Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc1bff55 by security tracker role at 2023-06-14T08:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,135 @@
+CVE-2023-3238 (A vulnerability, which was classified as critical, has been
found in O ...)
+ TODO: check
+CVE-2023-3237 (A vulnerability classified as critical was found in OTCMS up to
6.62. ...)
+ TODO: check
+CVE-2023-3236 (A vulnerability classified as critical has been found in mccms
up to 2 ...)
+ TODO: check
+CVE-2023-3235 (A vulnerability was found in mccms up to 2.6.5. It has been
rated as c ...)
+ TODO: check
+CVE-2023-3234 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It
has been ...)
+ TODO: check
+CVE-2023-3233 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It
has been ...)
+ TODO: check
+CVE-2023-3232 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and
classifi ...)
+ TODO: check
+CVE-2023-3231 (A vulnerability has been found in UJCMS up to 6.0.2 and
classified as ...)
+ TODO: check
+CVE-2023-3230 (Missing Authorization in GitHub repository
fossbilling/fossbilling pri ...)
+ TODO: check
+CVE-2023-3229 (Business Logic Errors in GitHub repository
fossbilling/fossbilling pri ...)
+ TODO: check
+CVE-2023-3228 (Business Logic Errors in GitHub repository
fossbilling/fossbilling pri ...)
+ TODO: check
+CVE-2023-3227 (Insufficient Granularity of Access Control in GitHub repository
fossbi ...)
+ TODO: check
+CVE-2023-3203 (The MStore API plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2023-3201 (The MStore API plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2023-3200 (The MStore API plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2023-3198 (The MStore API plugin for WordPress is vulnerable to Cross-Site
Reques ...)
+ TODO: check
+CVE-2023-3189 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2023-3001 (A CWE-502: Deserialization of Untrusted Data vulnerability
exists in t ...)
+ TODO: check
+CVE-2023-34944 (An arbitrary file upload vulnerability in the
/fileUpload.lib.php comp ...)
+ TODO: check
+CVE-2023-34537 (A Reflected XSS was discovered in HotelDruid version 3.0.5, an
attacke ...)
+ TODO: check
+CVE-2023-34396 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2023-34250 (Discourse is an open source discussion platform. Prior to
version 3.0. ...)
+ TODO: check
+CVE-2023-34149 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure
inWooCommerce Str ...)
+ TODO: check
+CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection
vulnerabil ...)
+ TODO: check
+CVE-2023-33146 (Microsoft Office Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33145 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2023-33144 (Visual Studio Code Spoofing Vulnerability)
+ TODO: check
+CVE-2023-33142 (Microsoft SharePoint Server Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-33140 (Microsoft OneNote Spoofing Vulnerability)
+ TODO: check
+CVE-2023-33139 (Visual Studio Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-33137 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33135 (.NET and Visual Studio Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-33133 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33132 (Microsoft SharePoint Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-33131 (Microsoft Outlook Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33130 (Microsoft SharePoint Server Spoofing Vulnerability)
+ TODO: check
+CVE-2023-33129 (Microsoft SharePoint Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-33128 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-33126 (.NET and Visual Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-32301 (Discourse is an open source discussion platform. Prior to
version 3.0. ...)
+ TODO: check
+CVE-2023-32061 (Discourse is an open source discussion platform. Prior to
version 3.0. ...)
+ TODO: check
+CVE-2023-32032 (.NET and Visual Studio Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-32029 (Microsoft Excel Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-32022 (<div data-wrapper="true" style="font-family:'Segoe
UI','Helvetica Neue ...)
+ TODO: check
+CVE-2023-32021 (Windows SMB Witness Service Security Feature Bypass
Vulnerability)
+ TODO: check
+CVE-2023-32020 (Windows DNS Spoofing Vulnerability)
+ TODO: check
+CVE-2023-32019 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-32018 (Windows Hello Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-32017 (Microsoft PostScript Printer Driver Remote Code Execution
Vulnerabilit ...)
+ TODO: check
+CVE-2023-32016 (Windows Installer Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-32015 (Windows Pragmatic General Multicast (PGM) Remote Code
Execution Vulner ...)
+ TODO: check
+CVE-2023-32014 (Windows Pragmatic General Multicast (PGM) Remote Code
Execution Vulner ...)
+ TODO: check
+CVE-2023-32013 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-32012 (Windows Container Manager Service Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-32011 (Windows iSCSI Discovery Service Denial of Service
Vulnerability)
+ TODO: check
+CVE-2023-32010 (Windows Bus Filter Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-32009 (Windows Collaborative Translation Framework Elevation of
Privilege Vul ...)
+ TODO: check
+CVE-2023-32008 (Windows Resilient File System (ReFS) Remote Code Execution
Vulnerabili ...)
+ TODO: check
+CVE-2023-2778 (A denial-of-service vulnerability exists in Rockwell Automation
Factor ...)
+ TODO: check
+CVE-2023-2639 (The underlying feedback mechanism of Rockwell
Automation'sFactoryTal ...)
+ TODO: check
+CVE-2023-2638 (Rockwell Automation's FactoryTalk System Services does not
verify that ...)
+ TODO: check
+CVE-2023-2637 (Rockwell Automation's FactoryTalk System Services uses a
hard-coded cr ...)
+ TODO: check
+CVE-2023-2570 (A CWE-129: Improper Validation of Array Index vulnerability
exists tha ...)
+ TODO: check
+CVE-2023-2569 (A CWE-787: Out-of-Bounds Write vulnerability exists that could
cause l ...)
+ TODO: check
CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.)
NOT-FOR-US: Nuxt
CVE-2023-3218 (Race Condition within a Thread in GitHub repository
it-novum/openitcoc ...)
@@ -4215,8 +4347,8 @@ CVE-2023-31144 (Craft CMS is a content management system.
Starting in version 3.
NOT-FOR-US: Craft CMS
CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming
and inte ...)
NOT-FOR-US: mage-ai
-CVE-2023-31142
- RESERVED
+CVE-2023-31142 (Discourse is an open source discussion platform. Prior to
version 3.0. ...)
+ TODO: check
CVE-2023-31141 (OpenSearch is open-source software suite for search,
analytics, and ob ...)
NOT-FOR-US: OpenSearch
CVE-2023-31140 (OpenProject is open source project management software.
Starting with ...)
@@ -5805,8 +5937,8 @@ CVE-2023-30633
RESERVED
CVE-2023-30632
RESERVED
-CVE-2023-30631
- RESERVED
+CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software
Foundation ...)
+ TODO: check
CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local
file. This ...)
- dmidecode <unfixed> (bug #1034483)
[bookworm] - dmidecode <no-dsa> (Minor issue)
@@ -9316,52 +9448,52 @@ CVE-2023-29375 (An issue was discovered in Progress
Sitefinity 13.3 before 13.3.
NOT-FOR-US: Progress Sitefinity
CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows
prompt inj ...)
NOT-FOR-US: LangChain
-CVE-2023-29373
- RESERVED
-CVE-2023-29372
- RESERVED
-CVE-2023-29371
- RESERVED
-CVE-2023-29370
- RESERVED
-CVE-2023-29369
- RESERVED
-CVE-2023-29368
- RESERVED
-CVE-2023-29367
- RESERVED
-CVE-2023-29366
- RESERVED
-CVE-2023-29365
- RESERVED
-CVE-2023-29364
- RESERVED
-CVE-2023-29363
- RESERVED
-CVE-2023-29362
- RESERVED
-CVE-2023-29361
- RESERVED
-CVE-2023-29360
- RESERVED
-CVE-2023-29359
- RESERVED
-CVE-2023-29358
- RESERVED
-CVE-2023-29357
- RESERVED
+CVE-2023-29373 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29372 (Microsoft WDAC OLE DB provider for SQL Server Remote Code
Execution Vu ...)
+ TODO: check
+CVE-2023-29371 (Windows GDI Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29370 (Windows Media Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29369 (Remote Procedure Call Runtime Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-29368 (Windows Filtering Platform Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-29367 (iSCSI Target WMI Provider Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29366 (Windows Geolocation Service Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2023-29365 (Windows Media Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29364 (Windows Authentication Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29363 (Windows Pragmatic General Multicast (PGM) Remote Code
Execution Vulner ...)
+ TODO: check
+CVE-2023-29362 (Remote Desktop Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-29361 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2023-29360 (Windows TPM Device Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29359 (GDI Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29358 (Windows GDI Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-29357 (Microsoft SharePoint Server Elevation of Privilege
Vulnerability)
+ TODO: check
CVE-2023-29356
RESERVED
-CVE-2023-29355
- RESERVED
+CVE-2023-29355 (DHCP Server Service Information Disclosure Vulnerability)
+ TODO: check
CVE-2023-29354 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-29353
- RESERVED
-CVE-2023-29352
- RESERVED
-CVE-2023-29351
- RESERVED
+CVE-2023-29353 (Sysinternals Process Monitor for Windows Denial of Service
Vulnerabili ...)
+ TODO: check
+CVE-2023-29352 (Windows Remote Desktop Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-29351 (Windows Group Policy Elevation of Privilege Vulnerability)
+ TODO: check
CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29349
@@ -9370,8 +9502,8 @@ CVE-2023-29348
RESERVED
CVE-2023-29347
RESERVED
-CVE-2023-29346
- RESERVED
+CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability)
+ TODO: check
CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
@@ -15732,6 +15864,7 @@ CVE-2023-27478 (libmemcached-awesome is an open source
C/C++ client library and
CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly.
Wasmtime's code ...)
NOT-FOR-US: wasmtime
CVE-2023-27476 (OWSLib is a Python package for client programming with Open
Geospatial ...)
+ {DSA-5426-1}
[experimental] - owslib 0.28.1-1~exp1
- owslib 0.27.2-3 (bug #1034182)
NOTE:
https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063
(0.29.0)
@@ -16401,8 +16534,8 @@ CVE-2023-1051 (Improper Neutralization of Input During
Web Page Generation ('Cro
NOT-FOR-US: Web Report System
CVE-2023-1050 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Web Report System
-CVE-2023-1049
- RESERVED
+CVE-2023-1049 (A CWE-94: Improper Control of Generation of Code ('Code
Injection') vu ...)
+ TODO: check
CVE-2023-XXXX [RUSTSEC-2023-0015]
- rust-ascii 0.9.3-1
[bullseye] - rust-ascii <no-dsa> (Minor issue)
@@ -20230,8 +20363,8 @@ CVE-2023-0839 (Improper Protection for Outbound Error
Messages and Alert Signals
NOT-FOR-US: ProMIS Process Co. InSCADA
CVE-2023-0838 (An issue has been discovered in GitLab affecting versions
starting fro ...)
- gitlab 15.10.8+ds1-2
-CVE-2023-0837
- RESERVED
+CVE-2023-0837 (An improper authorization check of local device settings in
TeamViewe ...)
+ TODO: check
CVE-2023-25780 (It is identified a vulnerability of insufficient
authentication in an ...)
NOT-FOR-US: Intel
CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC
firmware b ...)
@@ -22855,10 +22988,10 @@ CVE-2023-24940 (Windows Pragmatic General Multicast
(PGM) Denial of Service Vuln
NOT-FOR-US: Microsoft
CVE-2023-24939 (Server for NFS Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-24938
- RESERVED
-CVE-2023-24937
- RESERVED
+CVE-2023-24938 (Windows CryptoAPI Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-24937 (Windows CryptoAPI Denial of Service Vulnerability)
+ TODO: check
CVE-2023-24936
RESERVED
CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
@@ -24014,8 +24147,8 @@ CVE-2023-24548
RESERVED
CVE-2023-24547
RESERVED
-CVE-2023-24546
- RESERVED
+CVE-2023-24546 (On affected versions of the CloudVision Portal improper access
control ...)
+ TODO: check
CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the
Software ...)
NOT-FOR-US: Arista
CVE-2023-0517
@@ -24443,10 +24576,10 @@ CVE-2022-4896
RESERVED
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize
user inpu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24470
- RESERVED
-CVE-2023-24469
- RESERVED
+CVE-2023-24470 (Potential XML External Entity Injection in ArcSight Logger
versions pr ...)
+ TODO: check
+CVE-2023-24469 (Potential Cross-Site Scripting in ArcSight Logger versions
prior to 7. ...)
+ TODO: check
CVE-2023-24468 (Broken access control in Advanced Authentication versions
prior to 6.4 ...)
NOT-FOR-US: NetIQ
CVE-2023-24467
@@ -30290,7 +30423,7 @@ CVE-2023-22612 (An issue was discovered in IhisiSmm in
Insyde InsydeH2O with ker
NOT-FOR-US: Insyde
CVE-2023-22611 (A CWE-200: Exposure of Sensitive Information to an
Unauthorized Actor ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
-CVE-2023-22610 (A CWE-285: Improper Authorization vulnerability exists that
could caus ...)
+CVE-2023-22610 (A CWE-863: Incorrect Authorization vulnerability exists that
could cau ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
CVE-2023-22609
REJECTED
@@ -35745,8 +35878,8 @@ CVE-2022-47186
RESERVED
CVE-2022-47185
RESERVED
-CVE-2022-47184
- RESERVED
+CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP
Extra Blo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47182
@@ -38190,16 +38323,16 @@ CVE-2023-21571 (Microsoft Dynamics 365 (on-premises)
Cross-site Scripting Vulner
NOT-FOR-US: Microsoft
CVE-2023-21570 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2023-21569
- RESERVED
+CVE-2023-21569 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
CVE-2023-21568 (Microsoft SQL Server Integration Service (VS extension) Remote
Code Ex ...)
NOT-FOR-US: Microsoft
CVE-2023-21567 (Visual Studio Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21566 (Visual Studio Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-21565
- RESERVED
+CVE-2023-21565 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
CVE-2023-21564 (Azure DevOps Server Cross-Site Scripting Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability)
@@ -55951,7 +56084,7 @@ CVE-2022-41121 (Windows Graphics Component Elevation of
Privilege Vulnerability.
NOT-FOR-US: Microsoft
CVE-2022-41120 (Microsoft Windows System Monitor (Sysmon) Elevation of
Privilege Vulne ...)
NOT-FOR-US: Microsoft
-CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability.)
+CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41118 (Windows Scripting Languages Remote Code Execution
Vulnerability)
NOT-FOR-US: Microsoft
@@ -56019,7 +56152,7 @@ CVE-2022-41087
RESERVED
CVE-2022-41086 (Windows Group Policy Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41085 (Azure CycleCloud Elevation of Privilege Vulnerability.)
+CVE-2022-41085 (Azure CycleCloud Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41084
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc1bff55e16a5167e787c5fdc2050b7bd4d924c2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc1bff55e16a5167e787c5fdc2050b7bd4d924c2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
