[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 14 21:13:05 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
acc4ad7c by security tracker role at 2023-06-14T20:12:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,24 +1,110 @@
-CVE-2023-35149
+CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...)
+ TODO: check
+CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...)
+ TODO: check
+CVE-2023-3239 (A vulnerability, which was classified as problematic, was found in OTC ...)
+ TODO: check
+CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3ef949 ...)
+ TODO: check
+CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...)
+ TODO: check
+CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows attackers ...)
+ TODO: check
+CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...)
+ TODO: check
+CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensi ...)
+ TODO: check
+CVE-2023-34868 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
+ TODO: check
+CVE-2023-34867 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...)
+ TODO: check
+CVE-2023-34865 (Directory traversal vulnerability in ujcms 6.0.2 allows attackers to m ...)
+ TODO: check
+CVE-2023-34824 (fdkaac before 1.0.5 was discovered to contain a heap buffer overflow i ...)
+ TODO: check
+CVE-2023-34823 (fdkaac before 1.0.5 was discovered to contain a stack overflow in read ...)
+ TODO: check
+CVE-2023-34756 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2023-34755 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2023-34754 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2023-34753 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2023-34752 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2023-34751 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2023-34750 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-fil ...)
+ TODO: check
+CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows attackers to ca ...)
+ TODO: check
+CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to cause a de ...)
+ TODO: check
+CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to cause a d ...)
+ TODO: check
+CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to cause a de ...)
+ TODO: check
+CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to cause a ...)
+ TODO: check
+CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to cause a ...)
+ TODO: check
+CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...)
+ TODO: check
+CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to cause a de ...)
+ TODO: check
+CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to cause a ...)
+ TODO: check
+CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to cause a d ...)
+ TODO: check
+CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers to cause ...)
+ TODO: check
+CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to cause a ...)
+ TODO: check
+CVE-2023-34585
+ REJECTED
+CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.)
+ TODO: check
+CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...)
+ TODO: check
+CVE-2023-34101 (Contiki-NG is an operating system for internet of things devices. In v ...)
+ TODO: check
+CVE-2023-32465 (Dell Power Protect Cyber Recovery, contains an Authentication Bypass v ...)
+ TODO: check
+CVE-2023-32031 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-32030 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-32024 (Microsoft Power Apps Spoofing Vulnerability)
+ TODO: check
+CVE-2023-31671 (PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via P ...)
+ TODO: check
+CVE-2023-2976 (Use of Java's default temporary directory for file creation in `FileBa ...)
+ TODO: check
+CVE-2023-35149 (A missing permission check in Jenkins Digital.ai App Management Publis ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35148
+CVE-2023-35148 (A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35147
+CVE-2023-35147 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not rest ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35146
+CVE-2023-35146 (Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35145
+CVE-2023-35145 (Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35144
+CVE-2023-35144 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35143
+CVE-2023-35143 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-32262
NOT-FOR-US: Jenkins plugin
CVE-2023-32261
NOT-FOR-US: Jenkins plugin
-CVE-2023-35142
+CVE-2023-35142 (Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validat ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35141
+CVE-2023-35141 (In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests a ...)
- jenkins <removed>
CVE-2023-3238 (A vulnerability, which was classified as critical, has been found in O ...)
NOT-FOR-US: OTCMS
@@ -551,7 +637,7 @@ CVE-2023-34231 (gosnowflake is th Snowflake Golang driver. Prior to version 1.6.
NOT-FOR-US: Snowflake connector for GO
CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which currently suppor ...)
NOT-FOR-US: Thruk
-CVE-2023-34095 [Buffer overflows via scanf]
+CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the Common Print ...)
- cpdb-libs <unfixed>
NOTE: https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
NOTE: Fixed by: https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7
@@ -3871,7 +3957,7 @@ CVE-2023-2396 (A vulnerability classified as problematic was found in Netgear SR
NOT-FOR-US: Netgear
CVE-2023-2395 (A vulnerability classified as problematic has been found in Netgear SR ...)
NOT-FOR-US: Netgear
-CVE-2023-31486 (HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standa ...)
+CVE-2023-31486 (HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available ...)
- libhttp-tiny-perl <unfixed> (bug #962407; unimportant)
- perl <unfixed> (unimportant; bug #954089)
NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14
@@ -7544,8 +7630,8 @@ CVE-2023-30084 (An issue found in libming swftophp v.0.4.8 allows a local attack
CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/266
-CVE-2023-30082
- RESERVED
+CVE-2023-30082 (A denial of service attack might be launched against the server if an ...)
+ TODO: check
CVE-2023-30081
RESERVED
CVE-2023-30080
@@ -9564,8 +9650,8 @@ CVE-2023-29339
RESERVED
CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-29337
- RESERVED
+CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29335 (Microsoft Word Security Feature Bypass Vulnerability)
@@ -9576,8 +9662,8 @@ CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29332
RESERVED
-CVE-2023-29331
- RESERVED
+CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service Vulnerabilit ...)
+ TODO: check
CVE-2023-29330
RESERVED
CVE-2023-29329
@@ -9586,8 +9672,8 @@ CVE-2023-29328
RESERVED
CVE-2023-29327
RESERVED
-CVE-2023-29326
- RESERVED
+CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
@@ -13237,8 +13323,8 @@ CVE-2023-28312 (Azure Machine Learning Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28311 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-28310
- RESERVED
+CVE-2023-28310 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-28309 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2023-28308 (Windows DNS Server Remote Code Execution Vulnerability)
@@ -17219,8 +17305,8 @@ CVE-2023-26967
RESERVED
CVE-2023-26966
RESERVED
-CVE-2023-26965
- RESERVED
+CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba ...)
+ TODO: check
CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...)
- rust-h2 0.3.13-2 (bug #1034723)
NOTE: https://github.com/hyperium/hyper/issues/2877
@@ -19562,8 +19648,8 @@ CVE-2023-26064 (Certain Lexmark devices through 2023-02-19 have an Out-of-bounds
NOT-FOR-US: Lexmark
CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By Using ...)
NOT-FOR-US: Lexmark
-CVE-2023-26062
- RESERVED
+CVE-2023-26062 (A mobile network solution internal fault is found in Nokia Web Element ...)
+ TODO: check
CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...)
NOT-FOR-US: Nokia
CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...)
@@ -21745,8 +21831,8 @@ CVE-2023-25436
RESERVED
CVE-2023-25435
RESERVED
-CVE-2023-25434
- RESERVED
+CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...)
+ TODO: check
CVE-2023-25433
RESERVED
CVE-2023-25432 (An issue was discovered in Online Reviewer Management System v1.0. The ...)
@@ -21875,12 +21961,12 @@ CVE-2023-25371
RESERVED
CVE-2023-25370
RESERVED
-CVE-2023-25369
- RESERVED
-CVE-2023-25368
- RESERVED
-CVE-2023-25367
- RESERVED
+CVE-2023-25369 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial o ...)
+ TODO: check
+CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrec ...)
+ TODO: check
+CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...)
+ TODO: check
CVE-2023-25366
RESERVED
CVE-2023-25365
@@ -22469,6 +22555,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulnerab
CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...)
NOT-FOR-US: Siemens
CVE-2023-3247 [GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP]
+ {DSA-5425-1 DSA-5424-1}
- php8.2 8.2.7-1
- php7.4 <removed>
NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29
@@ -23039,8 +23126,8 @@ CVE-2023-24938 (Windows CryptoAPI Denial of Service Vulnerability)
TODO: check
CVE-2023-24937 (Windows CryptoAPI Denial of Service Vulnerability)
TODO: check
-CVE-2023-24936
- RESERVED
+CVE-2023-24936 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...)
+ TODO: check
CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability)
@@ -23117,12 +23204,12 @@ CVE-2023-24899 (Windows Graphics Component Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24898 (Windows SMB Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-24897
- RESERVED
+CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...)
+ TODO: check
CVE-2023-24896
RESERVED
-CVE-2023-24895
- RESERVED
+CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...)
+ TODO: check
CVE-2023-24894
RESERVED
CVE-2023-24893 (Visual Studio Code Remote Code Execution Vulnerability)
@@ -38079,7 +38166,7 @@ CVE-2022-4285 (An illegal memory access flaw was found in the binutils package.
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70
NOTE: binutils not covered by security support
CVE-2022-4284
- RESERVED
+ REJECTED
CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs because ...)
{DSA-5304-1 DLA-3256-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
@@ -48045,10 +48132,10 @@ CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software cou
NOT-FOR-US: Cisco
CVE-2023-20001
RESERVED
-CVE-2023-0010
- RESERVED
-CVE-2023-0009
- RESERVED
+CVE-2023-0010 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...)
+ TODO: check
+CVE-2023-0009 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...)
+ TODO: check
CVE-2023-0008 (A file disclosure vulnerability in Palo Alto Networks PAN-OS software ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...)
@@ -81809,20 +81896,20 @@ CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-
NOT-FOR-US: Talend Administration Center
CVE-2022-31647 (Docker Desktop before 4.6.0 on Windows allows attackers to delete any ...)
NOT-FOR-US: Docker Desktop
-CVE-2022-31646
- RESERVED
-CVE-2022-31645
- RESERVED
-CVE-2022-31644
- RESERVED
+CVE-2022-31646 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-31645 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-31644 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
CVE-2022-31643 (A potential security vulnerability has been identified in the system B ...)
NOT-FOR-US: HP
-CVE-2022-31642
- RESERVED
-CVE-2022-31641
- RESERVED
-CVE-2022-31640
- RESERVED
+CVE-2022-31642 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-31641 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
+CVE-2022-31640 (Potential vulnerabilities have been identified in the system BIOS of c ...)
+ TODO: check
CVE-2022-31639 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
TODO: check
CVE-2022-31638 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...)
@@ -155169,8 +155256,8 @@ CVE-2021-31282
RESERVED
CVE-2021-31281
RESERVED
-CVE-2021-31280
- RESERVED
+CVE-2021-31280 (An issue was discovered in tp5cms through 2017-05-25. admin.php/system ...)
+ TODO: check
CVE-2021-31279
RESERVED
CVE-2021-31278
@@ -208820,8 +208907,8 @@ CVE-2020-22404
RESERVED
CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows CSRF.)
NOT-FOR-US: Node express-cart
-CVE-2020-22402
- RESERVED
+CVE-2020-22402 (Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 ...)
+ TODO: check
CVE-2020-22401
RESERVED
CVE-2020-22400
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc4ad7c198870c067c5b8641a0ac044bd1c3349
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc4ad7c198870c067c5b8641a0ac044bd1c3349
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230614/a74b968d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list