[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 1 09:12:09 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9cc09a3c by security tracker role at 2023-06-01T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-3029 (A vulnerability has been found in Guangdong Pythagorean OA Office Syst ...)
+	TODO: check
+CVE-2023-3028 (Insufficient authentication in the MQTT backend (broker) allows an att ...)
+	TODO: check
+CVE-2023-3026 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...)
+	TODO: check
+CVE-2023-34312 (In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProte ...)
+	TODO: check
+CVE-2023-33778 (Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Poin ...)
+	TODO: check
+CVE-2023-33719 (mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::R ...)
+	TODO: check
+CVE-2023-33716 (mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4 ...)
+	TODO: check
+CVE-2023-33643 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33642 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33641 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33640 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33639 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33638 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33637 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33636 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33635 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33634 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33633 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33632 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33631 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33630 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33629 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33628 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33627 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a  ...)
+	TODO: check
+CVE-2023-33461 (iniparser v4.1 is vulnerable to NULL Pointer Dereference in function i ...)
+	TODO: check
+CVE-2023-30758 (Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier  ...)
+	TODO: check
+CVE-2023-29159 (Directory traversal vulnerability in Starlette versions 0.13.5 and lat ...)
+	TODO: check
+CVE-2023-29154 (SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) v ...)
+	TODO: check
+CVE-2023-28937 (DataSpider Servista version 4.4 and earlier uses a hard-coded cryptogr ...)
+	TODO: check
+CVE-2023-28824 (Server-side request forgery vulnerability exists in CONPROSYS HMI Syst ...)
+	TODO: check
+CVE-2023-28713 (Plaintext storage of a password exists in CONPROSYS HMI System (CHS) v ...)
+	TODO: check
+CVE-2023-28657 (Improper access control vulnerability exists in CONPROSYS HMI System ( ...)
+	TODO: check
+CVE-2023-28651 (Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS ...)
+	TODO: check
+CVE-2023-28399 (Incorrect permission assignment for critical resource exists in CONPRO ...)
+	TODO: check
+CVE-2018-25086 (A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has  ...)
+	TODO: check
+CVE-2010-10010 (A vulnerability classified as problematic has been found in Stars Alli ...)
+	TODO: check
 CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-libr ...)
 	TODO: check
 CVE-2023-3020 (Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-l ...)
@@ -207,7 +279,7 @@ CVE-2023-32218 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redire
 	NOT-FOR-US: Avaya
 CVE-2023-2994
 	REJECTED
-CVE-2023-2985 [fs: hfsplus: fix UAF issue in hfsplus_put_super]
+CVE-2023-2985 (A use after free flaw was found in hfsplus_put_super in fs/hfsplus/sup ...)
 	- linux 6.1.20-1
 	[bullseye] - linux 5.10.178-1
 	[buster] - linux 4.19.282-1
@@ -224,7 +296,7 @@ CVE-2023-2979 (A vulnerability classified as critical has been found in Abstrium
 	NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been r ...)
 	NOT-FOR-US: Abstrium Pydio Cells
-CVE-2023-2977
+CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a buffer  ...)
 	- opensc <unfixed>
 	NOTE: https://github.com/OpenSC/OpenSC/issues/2785
 	NOTE: https://github.com/OpenSC/OpenSC/pull/2787
@@ -878,7 +950,7 @@ CVE-2023-32373
 	NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
 CVE-2023-32350 (Versions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firm ...)
 	NOT-FOR-US: Teltonika
-CVE-2023-32349 (Versions 00.07.00 through 00.07.03.4 of Teltonika\u2019s RUT router fi ...)
+CVE-2023-32349 (Version 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware c ...)
 	NOT-FOR-US: Teltonika
 CVE-2023-32348 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...)
 	NOT-FOR-US: Teltonika
@@ -2083,7 +2155,7 @@ CVE-2023-2609 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.
 	NOTE: https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622
 	NOTE: https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad (v9.0.1531)
 	NOTE: Crash in CLI tool, no security impact
-CVE-2023-2598 [io_uring/rsrc: check for nonconsecutive pages]
+CVE-2023-2598 (A flaw was found in the fixed buffer registration code for io_uring (i ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/3
 	NOTE: https://git.kernel.org/linus/776617db78c6d208780e7c69d4d68d1fa82913de (6.4-rc1)
@@ -6717,8 +6789,8 @@ CVE-2023-29750
 	RESERVED
 CVE-2023-29749
 	RESERVED
-CVE-2023-29748
-	RESERVED
+CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android has an ...)
+	TODO: check
 CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...)
 	TODO: check
 CVE-2023-29746
@@ -20755,8 +20827,8 @@ CVE-2023-25074
 	RESERVED
 CVE-2023-24590
 	RESERVED
-CVE-2023-24584
-	RESERVED
+CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller  ...)
+	TODO: check
 CVE-2023-23584
 	RESERVED
 CVE-2023-23576
@@ -24294,14 +24366,14 @@ CVE-2023-23957
 	RESERVED
 CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...)
 	TODO: check
-CVE-2023-23955
-	RESERVED
-CVE-2023-23954
-	RESERVED
-CVE-2023-23953
-	RESERVED
-CVE-2023-23952
-	RESERVED
+CVE-2023-23955 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
+	TODO: check
+CVE-2023-23954 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
+	TODO: check
+CVE-2023-23953 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
+	TODO: check
+CVE-2023-23952 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
+	TODO: check
 CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the current user b ...)
 	NOT-FOR-US: Symantec
 CVE-2023-23950 (User\u2019s supplied input (usually a CRLF sequence) can be used to sp ...)
@@ -35567,10 +35639,10 @@ CVE-2022-4335 (A blind SSRF vulnerability was identified in all versions of GitL
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-4334
 	REJECTED
-CVE-2022-4333
-	RESERVED
-CVE-2022-4332
-	RESERVED
+CVE-2022-4333 (Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher A ...)
+	TODO: check
+CVE-2022-4332 (In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x avulnera ...)
+	TODO: check
 CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not sanitise and ...)
@@ -68674,7 +68746,7 @@ CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
+CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-35823 (Microsoft SharePoint Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -68838,8 +68910,8 @@ CVE-2022-35744 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vuln
 	TODO: check
 CVE-2022-35743 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...)
 	TODO: check
-CVE-2022-35742
-	RESERVED
+CVE-2022-35742 (Microsoft Outlook Denial of Service Vulnerability)
+	TODO: check
 CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user logged into  ...)
 	NOT-FOR-US: ESET
 CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost version ...)
@@ -71875,9 +71947,9 @@ CVE-2022-34688
 	RESERVED
 CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE  ...)
+CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. This CVE  ...)
+CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-34684 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
 	- nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
@@ -74947,7 +75019,7 @@ CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability.)
+CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability.)
 	NOT-FOR-US: Microsoft
@@ -101513,7 +101585,7 @@ CVE-2022-24518 (Azure Site Recovery Elevation of Privilege Vulnerability. This C
 	NOT-FOR-US: Microsoft
 CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID i ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID  ...)
 	NOT-FOR-US: Microsoft
@@ -101591,7 +101663,7 @@ CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of Privilege
 	NOT-FOR-US: Microsoft
 CVE-2022-24478
 	RESERVED
-CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-24476
 	RESERVED
@@ -112993,9 +113065,9 @@ CVE-2022-21982
 	RESERVED
 CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2022-21979 (Microsoft Exchange Information Disclosure Vulnerability. This CVE ID i ...)
+CVE-2022-21979 (Microsoft Exchange Server Information Disclosure Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege Vulnerability.)
 	NOT-FOR-US: Microsoft



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc09a3c20cba0fdbbb616f81b44392020855d26

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc09a3c20cba0fdbbb616f81b44392020855d26
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230601/d0e7b52e/attachment.htm>

More information about the debian-security-tracker-commits mailing list