[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 27 Jun 2023 01:12:30 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5bac1034 by security tracker role at 2023-06-27T08:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,12 +1,92 @@
+CVE-2023-3423 (Weak Password Requirements in GitHub repository 
cloudexplorer-dev/clou ...)
+       TODO: check
+CVE-2023-3412 (The Image Map Pro \u2013 Drag-and-drop Builder for Interactive 
Images  ...)
+       TODO: check
+CVE-2023-3411 (The Image Map Pro \u2013 Drag-and-drop Builder for Interactive 
Images  ...)
+       TODO: check
+CVE-2023-3371 (The User Registration plugin for WordPress is vulnerable to 
Sensitive  ...)
+       TODO: check
+CVE-2023-3132 (The MainWP Child plugin for WordPress is vulnerable to 
Sensitive Infor ...)
+       TODO: check
+CVE-2023-35695 (A remote attacker could leverage a vulnerability in Trend 
Micro Mobile ...)
+       TODO: check
+CVE-2023-35168 (DataEase is an open source data visualization analysis tool to 
analyze ...)
+       TODO: check
+CVE-2023-35164 (DataEase is an open source data visualization analysis tool to 
analyze ...)
+       TODO: check
+CVE-2023-34924 (H3C Magic B1STW B1STV100R012 was discovered to contain a stack 
overflo ...)
+       TODO: check
+CVE-2023-34463 (DataEase is an open source data visualization analysis tool to 
analyze ...)
+       TODO: check
+CVE-2023-34148 (An exposed dangerous function vulnerability in the Trend Micro 
Apex On ...)
+       TODO: check
+CVE-2023-34147 (An exposed dangerous function vulnerability in the Trend Micro 
Apex On ...)
+       TODO: check
+CVE-2023-34146 (An exposed dangerous function vulnerability in the Trend Micro 
Apex On ...)
+       TODO: check
+CVE-2023-34145 (An untrusted search path vulnerability in the Trend Micro Apex 
One and ...)
+       TODO: check
+CVE-2023-34144 (An untrusted search path vulnerability in the Trend Micro Apex 
One and ...)
+       TODO: check
+CVE-2023-32605 (Affected versions Trend Micro Apex Central (on-premise) are 
vulnerable ...)
+       TODO: check
+CVE-2023-32604 (Affected versions Trend Micro Apex Central (on-premise) are 
vulnerable ...)
+       TODO: check
+CVE-2023-32557 (A path traversal vulnerability in the Trend Micro Apex One and 
Apex On ...)
+       TODO: check
+CVE-2023-32556 (A link following vulnerability in the Trend Micro Apex One and 
Apex On ...)
+       TODO: check
+CVE-2023-32555 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro 
Apex One  ...)
+       TODO: check
+CVE-2023-32554 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro 
Apex One  ...)
+       TODO: check
+CVE-2023-32553 (An Improper access control vulnerability in Trend Micro Apex 
One and A ...)
+       TODO: check
+CVE-2023-32552 (An Improper access control vulnerability in Trend Micro Apex 
One and A ...)
+       TODO: check
+CVE-2023-32537 (Affected versions Trend Micro Apex Central (on-premise) are 
vulnerable ...)
+       TODO: check
+CVE-2023-32536 (Affected versions Trend Micro Apex Central (on-premise) are 
vulnerable ...)
+       TODO: check
+CVE-2023-32535 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-32534 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-32533 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-32532 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-32531 (Certain dashboard widgets on Trend Micro Apex Central 
(on-premise) are ...)
+       TODO: check
+CVE-2023-32530 (Vulnerable modules of Trend Micro Apex Central (on-premise) 
contain vu ...)
+       TODO: check
+CVE-2023-32529 (Vulnerable modules of Trend Micro Apex Central (on-premise) 
contain vu ...)
+       TODO: check
+CVE-2023-32528 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains 
vulnerable . ...)
+       TODO: check
+CVE-2023-32527 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains 
vulnerable . ...)
+       TODO: check
+CVE-2023-32526 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains 
widget vulne ...)
+       TODO: check
+CVE-2023-32525 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains 
widget vulne ...)
+       TODO: check
+CVE-2023-32524 (Affected versions of Trend Micro Mobile Security (Enterprise) 
9.8 SP5  ...)
+       TODO: check
+CVE-2023-32523 (Affected versions of Trend Micro Mobile Security (Enterprise) 
9.8 SP5  ...)
+       TODO: check
+CVE-2023-32522 (A path traversal exists in a specific dll of Trend Micro 
Mobile Securi ...)
+       TODO: check
+CVE-2023-32521 (A path traversal exists in a specific service dll of Trend 
Micro Mobil ...)
+       TODO: check
 CVE-2023-3361
        NOT-FOR-US: OpenShift Data
-CVE-2023-3422
+CVE-2023-3422 (Use after free in Guest View in Google Chrome prior to 
114.0.5735.198  ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-3421
+CVE-2023-3421 (Use after free in Media in Google Chrome prior to 
114.0.5735.198 allow ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-3420
+CVE-2023-3420 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 
allowed  ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3398 (Denial of Service in GitHub repository jgraph/drawio prior to 
18.1.3.)
@@ -3577,7 +3657,7 @@ CVE-2023-31664 (A reflected cross-site scripting (XSS) 
vulnerability in /authent
        NOT-FOR-US: WSO2
 CVE-2023-2845 (Improper Access Control in GitHub repository 
cloudexplorer-dev/cloudex ...)
        NOT-FOR-US: Cloudexplorer
-CVE-2023-2844 (Missing Authorization in GitHub repository 
cloudexplorer-dev/cloudexpl ...)
+CVE-2023-2844 (Authorization Bypass Through User-Controlled Key in GitHub 
repository  ...)
        NOT-FOR-US: Cloudexplorer
 CVE-2023-2505 (The affected products have a CSRF vulnerability that could 
allow an at ...)
        NOT-FOR-US: Birddog
@@ -6151,8 +6231,8 @@ CVE-2023-30947
        RESERVED
 CVE-2023-30946
        RESERVED
-CVE-2023-30945
-       RESERVED
+CVE-2023-30945 (Multiple Services such as VHS(Video History Server) and 
VCD(Video Clip ...)
+       TODO: check
 CVE-2023-30944 (The vulnerability was found Moodle which exists due to 
insufficient sa ...)
        - moodle <removed>
 CVE-2023-30943 (The vulnerability was found Moodle which exists because the 
applicatio ...)
@@ -6332,8 +6412,8 @@ CVE-2023-30904 (A security vulnerability in HPE Insight 
Remote Support may resul
        NOT-FOR-US: HPE
 CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service 
(DoS) w ...)
        NOT-FOR-US: HPE
-CVE-2023-30902
-       RESERVED
+CVE-2023-30902 (A privilege escalation vulnerability in the Trend Micro Apex 
One and A ...)
+       TODO: check
 CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 
family ( ...)
        NOT-FOR-US: Siemens
 CVE-2023-30900
@@ -12174,8 +12254,8 @@ CVE-2023-28931
        RESERVED
 CVE-2023-28930
        RESERVED
-CVE-2023-28929
-       RESERVED
+CVE-2023-28929 (Trend Micro Security 2021, 2022, and 2023 (Consumer) are 
vulnerable to ...)
+       TODO: check
 CVE-2023-28928
        RESERVED
 CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP 
packet wi ...)
@@ -31059,8 +31139,8 @@ CVE-2023-22836
        RESERVED
 CVE-2023-22835
        RESERVED
-CVE-2023-22834
-       RESERVED
+CVE-2023-22834 (The Contour Service was not checking that users had permission 
to crea ...)
+       TODO: check
 CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 
2.519.0 an ...)
        NOT-FOR-US: Palantir
 CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 
through 1.19. ...)
@@ -33650,7 +33730,7 @@ CVE-2022-4688 (Improper Authorization in GitHub 
repository usememos/memos prior
        NOT-FOR-US: usememos
 CVE-2022-4687 (Incorrect Use of Privileged APIs in GitHub repository 
usememos/memos p ...)
        NOT-FOR-US: usememos
-CVE-2022-4686 (Improper Authentication in GitHub repository usememos/memos 
prior to 0 ...)
+CVE-2022-4686 (Authorization Bypass Through User-Controlled Key in GitHub 
repository  ...)
        NOT-FOR-US: usememos
 CVE-2022-4685
        REJECTED
@@ -104147,7 +104227,7 @@ CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby 
prior to 3.2.)
        NOTE: 
https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7
 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify 
prior to 9. ...)
        NOT-FOR-US: Publify
-CVE-2022-0523 (Expired Pointer Dereference in GitHub repository 
radareorg/radare2 pri ...)
+CVE-2022-0523 (Use After Free in GitHub repository radareorg/radare2 prior to 
5.6.2.)
        - radare2 <unfixed> (bug #1014478)
        NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
        NOTE: 
https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bac1034b08dffa819fa77e2655a18532d682d42

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bac1034b08dffa819fa77e2655a18532d682d42
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to