[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 25 09:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f9d68407 by security tracker role at 2023-07-25T08:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2023-3888 (A vulnerability was found in Campcodes Beauty Salon Management System ...)
+ TODO: check
+CVE-2023-3887 (A vulnerability was found in Campcodes Beauty Salon Management System ...)
+ TODO: check
+CVE-2023-3886 (A vulnerability was found in Campcodes Beauty Salon Management System ...)
+ TODO: check
+CVE-2023-3885 (A vulnerability was found in Campcodes Beauty Salon Management System ...)
+ TODO: check
+CVE-2023-3884 (A vulnerability has been found in Campcodes Beauty Salon Management Sy ...)
+ TODO: check
+CVE-2023-3883 (A vulnerability, which was classified as problematic, was found in Cam ...)
+ TODO: check
+CVE-2023-3882 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2023-3881 (A vulnerability classified as critical was found in Campcodes Beauty S ...)
+ TODO: check
+CVE-2023-3880 (A vulnerability classified as critical has been found in Campcodes Bea ...)
+ TODO: check
+CVE-2023-3879 (A vulnerability was found in Campcodes Beauty Salon Management System ...)
+ TODO: check
+CVE-2023-3878 (A vulnerability was found in Campcodes Beauty Salon Management System ...)
+ TODO: check
+CVE-2023-3877 (A vulnerability was found in Campcodes Beauty Salon Management System ...)
+ TODO: check
+CVE-2023-3876 (A vulnerability was found in Campcodes Beauty Salon Management System ...)
+ TODO: check
+CVE-2023-3875 (A vulnerability has been found in Campcodes Beauty Salon Management Sy ...)
+ TODO: check
+CVE-2023-3874 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2023-3873 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2023-3872 (A vulnerability classified as critical was found in Campcodes Beauty S ...)
+ TODO: check
+CVE-2023-3871 (A vulnerability classified as critical has been found in Campcodes Bea ...)
+ TODO: check
+CVE-2023-3046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-38745 (Pandoc before 3.1.6 allows arbitrary file write: this can be triggered ...)
+ TODO: check
+CVE-2023-37361 (REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via schedu ...)
+ TODO: check
+CVE-2023-35088 (Improper Neutralization of Special Elements Used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-35078 (Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, throu ...)
+ TODO: check
+CVE-2023-35067 (Plaintext Storage of a Password vulnerability in Infodrom Software E-I ...)
+ TODO: check
+CVE-2023-35066 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-34434 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...)
+ TODO: check
+CVE-2023-34189 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...)
+ TODO: check
+CVE-2023-33777 (An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.2 ...)
+ TODO: check
+CVE-2023-32639 (Applicant Programme Ver.7.06 and earlier improperly restricts XML exte ...)
+ TODO: check
+CVE-2023-32637 (GBrowse accepts files with any formats uploaded and places them in the ...)
+ TODO: check
+CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...)
+ TODO: check
+CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...)
+ TODO: check
CVE-2023-38289 [libtiff: integer overflow in tiffcp.c]
- tiff <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2224974
@@ -160,9 +224,9 @@ CVE-2023-37903 (vm2 is an open source vm/sandbox for Node.js. In vm2 for version
NOT-FOR-US: Node vm2
CVE-2023-37901 (Indico is an open source a general-purpose, web based event management ...)
NOT-FOR-US: CERN Indico
-CVE-2023-37742 (WebBoss.io CMS before v3.6.8.1 was discovered to contain a reflected c ...)
+CVE-2023-37742 (WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected c ...)
NOT-FOR-US: WebBoss.io CMS
-CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0 allows attackers to a ...)
+CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to ...)
NOT-FOR-US: WebBoss.io CMS
CVE-2023-35392 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -5518,6 +5582,7 @@ CVE-2020-36728 (The Adning Advertising plugin for WordPress is vulnerable to fil
CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to arbitrary ...)
NOT-FOR-US: Adning Advertising plugin for WordPress
CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a symlink ...)
+ {DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
@@ -5526,6 +5591,7 @@ CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a sy
NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27)
NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27)
CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Inte ...)
+ {DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
@@ -5534,6 +5600,7 @@ CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows a
NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27)
NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27)
CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow wit ...)
+ {DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
@@ -24763,8 +24830,8 @@ CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS functi
NOT-FOR-US: teler-waf
CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...)
NOT-FOR-US: teler-waf
-CVE-2023-26045
- RESERVED
+CVE-2023-26045 (NodeBB is Node.js based forum software. Starting in version 2.5.0 and ...)
+ TODO: check
CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and server implem ...)
- php-react-http <removed>
[buster] - php-react-http <no-dsa> (Minor issue)
@@ -27479,8 +27546,8 @@ CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devic
NOT-FOR-US: NOKIA
CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...)
NOT-FOR-US: NOKIA
-CVE-2023-25074
- RESERVED
+CVE-2023-25074 (Improper privilege validation in Command Centre Server allows authenti ...)
+ TODO: check
CVE-2023-24590
RESERVED
CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller ...)
@@ -27491,14 +27558,14 @@ CVE-2023-23576
RESERVED
CVE-2023-23570
RESERVED
-CVE-2023-23568
- RESERVED
+CVE-2023-23568 (Improper privilege validation in Command Centre Server allows authenti ...)
+ TODO: check
CVE-2023-22439
RESERVED
-CVE-2023-22428
- RESERVED
-CVE-2023-22363
- RESERVED
+CVE-2023-22428 (Improper privilege validation in Command Centre Server allows authenti ...)
+ TODO: check
+CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server allows an a ...)
+ TODO: check
CVE-2023-0672
RESERVED
CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.)
@@ -48495,10 +48562,10 @@ CVE-2023-21408
RESERVED
CVE-2023-21407
RESERVED
-CVE-2023-21406
- RESERVED
-CVE-2023-21405
- RESERVED
+CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A ...)
+ TODO: check
+CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network Door Contro ...)
+ TODO: check
CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components ...)
NOT-FOR-US: AXIS OS
CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...)
@@ -91790,7 +91857,7 @@ CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS dire
NOTE: https://curl.se/docs/CVE-2022-30115.html
NOTE: Introduced by: https://github.com/curl/curl/commit/b27ad8e1d3e68eb3214fcbb398ca436873aa7c67 (curl-7_82_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/fae6fea209a2d4db1582f608bd8cc8000721733a (curl-7_83_1)
-CVE-2022-1551 (The SP Project & Document Manager WordPress plugin through 4.57 uses a ...)
+CVE-2022-1551 (The SP Project & Document Manager WordPress plugin before 4.58 uses an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1550
REJECTED
@@ -102904,7 +102971,7 @@ CVE-2022-0830 (The FormBuilder WordPress plugin through 1.08 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior to 1.9 ...)
- webmin <removed>
-CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.39 uses the uniqid ph ...)
+CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.34 uses the uniqid ph ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0827 (The Bestbooks WordPress plugin through 2.6.3 does not sanitise and esc ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9d68407f34269f048562a1db5dff67819a13efd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9d68407f34269f048562a1db5dff67819a13efd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230725/744b77d5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list