[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 14 09:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc1bff55 by security tracker role at 2023-06-14T08:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2023-3238 (A vulnerability, which was classified as critical, has been found in O ...)
+ TODO: check
+CVE-2023-3237 (A vulnerability classified as critical was found in OTCMS up to 6.62. ...)
+ TODO: check
+CVE-2023-3236 (A vulnerability classified as critical has been found in mccms up to 2 ...)
+ TODO: check
+CVE-2023-3235 (A vulnerability was found in mccms up to 2.6.5. It has been rated as c ...)
+ TODO: check
+CVE-2023-3234 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been ...)
+ TODO: check
+CVE-2023-3233 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been ...)
+ TODO: check
+CVE-2023-3232 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classifi ...)
+ TODO: check
+CVE-2023-3231 (A vulnerability has been found in UJCMS up to 6.0.2 and classified as ...)
+ TODO: check
+CVE-2023-3230 (Missing Authorization in GitHub repository fossbilling/fossbilling pri ...)
+ TODO: check
+CVE-2023-3229 (Business Logic Errors in GitHub repository fossbilling/fossbilling pri ...)
+ TODO: check
+CVE-2023-3228 (Business Logic Errors in GitHub repository fossbilling/fossbilling pri ...)
+ TODO: check
+CVE-2023-3227 (Insufficient Granularity of Access Control in GitHub repository fossbi ...)
+ TODO: check
+CVE-2023-3203 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2023-3201 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2023-3200 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2023-3198 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2023-3189 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-3001 (A CWE-502: Deserialization of Untrusted Data vulnerability exists in t ...)
+ TODO: check
+CVE-2023-34944 (An arbitrary file upload vulnerability in the /fileUpload.lib.php comp ...)
+ TODO: check
+CVE-2023-34537 (A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacke ...)
+ TODO: check
+CVE-2023-34396 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2023-34250 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
+ TODO: check
+CVE-2023-34149 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure inWooCommerce Str ...)
+ TODO: check
+CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...)
+ TODO: check
+CVE-2023-33146 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33145 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-33144 (Visual Studio Code Spoofing Vulnerability)
+ TODO: check
+CVE-2023-33142 (Microsoft SharePoint Server Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-33140 (Microsoft OneNote Spoofing Vulnerability)
+ TODO: check
+CVE-2023-33139 (Visual Studio Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-33137 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33135 (.NET and Visual Studio Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-33133 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33132 (Microsoft SharePoint Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-33131 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33130 (Microsoft SharePoint Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-33129 (Microsoft SharePoint Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-33128 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33126 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-32301 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
+ TODO: check
+CVE-2023-32061 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
+ TODO: check
+CVE-2023-32032 (.NET and Visual Studio Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-32029 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-32022 (<div data-wrapper="true" style="font-family:'Segoe UI','Helvetica Neue ...)
+ TODO: check
+CVE-2023-32021 (Windows SMB Witness Service Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-32020 (Windows DNS Spoofing Vulnerability)
+ TODO: check
+CVE-2023-32019 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-32018 (Windows Hello Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-32017 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...)
+ TODO: check
+CVE-2023-32016 (Windows Installer Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-32015 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-32014 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-32013 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-32012 (Windows Container Manager Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-32011 (Windows iSCSI Discovery Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-32010 (Windows Bus Filter Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-32009 (Windows Collaborative Translation Framework Elevation of Privilege Vul ...)
+ TODO: check
+CVE-2023-32008 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2023-2778 (A denial-of-service vulnerability exists in Rockwell Automation Factor ...)
+ TODO: check
+CVE-2023-2639 (The underlying feedback mechanism of Rockwell Automation'sFactoryTal ...)
+ TODO: check
+CVE-2023-2638 (Rockwell Automation's FactoryTalk System Services does not verify that ...)
+ TODO: check
+CVE-2023-2637 (Rockwell Automation's FactoryTalk System Services uses a hard-coded cr ...)
+ TODO: check
+CVE-2023-2570 (A CWE-129: Improper Validation of Array Index vulnerability exists tha ...)
+ TODO: check
+CVE-2023-2569 (A CWE-787: Out-of-Bounds Write vulnerability exists that could cause l ...)
+ TODO: check
CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.)
NOT-FOR-US: Nuxt
CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...)
@@ -4215,8 +4347,8 @@ CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.
NOT-FOR-US: Craft CMS
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...)
NOT-FOR-US: mage-ai
-CVE-2023-31142
- RESERVED
+CVE-2023-31142 (Discourse is an open source discussion platform. Prior to version 3.0. ...)
+ TODO: check
CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...)
NOT-FOR-US: OpenSearch
CVE-2023-31140 (OpenProject is open source project management software. Starting with ...)
@@ -5805,8 +5937,8 @@ CVE-2023-30633
RESERVED
CVE-2023-30632
RESERVED
-CVE-2023-30631
- RESERVED
+CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software Foundation ...)
+ TODO: check
CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This ...)
- dmidecode <unfixed> (bug #1034483)
[bookworm] - dmidecode <no-dsa> (Minor issue)
@@ -9316,52 +9448,52 @@ CVE-2023-29375 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.
NOT-FOR-US: Progress Sitefinity
CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows prompt inj ...)
NOT-FOR-US: LangChain
-CVE-2023-29373
- RESERVED
-CVE-2023-29372
- RESERVED
-CVE-2023-29371
- RESERVED
-CVE-2023-29370
- RESERVED
-CVE-2023-29369
- RESERVED
-CVE-2023-29368
- RESERVED
-CVE-2023-29367
- RESERVED
-CVE-2023-29366
- RESERVED
-CVE-2023-29365
- RESERVED
-CVE-2023-29364
- RESERVED
-CVE-2023-29363
- RESERVED
-CVE-2023-29362
- RESERVED
-CVE-2023-29361
- RESERVED
-CVE-2023-29360
- RESERVED
-CVE-2023-29359
- RESERVED
-CVE-2023-29358
- RESERVED
-CVE-2023-29357
- RESERVED
+CVE-2023-29373 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29372 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2023-29371 (Windows GDI Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29370 (Windows Media Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29369 (Remote Procedure Call Runtime Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-29368 (Windows Filtering Platform Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29367 (iSCSI Target WMI Provider Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29366 (Windows Geolocation Service Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29365 (Windows Media Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29364 (Windows Authentication Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29363 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-29362 (Remote Desktop Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29361 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2023-29360 (Windows TPM Device Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29359 (GDI Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29358 (Windows GDI Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29357 (Microsoft SharePoint Server Elevation of Privilege Vulnerability)
+ TODO: check
CVE-2023-29356
RESERVED
-CVE-2023-29355
- RESERVED
+CVE-2023-29355 (DHCP Server Service Information Disclosure Vulnerability)
+ TODO: check
CVE-2023-29354 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-29353
- RESERVED
-CVE-2023-29352
- RESERVED
-CVE-2023-29351
- RESERVED
+CVE-2023-29353 (Sysinternals Process Monitor for Windows Denial of Service Vulnerabili ...)
+ TODO: check
+CVE-2023-29352 (Windows Remote Desktop Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-29351 (Windows Group Policy Elevation of Privilege Vulnerability)
+ TODO: check
CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29349
@@ -9370,8 +9502,8 @@ CVE-2023-29348
RESERVED
CVE-2023-29347
RESERVED
-CVE-2023-29346
- RESERVED
+CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability)
+ TODO: check
CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
@@ -15732,6 +15864,7 @@ CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and
CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code ...)
NOT-FOR-US: wasmtime
CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...)
+ {DSA-5426-1}
[experimental] - owslib 0.28.1-1~exp1
- owslib 0.27.2-3 (bug #1034182)
NOTE: https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063 (0.29.0)
@@ -16401,8 +16534,8 @@ CVE-2023-1051 (Improper Neutralization of Input During Web Page Generation ('Cro
NOT-FOR-US: Web Report System
CVE-2023-1050 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Web Report System
-CVE-2023-1049
- RESERVED
+CVE-2023-1049 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
+ TODO: check
CVE-2023-XXXX [RUSTSEC-2023-0015]
- rust-ascii 0.9.3-1
[bullseye] - rust-ascii <no-dsa> (Minor issue)
@@ -20230,8 +20363,8 @@ CVE-2023-0839 (Improper Protection for Outbound Error Messages and Alert Signals
NOT-FOR-US: ProMIS Process Co. InSCADA
CVE-2023-0838 (An issue has been discovered in GitLab affecting versions starting fro ...)
- gitlab 15.10.8+ds1-2
-CVE-2023-0837
- RESERVED
+CVE-2023-0837 (An improper authorization check of local device settings in TeamViewe ...)
+ TODO: check
CVE-2023-25780 (It is identified a vulnerability of insufficient authentication in an ...)
NOT-FOR-US: Intel
CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
@@ -22855,10 +22988,10 @@ CVE-2023-24940 (Windows Pragmatic General Multicast (PGM) Denial of Service Vuln
NOT-FOR-US: Microsoft
CVE-2023-24939 (Server for NFS Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-24938
- RESERVED
-CVE-2023-24937
- RESERVED
+CVE-2023-24938 (Windows CryptoAPI Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-24937 (Windows CryptoAPI Denial of Service Vulnerability)
+ TODO: check
CVE-2023-24936
RESERVED
CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
@@ -24014,8 +24147,8 @@ CVE-2023-24548
RESERVED
CVE-2023-24547
RESERVED
-CVE-2023-24546
- RESERVED
+CVE-2023-24546 (On affected versions of the CloudVision Portal improper access control ...)
+ TODO: check
CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the Software ...)
NOT-FOR-US: Arista
CVE-2023-0517
@@ -24443,10 +24576,10 @@ CVE-2022-4896
RESERVED
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24470
- RESERVED
-CVE-2023-24469
- RESERVED
+CVE-2023-24470 (Potential XML External Entity Injection in ArcSight Logger versions pr ...)
+ TODO: check
+CVE-2023-24469 (Potential Cross-Site Scripting in ArcSight Logger versions prior to 7. ...)
+ TODO: check
CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...)
NOT-FOR-US: NetIQ
CVE-2023-24467
@@ -30290,7 +30423,7 @@ CVE-2023-22612 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with ker
NOT-FOR-US: Insyde
CVE-2023-22611 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
-CVE-2023-22610 (A CWE-285: Improper Authorization vulnerability exists that could caus ...)
+CVE-2023-22610 (A CWE-863: Incorrect Authorization vulnerability exists that could cau ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
CVE-2023-22609
REJECTED
@@ -35745,8 +35878,8 @@ CVE-2022-47186
RESERVED
CVE-2022-47185
RESERVED
-CVE-2022-47184
- RESERVED
+CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Blo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47182
@@ -38190,16 +38323,16 @@ CVE-2023-21571 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulner
NOT-FOR-US: Microsoft
CVE-2023-21570 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2023-21569
- RESERVED
+CVE-2023-21569 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
CVE-2023-21568 (Microsoft SQL Server Integration Service (VS extension) Remote Code Ex ...)
NOT-FOR-US: Microsoft
CVE-2023-21567 (Visual Studio Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21566 (Visual Studio Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-21565
- RESERVED
+CVE-2023-21565 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
CVE-2023-21564 (Azure DevOps Server Cross-Site Scripting Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability)
@@ -55951,7 +56084,7 @@ CVE-2022-41121 (Windows Graphics Component Elevation of Privilege Vulnerability.
NOT-FOR-US: Microsoft
CVE-2022-41120 (Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulne ...)
NOT-FOR-US: Microsoft
-CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability.)
+CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41118 (Windows Scripting Languages Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -56019,7 +56152,7 @@ CVE-2022-41087
RESERVED
CVE-2022-41086 (Windows Group Policy Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41085 (Azure CycleCloud Elevation of Privilege Vulnerability.)
+CVE-2022-41085 (Azure CycleCloud Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41084
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc1bff55e16a5167e787c5fdc2050b7bd4d924c2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc1bff55e16a5167e787c5fdc2050b7bd4d924c2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230614/8d059e03/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list