[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 26 21:12:31 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cdcfdd27 by security tracker role at 2023-07-26T20:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,18 +1,54 @@
-CVE-2023-3442
+CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform that al ...)
+ TODO: check
+CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper Initial ...)
+ TODO: check
+CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesti ...)
+ TODO: check
+CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. This resul ...)
+ TODO: check
+CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause ...)
+ TODO: check
+CVE-2023-38671 (Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Thi ...)
+ TODO: check
+CVE-2023-38670 (Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. ...)
+ TODO: check
+CVE-2023-38669 (Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This r ...)
+ TODO: check
+CVE-2023-37624 (Netdisco before v2.063000 was discovered to contain an open redirect v ...)
+ TODO: check
+CVE-2023-37623 (Netdisco before v2.063000 was discovered to contain a cross-site scrip ...)
+ TODO: check
+CVE-2023-37049 (emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\templat ...)
+ TODO: check
+CVE-2023-33802 (A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to caus ...)
+ TODO: check
+CVE-2023-33308 (A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS ver ...)
+ TODO: check
+CVE-2023-33229 (The SolarWinds Platform was susceptible to the Incorrect Input Neutral ...)
+ TODO: check
+CVE-2023-33225 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
+ TODO: check
+CVE-2023-33224 (The SolarWinds Platform was susceptible to the Incorrect Behavior Orde ...)
+ TODO: check
+CVE-2023-31466 (An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Conf ...)
+ TODO: check
+CVE-2023-31465 (An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. B ...)
+ TODO: check
+CVE-2023-3442 (A missing authorization vulnerability exists in versions of the Jenkin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-3414
+CVE-2023-3414 (A cross-site request forgery vulnerability exists in versions of the J ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-39156
+CVE-2023-39156 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Pl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-39155
+CVE-2023-39155 (Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user. ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-39154
+CVE-2023-39154 (Incorrect permission checks in Jenkins Qualys Web App Scanning Connect ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-39153
+CVE-2023-39153 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Au ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-39152
+CVE-2023-39152 (Always-incorrect control flow implementation in Jenkins Gradle Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-39151
+CVE-2023-39151 (Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize o ...)
- jenkins <removed>
CVE-2023-3947 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...)
NOT-FOR-US: Video Conferencing with Zoom plugin for WordPress
@@ -694,6 +730,7 @@ CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters ma
NOTE: https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb (openssl-3.0)
NOTE: https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528 (OpenSSL_1_1_1-stable)
CVE-2023-32001 [fopen race condition]
+ {DSA-5460-1}
- curl <unfixed> (bug #1041812)
[bullseye] - curl <not-affected> (Vulnerable code not present)
[buster] - curl <not-affected> (Vulnerable code not present)
@@ -4945,7 +4982,7 @@ CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3
NOT-FOR-US: lua-resty-json
CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...)
NOT-FOR-US: cfnts
-CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows attackers ...)
+CVE-2023-35116 (jackson-databind through 2.15.2 allows attackers to cause a denial of ...)
NOTE: Disputed jackson-databind issue
NOTE: https://github.com/FasterXML/jackson-databind/issues/3972
NOTE: https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1597218091
@@ -10077,8 +10114,8 @@ CVE-2023-30951
RESERVED
CVE-2023-30950
RESERVED
-CVE-2023-30949
- RESERVED
+CVE-2023-30949 (A missing origin validation in Slate sandbox could be exploited by a m ...)
+ TODO: check
CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...)
NOT-FOR-US: Palantir
CVE-2023-30947
@@ -11299,8 +11336,8 @@ CVE-2023-30579
RESERVED
CVE-2023-30578
RESERVED
-CVE-2023-30577
- RESERVED
+CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag- ...)
+ TODO: check
CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a free ...)
- guacamole-client <removed>
CVE-2023-30575 (Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths ...)
@@ -19116,8 +19153,8 @@ CVE-2023-28132
RESERVED
CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to take ov ...)
NOT-FOR-US: expo.io
-CVE-2023-28130
- RESERVED
+CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...)
+ TODO: check
CVE-2023-28129
RESERVED
CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...)
@@ -22635,8 +22672,8 @@ CVE-2023-26913 (EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to
NOT-FOR-US: EVOLUCARE ECSIMAGING
CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commi ...)
NOT-FOR-US: S-mall-ssm
-CVE-2023-26911
- RESERVED
+CVE-2023-26911 (ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contain ...)
+ TODO: check
CVE-2023-26910
RESERVED
CVE-2023-26909
@@ -22739,8 +22776,8 @@ CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet v.1.7
NOT-FOR-US: PrestaShop module
CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...)
NOT-FOR-US: PrestaShop Igbudget
-CVE-2023-26859
- RESERVED
+CVE-2023-26859 (SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 an ...)
+ TODO: check
CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...)
NOT-FOR-US: prestashop
CVE-2023-26857 (An arbitrary file upload vulnerability in /admin/ajax.php?action=save_ ...)
@@ -31580,12 +31617,12 @@ CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library
NOT-FOR-US: Open5GS
CVE-2023-23845
RESERVED
-CVE-2023-23844
- RESERVED
-CVE-2023-23843
- RESERVED
-CVE-2023-23842
- RESERVED
+CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
+ TODO: check
+CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
+ TODO: check
+CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to the Di ...)
+ TODO: check
CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...)
NOT-FOR-US: SolarWinds
CVE-2023-23840
@@ -38333,7 +38370,7 @@ CVE-2022-47760
RESERVED
CVE-2022-47759
RESERVED
-CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allo ...)
+CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowi ...)
NOT-FOR-US: Nanoleaf
CVE-2022-47757 (In imo.im 2022.11.1051, a path traversal vulnerability delivered via a ...)
NOT-FOR-US: imo.im Android application
@@ -54147,14 +54184,14 @@ CVE-2022-43715
RESERVED
CVE-2022-43714
RESERVED
-CVE-2022-43713
- RESERVED
-CVE-2022-43712
- RESERVED
-CVE-2022-43711
- RESERVED
-CVE-2022-43710
- RESERVED
+CVE-2022-43713 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 ...)
+ TODO: check
+CVE-2022-43712 (POST requests to /web/mvc in GX Software XperienCentral version 10.36. ...)
+ TODO: check
+CVE-2022-43711 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 ...)
+ TODO: check
+CVE-2022-43710 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 ...)
+ TODO: check
CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users ...)
NOT-FOR-US: MyBB
CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabil ...)
@@ -88039,8 +88076,8 @@ CVE-2022-31458 (RTX TRAP v1.0 was discovered to be vulnerable to host header poi
TODO: check
CVE-2022-31457 (RTX TRAP v1.0 allows attackers to perform a directory traversal via a ...)
TODO: check
-CVE-2022-31456
- RESERVED
+CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows a ...)
+ TODO: check
CVE-2022-31455
RESERVED
CVE-2022-31454
@@ -120567,9 +120604,9 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect acces
NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
CVE-2022-21953 (A Missing Authorization vulnerability in of SUSE Rancher allows authen ...)
NOT-FOR-US: Rancher
-CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk-java o ...)
+CVE-2022-21952 (A Missing Authentication for Critical Function vulnerability in spacew ...)
NOT-FOR-US: Uyuni
-CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...)
+CVE-2022-21951 (A Cleartext Transmission of Sensitive Information vulnerability in SUS ...)
NOT-FOR-US: Rancher
CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service of cana ...)
NOT-FOR-US: SuSE
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdcfdd27be0ca00d4f1962bbc811089c6cb96152
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdcfdd27be0ca00d4f1962bbc811089c6cb96152
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230726/610218bf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list