[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 1 21:12:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ae62896 by security tracker role at 2023-06-01T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-3035 (A vulnerability has been found in Guangdong Pythagorean OA Office Syst ...)
+	TODO: check
+CVE-2023-34339 (In JetBrains Ktor before 2.3.1 headers containing authentication data  ...)
+	TODO: check
+CVE-2023-34092 (Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5 ...)
+	TODO: check
+CVE-2023-34091 (Kyverno is a policy engine designed for Kubernetes. In versions of Kyv ...)
+	TODO: check
+CVE-2023-33965 (Brook is a cross-platform programmable network tool. The `tproxy` serv ...)
+	TODO: check
+CVE-2023-33963 (DataEase is an open source data visualization and analysis tool. Prior ...)
+	TODO: check
+CVE-2023-33960 (OpenProject is web-based project management software. For any OpenProj ...)
+	TODO: check
+CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...)
+	TODO: check
+CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 do ...)
+	TODO: check
+CVE-2023-33552 (Heap Buffer Overflow in the erofs_read_one_data function at data.c in  ...)
+	TODO: check
+CVE-2023-33551 (Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/mai ...)
+	TODO: check
+CVE-2023-33546 (janino 3.1.9 and earlier are subject to denial of service (DOS) attack ...)
+	TODO: check
+CVE-2023-33544 (hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input ...)
+	TODO: check
+CVE-2023-32717 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in  ...)
+	TODO: check
+CVE-2023-32716 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Spl ...)
+	TODO: check
+CVE-2023-32715 (In the Splunk App for Lookup File Editing versions below 4.0.1, a user ...)
+	TODO: check
+CVE-2023-32714 (In the Splunk App for Lookup File Editing versions below 4.0.1, a low- ...)
+	TODO: check
+CVE-2023-32713 (In Splunk App for Stream versions below 8.1.1, a low-privileged user c ...)
+	TODO: check
+CVE-2023-32712 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an atta ...)
+	TODO: check
+CVE-2023-32711 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splun ...)
+	TODO: check
+CVE-2023-32710 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in  ...)
+	TODO: check
+CVE-2023-32709 (In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Spl ...)
+	TODO: check
+CVE-2023-32708 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Spl ...)
+	TODO: check
+CVE-2023-32707 (In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and  ...)
+	TODO: check
+CVE-2023-32706 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unau ...)
+	TODO: check
+CVE-2023-32690 (libspdm is a sample implementation that follows the DMTF SPDM specific ...)
+	TODO: check
+CVE-2023-32310 (DataEase is an open source data visualization and analysis tool. The A ...)
+	TODO: check
+CVE-2023-32181 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...)
+	TODO: check
+CVE-2015-10109 (A vulnerability was found in Video Playlist and Gallery Plugin up to 1 ...)
+	TODO: check
+CVE-2014-125104 (A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPres ...)
+	TODO: check
 CVE-2023-XXXX [RUSTSEC-2023-0039]
 	- rust-buffered-reader <unfixed> (bug #1037018)
 	[bookworm] - rust-buffered-reader <no-dsa> (Minor issue)
@@ -5,7 +65,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0039]
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0039.html
 	NOTE: https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/
 	NOTE: https://gitlab.com/sequoia-pgp/sequoia/-/commit/f6307652fb2cbf4e0fbd3f897b1ec70863fcfa61
-CVE-2023-32324 [Heap buffer overflow in cupsd]
+CVE-2023-32324 (OpenPrinting CUPS is an open source printing system. In versions 2.4.2 ...)
 	- cups 2.4.2-4
 	[bookworm] - cups <no-dsa> (Can be fixed via point release; exploitable when setting loglevel to DEBUG)
 	[bullseye] - cups <no-dsa> (Can be fixed via point release; exploitable when setting loglevel to DEBUG)
@@ -12501,8 +12561,8 @@ CVE-2023-28068 (Dell Command Monitor, versions 10.9 and prior, contains an impro
 	NOT-FOR-US: Dell
 CVE-2023-28067
 	RESERVED
-CVE-2023-28066
-	RESERVED
+CVE-2023-28066 (Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Im ...)
+	TODO: check
 CVE-2023-28065
 	RESERVED
 CVE-2023-28064
@@ -12547,8 +12607,8 @@ CVE-2023-28045 (Dell CloudIQ Collector version 1.10.2 contains a missing encrypt
 	NOT-FOR-US: Dell
 CVE-2023-28044
 	RESERVED
-CVE-2023-28043
-	RESERVED
+CVE-2023-28043 (Dell SCG 5.14 contains an information disclosure vulnerability during  ...)
+	TODO: check
 CVE-2023-28042
 	RESERVED
 CVE-2023-28041
@@ -28742,18 +28802,18 @@ CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena ve
 	- apache-jena <unfixed> (bug #1035952)
 	[bookworm] - apache-jena <no-dsa> (Minor issue)
 	NOTE: https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s
-CVE-2023-22652
-	RESERVED
+CVE-2023-22652 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...)
+	TODO: check
 CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher allows Pri ...)
 	NOT-FOR-US: Rancher
 CVE-2023-22650
 	RESERVED
 CVE-2023-22649
 	RESERVED
-CVE-2023-22648
-	RESERVED
-CVE-2023-22647
-	RESERVED
+CVE-2023-22648 (A Improper Privilege Management vulnerability in SUSE Rancher causes p ...)
+	TODO: check
+CVE-2023-22647 (An Improper Privilege Management vulnerability in SUSE Rancher allowed ...)
+	TODO: check
 CVE-2023-22646
 	RESERVED
 CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...)
@@ -47030,8 +47090,8 @@ CVE-2022-3689 (The HTML Forms WordPress plugin before 1.3.25 does not properly p
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF check  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-43760
-	RESERVED
+CVE-2022-43760 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+	TODO: check
 CVE-2022-43759 (A Improper Privilege Management vulnerability in SUSE Rancher, allows  ...)
 	NOT-FOR-US: Rancher
 CVE-2022-43758 (A Improper Neutralization of Special Elements used in an OS Command (' ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ae6289696dd2ebe823e2163bede15923d64f608

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ae6289696dd2ebe823e2163bede15923d64f608
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230601/abfdde2c/attachment.htm>

More information about the debian-security-tracker-commits mailing list