[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 26 21:12:44 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe9c1b5a by security tracker role at 2023-06-26T20:12:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2023-3398 (Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.)
+ TODO: check
+CVE-2023-3113 (An unauthenticated XML external entity injection (XXE) vulnerability e ...)
+ TODO: check
+CVE-2023-36631 (Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Fir ...)
+ TODO: check
+CVE-2023-36301 (Talend Data Catalog before 8.0-20230221 contain a directory traversal ...)
+ TODO: check
+CVE-2023-36252 (An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote ...)
+ TODO: check
+CVE-2023-35933 (OPenFGA is an open source authorization/permission engine built for de ...)
+ TODO: check
+CVE-2023-35930 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...)
+ TODO: check
+CVE-2023-35170 (Sliver is an open source cross-platform adversary emulation/red team f ...)
+ TODO: check
+CVE-2023-34422 (A valid, authenticated LXCA user with elevated privileges may be able ...)
+ TODO: check
+CVE-2023-34421 (A valid, authenticated LXCA user with elevated privileges may be able ...)
+ TODO: check
+CVE-2023-34420 (A valid, authenticated LXCA user with elevated privileges may be able ...)
+ TODO: check
+CVE-2023-34418 (A valid, authenticated LXCA user may be able to gain unauthorized acce ...)
+ TODO: check
+CVE-2023-33580 (Phpgurukul Student Study Center Management System V1.0 is vulnerable t ...)
+ TODO: check
+CVE-2023-33404 (An Unrestricted Upload vulnerability, due to insufficient validation o ...)
+ TODO: check
+CVE-2023-33176 (BigBlueButton is an open source virtual classroom designed to help tea ...)
+ TODO: check
+CVE-2023-2993 (A valid, authenticated user with limited privileges may be able to use ...)
+ TODO: check
+CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the SMM v ...)
+ TODO: check
CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...)
- mediawiki <unfixed>
NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452
@@ -982,7 +1016,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic]
CVE-2023-3193 (Cross-site scripting (XSS) vulnerability in the Layout module's SEO co ...)
NOT-FOR-US: Liferay
CVE-2023-3138 [Buffer overflows in InitExt.c in libX11]
- {DSA-5433-1}
+ {DSA-5433-1 DLA-3472-1}
- libx11 2:1.8.6-1 (bug #1038133)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/15/2
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
@@ -1380,7 +1414,8 @@ CVE-2023-29167 (Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.
NOT-FOR-US: FRENIC RHC Loader
CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader ...)
NOT-FOR-US: FRENIC RHC Loader
-CVE-2023-36661 [Parsing of KeyInfo elements can cause remote resource access]
+CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth ...)
+ {DSA-5432-1 DLA-3464-1}
- xmltooling 3.2.4-1 (bug #1037948)
NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt
NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=6080f6343f98fec085bc0fd746913ee418cc9d30
@@ -5391,8 +5426,8 @@ CVE-2023-2292
RESERVED
CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in ManageEngine A ...)
NOT-FOR-US: Zoho
-CVE-2023-2290
- RESERVED
+CVE-2023-2290 (A potential vulnerability in the LenovoFlashDeviceInterface SMI handle ...)
+ TODO: check
CVE-2023-2289 (The wordpress vertical image slider plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...)
@@ -7673,8 +7708,8 @@ CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network pr
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-439/
NOTE: https://git.kernel.org/linus/3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 (6.1-rc7)
-CVE-2023-2005
- RESERVED
+CVE-2023-2005 (Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security ...)
+ TODO: check
CVE-2023-2004
REJECTED
CVE-2023-2003
@@ -8388,8 +8423,8 @@ CVE-2023-30263
RESERVED
CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and MIMpacs serv ...)
NOT-FOR-US: MIM software Inc MIM License Server and MIMpacs services
-CVE-2023-30261
- RESERVED
+CVE-2023-30261 (Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote at ...)
+ TODO: check
CVE-2023-30260 (Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earl ...)
TODO: check
CVE-2023-30259
@@ -10294,8 +10329,8 @@ CVE-2023-29461 (An arbitrary code execution vulnerability contained in Rockwell
NOT-FOR-US: Rockwell Automation
CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
NOT-FOR-US: Rockwell Automation
-CVE-2023-29459
- RESERVED
+CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android exposes the ...)
+ TODO: check
CVE-2023-29458
RESERVED
CVE-2023-29457
@@ -10326,9 +10361,9 @@ CVE-2023-29445
RESERVED
CVE-2023-29444
RESERVED
-CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to ...)
+CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP ...)
NOT-FOR-US: Zoho ManageEngine
-CVE-2023-29442 (Zoho ManageEngine Applications Manager through 16390 allows DOM XSS.)
+CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy.html ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-29441
RESERVED
@@ -10336,30 +10371,30 @@ CVE-2023-29440
RESERVED
CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...)
NOT-FOR-US: FooGallery
-CVE-2023-29438
- RESERVED
-CVE-2023-29437
- RESERVED
-CVE-2023-29436
- RESERVED
-CVE-2023-29435
- RESERVED
-CVE-2023-29434
- RESERVED
+CVE-2023-29438 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
+ TODO: check
+CVE-2023-29437 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-29436 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-29435 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-29434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fanc ...)
+ TODO: check
CVE-2023-29433
RESERVED
CVE-2023-29432
RESERVED
CVE-2023-29431
RESERVED
-CVE-2023-29430
- RESERVED
+CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHtheme ...)
+ TODO: check
CVE-2023-29429
RESERVED
CVE-2023-29428
RESERVED
-CVE-2023-29427
- RESERVED
+CVE-2023-29427 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Book ...)
+ TODO: check
CVE-2023-29426
RESERVED
CVE-2023-29425
@@ -11548,7 +11583,7 @@ CVE-2023-29086 (An issue was discovered in Samsung Exynos Mobile Processor, Auto
NOT-FOR-US: Samsung
CVE-2023-29085 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
NOT-FOR-US: Samsung
-CVE-2023-29084 (Zoho ManageEngine ADManager Plus through 7180 allows for authenticated ...)
+CVE-2023-29084 (Zoho ManageEngine ADManager Plus before 7181 allows for authenticated ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-29083
RESERVED
@@ -13812,8 +13847,8 @@ CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log mes
[bullseye] - sudo <no-dsa> (Minor issue)
[buster] - sudo <no-dsa> (Minor issue)
NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
-CVE-2023-28485
- RESERVED
+CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...)
+ TODO: check
CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ...)
{DSA-5391-1 DLA-3405-1}
- libxml2 2.9.14+dfsg-1.2 (bug #1034436)
@@ -18231,8 +18266,8 @@ CVE-2023-27084 (Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.
NOT-FOR-US: Dreamer CMS
CVE-2023-27083 (An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-d ...)
TODO: check
-CVE-2023-27082
- RESERVED
+CVE-2023-27082 (Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4. ...)
+ TODO: check
CVE-2023-27081
RESERVED
CVE-2023-27080
@@ -20438,18 +20473,18 @@ CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/d
[bullseye] - glusterfs <no-dsa> (Minor issue)
[buster] - glusterfs <no-dsa> (Minor issue)
NOTE: https://github.com/gluster/glusterfs/issues/3732
-CVE-2022-48336
- RESERVED
-CVE-2022-48335
- RESERVED
-CVE-2022-48334
- RESERVED
-CVE-2022-48333
- RESERVED
-CVE-2022-48332
- RESERVED
-CVE-2022-48331
- RESERVED
+CVE-2022-48336 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagPars ...)
+ TODO: check
+CVE-2022-48335 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVeri ...)
+ TODO: check
+CVE-2022-48334 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify ...)
+ TODO: check
+CVE-2022-48333 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify ...)
+ TODO: check
+CVE-2022-48332 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_k ...)
+ TODO: check
+CVE-2022-48331 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_k ...)
+ TODO: check
CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...)
{DSA-5360-1 DLA-3416-1}
- emacs 1:28.2+1-11 (bug #1031730)
@@ -23284,10 +23319,10 @@ CVE-2023-25309 (Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui v
NOT-FOR-US: Fetlife rollout-ui
CVE-2023-25308
RESERVED
-CVE-2023-25307
- RESERVED
-CVE-2023-25306
- RESERVED
+CVE-2023-25307 (nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.)
+ TODO: check
+CVE-2023-25306 (MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.)
+ TODO: check
CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpac ...)
NOT-FOR-US: PolyMC Launcher
CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal.)
@@ -60141,8 +60176,8 @@ CVE-2022-40012
RESERVED
CVE-2022-40011 (Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows ...)
NOT-FOR-US: typora
-CVE-2022-40010
- RESERVED
+CVE-2022-40010 (Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was dis ...)
+ TODO: check
CVE-2022-40009 (SWFTools commit 772e55a was discovered to contain a heap-use-after-fre ...)
- swftools <removed>
NOTE: https://github.com/matthiaskramm/swftools/issues/190
@@ -155600,8 +155635,8 @@ CVE-2021-31637 (An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3
NOT-FOR-US: UwAmp
CVE-2021-31636
RESERVED
-CVE-2021-31635
- RESERVED
+CVE-2021-31635 (Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 ...)
+ TODO: check
CVE-2021-31634
RESERVED
CVE-2021-31633
@@ -208785,12 +208820,12 @@ CVE-2020-23068
RESERVED
CVE-2020-23067
RESERVED
-CVE-2020-23066
- RESERVED
-CVE-2020-23065
- RESERVED
-CVE-2020-23064
- RESERVED
+CVE-2020-23066 (Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v ...)
+ TODO: check
+CVE-2020-23065 (Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform ...)
+ TODO: check
+CVE-2020-23064 (Cross Site Scripting vulnerability in jQuery v.2.2.0 thru v.3.5.0 allo ...)
+ TODO: check
CVE-2020-23063
RESERVED
CVE-2020-23062
@@ -214923,8 +214958,8 @@ CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory
NOT-FOR-US: Mikrotik
CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion fa ...)
NOT-FOR-US: Mikrotik
-CVE-2020-20210
- RESERVED
+CVE-2020-20210 (Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/a ...)
+ TODO: check
CVE-2020-20209
RESERVED
CVE-2020-20208
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe9c1b5a79693cea1838fb6db43df71e20bc6db5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe9c1b5a79693cea1838fb6db43df71e20bc6db5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230626/d13a04e4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list