[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 8 09:15:20 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dfb52da9 by security tracker role at 2023-09-08T08:15:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2023-41775 (Improper access control vulnerability in 'direct' Desktop App for macO ...)
+	TODO: check
+CVE-2023-41646 (Buttercup v2.20.3 allows attackers to obtain the hash of the master pa ...)
+	TODO: check
+CVE-2023-41615 (Zoo Management System v1.0 was discovered to contain multiple SQL inje ...)
+	TODO: check
+CVE-2023-41594 (Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discove ...)
+	TODO: check
+CVE-2023-41161 (Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin  ...)
+	TODO: check
+CVE-2023-40953 (icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).)
+	TODO: check
+CVE-2023-40584 (Argo CD is a declarative continuous deployment for Kubernetes. All ver ...)
+	TODO: check
+CVE-2023-40353 (An issue was discovered in Exynos Mobile Processor 980 and 2100. An in ...)
+	TODO: check
+CVE-2023-40271 (In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate ...)
+	TODO: check
+CVE-2023-40029 (Argo CD is a declarative continuous deployment for Kubernetes. Argo CD ...)
+	TODO: check
+CVE-2023-39620 (An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru  ...)
+	TODO: check
+CVE-2023-37759 (Incorrect access control in the User Registration page of Crypto Curre ...)
+	TODO: check
+CVE-2023-37377 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...)
+	TODO: check
+CVE-2023-37368 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
+	TODO: check
+CVE-2023-37367 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...)
+	TODO: check
+CVE-2023-36184 (CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack o ...)
+	TODO: check
+CVE-2023-34041 (Cloud foundry routing release versions prior to 0.278.0 are vulnerable ...)
+	TODO: check
+CVE-2023-32470 (Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure O ...)
+	TODO: check
 CVE-2023-4685 (Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0. ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2023-4528 (Unsafe deserialization in JSCAPE MFT Server versions prior to2023.1.9  ...)
@@ -1805,7 +1841,7 @@ CVE-2023-38288
 	REJECTED
 CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...)
 	NOT-FOR-US: Samsung
-CVE-2023-35785 (Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA byp ...)
+CVE-2023-35785 (Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudi ...)
 	NOT-FOR-US: Zoho
 CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementa ...)
 	NOT-FOR-US: Slive
@@ -8986,7 +9022,7 @@ CVE-2023-36933 (In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (
 	NOT-FOR-US: Progress MOVEit Transfer
 CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0 ...)
 	NOT-FOR-US: Progress MOVEit Transfer
-CVE-2023-36665 (protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 allows Pr ...)
+CVE-2023-36665 ("protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows P ...)
 	NOT-FOR-US: protobuf.js
 CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated o ...)
 	NOT-FOR-US: Loxone Miniserver Go
@@ -12606,7 +12642,7 @@ CVE-2023-33551 (Heap Buffer Overflow in the erofsfsck_dirent_iter function in fs
 	[bullseye] - erofs-utils <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/lometsj/blog_repo/issues/2
 	NOTE: Proposed fix: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?h=experimental&id=27aeef179bf17d5f1d98f827e93d24839a6d4176
-CVE-2023-33546 (janino 3.1.9 and earlier are subject to denial of service (DOS) attack ...)
+CVE-2023-33546 (Janino 3.1.9 and earlier are subject to denial of service (DOS) attack ...)
 	- janino <unfixed>
 	[bookworm] - janino <no-dsa> (Minor issue)
 	[bullseye] - janino <no-dsa> (Minor issue)
@@ -16439,8 +16475,8 @@ CVE-2023-30910
 	RESERVED
 CVE-2023-30909
 	RESERVED
-CVE-2023-30908
-	RESERVED
+CVE-2023-30908 (Potential security vulnerabilities have been identified in Hewlett Pac ...)
+	TODO: check
 CVE-2023-30907
 	RESERVED
 CVE-2023-30906 (The vulnerability could be locally exploited to allow escalation of pr ...)
@@ -106265,8 +106301,8 @@ CVE-2022-27601
 	RESERVED
 CVE-2022-27600
 	RESERVED
-CVE-2022-27599
-	RESERVED
+CVE-2022-27599 (An insertion of sensitive information into Log file vulnerability has  ...)
+	TODO: check
 CVE-2022-27598 (A vulnerability has been reported to affect QNAP operating systems. If ...)
 	NOT-FOR-US: QNAP
 CVE-2022-27597 (A vulnerability has been reported to affect QNAP operating systems. If ...)
@@ -124836,8 +124872,8 @@ CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (X
 	NOT-FOR-US: SLICAN WebCTI
 CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site  ...)
 	NOT-FOR-US: NUUO Network Video Recorder NVRsolo
-CVE-2021-45811
-	RESERVED
+CVE-2021-45811 (A SQL injection vulnerability in the "Search" functionality of "ticket ...)
+	TODO: check
 CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by incorre ...)
 	NOT-FOR-US: GlobalProtect-openconnect
 CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected by inco ...)
@@ -160656,8 +160692,8 @@ CVE-2021-33836
 	RESERVED
 CVE-2021-33835
 	RESERVED
-CVE-2021-33834
-	RESERVED
+CVE-2021-33834 (An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6. ...)
+	TODO: check
 CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...)
 	{DLA-2915-1}
 	- connman 1.36-2.2 (bug #989662)
@@ -177027,8 +177063,8 @@ CVE-2021-27717
 	RESERVED
 CVE-2021-27716
 	RESERVED
-CVE-2021-27715
-	RESERVED
+CVE-2021-27715 (An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet ...)
+	TODO: check
 CVE-2021-27714
 	RESERVED
 CVE-2021-27713
@@ -508583,8 +508619,8 @@ CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote a
 	NOT-FOR-US: Aflax
 CVE-2014-5330 (Cross-site scripting (XSS) vulnerability in BirdBlog allows remote att ...)
 	NOT-FOR-US: BirdBlog
-CVE-2014-5329
-	RESERVED
+CVE-2014-5329 (GIGAPOD file servers (Appliance model and Software model) provide two  ...)
+	TODO: check
 CVE-2014-5328 (Buffer overflow in the Webserver component on the Huawei E5332 router  ...)
 	NOT-FOR-US: Huawei router
 CVE-2014-5327 (Buffer overflow in the Webserver component on the Huawei E5332 router  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfb52da936c5e1595e41808d22052cc3d343b5ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfb52da936c5e1595e41808d22052cc3d343b5ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230908/b123bcb7/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list