Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: acc4ad7c by security tracker role at 2023-06-14T20:12:49+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,24 +1,110 @@ -CVE-2023-35149 +CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...) + TODO: check +CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...) + TODO: check +CVE-2023-3239 (A vulnerability, which was classified as problematic, was found in OTC ...) + TODO: check +CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3ef949 ...) + TODO: check +CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...) + TODO: check +CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows attackers ...) + TODO: check +CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...) + TODO: check +CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensi ...) + TODO: check +CVE-2023-34868 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) + TODO: check +CVE-2023-34867 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) + TODO: check +CVE-2023-34865 (Directory traversal vulnerability in ujcms 6.0.2 allows attackers to m ...) + TODO: check +CVE-2023-34824 (fdkaac before 1.0.5 was discovered to contain a heap buffer overflow i ...) + TODO: check +CVE-2023-34823 (fdkaac before 1.0.5 was discovered to contain a stack overflow in read ...) + TODO: check +CVE-2023-34756 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2023-34755 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2023-34754 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2023-34753 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2023-34752 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2023-34751 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2023-34750 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + TODO: check +CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-fil ...) + TODO: check +CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows attackers to ca ...) + TODO: check +CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to cause a de ...) + TODO: check +CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to cause a d ...) + TODO: check +CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to cause a de ...) + TODO: check +CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to cause a ...) + TODO: check +CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to cause a ...) + TODO: check +CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...) + TODO: check +CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to cause a de ...) + TODO: check +CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to cause a ...) + TODO: check +CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to cause a d ...) + TODO: check +CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers to cause ...) + TODO: check +CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to cause a ...) + TODO: check +CVE-2023-34585 + REJECTED +CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.) + TODO: check +CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...) + TODO: check +CVE-2023-34101 (Contiki-NG is an operating system for internet of things devices. In v ...) + TODO: check +CVE-2023-32465 (Dell Power Protect Cyber Recovery, contains an Authentication Bypass v ...) + TODO: check +CVE-2023-32031 (Microsoft Exchange Server Remote Code Execution Vulnerability) + TODO: check +CVE-2023-32030 (.NET and Visual Studio Denial of Service Vulnerability) + TODO: check +CVE-2023-32024 (Microsoft Power Apps Spoofing Vulnerability) + TODO: check +CVE-2023-31671 (PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via P ...) + TODO: check +CVE-2023-2976 (Use of Java's default temporary directory for file creation in `FileBa ...) + TODO: check +CVE-2023-35149 (A missing permission check in Jenkins Digital.ai App Management Publis ...) NOT-FOR-US: Jenkins plugin -CVE-2023-35148 +CVE-2023-35148 (A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.a ...) NOT-FOR-US: Jenkins plugin -CVE-2023-35147 +CVE-2023-35147 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not rest ...) NOT-FOR-US: Jenkins plugin -CVE-2023-35146 +CVE-2023-35146 (Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does ...) NOT-FOR-US: Jenkins plugin -CVE-2023-35145 +CVE-2023-35145 (Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin -CVE-2023-35144 +CVE-2023-35144 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin -CVE-2023-35143 +CVE-2023-35143 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2023-32262 NOT-FOR-US: Jenkins plugin CVE-2023-32261 NOT-FOR-US: Jenkins plugin -CVE-2023-35142 +CVE-2023-35142 (Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validat ...) NOT-FOR-US: Jenkins plugin -CVE-2023-35141 +CVE-2023-35141 (In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests a ...) - jenkins <removed> CVE-2023-3238 (A vulnerability, which was classified as critical, has been found in O ...) NOT-FOR-US: OTCMS @@ -551,7 +637,7 @@ CVE-2023-34231 (gosnowflake is th Snowflake Golang driver. Prior to version 1.6. NOT-FOR-US: Snowflake connector for GO CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which currently suppor ...) NOT-FOR-US: Thruk -CVE-2023-34095 [Buffer overflows via scanf] +CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the Common Print ...) - cpdb-libs <unfixed> NOTE: https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x NOTE: Fixed by: https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7 @@ -3871,7 +3957,7 @@ CVE-2023-2396 (A vulnerability classified as problematic was found in Netgear SR NOT-FOR-US: Netgear CVE-2023-2395 (A vulnerability classified as problematic has been found in Netgear SR ...) NOT-FOR-US: Netgear -CVE-2023-31486 (HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standa ...) +CVE-2023-31486 (HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available ...) - libhttp-tiny-perl <unfixed> (bug #962407; unimportant) - perl <unfixed> (unimportant; bug #954089) NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14 @@ -7544,8 +7630,8 @@ CVE-2023-30084 (An issue found in libming swftophp v.0.4.8 allows a local attack CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...) - ming <removed> NOTE: https://github.com/libming/libming/issues/266 -CVE-2023-30082 - RESERVED +CVE-2023-30082 (A denial of service attack might be launched against the server if an ...) + TODO: check CVE-2023-30081 RESERVED CVE-2023-30080 @@ -9564,8 +9650,8 @@ CVE-2023-29339 RESERVED CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-29337 - RESERVED +CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability) + TODO: check CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29335 (Microsoft Word Security Feature Bypass Vulnerability) @@ -9576,8 +9662,8 @@ CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29332 RESERVED -CVE-2023-29331 - RESERVED +CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service Vulnerabilit ...) + TODO: check CVE-2023-29330 RESERVED CVE-2023-29329 @@ -9586,8 +9672,8 @@ CVE-2023-29328 RESERVED CVE-2023-29327 RESERVED -CVE-2023-29326 - RESERVED +CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability) + TODO: check CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability) @@ -13237,8 +13323,8 @@ CVE-2023-28312 (Azure Machine Learning Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28311 (Microsoft Word Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-28310 - RESERVED +CVE-2023-28310 (Microsoft Exchange Server Remote Code Execution Vulnerability) + TODO: check CVE-2023-28309 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2023-28308 (Windows DNS Server Remote Code Execution Vulnerability) @@ -17219,8 +17305,8 @@ CVE-2023-26967 RESERVED CVE-2023-26966 RESERVED -CVE-2023-26965 - RESERVED +CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba ...) + TODO: check CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...) - rust-h2 0.3.13-2 (bug #1034723) NOTE: https://github.com/hyperium/hyper/issues/2877 @@ -19562,8 +19648,8 @@ CVE-2023-26064 (Certain Lexmark devices through 2023-02-19 have an Out-of-bounds NOT-FOR-US: Lexmark CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By Using ...) NOT-FOR-US: Lexmark -CVE-2023-26062 - RESERVED +CVE-2023-26062 (A mobile network solution internal fault is found in Nokia Web Element ...) + TODO: check CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...) NOT-FOR-US: Nokia CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...) @@ -21745,8 +21831,8 @@ CVE-2023-25436 RESERVED CVE-2023-25435 RESERVED -CVE-2023-25434 - RESERVED +CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...) + TODO: check CVE-2023-25433 RESERVED CVE-2023-25432 (An issue was discovered in Online Reviewer Management System v1.0. The ...) @@ -21875,12 +21961,12 @@ CVE-2023-25371 RESERVED CVE-2023-25370 RESERVED -CVE-2023-25369 - RESERVED -CVE-2023-25368 - RESERVED -CVE-2023-25367 - RESERVED +CVE-2023-25369 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial o ...) + TODO: check +CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrec ...) + TODO: check +CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...) + TODO: check CVE-2023-25366 RESERVED CVE-2023-25365 @@ -22469,6 +22555,7 @@ CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulnerab CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...) NOT-FOR-US: Siemens CVE-2023-3247 [GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP] + {DSA-5425-1 DSA-5424-1} - php8.2 8.2.7-1 - php7.4 <removed> NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 @@ -23039,8 +23126,8 @@ CVE-2023-24938 (Windows CryptoAPI Denial of Service Vulnerability) TODO: check CVE-2023-24937 (Windows CryptoAPI Denial of Service Vulnerability) TODO: check -CVE-2023-24936 - RESERVED +CVE-2023-24936 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...) + TODO: check CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability) @@ -23117,12 +23204,12 @@ CVE-2023-24899 (Windows Graphics Component Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24898 (Windows SMB Denial of Service Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-24897 - RESERVED +CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) + TODO: check CVE-2023-24896 RESERVED -CVE-2023-24895 - RESERVED +CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) + TODO: check CVE-2023-24894 RESERVED CVE-2023-24893 (Visual Studio Code Remote Code Execution Vulnerability) @@ -38079,7 +38166,7 @@ CVE-2022-4285 (An illegal memory access flaw was found in the binutils package. NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 NOTE: binutils not covered by security support CVE-2022-4284 - RESERVED + REJECTED CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs because ...) {DSA-5304-1 DLA-3256-1} - xorg-server 2:21.1.5-1 (bug #1026071) @@ -48045,10 +48132,10 @@ CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software cou NOT-FOR-US: Cisco CVE-2023-20001 RESERVED -CVE-2023-0010 - RESERVED -CVE-2023-0009 - RESERVED +CVE-2023-0010 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...) + TODO: check +CVE-2023-0009 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...) + TODO: check CVE-2023-0008 (A file disclosure vulnerability in Palo Alto Networks PAN-OS software ...) NOT-FOR-US: Palo Alto Networks CVE-2023-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...) @@ -81809,20 +81896,20 @@ CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross- NOT-FOR-US: Talend Administration Center CVE-2022-31647 (Docker Desktop before 4.6.0 on Windows allows attackers to delete any ...) NOT-FOR-US: Docker Desktop -CVE-2022-31646 - RESERVED -CVE-2022-31645 - RESERVED -CVE-2022-31644 - RESERVED +CVE-2022-31646 (Potential vulnerabilities have been identified in the system BIOS of c ...) + TODO: check +CVE-2022-31645 (Potential vulnerabilities have been identified in the system BIOS of c ...) + TODO: check +CVE-2022-31644 (Potential vulnerabilities have been identified in the system BIOS of c ...) + TODO: check CVE-2022-31643 (A potential security vulnerability has been identified in the system B ...) NOT-FOR-US: HP -CVE-2022-31642 - RESERVED -CVE-2022-31641 - RESERVED -CVE-2022-31640 - RESERVED +CVE-2022-31642 (Potential vulnerabilities have been identified in the system BIOS of c ...) + TODO: check +CVE-2022-31641 (Potential vulnerabilities have been identified in the system BIOS of c ...) + TODO: check +CVE-2022-31640 (Potential vulnerabilities have been identified in the system BIOS of c ...) + TODO: check CVE-2022-31639 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) TODO: check CVE-2022-31638 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) @@ -155169,8 +155256,8 @@ CVE-2021-31282 RESERVED CVE-2021-31281 RESERVED -CVE-2021-31280 - RESERVED +CVE-2021-31280 (An issue was discovered in tp5cms through 2017-05-25. admin.php/system ...) + TODO: check CVE-2021-31279 RESERVED CVE-2021-31278 @@ -208820,8 +208907,8 @@ CVE-2020-22404 RESERVED CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows CSRF.) NOT-FOR-US: Node express-cart -CVE-2020-22402 - RESERVED +CVE-2020-22402 (Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 ...) + TODO: check CVE-2020-22401 RESERVED CVE-2020-22400 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc4ad7c198870c067c5b8641a0ac044bd1c3349 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acc4ad7c198870c067c5b8641a0ac044bd1c3349 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits