[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17a0703e by security tracker role at 2023-06-16T08:12:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...)
+	TODO: check
+CVE-2023-35708 (Progress MOVEit Transfer has a privilege escalation vulnerability that ...)
+	TODO: check
+CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file upload vuln ...)
+	TODO: check
+CVE-2023-34800 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...)
+	TODO: check
+CVE-2023-34797 (Broken access control in the Registration page (/Registration.aspx) of ...)
+	TODO: check
+CVE-2023-34165 (Unauthorized access vulnerability in the Save for later feature provid ...)
+	TODO: check
+CVE-2023-34157 (Vulnerability of HwWatchHealth being hijacked.Successful exploitation  ...)
+	TODO: check
+CVE-2023-34154 (Vulnerability of undefined permissions in HUAWEI VR screen projection. ...)
+	TODO: check
+CVE-2023-32754 (Thinking Software Efence login function has insufficient validation fo ...)
+	TODO: check
+CVE-2023-32753 (OMICARD EDM\u2019s file uploading function does not restrict upload of ...)
+	TODO: check
+CVE-2023-32752 (L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000\u2019s file uploa ...)
+	TODO: check
+CVE-2023-32028 (Microsoft OLE DB Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-32027 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
+	TODO: check
+CVE-2023-32026 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
+	TODO: check
+CVE-2023-32025 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
+	TODO: check
+CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to bypass  ...)
+	TODO: check
 CVE-2023-2728
 	- kubernetes 1.20.5+really1.20.2-1
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
@@ -5891,8 +5923,8 @@ CVE-2023-2082
 	RESERVED
 CVE-2023-2081
 	RESERVED
-CVE-2023-2080
-	RESERVED
+CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
 CVE-2023-2079
 	RESERVED
 CVE-2023-2078
@@ -9712,8 +9744,8 @@ CVE-2023-29358 (Windows GDI Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29357 (Microsoft SharePoint Server Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2023-29356
-	RESERVED
+CVE-2023-29356 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
+	TODO: check
 CVE-2023-29355 (DHCP Server Service Information Disclosure Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29354 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
@@ -9726,8 +9758,8 @@ CVE-2023-29351 (Windows Group Policy Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2023-29349
-	RESERVED
+CVE-2023-29349 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
+	TODO: check
 CVE-2023-29348
 	RESERVED
 CVE-2023-29347
@@ -11538,8 +11570,8 @@ CVE-2023-28812
 	RESERVED
 CVE-2023-28811
 	RESERVED
-CVE-2023-28810
-	RESERVED
+CVE-2023-28810 (Some access control/intercom products have unauthorized modification o ...)
+	TODO: check
 CVE-2023-28809 (Some access control products are vulnerable to a session hijacking att ...)
 	NOT-FOR-US: hikvision
 CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...)
@@ -25864,12 +25896,12 @@ CVE-2023-24034
 	RESERVED
 CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...)
 	NOT-FOR-US: Samsung
-CVE-2023-24032
-	RESERVED
-CVE-2023-24031
-	RESERVED
-CVE-2023-24030
-	RESERVED
+CVE-2023-24032 (In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who ...)
+	TODO: check
+CVE-2023-24031 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15.  ...)
+	TODO: check
+CVE-2023-24030 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...)
+	TODO: check
 CVE-2023-24029 (In Progress WS_FTP Server before 8.8, it is possible for a host admini ...)
 	NOT-FOR-US: Progress WS_FTP Server
 CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorre ...)
@@ -26374,8 +26406,8 @@ CVE-2023-23843
 	RESERVED
 CVE-2023-23842
 	RESERVED
-CVE-2023-23841
-	RESERVED
+CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...)
+	TODO: check
 CVE-2023-23840
 	RESERVED
 CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a0703e43ac96d4cc9437253d18bbf0a1e67822

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17a0703e43ac96d4cc9437253d18bbf0a1e67822
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230616/6b378070/attachment.htm>