[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 23 09:12:12 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cdf3a30c by security tracker role at 2023-06-23T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2023-3128 (Grafana is validating Azure AD accounts based on the email claim.   On ...)
+	TODO: check
+CVE-2023-3114 (Terraform Enterprise since v202207-1 did not properly implement author ...)
+	TODO: check
+CVE-2023-36193 (Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via t ...)
+	TODO: check
+CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the ...)
+	TODO: check
+CVE-2023-36191 (sqlite3 v3.40.1 was discovered to contain a segmentation violation at  ...)
+	TODO: check
+CVE-2023-35801 (A directory traversal vulnerability in Safe Software FME Server before ...)
+	TODO: check
+CVE-2023-35133 (An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...)
+	TODO: check
+CVE-2023-35132 (A limited SQL injection risk was identified on the Mnet SSO access con ...)
+	TODO: check
+CVE-2023-35131 (Content on the groups page required additional sanitizing to prevent a ...)
+	TODO: check
+CVE-2023-34553 (An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attacke ...)
+	TODO: check
+CVE-2023-34462 (Netty is an asynchronous event-driven network application framework fo ...)
+	TODO: check
+CVE-2023-34110 (Flask-AppBuilder is an application development framework, built on top ...)
+	TODO: check
+CVE-2023-33299 (A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1,  ...)
+	TODO: check
+CVE-2023-33141 (Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-32464 (Dell VxRail, versions prior to 7.0.450, contain an improper certificat ...)
+	TODO: check
+CVE-2023-32463 (Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-servic ...)
+	TODO: check
+CVE-2023-32320 (Nextcloud Server is a data storage system for Nextcloud, a self-hosted ...)
+	TODO: check
+CVE-2023-31469 (A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was ...)
+	TODO: check
 CVE-2023-3326 (pam_krb5 authenticates a user by essentially running kinit with the pa ...)
 	TODO: check
 CVE-2023-3256 (Advantech R-SeeNet  versions 2.4.22  allows low-level users to access  ...)
@@ -607,7 +643,7 @@ CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to u
 	NOT-FOR-US: snappy-java
 CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
-CVE-2023-34241 [use-after-free in cupsdAcceptClient()]
+CVE-2023-34241 (OpenPrinting CUPS is a standards-based, open source printing system fo ...)
 	- cups 2.4.2-5 (bug #1038885)
 	[bookworm] - cups <no-dsa> (Minor issue; explotiable under specific conditions; can be fixed via point release)
 	[bullseye] - cups <no-dsa> (Minor issue; explotiable under specific conditions; can be fixed via point release)
@@ -7856,8 +7892,8 @@ CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code execut
 	NOT-FOR-US: JFinal CMS
 CVE-2023-30348
 	RESERVED
-CVE-2023-30347
-	RESERVED
+CVE-2023-30347 (Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, ...)
+	TODO: check
 CVE-2023-30346
 	RESERVED
 CVE-2023-30345
@@ -14846,8 +14882,8 @@ CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol (SIP) server implementat
 	NOT-FOR-US: OpenSIPS
 CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...)
 	NOT-FOR-US: OpenSIPS
-CVE-2023-28094
-	RESERVED
+CVE-2023-28094 (Pega platform clients who are using versions 6.1 through 8.8.3 and hav ...)
+	TODO: check
 CVE-2023-28093 (A user with a compromised configuration can start an unsigned binary a ...)
 	NOT-FOR-US: Pegasystems
 CVE-2023-28092 (A potential security vulnerability has been identified in HPE ProLiant ...)
@@ -15082,8 +15118,8 @@ CVE-2023-28018
 	RESERVED
 CVE-2023-28017
 	RESERVED
-CVE-2023-28016
-	RESERVED
+CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...)
+	TODO: check
 CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...)
 	NOT-FOR-US: HCL
 CVE-2023-28014
@@ -15102,8 +15138,8 @@ CVE-2023-28008 (HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an
 	NOT-FOR-US: HCL
 CVE-2023-28007
 	RESERVED
-CVE-2023-28006
-	RESERVED
+CVE-2023-28006 (The OSD Bare Metal Server uses a cryptographic algorithm that is no lo ...)
+	TODO: check
 CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryptio ...)
 	NOT-FOR-US: Trend Micro
 CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...)
@@ -16408,7 +16444,7 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics libra
 	NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
 	NOTE: Introduced in https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c (0.3)
 CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...)
-	{DLA-3394-1}
+	{DSA-5438-1 DLA-3394-1}
 	- asterisk <unfixed> (bug #1036697)
 	- pjproject <removed>
 	- ring <unfixed>
@@ -28796,10 +28832,10 @@ CVE-2023-23346
 	RESERVED
 CVE-2023-23345
 	RESERVED
-CVE-2023-23344
-	RESERVED
-CVE-2023-23343
-	RESERVED
+CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14 allows an  ...)
+	TODO: check
+CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server v ...)
+	TODO: check
 CVE-2023-23342
 	RESERVED
 CVE-2023-23341
@@ -205612,7 +205648,7 @@ CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers a
 	NOTE: https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110
 	NOTE: https://www.lua.org/bugs.html#5.4.0-10
 CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...)
-	{DLA-2381-1}
+	{DLA-3469-1 DLA-2381-1}
 	- lua5.4 5.4.1-1 (bug #971613)
 	- lua5.3 5.3.6-1 (bug #988734)
 	[bullseye] - lua5.3 <no-dsa> (Minor issue)
@@ -305476,6 +305512,7 @@ CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the admin.php?mod=order state pa
 CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=state p ...)
 	NOT-FOR-US: PHPSHE
 CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For examp ...)
+	{DLA-3469-1}
 	- lua5.3 5.3.6-1 (bug #920321)
 	[bullseye] - lua5.3 <postponed> (Minor issue, revisit when fixed upstream)
 	- lua5.2 <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdf3a30c9674928384d83ca70bd0ce0dd594a58e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdf3a30c9674928384d83ca70bd0ce0dd594a58e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230623/856da902/attachment.htm>

More information about the debian-security-tracker-commits mailing list