[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 8 09:12:16 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e80cd727 by security tracker role at 2023-06-08T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- ...)
+ TODO: check
+CVE-2023-34239 (Gradio is an open-source Python library that is used to build machine ...)
+ TODO: check
+CVE-2023-34238 (Gatsby is a free and open source framework based on React. The Gatsby ...)
+ TODO: check
+CVE-2023-33849 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...)
+ TODO: check
+CVE-2023-33848 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...)
+ TODO: check
+CVE-2023-33847 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...)
+ TODO: check
+CVE-2023-33846 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...)
+ TODO: check
+CVE-2023-33496 (xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerabili ...)
+ TODO: check
+CVE-2023-2986 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 ...)
+ TODO: check
+CVE-2023-2866 (If an attacker can trick an authenticated user into loading a maliciou ...)
+ TODO: check
CVE-2023-3153 [service monitor MAC flow is not rate limited]
- ovn <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279
@@ -393,6 +415,7 @@ CVE-2023-34417
- firefox 114.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417
CVE-2023-34416
+ {DSA-5421-1 DLA-3448-1}
- firefox 114.0-1
- firefox-esr 102.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416
@@ -401,6 +424,7 @@ CVE-2023-34415
- firefox 114.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34415
CVE-2023-34414
+ {DSA-5421-1 DLA-3448-1}
- firefox 114.0-1
- firefox-esr 102.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34414
@@ -3641,8 +3665,8 @@ CVE-2023-31205
RESERVED
CVE-2023-31204
RESERVED
-CVE-2023-31200
- RESERVED
+CVE-2023-31200 (PTC Vuforia Studio does not require a token; this could allow an atta ...)
+ TODO: check
CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbox(TM) ...)
NOT-FOR-US: Intel
CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...)
@@ -3795,14 +3819,14 @@ CVE-2023-30768 (Improper access control in the Intel(R) Server Board S2600WTT be
NOT-FOR-US: Intel
CVE-2023-30763 (Heap-based overflow in Intel(R) SoC Watch based software before versio ...)
NOT-FOR-US: Intel
-CVE-2023-29502
- RESERVED
+CVE-2023-29502 (Before importing a project into Vuforia, a user could modify the \u20 ...)
+ TODO: check
CVE-2023-29242 (Improper access control for Intel(R) oneAPI Toolkits before version 20 ...)
NOT-FOR-US: Intel
-CVE-2023-29168
- RESERVED
-CVE-2023-29152
- RESERVED
+CVE-2023-29168 (The local Vuforia web application does not support HTTPS, and federate ...)
+ TODO: check
+CVE-2023-29152 (By changing the filename parameter in the request, an attacker could ...)
+ TODO: check
CVE-2023-28822
RESERVED
CVE-2023-28745
@@ -3813,10 +3837,10 @@ CVE-2023-28719
RESERVED
CVE-2023-28378
RESERVED
-CVE-2023-27881
- RESERVED
-CVE-2023-24476
- RESERVED
+CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality to uplo ...)
+ TODO: check
+CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...)
+ TODO: check
CVE-2023-2270
RESERVED
CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
@@ -3856,12 +3880,12 @@ CVE-2023-31118
RESERVED
CVE-2023-31117
RESERVED
-CVE-2023-31116
- RESERVED
-CVE-2023-31115
- RESERVED
-CVE-2023-31114
- RESERVED
+CVE-2023-31116 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...)
+ TODO: check
+CVE-2023-31115 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...)
+ TODO: check
+CVE-2023-31114 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...)
+ TODO: check
CVE-2023-31113
RESERVED
CVE-2023-31112
@@ -8776,8 +8800,8 @@ CVE-2023-1866 (The YourChannel plugin for WordPress is vulnerable to Cross-Site
NOT-FOR-US: YourChannel plugin for WordPress
CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...)
NOT-FOR-US: YourChannel plugin for WordPress
-CVE-2023-1864
- RESERVED
+CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable ...)
+ TODO: check
CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Eskom Computer Water Metering Software
CVE-2023-1862
@@ -9901,8 +9925,8 @@ CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell
NOT-FOR-US: Rockwell Automation
CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...)
- gitlab <unfixed>
-CVE-2023-1709
- RESERVED
+CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while parsing ...)
+ TODO: check
CVE-2023-29021
RESERVED
CVE-2023-29020 (@fastify/passport is a port of passport authentication library for the ...)
@@ -18149,7 +18173,7 @@ CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox
NOT-FOR-US: Trellix
CVE-2023-0977 (A heap-based overflow vulnerability in Trellix Agent (Windows and Linu ...)
NOT-FOR-US: Trellix
-CVE-2023-0976 (A heap-based overflow vulnerability in TA prior to version 5.7.9 allow ...)
+CVE-2023-0976 (A command Injection Vulnerability in TA for mac-OS prior to version 5. ...)
TODO: check
CVE-2023-0975 (A vulnerability exists in Trellix Agent for Windows version 5.7.8 and ...)
NOT-FOR-US: Trellix
@@ -20489,10 +20513,10 @@ CVE-2015-10077 (A vulnerability was found in webbuilders-group silverstripe-kapo
NOT-FOR-US: Silverstripe
CVE-2023-25612
RESERVED
-CVE-2023-25177
- RESERVED
-CVE-2023-24014
- RESERVED
+CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...)
+ TODO: check
+CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...)
+ TODO: check
CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- gitlab <unfixed>
CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...)
@@ -24271,7 +24295,7 @@ CVE-2023-24331
RESERVED
CVE-2023-24330
RESERVED
-CVE-2023-24329 (An issue in the urllib.parse component of Python before v3.11 allows a ...)
+CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows ...)
- python3.11 3.11.4-1
- python3.9 <removed>
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -26805,12 +26829,12 @@ CVE-2023-23484
RESERVED
CVE-2023-23483
RESERVED
-CVE-2023-23482
- RESERVED
-CVE-2023-23481
- RESERVED
-CVE-2023-23480
- RESERVED
+CVE-2023-23482 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allo ...)
+ TODO: check
+CVE-2023-23481 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...)
+ TODO: check
+CVE-2023-23480 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...)
+ TODO: check
CVE-2023-23479
RESERVED
CVE-2023-23478
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e80cd72700067317e88bf998cf07f3d3ef7b6013
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e80cd72700067317e88bf998cf07f3d3ef7b6013
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230608/5e34b1cc/attachment.htm>
More information about the debian-security-tracker-commits
mailing list