Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e80cd727 by security tracker role at 2023-06-08T08:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,25 @@ +CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- ...) + TODO: check +CVE-2023-34239 (Gradio is an open-source Python library that is used to build machine ...) + TODO: check +CVE-2023-34238 (Gatsby is a free and open source framework based on React. The Gatsby ...) + TODO: check +CVE-2023-33849 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) + TODO: check +CVE-2023-33848 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) + TODO: check +CVE-2023-33847 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) + TODO: check +CVE-2023-33846 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) + TODO: check +CVE-2023-33496 (xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerabili ...) + TODO: check +CVE-2023-2986 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...) + TODO: check +CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 ...) + TODO: check +CVE-2023-2866 (If an attacker can trick an authenticated user into loading a maliciou ...) + TODO: check CVE-2023-3153 [service monitor MAC flow is not rate limited] - ovn <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279 @@ -393,6 +415,7 @@ CVE-2023-34417 - firefox 114.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417 CVE-2023-34416 + {DSA-5421-1 DLA-3448-1} - firefox 114.0-1 - firefox-esr 102.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416 @@ -401,6 +424,7 @@ CVE-2023-34415 - firefox 114.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34415 CVE-2023-34414 + {DSA-5421-1 DLA-3448-1} - firefox 114.0-1 - firefox-esr 102.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34414 @@ -3641,8 +3665,8 @@ CVE-2023-31205 RESERVED CVE-2023-31204 RESERVED -CVE-2023-31200 - RESERVED +CVE-2023-31200 (PTC Vuforia Studio does not require a token; this could allow an atta ...) + TODO: check CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbox(TM) ...) NOT-FOR-US: Intel CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...) @@ -3795,14 +3819,14 @@ CVE-2023-30768 (Improper access control in the Intel(R) Server Board S2600WTT be NOT-FOR-US: Intel CVE-2023-30763 (Heap-based overflow in Intel(R) SoC Watch based software before versio ...) NOT-FOR-US: Intel -CVE-2023-29502 - RESERVED +CVE-2023-29502 (Before importing a project into Vuforia, a user could modify the \u20 ...) + TODO: check CVE-2023-29242 (Improper access control for Intel(R) oneAPI Toolkits before version 20 ...) NOT-FOR-US: Intel -CVE-2023-29168 - RESERVED -CVE-2023-29152 - RESERVED +CVE-2023-29168 (The local Vuforia web application does not support HTTPS, and federate ...) + TODO: check +CVE-2023-29152 (By changing the filename parameter in the request, an attacker could ...) + TODO: check CVE-2023-28822 RESERVED CVE-2023-28745 @@ -3813,10 +3837,10 @@ CVE-2023-28719 RESERVED CVE-2023-28378 RESERVED -CVE-2023-27881 - RESERVED -CVE-2023-24476 - RESERVED +CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality to uplo ...) + TODO: check +CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...) + TODO: check CVE-2023-2270 RESERVED CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...) @@ -3856,12 +3880,12 @@ CVE-2023-31118 RESERVED CVE-2023-31117 RESERVED -CVE-2023-31116 - RESERVED -CVE-2023-31115 - RESERVED -CVE-2023-31114 - RESERVED +CVE-2023-31116 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) + TODO: check +CVE-2023-31115 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) + TODO: check +CVE-2023-31114 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) + TODO: check CVE-2023-31113 RESERVED CVE-2023-31112 @@ -8776,8 +8800,8 @@ CVE-2023-1866 (The YourChannel plugin for WordPress is vulnerable to Cross-Site NOT-FOR-US: YourChannel plugin for WordPress CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) NOT-FOR-US: YourChannel plugin for WordPress -CVE-2023-1864 - RESERVED +CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable ...) + TODO: check CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Eskom Computer Water Metering Software CVE-2023-1862 @@ -9901,8 +9925,8 @@ CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell NOT-FOR-US: Rockwell Automation CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...) - gitlab <unfixed> -CVE-2023-1709 - RESERVED +CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while parsing ...) + TODO: check CVE-2023-29021 RESERVED CVE-2023-29020 (@fastify/passport is a port of passport authentication library for the ...) @@ -18149,7 +18173,7 @@ CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox NOT-FOR-US: Trellix CVE-2023-0977 (A heap-based overflow vulnerability in Trellix Agent (Windows and Linu ...) NOT-FOR-US: Trellix -CVE-2023-0976 (A heap-based overflow vulnerability in TA prior to version 5.7.9 allow ...) +CVE-2023-0976 (A command Injection Vulnerability in TA for mac-OS prior to version 5. ...) TODO: check CVE-2023-0975 (A vulnerability exists in Trellix Agent for Windows version 5.7.8 and ...) NOT-FOR-US: Trellix @@ -20489,10 +20513,10 @@ CVE-2015-10077 (A vulnerability was found in webbuilders-group silverstripe-kapo NOT-FOR-US: Silverstripe CVE-2023-25612 RESERVED -CVE-2023-25177 - RESERVED -CVE-2023-24014 - RESERVED +CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) + TODO: check +CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) + TODO: check CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab <unfixed> CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...) @@ -24271,7 +24295,7 @@ CVE-2023-24331 RESERVED CVE-2023-24330 RESERVED -CVE-2023-24329 (An issue in the urllib.parse component of Python before v3.11 allows a ...) +CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows ...) - python3.11 3.11.4-1 - python3.9 <removed> [bullseye] - python3.9 <no-dsa> (Minor issue) @@ -26805,12 +26829,12 @@ CVE-2023-23484 RESERVED CVE-2023-23483 RESERVED -CVE-2023-23482 - RESERVED -CVE-2023-23481 - RESERVED -CVE-2023-23480 - RESERVED +CVE-2023-23482 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allo ...) + TODO: check +CVE-2023-23481 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...) + TODO: check +CVE-2023-23480 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...) + TODO: check CVE-2023-23479 RESERVED CVE-2023-23478 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e80cd72700067317e88bf998cf07f3d3ef7b6013 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e80cd72700067317e88bf998cf07f3d3ef7b6013 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits