[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 27 09:12:22 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bac1034 by security tracker role at 2023-06-27T08:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,12 +1,92 @@
+CVE-2023-3423 (Weak Password Requirements in GitHub repository cloudexplorer-dev/clou ...)
+	TODO: check
+CVE-2023-3412 (The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images  ...)
+	TODO: check
+CVE-2023-3411 (The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images  ...)
+	TODO: check
+CVE-2023-3371 (The User Registration plugin for WordPress is vulnerable to Sensitive  ...)
+	TODO: check
+CVE-2023-3132 (The MainWP Child plugin for WordPress is vulnerable to Sensitive Infor ...)
+	TODO: check
+CVE-2023-35695 (A remote attacker could leverage a vulnerability in Trend Micro Mobile ...)
+	TODO: check
+CVE-2023-35168 (DataEase is an open source data visualization analysis tool to analyze ...)
+	TODO: check
+CVE-2023-35164 (DataEase is an open source data visualization analysis tool to analyze ...)
+	TODO: check
+CVE-2023-34924 (H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2023-34463 (DataEase is an open source data visualization analysis tool to analyze ...)
+	TODO: check
+CVE-2023-34148 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...)
+	TODO: check
+CVE-2023-34147 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...)
+	TODO: check
+CVE-2023-34146 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...)
+	TODO: check
+CVE-2023-34145 (An untrusted search path vulnerability in the Trend Micro Apex One and ...)
+	TODO: check
+CVE-2023-34144 (An untrusted search path vulnerability in the Trend Micro Apex One and ...)
+	TODO: check
+CVE-2023-32605 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...)
+	TODO: check
+CVE-2023-32604 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...)
+	TODO: check
+CVE-2023-32557 (A path traversal vulnerability in the Trend Micro Apex One and Apex On ...)
+	TODO: check
+CVE-2023-32556 (A link following vulnerability in the Trend Micro Apex One and Apex On ...)
+	TODO: check
+CVE-2023-32555 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One  ...)
+	TODO: check
+CVE-2023-32554 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One  ...)
+	TODO: check
+CVE-2023-32553 (An Improper access control vulnerability in Trend Micro Apex One and A ...)
+	TODO: check
+CVE-2023-32552 (An Improper access control vulnerability in Trend Micro Apex One and A ...)
+	TODO: check
+CVE-2023-32537 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...)
+	TODO: check
+CVE-2023-32536 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...)
+	TODO: check
+CVE-2023-32535 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-32534 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-32533 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-32532 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-32531 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...)
+	TODO: check
+CVE-2023-32530 (Vulnerable modules of Trend Micro Apex Central (on-premise) contain vu ...)
+	TODO: check
+CVE-2023-32529 (Vulnerable modules of Trend Micro Apex Central (on-premise) contain vu ...)
+	TODO: check
+CVE-2023-32528 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable . ...)
+	TODO: check
+CVE-2023-32527 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable . ...)
+	TODO: check
+CVE-2023-32526 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulne ...)
+	TODO: check
+CVE-2023-32525 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulne ...)
+	TODO: check
+CVE-2023-32524 (Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5  ...)
+	TODO: check
+CVE-2023-32523 (Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5  ...)
+	TODO: check
+CVE-2023-32522 (A path traversal exists in a specific dll of Trend Micro Mobile Securi ...)
+	TODO: check
+CVE-2023-32521 (A path traversal exists in a specific service dll of Trend Micro Mobil ...)
+	TODO: check
 CVE-2023-3361
 	NOT-FOR-US: OpenShift Data
-CVE-2023-3422
+CVE-2023-3422 (Use after free in Guest View in Google Chrome prior to 114.0.5735.198  ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-3421
+CVE-2023-3421 (Use after free in Media in Google Chrome prior to 114.0.5735.198 allow ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-3420
+CVE-2023-3420 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed  ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3398 (Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.)
@@ -3577,7 +3657,7 @@ CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authent
 	NOT-FOR-US: WSO2
 CVE-2023-2845 (Improper Access Control in GitHub repository cloudexplorer-dev/cloudex ...)
 	NOT-FOR-US: Cloudexplorer
-CVE-2023-2844 (Missing Authorization in GitHub repository cloudexplorer-dev/cloudexpl ...)
+CVE-2023-2844 (Authorization Bypass Through User-Controlled Key in GitHub repository  ...)
 	NOT-FOR-US: Cloudexplorer
 CVE-2023-2505 (The affected products have a CSRF vulnerability that could allow an at ...)
 	NOT-FOR-US: Birddog
@@ -6151,8 +6231,8 @@ CVE-2023-30947
 	RESERVED
 CVE-2023-30946
 	RESERVED
-CVE-2023-30945
-	RESERVED
+CVE-2023-30945 (Multiple Services such as VHS(Video History Server) and VCD(Video Clip ...)
+	TODO: check
 CVE-2023-30944 (The vulnerability was found Moodle which exists due to insufficient sa ...)
 	- moodle <removed>
 CVE-2023-30943 (The vulnerability was found Moodle which exists because the applicatio ...)
@@ -6332,8 +6412,8 @@ CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may resul
 	NOT-FOR-US: HPE
 CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service (DoS) w ...)
 	NOT-FOR-US: HPE
-CVE-2023-30902
-	RESERVED
+CVE-2023-30902 (A privilege escalation vulnerability in the Trend Micro Apex One and A ...)
+	TODO: check
 CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
 	NOT-FOR-US: Siemens
 CVE-2023-30900
@@ -12174,8 +12254,8 @@ CVE-2023-28931
 	RESERVED
 CVE-2023-28930
 	RESERVED
-CVE-2023-28929
-	RESERVED
+CVE-2023-28929 (Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to ...)
+	TODO: check
 CVE-2023-28928
 	RESERVED
 CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP packet wi ...)
@@ -31059,8 +31139,8 @@ CVE-2023-22836
 	RESERVED
 CVE-2023-22835
 	RESERVED
-CVE-2023-22834
-	RESERVED
+CVE-2023-22834 (The Contour Service was not checking that users had permission to crea ...)
+	TODO: check
 CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...)
 	NOT-FOR-US: Palantir
 CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19. ...)
@@ -33650,7 +33730,7 @@ CVE-2022-4688 (Improper Authorization in GitHub repository usememos/memos prior
 	NOT-FOR-US: usememos
 CVE-2022-4687 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...)
 	NOT-FOR-US: usememos
-CVE-2022-4686 (Improper Authentication in GitHub repository usememos/memos prior to 0 ...)
+CVE-2022-4686 (Authorization Bypass Through User-Controlled Key in GitHub repository  ...)
 	NOT-FOR-US: usememos
 CVE-2022-4685
 	REJECTED
@@ -104147,7 +104227,7 @@ CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2.)
 	NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7
 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
 	NOT-FOR-US: Publify
-CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)
+CVE-2022-0523 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.)
 	- radare2 <unfixed> (bug #1014478)
 	NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
 	NOTE: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bac1034b08dffa819fa77e2655a18532d682d42

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bac1034b08dffa819fa77e2655a18532d682d42
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230627/d7dcd49c/attachment.htm>

More information about the debian-security-tracker-commits mailing list