[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 5 21:12:54 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca02008e by security tracker role at 2023-09-05T20:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,72 @@
-CVE-2023-40743 [RCE when untrusted input is passed to getService]
+CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
+	TODO: check
+CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
+	TODO: check
+CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-4480 (Due to an out-of-date dependency in the \u201cFusion File Manager\u201 ...)
+	TODO: check
+CVE-2023-4178 (Authentication Bypass by Spoofing vulnerability in Neutron Neutron Sma ...)
+	TODO: check
+CVE-2023-4034 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-41317 (The Apollo Router is a configurable, high-performance graph router wri ...)
+	TODO: check
+CVE-2023-41108 (TEF portal 2023-07-17 is vulnerable to authenticated remote code execu ...)
+	TODO: check
+CVE-2023-41107 (TEF portal 2023-07-17 is vulnerable to a persistent cross site scripti ...)
+	TODO: check
+CVE-2023-41012 (An issue in China Mobile Communications China Mobile Intelligent Home  ...)
+	TODO: check
+CVE-2023-41009 (File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote a ...)
+	TODO: check
+CVE-2023-40918 (KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unautho ...)
+	TODO: check
+CVE-2023-3616 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability in Bookr ...)
+	TODO: check
+CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Bookreen allows  ...)
+	TODO: check
+CVE-2023-39681 (Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) ...)
+	TODO: check
+CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vulnerabi ...)
+	TODO: check
+CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...)
+	TODO: check
+CVE-2023-39515 (Cacti is an open source operational monitoring and fault management fr ...)
+	TODO: check
+CVE-2023-39514 (Cacti is an open source operational monitoring and fault management fr ...)
+	TODO: check
+CVE-2023-36361 (Audimexee v14.1.7 was discovered to contain a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2023-35124 (An information disclosure vulnerability exists in the OAS Engine confi ...)
+	TODO: check
+CVE-2023-35072 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-35068 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-35065 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-34998 (An authentication bypass vulnerability exists in the OAS Engine functi ...)
+	TODO: check
+CVE-2023-34994 (An improper resource allocation vulnerability exists in the OAS Engine ...)
+	TODO: check
+CVE-2023-34353 (An authentication bypass vulnerability exists in the OAS Engine authen ...)
+	TODO: check
+CVE-2023-34317 (An improper input validation vulnerability exists in the OAS Engine Us ...)
+	TODO: check
+CVE-2023-32615 (A file write vulnerability exists in the OAS Engine configuration func ...)
+	TODO: check
+CVE-2023-32271 (An information disclosure vulnerability exists in the OAS Engine confi ...)
+	TODO: check
+CVE-2023-32086
+	REJECTED
+CVE-2023-31242 (An authentication bypass vulnerability exists in the OAS Engine functi ...)
+	TODO: check
+CVE-2023-2453 (There is insufficient sanitization of tainted file names that are dire ...)
+	TODO: check
+CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...)
 	- axis <unfixed> (bug #1051288)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1
 	NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210
@@ -56250,10 +56318,10 @@ CVE-2023-20900 (VMware Tools contains a SAML token signature bypass vulnerabilit
 	NOTE: Fixed by: https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16 (stable-12.3.0)
 CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass authentication vulnerability. A ...)
 	NOT-FOR-US: VMware
-CVE-2023-20898
-	RESERVED
-CVE-2023-20897
-	RESERVED
+CVE-2023-20898 (Git Providers can read from the wrong environment because they get the ...)
+	TODO: check
+CVE-2023-20897 (Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. ...)
+	TODO: check
 CVE-2023-20896 (The VMware vCenter Server contains an out-of-bounds read vulnerability ...)
 	NOT-FOR-US: VMware
 CVE-2023-20895 (The VMware vCenter Server contains a memory corruption vulnerability i ...)
@@ -65940,8 +66008,8 @@ CVE-2022-41765 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836892
 CVE-2022-41764
 	RESERVED
-CVE-2022-41763
-	RESERVED
+CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exi ...)
+	TODO: check
 CVE-2022-41762
 	RESERVED
 CVE-2022-41761
@@ -143446,8 +143514,8 @@ CVE-2021-40548
 	RESERVED
 CVE-2021-40547
 	RESERVED
-CVE-2021-40546
-	RESERVED
+CVE-2021-40546 (Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have ...)
+	TODO: check
 CVE-2021-40545
 	RESERVED
 CVE-2021-40544
@@ -194249,8 +194317,8 @@ CVE-2020-35595
 	RESERVED
 CVE-2020-35594 (Zoho ManageEngine ADManager Plus before 7066 allows XSS.)
 	NOT-FOR-US: Zoho ManageEngine
-CVE-2020-35593
-	RESERVED
+CVE-2020-35593 (BMC PATROL Agent through 20.08.00 allows local privilege escalation vi ...)
+	TODO: check
 CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...)
 	NOT-FOR-US: Pi-hole
 CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...)
@@ -252230,8 +252298,8 @@ CVE-2020-10130
 	RESERVED
 CVE-2020-10129
 	RESERVED
-CVE-2020-10128
-	RESERVED
+CVE-2020-10128 (SearchBlox product with version before 9.2.1 is vulnerable to stored c ...)
+	TODO: check
 CVE-2020-10127
 	RESERVED
 CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate  ...)
@@ -413152,8 +413220,8 @@ CVE-2017-9454 (Buffer overflow in the ares_parse_a_reply function in the embedde
 	NOTE: https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df
 	NOTE: Fixed sourcewise in 1:1.11.0~beta4-1 but unimportant since uses the
 	NOTE: system library.
-CVE-2017-9453
-	RESERVED
+CVE-2017-9453 (BMC Server Automation before 8.9.01 patch 1 allows Process Spawner com ...)
+	TODO: check
 CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0  ...)
 	- piwigo <removed>
 CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in fla ...)
@@ -490442,10 +490510,10 @@ CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2015-1/
 CVE-2015-2205
 	RESERVED
-CVE-2015-2202
-	RESERVED
-CVE-2015-2201
-	RESERVED
+CVE-2015-2202 (Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrati ...)
+	TODO: check
+CVE-2015-2201 (Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF rem ...)
+	TODO: check
 CVE-2015-2200
 	RESERVED
 CVE-2015-2199 (Multiple SQL injection vulnerabilities in the WonderPlugin Audio Playe ...)
@@ -492965,10 +493033,10 @@ CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.
 	NOT-FOR-US: WordPress plugin photo-gallery
 CVE-2015-1392 (Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Pol ...)
 	NOT-FOR-US: Aruba Networks CPPM
-CVE-2015-1391
-	RESERVED
-CVE-2015-1390
-	RESERVED
+CVE-2015-1391 (Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanis ...)
+	TODO: check
+CVE-2015-1390 (Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator ...)
+	TODO: check
 CVE-2015-1389 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass P ...)
 	NOT-FOR-US: Aruba Networks CPPM
 CVE-2015-1388 (The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca02008e4313e802a0298a27239380666325d9fa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca02008e4313e802a0298a27239380666325d9fa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230905/9e51ac79/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list