[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 13 21:12:46 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f80ffec6 by security tracker role at 2023-06-13T20:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.)
+ TODO: check
+CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...)
+ TODO: check
+CVE-2023-3050 (Reliance on Cookies without Validation and Integrity Checking in a Sec ...)
+ TODO: check
+CVE-2023-3049 (Unrestricted Upload of File with Dangerous Type vulnerability in TMT L ...)
+ TODO: check
+CVE-2023-3048 (Authorization Bypass Through User-Controlled Key vulnerability in TMT ...)
+ TODO: check
+CVE-2023-3047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-35064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-34965 (SSPanel-Uim 2023.3 does not restrict access to the /link/ interface wh ...)
+ TODO: check
+CVE-2023-34249 (benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd ...)
+ TODO: check
+CVE-2023-34247 (Keystone is a content management system for Node.JS. There is an open ...)
+ TODO: check
+CVE-2023-34122 (Improper input validation in the installer for Zoom for Windows clien ...)
+ TODO: check
+CVE-2023-34121 (Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom V ...)
+ TODO: check
+CVE-2023-34120 (Improper privilege management in Zoom for Windows, Zoom Rooms for Wind ...)
+ TODO: check
+CVE-2023-34115 (Buffer copy without checking size of input in Zoom Meeting SDK befor ...)
+ TODO: check
+CVE-2023-34114 (Exposure of resource to wrong sphere in Zoom for Windows and Zoom for ...)
+ TODO: check
+CVE-2023-34113 (Insufficient verification of data authenticity in Zoom for Windows cl ...)
+ TODO: check
+CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
+ TODO: check
+CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
+ TODO: check
+CVE-2023-33919 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
+ TODO: check
+CVE-2023-33695 (Hutool v5.8.17 and below was discovered to contain an information disc ...)
+ TODO: check
+CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication ...)
+ TODO: check
+CVE-2023-33620 (GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its ...)
+ TODO: check
+CVE-2023-33568 (An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attacke ...)
+ TODO: check
+CVE-2023-33305 (A loop with unreachable exit condition ('infinite loop') in Fortinet F ...)
+ TODO: check
+CVE-2023-33124 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...)
+ TODO: check
+CVE-2023-33123 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...)
+ TODO: check
+CVE-2023-33122 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...)
+ TODO: check
+CVE-2023-33121 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...)
+ TODO: check
+CVE-2023-32548 (OS command injection vulnerability exists in WPS Office version 10.8.0 ...)
+ TODO: check
+CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop Application (M ...)
+ TODO: check
+CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the \u2018B ...)
+ TODO: check
+CVE-2023-31439 (An issue was discovered in systemd 253. An attacker can modify the con ...)
+ TODO: check
+CVE-2023-31438 (An issue was discovered in systemd 253. An attacker can truncate a sea ...)
+ TODO: check
+CVE-2023-31437 (An issue was discovered in systemd 253. An attacker can modify a seale ...)
+ TODO: check
+CVE-2023-31198 (OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If ...)
+ TODO: check
+CVE-2023-31196 (Missing authentication for critical function in Wi-Fi AP UNIT allows a ...)
+ TODO: check
+CVE-2023-31195 (ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 use ...)
+ TODO: check
+CVE-2023-30766 (Hidden functionality issue exists in KB-AHR series and KB-IRIP series. ...)
+ TODO: check
+CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and KB-IRIP ...)
+ TODO: check
+CVE-2023-30762 (Improper authentication vulnerability exists in KB-AHR series and KB-I ...)
+ TODO: check
+CVE-2023-2807 (Authentication Bypass by Spoofing vulnerability in the password reset ...)
+ TODO: check
+CVE-2023-29501 (Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, an ...)
+ TODO: check
+CVE-2023-29498 (Improper restriction of XML external entity reference (XXE) vulnerabil ...)
+ TODO: check
+CVE-2023-29167 (Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. ...)
+ TODO: check
+CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader ...)
+ TODO: check
CVE-2023-XXXX [Parsing of KeyInfo elements can cause remote resource access]
- xmltooling <unfixed>
NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt
@@ -1594,16 +1684,16 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0.
NOT-FOR-US: OpenEMR
CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
NOT-FOR-US: OpenEMR
-CVE-2023-3217
+CVE-2023-3217 (Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allow ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-3216
+CVE-2023-3216 (Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-3215
+CVE-2023-3215 (Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allo ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-3214
+CVE-2023-3214 (Use after free in Autofill payments in Google Chrome prior to 114.0.57 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3079 (Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed ...)
@@ -3827,8 +3917,8 @@ CVE-2023-31251
CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file paths in ...)
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2023-005
-CVE-2023-31238
- RESERVED
+CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
+ TODO: check
CVE-2023-31237
RESERVED
CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...)
@@ -4829,8 +4919,8 @@ CVE-2023-30903
RESERVED
CVE-2023-30902
RESERVED
-CVE-2023-30901
- RESERVED
+CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
+ TODO: check
CVE-2023-30900
RESERVED
CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...)
@@ -4850,8 +4940,8 @@ CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kerne
NOTE: https://git.kernel.org/linus/92fbb6d1296f81f41f65effd7f5f8c0f74943d15 (6.3-rc4)
CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...)
- mattermost-server <itp> (bug #823556)
-CVE-2023-30897
- RESERVED
+CVE-2023-30897 (A vulnerability has been identified in SIMATIC WinCC (All versions < V ...)
+ TODO: check
CVE-2023-2192
RESERVED
CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...)
@@ -5455,8 +5545,8 @@ CVE-2023-30770 (A stack-based buffer overflow vulnerability was found in the ASU
CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) communic ...)
- dogecoin <unfixed> (bug #1034806)
NOTE: https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks
-CVE-2023-30757
- RESERVED
+CVE-2023-30757 (A vulnerability has been identified in Totally Integrated Automation P ...)
+ TODO: check
CVE-2023-30756
RESERVED
CVE-2023-30755
@@ -7068,8 +7158,8 @@ CVE-2023-30181
RESERVED
CVE-2023-30180
RESERVED
-CVE-2023-30179
- RESERVED
+CVE-2023-30179 (CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injectio ...)
+ TODO: check
CVE-2023-30178
RESERVED
CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker ...)
@@ -8368,8 +8458,8 @@ CVE-2023-29564
RESERVED
CVE-2023-29563
RESERVED
-CVE-2023-29562
- RESERVED
+CVE-2023-29562 (TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack ov ...)
+ TODO: check
CVE-2023-29561
RESERVED
CVE-2023-29560
@@ -9769,14 +9859,14 @@ CVE-2023-29180
RESERVED
CVE-2023-29179
RESERVED
-CVE-2023-29178
- RESERVED
+CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in Fortinet ...)
+ TODO: check
CVE-2023-29177
RESERVED
CVE-2023-29176
RESERVED
-CVE-2023-29175
- RESERVED
+CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...)
+ TODO: check
CVE-2023-29174
RESERVED
CVE-2023-29173
@@ -9918,8 +10008,8 @@ CVE-2023-29131
RESERVED
CVE-2023-29130
RESERVED
-CVE-2023-29129
- RESERVED
+CVE-2023-29129 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
+ TODO: check
CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
NOT-FOR-US: Siemens
CVE-2023-29127
@@ -10442,8 +10532,8 @@ CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions vulnerab
NOT-FOR-US: Juniper
CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...)
- gitlab 15.10.8+ds1-2
-CVE-2023-1707
- RESERVED
+CVE-2023-1707 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...)
+ TODO: check
CVE-2023-1706
REJECTED
CVE-2023-1705
@@ -11002,8 +11092,8 @@ CVE-2023-28831
RESERVED
CVE-2023-28830
RESERVED
-CVE-2023-28829
- RESERVED
+CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V14 (Al ...)
+ TODO: check
CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...)
NOT-FOR-US: Siemens
CVE-2023-28827
@@ -11731,8 +11821,8 @@ CVE-2023-28622
RESERVED
CVE-2023-28621
RESERVED
-CVE-2023-28620
- RESERVED
+CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...)
+ TODO: check
CVE-2023-28619
RESERVED
CVE-2023-28618
@@ -11913,18 +12003,18 @@ CVE-2023-1480 (A vulnerability classified as critical was found in SourceCodeste
NOT-FOR-US: SourceCodester Monitoring of Students Cyber Accounts System
CVE-2023-1479 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester Simple Music Player
-CVE-2023-28603
- RESERVED
-CVE-2023-28602
- RESERVED
-CVE-2023-28601
- RESERVED
-CVE-2023-28600
- RESERVED
-CVE-2023-28599
- RESERVED
-CVE-2023-28598
- RESERVED
+CVE-2023-28603 (Zoom VDI client installer prior to 5.14.0 contains an improper access ...)
+ TODO: check
+CVE-2023-28602 (Zoom for Windows clients prior to 5.13.5 contain an improper verificat ...)
+ TODO: check
+CVE-2023-28601 (Zoom for Windows clients prior to 5.14.0 contain an improper restricti ...)
+ TODO: check
+CVE-2023-28600 (Zoom for MacOSclients prior to 5.14.0 contain an improper access contr ...)
+ TODO: check
+CVE-2023-28599 (Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. ...)
+ TODO: check
+CVE-2023-28598 (Zoom for Linux clients prior to 5.13.10 contain an HTML injection vul ...)
+ TODO: check
CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust boundary implem ...)
NOT-FOR-US: Zoom
CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version 5.13.5 contai ...)
@@ -12971,8 +13061,8 @@ CVE-2023-28305 (Windows DNS Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28304 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-28303
- RESERVED
+CVE-2023-28303 (Windows Snipping Tool Information Disclosure Vulnerability)
+ TODO: check
CVE-2023-28302 (Microsoft Message Queuing Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28301 (Microsoft Edge (Chromium-based) Tampering Vulnerability)
@@ -13962,14 +14052,14 @@ CVE-2023-28002
RESERVED
CVE-2023-28001
RESERVED
-CVE-2023-28000
- RESERVED
+CVE-2023-28000 (An improper neutralization of special elements used in an OS command v ...)
+ TODO: check
CVE-2023-27999 (An improper neutralization of special elements used in an OS command v ...)
NOT-FOR-US: FortiGuard
CVE-2023-27998
RESERVED
-CVE-2023-27997
- RESERVED
+CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS versio ...)
+ TODO: check
CVE-2023-27996
RESERVED
CVE-2023-27995 (A improper neutralization of special elements used in a template engin ...)
@@ -14645,10 +14735,10 @@ CVE-2023-27839
RESERVED
CVE-2023-27838
RESERVED
-CVE-2023-27837
- RESERVED
-CVE-2023-27836
- RESERVED
+CVE-2023-27837 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...)
+ TODO: check
+CVE-2023-27836 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...)
+ TODO: check
CVE-2023-27835
RESERVED
CVE-2023-27834
@@ -15111,8 +15201,8 @@ CVE-2023-27626
RESERVED
CVE-2023-27625
RESERVED
-CVE-2023-27624
- RESERVED
+CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
+ TODO: check
CVE-2023-27623
RESERVED
CVE-2023-27622
@@ -15659,8 +15749,8 @@ CVE-2023-27467
RESERVED
CVE-2023-27466
RESERVED
-CVE-2023-27465
- RESERVED
+CVE-2023-27465 (A vulnerability has been identified in SIMOTION C240 (All versions >= ...)
+ TODO: check
CVE-2023-27464 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...)
NOT-FOR-US: Siemens
CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
@@ -17934,8 +18024,8 @@ CVE-2023-26540
RESERVED
CVE-2023-26539
RESERVED
-CVE-2023-26538
- RESERVED
+CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...)
+ TODO: check
CVE-2023-26537
RESERVED
CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...)
@@ -17954,8 +18044,8 @@ CVE-2023-26530
RESERVED
CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dupe ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26528
- RESERVED
+CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...)
+ TODO: check
CVE-2023-26527
RESERVED
CVE-2023-26526
@@ -18938,20 +19028,20 @@ CVE-2023-26212
RESERVED
CVE-2023-26211
RESERVED
-CVE-2023-26210
- RESERVED
+CVE-2023-26210 (Multiple improper neutralization of special elements used in an os com ...)
+ TODO: check
CVE-2023-26209 (A improper restriction of excessive authentication attempts vulnerabil ...)
NOT-FOR-US: FortiGuard
CVE-2023-26208 (A improper restriction of excessive authentication attempts vulnerabil ...)
NOT-FOR-US: FortiGuard
-CVE-2023-26207
- RESERVED
+CVE-2023-26207 (An insertion of sensitive information into log file vulnerability in F ...)
+ TODO: check
CVE-2023-26206
RESERVED
CVE-2023-26205
RESERVED
-CVE-2023-26204
- RESERVED
+CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...)
+ TODO: check
CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F ...)
NOT-FOR-US: FortiGuard
CVE-2023-26202
@@ -19578,8 +19668,8 @@ CVE-2023-25980
RESERVED
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25978
- RESERVED
+CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate ...)
+ TODO: check
CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
@@ -19606,8 +19696,8 @@ CVE-2023-25966
RESERVED
CVE-2023-25965
RESERVED
-CVE-2023-25964
- RESERVED
+CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...)
+ TODO: check
CVE-2023-25963
RESERVED
CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...)
@@ -19762,8 +19852,8 @@ CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows
NOT-FOR-US: Danfoss AK-EM100
CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...)
NOT-FOR-US: Danfoss AK-EM100
-CVE-2023-25910
- RESERVED
+CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...)
+ TODO: check
CVE-2023-0872
RESERVED
CVE-2023-0871
@@ -20905,8 +20995,8 @@ CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vuln
NOT-FOR-US: Fortinet
CVE-2023-25610
RESERVED
-CVE-2023-25609
- RESERVED
+CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...)
+ TODO: check
CVE-2023-25608
RESERVED
CVE-2023-25607
@@ -25957,8 +26047,8 @@ CVE-2023-23833
RESERVED
CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23831
- RESERVED
+CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23829
@@ -29987,8 +30077,8 @@ CVE-2023-22641 (A url redirection to untrusted site ('open redirect') in Fortine
NOT-FOR-US: Fortinet
CVE-2023-22640 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...)
NOT-FOR-US: FortiGuard
-CVE-2023-22639
- RESERVED
+CVE-2023-22639 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...)
+ TODO: check
CVE-2023-22638 (Several improper neutralization of inputs during web page generation v ...)
NOT-FOR-US: FortiGuard
CVE-2023-22637 (An improper neutralization of input during web page generation ('Cross ...)
@@ -29999,8 +30089,8 @@ CVE-2023-22635 (A download of code without Integrity check vulnerability [CWE-49
NOT-FOR-US: Fortinet
CVE-2023-22634
RESERVED
-CVE-2023-22633
- RESERVED
+CVE-2023-22633 (An improper permissions, privileges, and access controls vulnerability ...)
+ TODO: check
CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid within ...)
NOT-FOR-US: OpenHarmony
CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...)
@@ -35041,8 +35131,8 @@ CVE-2022-47378 (Multiple CODESYS products in multiple versions are prone to a im
NOT-FOR-US: CODESYS
CVE-2022-47377 (Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 w ...)
NOT-FOR-US: SICK SIM2000ST Partnumber 2086502
-CVE-2022-47376
- RESERVED
+CVE-2022-47376 (The Alaris Infusion Central software, versions 1.1 to 1.3.2, may conta ...)
+ TODO: check
CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides install ...)
NOT-FOR-US: Squirrel.Windows
CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate a ...)
@@ -44488,8 +44578,8 @@ CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a sta
NOT-FOR-US: VMware
CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...)
NOT-FOR-US: VMware
-CVE-2023-20867
- RESERVED
+CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail to authen ...)
+ TODO: check
CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...)
NOT-FOR-US: Spring Session
CVE-2023-20865 (VMware Aria Operations for Logs contains a command injection vulnerabi ...)
@@ -47790,16 +47880,16 @@ CVE-2022-43955 (An improper neutralization of input during web page generation [
NOT-FOR-US: Fortinet
CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...)
NOT-FOR-US: Fortinet
-CVE-2022-43953
- RESERVED
+CVE-2022-43953 (A use of externally-controlled format string in Fortinet FortiOS versi ...)
+ TODO: check
CVE-2022-43952 (An improper neutralization of input during web page generation ('Cross ...)
NOT-FOR-US: Fortinet
CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
NOT-FOR-US: Fortinet
CVE-2022-43950 (A URL redirection to untrusted site ('Open Redirect') vulnerability [C ...)
NOT-FOR-US: FortiGuard
-CVE-2022-43949
- RESERVED
+CVE-2022-43949 (A use of a broken or risky cryptographic algorithm [CWE-327] in Forti ...)
+ TODO: check
CVE-2022-43948 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
CVE-2022-43947 (Animproper restriction of excessive authentication attempts vulnerabil ...)
@@ -48469,8 +48559,8 @@ CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.
NOT-FOR-US: Concrete CMS
CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users when an ...)
NOT-FOR-US: CKAN
-CVE-2022-43684
- RESERVED
+CVE-2022-43684 (ServiceNow has released patches and an upgrade that address an Access ...)
+ TODO: check
CVE-2022-43683
RESERVED
CVE-2022-43682
@@ -48947,9 +49037,9 @@ CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions
NOTE: Fixed by: https://github.com/nodejs/node/commit/2b433af094fb79cf80f086038b7f36342cb6826f (v14.x)
CVE-2022-43547
RESERVED
-CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
NOT-FOR-US: Siemens
-CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
NOT-FOR-US: Siemens
CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...)
NOT-FOR-US: Aruba
@@ -49062,7 +49152,7 @@ CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings
[buster] - node-sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781 (v5.1.5)
-CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
NOT-FOR-US: Siemens
CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect Authorization ...)
NOT-FOR-US: EasyTest
@@ -49078,8 +49168,8 @@ CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Qui
NOT-FOR-US: WordPress plugin
CVE-2022-42882
RESERVED
-CVE-2022-42880
- RESERVED
+CVE-2022-42880 (Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Uplo ...)
+ TODO: check
CVE-2022-42699 (Auth. Remote Code Execution vulnerability inEasy WP SMTP plugin <= 1.5 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Brid ...)
@@ -49455,7 +49545,7 @@ CVE-2022-3592 (A symlink following vulnerability was found in Samba, where a use
NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html
CVE-2022-43399
REJECTED
-CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
NOT-FOR-US: Siemens
CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...)
NOT-FOR-US: Siemens
@@ -52009,16 +52099,16 @@ CVE-2022-42482
RESERVED
CVE-2022-42481
RESERVED
-CVE-2022-42478
- RESERVED
+CVE-2022-42478 (An Improper Restriction of Excessive Authentication Attempts [CWE-307] ...)
+ TODO: check
CVE-2022-42477 (An improper input validation vulnerability [CWE-20] in FortiAnalyzer v ...)
NOT-FOR-US: Fortinet
CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
NOT-FOR-US: Fortinet
CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122]in FortiOS SSL-VPN ...)
NOT-FOR-US: FortiOS SSL-VPN
-CVE-2022-42474
- RESERVED
+CVE-2022-42474 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...)
+ TODO: check
CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...)
NOT-FOR-US: FortiGuard
CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('http res ...)
@@ -54361,15 +54451,15 @@ CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vuln
NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...)
NOT-FOR-US: Siemens
-CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...)
+CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...)
NOT-FOR-US: Siemens
-CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...)
+CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...)
NOT-FOR-US: Siemens
-CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...)
+CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...)
NOT-FOR-US: Siemens
-CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...)
+CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...)
NOT-FOR-US: Siemens
-CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...)
+CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...)
NOT-FOR-US: Siemens
CVE-2022-41656
RESERVED
@@ -54563,6 +54653,7 @@ CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a compan
CVE-2022-3342
RESERVED
CVE-2022-3341 (A null pointer dereference issue was discovered in 'FFmpeg' in decode_ ...)
+ {DLA-3454-1}
- ffmpeg 7:5.1-1
[bullseye] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157054
@@ -55250,8 +55341,8 @@ CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vu
NOT-FOR-US: Fortinet
CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...)
NOT-FOR-US: Fortinet
-CVE-2022-41327
- RESERVED
+CVE-2022-41327 (A cleartext transmission of sensitive information vulnerability [CWE-3 ...)
+ TODO: check
CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...)
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...)
@@ -55841,7 +55932,7 @@ CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege Vulnera
NOT-FOR-US: Microsoft
CVE-2022-41124
RESERVED
-CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -55927,11 +56018,11 @@ CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...)
+CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...)
+CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...)
+CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -55985,7 +56076,7 @@ CVE-2022-41053 (Windows Kerberos Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41052 (Windows Graphics Component Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41051 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.)
+CVE-2022-41051 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41050 (Windows Extensible File Allocation Table Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
@@ -58698,8 +58789,8 @@ CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in Fo
NOT-FOR-US: Fortinet
CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: Fortinet
-CVE-2022-39946
- RESERVED
+CVE-2022-39946 (An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 an ...)
+ TODO: check
CVE-2022-39945 (An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, ...)
NOT-FOR-US: FortiGuard
CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deser ...)
@@ -59089,7 +59180,7 @@ CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rt
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1)
CVE-2022-3109 (An issue was discovered in the FFmpeg package, where vp3_decode_frame ...)
- {DSA-5394-1}
+ {DSA-5394-1 DLA-3454-1}
- ffmpeg 7:5.1-1
NOTE: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 (n5.1)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7694a44baaaa4786995590a8ba2b16acd8ef8177 (n4.3.6)
@@ -60727,7 +60818,7 @@ CVE-2022-39138 (A vulnerability has been identified in Parasolid V33.1 (All vers
NOT-FOR-US: Siemens
CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...)
NOT-FOR-US: Siemens
-CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...)
+CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...)
NOT-FOR-US: Siemens
CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NOD ...)
NOT-FOR-US: Apache Calcite
@@ -75752,8 +75843,8 @@ CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regex
NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5
CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
NOT-FOR-US: FortiGuard
-CVE-2022-33877
- RESERVED
+CVE-2022-33877 (An incorrect default permission [CWE-276] vulnerability in FortiClient ...)
+ TODO: check
CVE-2022-33876 (Multiple instances of improper input validation vulnerability in Forti ...)
NOT-FOR-US: FortiGuard
CVE-2022-33875 (An improper neutralization of special elements used in an SQL Command ...)
@@ -81534,16 +81625,16 @@ CVE-2022-31641
RESERVED
CVE-2022-31640
RESERVED
-CVE-2022-31639
- RESERVED
-CVE-2022-31638
- RESERVED
-CVE-2022-31637
- RESERVED
-CVE-2022-31636
- RESERVED
-CVE-2022-31635
- RESERVED
+CVE-2022-31639 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
+CVE-2022-31638 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
+CVE-2022-31637 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
+CVE-2022-31636 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
+CVE-2022-31635 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
+ TODO: check
CVE-2022-31634
RESERVED
CVE-2022-31633
@@ -82228,7 +82319,7 @@ CVE-2022-31467 (A DLL hijacking vulnerability in the installed for Quick Heal To
NOT-FOR-US: Quick Heal Total Security
CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total ...)
NOT-FOR-US: Quick Heal Total Security
-CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer (All version ...)
+CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer VX.2.10 (All ...)
NOT-FOR-US: Siemens
CVE-2022-31464 (Insecure permissions configuration in Adaware Protect v1.2.439.4251 al ...)
NOT-FOR-US: Adaware
@@ -90825,8 +90916,8 @@ CVE-2022-28552 (Cscms 4.1 is vulnerable to SQL Injection. Log into the backgroun
NOT-FOR-US: Cscms
CVE-2022-28551
RESERVED
-CVE-2022-28550
- RESERVED
+CVE-2022-28550 (Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via ...)
+ TODO: check
CVE-2022-28549
RESERVED
CVE-2022-28548
@@ -363617,7 +363708,7 @@ CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic <
NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic < V3.1 ...)
NOT-FOR-US: Siemens / TeleControl Server Basic
-CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...)
+CVE-2018-4834 (A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All ver ...)
NOT-FOR-US: Desigo
CVE-2018-4833 (A vulnerability has been identified in RFID 181EIP (All versions), RUG ...)
NOT-FOR-US: Siemens
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80ffec6e5584bd620bae46bce47005534994bfb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80ffec6e5584bd620bae46bce47005534994bfb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230613/6da6e070/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list