1
 	[buster] - grub2 2.06-3~deb10u1
 	[stretch] - grub2 <ignored> (No SecureBoot support in stretch)
 	[jessie] - grub2 <ignored> (No SecureBoot support in jessie)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2022-28733
-	RESERVED
+CVE-2022-28733 (Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP ...)
 	- grub2 2.06-3
 	[bullseye] - grub2 2.06-3~deb11u1
 	[buster] - grub2 2.06-3~deb10u1
@@ -138345,8 +138368,8 @@ CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is af
 	NOT-FOR-US: Adobe
 CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...)
 	NOT-FOR-US: Adobe
-CVE-2021-39822
-	RESERVED
+CVE-2021-39822 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
+	TODO: check
 CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
 	NOT-FOR-US: Adobe
 CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31eca1c6d3da3af04a560bdf99e7ff6569e4a138

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31eca1c6d3da3af04a560bdf99e7ff6569e4a138
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230720/3d0a650a/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list