[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 7 21:20:55 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23fc7645 by security tracker role at 2023-09-07T20:20:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-4685 (Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0. ...)
+ TODO: check
+CVE-2023-4528 (Unsafe deserialization in JSCAPE MFT Server versions prior to2023.1.9 ...)
+ TODO: check
+CVE-2023-41316 (Tolgee is an open-source localization platform. Due to lack of validat ...)
+ TODO: check
+CVE-2023-41064 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-41061 (A validation issue was addressed with improved logic. This issue is fi ...)
+ TODO: check
+CVE-2023-40942 (Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow ...)
+ TODO: check
+CVE-2023-40060 (A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix ...)
+ TODO: check
+CVE-2023-3747 (Zero Trust Administrators have the ability to disallow end users from ...)
+ TODO: check
+CVE-2023-39711 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
+ TODO: check
+CVE-2023-39424 (A vulnerability inRDPngFileUpload.dll, as used in theIRM Next Generati ...)
+ TODO: check
+CVE-2023-39423 (The RDPData.dll file exposes the/irmdata/api/common endpoint that hand ...)
+ TODO: check
+CVE-2023-39422 (The/irmdata/api/ endpoints exposed by theIRM Next Generation booking e ...)
+ TODO: check
+CVE-2023-39421 (The RDPWin.dll component as used in the IRM Next Generation booking en ...)
+ TODO: check
+CVE-2023-39420 (The RDPCore.dll component as used in the IRM Next Generation booking e ...)
+ TODO: check
+CVE-2023-37798 (A stored cross-site scripting (XSS) vulnerability in the new REDCap pr ...)
+ TODO: check
+CVE-2023-36635 (An improper access control in Fortinet FortiSwitchManager version 7.2. ...)
+ TODO: check
CVE-2023-4815 (Missing Authentication for Critical Function in GitHub repository answ ...)
NOT-FOR-US: answerdev/answer
CVE-2023-4792 (The Duplicate Post Page Menu & Custom Post Type plugin for WordPress i ...)
@@ -255,15 +287,19 @@ CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DE
NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/
NOTE: https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed
CVE-2023-4764 (Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845. ...)
+ {DSA-5491-1}
- chromium 116.0.5845.180-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4763 (Use after free in Networks in Google Chrome prior to 116.0.5845.179 al ...)
+ {DSA-5491-1}
- chromium 116.0.5845.180-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4762 (Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed ...)
+ {DSA-5491-1}
- chromium 116.0.5845.180-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4761 (Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5 ...)
+ {DSA-5491-1}
- chromium 116.0.5845.180-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -568,6 +604,7 @@ CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPress th ...)
NOT-FOR-US: WordPress theme
CVE-2023-41164
+ {DLA-3558-1}
- python-django 3:3.2.21-1 (bug #1051226)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1
NOTE: https://www.djangoproject.com/weblog/2023/sep/04/security-releases/
@@ -2399,6 +2436,7 @@ CVE-2023-36281 (An issue in langchain v.0.0.171 allows a remote attacker to exec
CVE-2023-34853 (Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b ...)
NOT-FOR-US: Supermicro motherboard X12DPG-QR
CVE-2022-48571 (memcached 1.6.7 allows a Denial of Service via multi-packet uploads in ...)
+ {DLA-3557-1}
- memcached 1.6.8+dfsg-1
NOTE: Fixed by: https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966 (1.6.8)
CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA signature ...)
@@ -16705,8 +16743,8 @@ CVE-2023-30802
RESERVED
CVE-2023-30801
RESERVED
-CVE-2023-30800
- RESERVED
+CVE-2023-30800 (The web server used by MikroTik RouterOS version 6 is affected by a he ...)
+ TODO: check
CVE-2023-30799 (MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 ar ...)
NOT-FOR-US: MikroTik RouterOS
CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python framework bef ...)
@@ -59688,10 +59726,10 @@ CVE-2023-20196
RESERVED
CVE-2023-20195
RESERVED
-CVE-2023-20194
- RESERVED
-CVE-2023-20193
- RESERVED
+CVE-2023-20194 (A vulnerability in the ERS API of Cisco ISE could allow an authenticat ...)
+ TODO: check
+CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco ISE coul ...)
+ TODO: check
CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...)
NOT-FOR-US: Cisco
CVE-2023-20191
@@ -96962,26 +97000,26 @@ CVE-2022-30648 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and
NOT-FOR-US: Adobe
CVE-2022-30647 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
NOT-FOR-US: Adobe
-CVE-2022-30646
- RESERVED
-CVE-2022-30645
- RESERVED
-CVE-2022-30644
- RESERVED
-CVE-2022-30643
- RESERVED
-CVE-2022-30642
- RESERVED
-CVE-2022-30641
- RESERVED
-CVE-2022-30640
- RESERVED
-CVE-2022-30639
- RESERVED
-CVE-2022-30638
- RESERVED
-CVE-2022-30637
- RESERVED
+CVE-2022-30646 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30645 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30644 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30643 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30642 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30641 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30640 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30639 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30638 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
+CVE-2022-30637 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...)
+ TODO: check
CVE-2022-30636
RESERVED
CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.1 ...)
@@ -130606,22 +130644,22 @@ CVE-2021-4013
RESERVED
CVE-2021-4012
RESERVED
-CVE-2021-44195
- RESERVED
-CVE-2021-44194
- RESERVED
-CVE-2021-44193
- RESERVED
-CVE-2021-44192
- RESERVED
-CVE-2021-44191
- RESERVED
-CVE-2021-44190
- RESERVED
-CVE-2021-44189
- RESERVED
-CVE-2021-44188
- RESERVED
+CVE-2021-44195 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
+CVE-2021-44194 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
+CVE-2021-44193 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
+CVE-2021-44192 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
+CVE-2021-44191 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
+CVE-2021-44190 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
+CVE-2021-44189 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
+CVE-2021-44188 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
CVE-2021-44187 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
NOT-FOR-US: Adobe
CVE-2021-44186 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
@@ -133097,12 +133135,12 @@ CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and
NOT-FOR-US: Adobe
CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by an Out-of-bo ...)
NOT-FOR-US: Adobe
-CVE-2021-43753
- RESERVED
+CVE-2021-43753 (Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after ...)
+ TODO: check
CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
NOT-FOR-US: Adobe
-CVE-2021-43751
- RESERVED
+CVE-2021-43751 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...)
+ TODO: check
CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
NOT-FOR-US: Adobe
CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
@@ -136215,8 +136253,8 @@ CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by
NOT-FOR-US: Adobe
CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
NOT-FOR-US: Adobe
-CVE-2021-43027
- RESERVED
+CVE-2021-43027 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
+ TODO: check
CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
NOT-FOR-US: Adobe
CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
@@ -136233,8 +136271,8 @@ CVE-2021-43020
RESERVED
CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...)
NOT-FOR-US: Adobe
-CVE-2021-43018
- RESERVED
+CVE-2021-43018 (Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected ...)
+ TODO: check
CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...)
NOT-FOR-US: Adobe
CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer ...)
@@ -136951,8 +136989,8 @@ CVE-2021-42736
RESERVED
CVE-2021-42735 (Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by ...)
NOT-FOR-US: Adobe
-CVE-2021-42734
- RESERVED
+CVE-2021-42734 (Adobe Photoshop version 22.5.1 and earlierversionsare affected by an o ...)
+ TODO: check
CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...)
NOT-FOR-US: Adobe
CVE-2021-42732 (Access of Memory Location After End of Buffer (CWE-788))
@@ -139426,8 +139464,8 @@ CVE-2021-42267 (Adobe Animate version 21.0.9 (and earlier) is affected by a memo
NOT-FOR-US: Adobe
CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
NOT-FOR-US: Adobe
-CVE-2021-42265
- RESERVED
+CVE-2021-42265 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...)
+ TODO: check
CVE-2021-42264 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...)
NOT-FOR-US: Adobe
CVE-2021-42263 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...)
@@ -143245,18 +143283,18 @@ CVE-2021-40797 (An issue was discovered in the routes middleware in OpenStack Ne
NOTE: and so serves the requests and stops the process.
CVE-2021-40796 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...)
NOT-FOR-US: Adobe
-CVE-2021-40795
- RESERVED
+CVE-2021-40795 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...)
+ TODO: check
CVE-2021-40794 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...)
NOT-FOR-US: Adobe
CVE-2021-40793 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...)
NOT-FOR-US: Adobe
CVE-2021-40792 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...)
NOT-FOR-US: Adobe
-CVE-2021-40791
- RESERVED
-CVE-2021-40790
- RESERVED
+CVE-2021-40791 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...)
+ TODO: check
+CVE-2021-40790 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...)
+ TODO: check
CVE-2021-40789 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
NOT-FOR-US: Adobe
CVE-2021-40788 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...)
@@ -143394,8 +143432,8 @@ CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
NOT-FOR-US: Adobe
CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...)
NOT-FOR-US: Adobe
-CVE-2021-40723
- RESERVED
+CVE-2021-40723 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ TODO: check
CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and bel ...)
NOT-FOR-US: Adobe
CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a reflected ...)
@@ -143447,10 +143485,10 @@ CVE-2021-40701 (Adobe Premiere Elements version 2021.2235820 (and earlier) is af
NOT-FOR-US: Adobe
CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
NOT-FOR-US: Adobe
-CVE-2021-40699
- RESERVED
-CVE-2021-40698
- RESERVED
+CVE-2021-40699 (ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (a ...)
+ TODO: check
+CVE-2021-40698 (ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (a ...)
+ TODO: check
CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
NOT-FOR-US: Adobe
CVE-2021-40696
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23fc7645fbf1275676b48b760ac1a65bdc5b79cb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23fc7645fbf1275676b48b760ac1a65bdc5b79cb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230907/99bf7bfb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list