[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 20 21:12:18 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f120c3ef by security tracker role at 2023-07-20T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2023-3794 (A vulnerability classified as problematic has been found in Bug Finder ...)
+	TODO: check
+CVE-2023-3793 (A vulnerability was found in Weaver e-cology. It has been rated as cri ...)
+	TODO: check
+CVE-2023-3792 (A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been cl ...)
+	TODO: check
+CVE-2023-3791 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...)
+	TODO: check
+CVE-2023-3790 (A vulnerability has been found in Boom CMS 8.0.7 and classified as pro ...)
+	TODO: check
+CVE-2023-3789 (A vulnerability, which was classified as problematic, was found in Pau ...)
+	TODO: check
+CVE-2023-3788 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-3787 (A vulnerability classified as problematic was found in Codecanyon Tiva ...)
+	TODO: check
+CVE-2023-3786 (A vulnerability classified as problematic has been found in Aures Kome ...)
+	TODO: check
+CVE-2023-3785 (A vulnerability was found in PaulPrinting CMS 2018. It has been rated  ...)
+	TODO: check
+CVE-2023-38617 (Office Suite Premium Version v10.9.1.42602 was discovered to contain a ...)
+	TODO: check
+CVE-2023-38523 (The web interface on multiple Samsung Harman AMX N-Series devices allo ...)
+	TODO: check
+CVE-2023-38335 (Omnis Studio 10.22.00 has incorrect access control. It advertises a fe ...)
+	TODO: check
+CVE-2023-38334 (Omnis Studio 10.22.00 has incorrect access control. It advertises an i ...)
+	TODO: check
+CVE-2023-38203 (Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier)  ...)
+	TODO: check
+CVE-2023-37728 (Icewarp Icearp v10.2.1 was discovered to contain a cross-site scriptin ...)
+	TODO: check
+CVE-2023-37650 (A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS ...)
+	TODO: check
+CVE-2023-37649 (Incorrect access control in the component /models/Content of Cockpit C ...)
+	TODO: check
+CVE-2023-37602 (An arbitrary file upload vulnerability in the component /workplace#!ex ...)
+	TODO: check
+CVE-2023-37601 (Office Suite Premium v10.9.1.42602 was discovered to contain a local f ...)
+	TODO: check
+CVE-2023-37600 (Office Suite Premium Version v10.9.1.42602 was discovered to contain a ...)
+	TODO: check
+CVE-2023-37471 (Open Access Management (OpenAM) is an access management solution that  ...)
+	TODO: check
+CVE-2023-37290 (InfoDoc Document On-line Submission and Approval System lacks sufficie ...)
+	TODO: check
+CVE-2023-37165 (Millhouse-Project v1.414 was discovered to contain a remote code execu ...)
+	TODO: check
+CVE-2023-37164 (Diafan CMS v6.0 was discovered to contain a reflected cross-site scrip ...)
+	TODO: check
+CVE-2023-34625 (ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication B ...)
+	TODO: check
+CVE-2023-32483 (Wyse Management Suite versions prior to 4.0 contain a sensitive inform ...)
+	TODO: check
+CVE-2023-32482 (Wyse Management Suite versions prior to 4.0 contain an improper author ...)
+	TODO: check
+CVE-2023-32481 (Wyse Management Suite versions prior to 4.0 contain a denial-of-servic ...)
+	TODO: check
+CVE-2023-32476 (Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vuln ...)
+	TODO: check
+CVE-2023-32455 (Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive ...)
+	TODO: check
+CVE-2023-32447 (Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive ...)
+	TODO: check
+CVE-2023-32446 (Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive ...)
+	TODO: check
+CVE-2023-32265 (A potential security vulnerability has been identified in the Enterpri ...)
+	TODO: check
+CVE-2023-31753 (SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an ...)
+	TODO: check
+CVE-2023-31462 (An issue was discovered in SteelSeries GG 36.0.0. An attacker can chan ...)
+	TODO: check
+CVE-2023-31461 (Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to ...)
+	TODO: check
 CVE-2023-37450
 	- webkit2gtk <unfixed>
 	- wpewebkit <unfixed>
@@ -111,18 +185,18 @@ CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus
 	NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins
 CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
 	NOT-FOR-US: Foxit
-CVE-2023-3347 [SMB2 packet signing not enforced]
+CVE-2023-3347 (A vulnerability was found in Samba's SMB2 packet signing mechanism. Th ...)
 	- samba 2:4.18.5+dfsg-1
 	[bullseye] - samba <not-affected> (Vulnerable code not present)
 	[buster] - samba <not-affected> (Vulnerable code not present)
 	NOTE: https://www.samba.org/samba/security/CVE-2023-3347.html
-CVE-2023-34968 [Spotlight server-side Share Path Disclosure]
+CVE-2023-34968 (A path disclosure vulnerability was found in Samba. As part of the Spo ...)
 	- samba 2:4.18.5+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html
-CVE-2023-34967 [Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability]
+CVE-2023-34967 (A Type Confusion vulnerability was found in Samba's mdssvc RPC service ...)
 	- samba 2:4.18.5+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2023-34967.html
-CVE-2023-34966 [Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability]
+CVE-2023-34966 (An infinite loop vulnerability was found in Samba's mdssvc RPC service ...)
 	- samba 2:4.18.5+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html
 CVE-2023-3750 [improper locking in virStoragePoolObjListSearch may lead to denial of service]
@@ -158,36 +232,47 @@ CVE-2023-32001
 	NOTE: Introduced at: https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f (curl-7_84_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde (curl-8_2_0)
 CVE-2023-3740
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3738
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3737
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3736
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3735
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3734
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3733
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3732
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3730
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3728
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3727
+	{DSA-5456-1}
 	- chromium 115.0.5790.98-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote  ...)
@@ -11918,8 +12003,8 @@ CVE-2023-30202
 	RESERVED
 CVE-2023-30201
 	RESERVED
-CVE-2023-30200
-	RESERVED
+CVE-2023-30200 (In the module \u201cImage: WebP, Compress, Zoom, Lazy load, Alt & More ...)
+	TODO: check
 CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access  ...)
 	NOT-FOR-US: Prestashop
 CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Co ...)
@@ -80493,8 +80578,7 @@ CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
 	NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126)
 CVE-2022-2128 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
 	NOT-FOR-US: Trudesk
-CVE-2022-2127 [Out-Of-Bounds read in winbind AUTH_CRAP]
-	RESERVED
+CVE-2022-2127 (An out-of-bounds read vulnerability was found in Samba due to insuffic ...)
 	- samba 2:4.18.5+dfsg-1
 	NOTE: https://www.samba.org/samba/security/CVE-2022-2127.html
 CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
@@ -120026,8 +120110,8 @@ CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when instal
 	NOT-FOR-US: NIME Server
 CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...)
 	NOT-FOR-US: KNIME Analytics Platform
-CVE-2021-45094
-	RESERVED
+CVE-2021-45094 (Imprivata Privileged Access Management (formally Xton Privileged Acces ...)
+	TODO: check
 CVE-2021-45093
 	RESERVED
 CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
@@ -139311,8 +139395,8 @@ CVE-2021-39427 (Cross site scripting vulnerability in 188Jianzhan 2.10 allows at
 	NOT-FOR-US: 188Jianzhan
 CVE-2021-39426 (An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11 ...)
 	NOT-FOR-US: Seacms
-CVE-2021-39425
-	RESERVED
+CVE-2021-39425 (SeedDMS v6.0.15 was discovered to contain an open redirect vulnerabili ...)
+	TODO: check
 CVE-2021-39424
 	RESERVED
 CVE-2021-39423
@@ -209815,8 +209899,8 @@ CVE-2020-24277
 	RESERVED
 CVE-2020-24276
 	RESERVED
-CVE-2020-24275
-	RESERVED
+CVE-2020-24275 (A HTTP response header injection vulnerability in Swoole v4.5.2 allows ...)
+	TODO: check
 CVE-2020-24274
 	RESERVED
 CVE-2020-24273



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f120c3ef77cc559d2df386c64ef02cd467c2c4bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f120c3ef77cc559d2df386c64ef02cd467c2c4bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230720/e6a34697/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list