Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
acc4ad7c by security tracker role at 2023-06-14T20:12:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,24 +1,110 @@
-CVE-2023-35149
+CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as
proble ...)
+ TODO: check
+CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and
classified as p ...)
+ TODO: check
+CVE-2023-3239 (A vulnerability, which was classified as problematic, was found
in OTC ...)
+ TODO: check
+CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id
3ef949 ...)
+ TODO: check
+CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts
prior t ...)
+ TODO: check
+CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows
attackers ...)
+ TODO: check
+CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to
cause a d ...)
+ TODO: check
+CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to
gain sensi ...)
+ TODO: check
+CVE-2023-34868 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an
Assertio ...)
+ TODO: check
+CVE-2023-34867 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an
Assertio ...)
+ TODO: check
+CVE-2023-34865 (Directory traversal vulnerability in ujcms 6.0.2 allows
attackers to m ...)
+ TODO: check
+CVE-2023-34824 (fdkaac before 1.0.5 was discovered to contain a heap buffer
overflow i ...)
+ TODO: check
+CVE-2023-34823 (fdkaac before 1.0.5 was discovered to contain a stack overflow
in read ...)
+ TODO: check
+CVE-2023-34756 (bloofox v0.5.2.1 was discovered to contain a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2023-34755 (bloofox v0.5.2.1 was discovered to contain a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2023-34754 (bloofox v0.5.2.1 was discovered to contain a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2023-34753 (bloofox v0.5.2.1 was discovered to contain a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2023-34752 (bloofox v0.5.2.1 was discovered to contain a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2023-34751 (bloofox v0.5.2.1 was discovered to contain a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2023-34750 (bloofox v0.5.2.1 was discovered to contain a SQL injection
vulnerabili ...)
+ TODO: check
+CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via
/api/backend/core/web-fil ...)
+ TODO: check
+CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows
attackers to ca ...)
+ TODO: check
+CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to
cause a de ...)
+ TODO: check
+CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to
cause a d ...)
+ TODO: check
+CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to
cause a de ...)
+ TODO: check
+CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to
cause a ...)
+ TODO: check
+CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to
cause a ...)
+ TODO: check
+CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows
attackers to ...)
+ TODO: check
+CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to
cause a de ...)
+ TODO: check
+CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to
cause a ...)
+ TODO: check
+CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to
cause a d ...)
+ TODO: check
+CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers
to cause ...)
+ TODO: check
+CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to
cause a ...)
+ TODO: check
+CVE-2023-34585
+ REJECTED
+CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.)
+ TODO: check
+CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking
attack. The v ...)
+ TODO: check
+CVE-2023-34101 (Contiki-NG is an operating system for internet of things
devices. In v ...)
+ TODO: check
+CVE-2023-32465 (Dell Power Protect Cyber Recovery, contains an Authentication
Bypass v ...)
+ TODO: check
+CVE-2023-32031 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-32030 (.NET and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-32024 (Microsoft Power Apps Spoofing Vulnerability)
+ TODO: check
+CVE-2023-31671 (PrestaShop postfinance <= 17.1.13 is vulnerable to SQL
Injection via P ...)
+ TODO: check
+CVE-2023-2976 (Use of Java's default temporary directory for file creation in
`FileBa ...)
+ TODO: check
+CVE-2023-35149 (A missing permission check in Jenkins Digital.ai App
Management Publis ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35148
+CVE-2023-35148 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Digital.a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35147
+CVE-2023-35147 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does
not rest ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35146
+CVE-2023-35146 (Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and
earlier does ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35145
+CVE-2023-35145 (Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does
not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35144
+CVE-2023-35144 (Jenkins Maven Repository Server Plugin 1.10 and earlier does
not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35143
+CVE-2023-35143 (Jenkins Maven Repository Server Plugin 1.10 and earlier does
not escap ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-32262
NOT-FOR-US: Jenkins plugin
CVE-2023-32261
NOT-FOR-US: Jenkins plugin
-CVE-2023-35142
+CVE-2023-35142 (Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS
validat ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-35141
+CVE-2023-35141 (In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST
requests a ...)
- jenkins <removed>
CVE-2023-3238 (A vulnerability, which was classified as critical, has been
found in O ...)
NOT-FOR-US: OTCMS
@@ -551,7 +637,7 @@ CVE-2023-34231 (gosnowflake is th Snowflake Golang driver.
Prior to version 1.6.
NOT-FOR-US: Snowflake connector for GO
CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which
currently suppor ...)
NOT-FOR-US: Thruk
-CVE-2023-34095 [Buffer overflows via scanf]
+CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the
Common Print ...)
- cpdb-libs <unfixed>
NOTE:
https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
NOTE: Fixed by:
https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7
@@ -3871,7 +3957,7 @@ CVE-2023-2396 (A vulnerability classified as problematic
was found in Netgear SR
NOT-FOR-US: Netgear
CVE-2023-2395 (A vulnerability classified as problematic has been found in
Netgear SR ...)
NOT-FOR-US: Netgear
-CVE-2023-31486 (HTTP::Tiny 0.082, a Perl core module since 5.13.9 and
available standa ...)
+CVE-2023-31486 (HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and
available ...)
- libhttp-tiny-perl <unfixed> (bug #962407; unimportant)
- perl <unfixed> (unimportant; bug #954089)
NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14
@@ -7544,8 +7630,8 @@ CVE-2023-30084 (An issue found in libming swftophp
v.0.4.8 allows a local attack
CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp
v.0.4.8 allows ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/266
-CVE-2023-30082
- RESERVED
+CVE-2023-30082 (A denial of service attack might be launched against the
server if an ...)
+ TODO: check
CVE-2023-30081
RESERVED
CVE-2023-30080
@@ -9564,8 +9650,8 @@ CVE-2023-29339
RESERVED
CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-29337
- RESERVED
+CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29335 (Microsoft Word Security Feature Bypass Vulnerability)
@@ -9576,8 +9662,8 @@ CVE-2023-29333 (Microsoft Access Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29332
RESERVED
-CVE-2023-29331
- RESERVED
+CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service
Vulnerabilit ...)
+ TODO: check
CVE-2023-29330
RESERVED
CVE-2023-29329
@@ -9586,8 +9672,8 @@ CVE-2023-29328
RESERVED
CVE-2023-29327
RESERVED
-CVE-2023-29326
- RESERVED
+CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability)
@@ -13237,8 +13323,8 @@ CVE-2023-28312 (Azure Machine Learning Information
Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28311 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-28310
- RESERVED
+CVE-2023-28310 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-28309 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2023-28308 (Windows DNS Server Remote Code Execution Vulnerability)
@@ -17219,8 +17305,8 @@ CVE-2023-26967
RESERVED
CVE-2023-26966
RESERVED
-CVE-2023-26965
- RESERVED
+CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a
heap-ba ...)
+ TODO: check
CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream
stacking occ ...)
- rust-h2 0.3.13-2 (bug #1034723)
NOTE: https://github.com/hyperium/hyper/issues/2877
@@ -19562,8 +19648,8 @@ CVE-2023-26064 (Certain Lexmark devices through
2023-02-19 have an Out-of-bounds
NOT-FOR-US: Lexmark
CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource
By Using ...)
NOT-FOR-US: Lexmark
-CVE-2023-26062
- RESERVED
+CVE-2023-26062 (A mobile network solution internal fault is found in Nokia Web
Element ...)
+ TODO: check
CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On
the Sched ...)
NOT-FOR-US: Nokia
CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On
the Worki ...)
@@ -21745,8 +21831,8 @@ CVE-2023-25436
RESERVED
CVE-2023-25435
RESERVED
-CVE-2023-25434
- RESERVED
+CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via
extractContigSample ...)
+ TODO: check
CVE-2023-25433
RESERVED
CVE-2023-25432 (An issue was discovered in Online Reviewer Management System
v1.0. The ...)
@@ -21875,12 +21961,12 @@ CVE-2023-25371
RESERVED
CVE-2023-25370
RESERVED
-CVE-2023-25369
- RESERVED
-CVE-2023-25368
- RESERVED
-CVE-2023-25367
- RESERVED
+CVE-2023-25369 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to
Denial o ...)
+ TODO: check
+CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to
Incorrec ...)
+ TODO: check
+CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered
user in ...)
+ TODO: check
CVE-2023-25366
RESERVED
CVE-2023-25365
@@ -22469,6 +22555,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a
critical injection vulnerab
CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All
versions < ...)
NOT-FOR-US: Siemens
CVE-2023-3247 [GHSA-76gg-c692-v2mw: Missing error check and insufficient
random bytes in HTTP Digest authentication for SOAP]
+ {DSA-5425-1 DSA-5424-1}
- php8.2 8.2.7-1
- php7.4 <removed>
NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29
@@ -23039,8 +23126,8 @@ CVE-2023-24938 (Windows CryptoAPI Denial of Service
Vulnerability)
TODO: check
CVE-2023-24937 (Windows CryptoAPI Denial of Service Vulnerability)
TODO: check
-CVE-2023-24936
- RESERVED
+CVE-2023-24936 (.NET, .NET Framework, and Visual Studio Elevation of Privilege
Vulnera ...)
+ TODO: check
CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability)
@@ -23117,12 +23204,12 @@ CVE-2023-24899 (Windows Graphics Component Elevation
of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24898 (Windows SMB Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-24897
- RESERVED
+CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution
Vulnerab ...)
+ TODO: check
CVE-2023-24896
RESERVED
-CVE-2023-24895
- RESERVED
+CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution
Vulnerab ...)
+ TODO: check
CVE-2023-24894
RESERVED
CVE-2023-24893 (Visual Studio Code Remote Code Execution Vulnerability)
@@ -38079,7 +38166,7 @@ CVE-2022-4285 (An illegal memory access flaw was found
in the binutils package.
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70
NOTE: binutils not covered by security support
CVE-2022-4284
- RESERVED
+ REJECTED
CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs
because ...)
{DSA-5304-1 DLA-3256-1}
- xorg-server 2:21.1.5-1 (bug #1026071)
@@ -48045,10 +48132,10 @@ CVE-2023-20002 (A vulnerability in Cisco TelePresence
CE and RoomOS Software cou
NOT-FOR-US: Cisco
CVE-2023-20001
RESERVED
-CVE-2023-0010
- RESERVED
-CVE-2023-0009
- RESERVED
+CVE-2023-0010 (A reflected cross-site scripting (XSS) vulnerability in the
Captive Po ...)
+ TODO: check
+CVE-2023-0009 (A local privilege escalation (PE) vulnerability in the Palo
Alto Netwo ...)
+ TODO: check
CVE-2023-0008 (A file disclosure vulnerability in Palo Alto Networks PAN-OS
software ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto
Networks PAN-O ...)
@@ -81809,20 +81896,20 @@ CVE-2022-31648 (Talend Administration Center is
vulnerable to a reflected Cross-
NOT-FOR-US: Talend Administration Center
CVE-2022-31647 (Docker Desktop before 4.6.0 on Windows allows attackers to
delete any ...)
NOT-FOR-US: Docker Desktop
-CVE-2022-31646
- RESERVED
-CVE-2022-31645
- RESERVED
-CVE-2022-31644
- RESERVED
+CVE-2022-31646 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
+ TODO: check
+CVE-2022-31645 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
+ TODO: check
+CVE-2022-31644 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
+ TODO: check
CVE-2022-31643 (A potential security vulnerability has been identified in the
system B ...)
NOT-FOR-US: HP
-CVE-2022-31642
- RESERVED
-CVE-2022-31641
- RESERVED
-CVE-2022-31640
- RESERVED
+CVE-2022-31642 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
+ TODO: check
+CVE-2022-31641 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
+ TODO: check
+CVE-2022-31640 (Potential vulnerabilities have been identified in the system
BIOS of c ...)
+ TODO: check
CVE-2022-31639 (Potential time-of-check to time-of-use (TOCTOU)
vulnerabilities have b ...)
TODO: check
CVE-2022-31638 (Potential time-of-check to time-of-use (TOCTOU)
vulnerabilities have b ...)
@@ -155169,8 +155256,8 @@ CVE-2021-31282
RESERVED
CVE-2021-31281
RESERVED
-CVE-2021-31280
- RESERVED
+CVE-2021-31280 (An issue was discovered in tp5cms through 2017-05-25.
admin.php/system ...)
+ TODO: check
CVE-2021-31279
RESERVED
CVE-2021-31278
@@ -208820,8 +208907,8 @@ CVE-2020-22404
RESERVED
CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows
CSRF.)
NOT-FOR-US: Node express-cart
-CVE-2020-22402
- RESERVED
+CVE-2020-22402 (Cross Site Scripting (XSS) vulnerability in SOGo Web Mail
before 4.3.1 ...)
+ TODO: check
CVE-2020-22401
RESERVED
CVE-2020-22400
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc4ad7c198870c067c5b8641a0ac044bd1c3349
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc4ad7c198870c067c5b8641a0ac044bd1c3349
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
