Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11dc4690 by security tracker role at 2023-07-06T08:12:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-3521 (Cross-site Scripting (XSS) - Reflected in GitHub repository
fossbillin ...)
+ TODO: check
+CVE-2023-3520 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
+ TODO: check
+CVE-2023-36828 (Statamic is a flat-first, Laravel and Git powered content
management s ...)
+ TODO: check
+CVE-2023-36827 (Fides is an open-source privacy engineering platform for
managing the ...)
+ TODO: check
+CVE-2023-36822 (Uptime Kuma, a self-hosted monitoring tool, has a path
traversal vulne ...)
+ TODO: check
+CVE-2023-36821 (Uptime Kuma, a self-hosted monitoring tool, allows an
authenticated at ...)
+ TODO: check
+CVE-2023-36809 (Kiwi TCMS, an open source test management system allows users
to uploa ...)
+ TODO: check
+CVE-2023-36808 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2023-36458 (1Panel is an open source Linux server operation and
maintenance manage ...)
+ TODO: check
+CVE-2023-36457 (1Panel is an open source Linux server operation and
maintenance manage ...)
+ TODO: check
+CVE-2023-35940 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2023-35939 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup
format to a ...)
+ TODO: check
CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to
1.19.4.)
- gitea <removed>
CVE-2023-3455 (Key management vulnerability on system. Successful exploitation
of thi ...)
@@ -188,7 +214,7 @@ CVE-2023-2321 (The WPForms Google Sheet Connector WordPress
plugin before 3.4.6,
NOT-FOR-US: WordPress plugin
CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2,
cf7-goo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-36813 [Multiple Authenticated SQL Injections]
+CVE-2023-36813 (Kanboard is project management software that focuses on the
Kanban met ...)
- kanboard 1.2.31+ds-1 (bug #1040265)
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in
Google Chr ...)
@@ -8143,84 +8169,84 @@ CVE-2023-30680
RESERVED
CVE-2023-30679
RESERVED
-CVE-2023-30678
- RESERVED
-CVE-2023-30677
- RESERVED
-CVE-2023-30676
- RESERVED
-CVE-2023-30675
- RESERVED
-CVE-2023-30674
- RESERVED
-CVE-2023-30673
- RESERVED
-CVE-2023-30672
- RESERVED
-CVE-2023-30671
- RESERVED
-CVE-2023-30670
- RESERVED
-CVE-2023-30669
- RESERVED
-CVE-2023-30668
- RESERVED
-CVE-2023-30667
- RESERVED
-CVE-2023-30666
- RESERVED
-CVE-2023-30665
- RESERVED
-CVE-2023-30664
- RESERVED
-CVE-2023-30663
- RESERVED
-CVE-2023-30662
- RESERVED
-CVE-2023-30661
- RESERVED
-CVE-2023-30660
- RESERVED
-CVE-2023-30659
- RESERVED
-CVE-2023-30658
- RESERVED
-CVE-2023-30657
- RESERVED
-CVE-2023-30656
- RESERVED
-CVE-2023-30655
- RESERVED
+CVE-2023-30678 (Potential zip path traversal vulnerability in Calendar
application pri ...)
+ TODO: check
+CVE-2023-30677 (Improper access control vulnerability in Samsung Pass prior to
version ...)
+ TODO: check
+CVE-2023-30676 (Improper access control vulnerability in Samsung Pass prior to
version ...)
+ TODO: check
+CVE-2023-30675 (Improper authentication in Samsung Pass prior to version
4.2.03.1 allo ...)
+ TODO: check
+CVE-2023-30674 (Improper configuration in Samsung Internet prior to version
21.0.0.41 ...)
+ TODO: check
+CVE-2023-30673 (Improper validation of integrity check vulnerability in Smart
Switch P ...)
+ TODO: check
+CVE-2023-30672 (Improper privilege management vulnerability in Samsung Smart
Switch fo ...)
+ TODO: check
+CVE-2023-30671 (Logic error in package installation via adb command prior to
SMR Jul-2 ...)
+ TODO: check
+CVE-2023-30670 (Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of
libsec-ril pr ...)
+ TODO: check
+CVE-2023-30669 (Out-of-bounds Write in DoOemFactorySendFactoryTestResult of
libsec-ril ...)
+ TODO: check
+CVE-2023-30668 (Out-of-bounds Write in BuildOemSecureSimLockResponse of
libsec-ril pri ...)
+ TODO: check
+CVE-2023-30667 (Improper access control in Audio system service prior to SMR
Jul-2023 ...)
+ TODO: check
+CVE-2023-30666 (Improper input validation vulnerability in
DoOemImeiSetPreconfig in li ...)
+ TODO: check
+CVE-2023-30665 (Improper input validation vulnerability in OnOemServiceMode in
libsec- ...)
+ TODO: check
+CVE-2023-30664 (Improper input validation vulnerability in RegisteredMSISDN
prior to S ...)
+ TODO: check
+CVE-2023-30663 (Improper input validation vulnerability in
OemPersonalizationSetLock i ...)
+ TODO: check
+CVE-2023-30662 (Exposure of Sensitive Information vulnerability in getChipIds
in UwbAo ...)
+ TODO: check
+CVE-2023-30661 (Exposure of Sensitive Information vulnerability in
getChipInfos in Uwb ...)
+ TODO: check
+CVE-2023-30660 (Exposure of Sensitive Information vulnerability in
getDefaultChipId in ...)
+ TODO: check
+CVE-2023-30659 (Improper input validation vulnerability in Transaction prior
to SMR Ju ...)
+ TODO: check
+CVE-2023-30658 (Improper input validation vulnerability in DataProfile prior
to SMR Ju ...)
+ TODO: check
+CVE-2023-30657 (Improper input validation vulnerability in
EnhancedAttestationResult p ...)
+ TODO: check
+CVE-2023-30656 (Improper input validation vulnerability in LSOItemData prior
to SMR Ju ...)
+ TODO: check
+CVE-2023-30655 (Improper input validation vulnerability in SCEPProfile prior
to SMR Ju ...)
+ TODO: check
CVE-2023-30654
RESERVED
-CVE-2023-30653
- RESERVED
-CVE-2023-30652
- RESERVED
-CVE-2023-30651
- RESERVED
-CVE-2023-30650
- RESERVED
-CVE-2023-30649
- RESERVED
-CVE-2023-30648
- RESERVED
-CVE-2023-30647
- RESERVED
-CVE-2023-30646
- RESERVED
-CVE-2023-30645
- RESERVED
-CVE-2023-30644
- RESERVED
-CVE-2023-30643
- RESERVED
-CVE-2023-30642
- RESERVED
-CVE-2023-30641
- RESERVED
-CVE-2023-30640
- RESERVED
+CVE-2023-30653 (Out of bounds read and write in enableTspDevice of sysinput
HAL servic ...)
+ TODO: check
+CVE-2023-30652 (Out of bounds read and write in callrunTspCmdNoRead of
sysinput HAL se ...)
+ TODO: check
+CVE-2023-30651 (Out of bounds read and write in callgetTspsysfs of sysinput
HAL servic ...)
+ TODO: check
+CVE-2023-30650 (Out of bounds read and write in callrunTspCmd of sysinput HAL
service ...)
+ TODO: check
+CVE-2023-30649 (Heap out of bound write vulnerability in RmtUimNeedApdu of
RILD prior ...)
+ TODO: check
+CVE-2023-30648 (Stack out-of-bounds write vulnerability in
IpcRxImeiUpdateImeiNoti of ...)
+ TODO: check
+CVE-2023-30647 (Heap out of bound write vulnerability in
IpcRxUsimPhoneBookCapa of RIL ...)
+ TODO: check
+CVE-2023-30646 (Heap out of bound write vulnerability in BroadcastSmsConfig of
RILD pr ...)
+ TODO: check
+CVE-2023-30645 (Heap out of bound write vulnerability in IpcRxIncomingCBMsg of
RILD pr ...)
+ TODO: check
+CVE-2023-30644 (Stack out of bound write vulnerability in CdmaSmsParser of
RILD prior ...)
+ TODO: check
+CVE-2023-30643 (Missing authentication vulnerability in Galaxy Themes Service
prior to ...)
+ TODO: check
+CVE-2023-30642 (Improper privilege management vulnerability in Galaxy Themes
Service p ...)
+ TODO: check
+CVE-2023-30641 (Improper access control vulnerability in Settings prior to SMR
Jul-202 ...)
+ TODO: check
+CVE-2023-30640 (Improper access control vulnerability in PersonaManagerService
prior t ...)
+ TODO: check
CVE-2023-30639 (Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a
stored ...)
NOT-FOR-US: Archer
CVE-2023-30638 (Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch
10 befor ...)
@@ -9565,8 +9591,8 @@ CVE-2023-30209
RESERVED
CVE-2023-30208
RESERVED
-CVE-2023-30207
- RESERVED
+CVE-2023-30207 (A divide by zero issue discovered in Kodi Home Theater
Software 19.5 a ...)
+ TODO: check
CVE-2023-30206
RESERVED
CVE-2023-30205 (A stored cross-site scripting (XSS) vulnerability in DouPHP
v1.7 allow ...)
@@ -10721,8 +10747,8 @@ CVE-2023-29658
RESERVED
CVE-2023-29657 (eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File
upload in ...)
- extplorer <removed>
-CVE-2023-29656
- RESERVED
+CVE-2023-29656 (An improper authorization vulnerability in Darktrace mobile
app (Andro ...)
+ TODO: check
CVE-2023-29655
RESERVED
CVE-2023-29654
@@ -18993,8 +19019,8 @@ CVE-2023-27227
RESERVED
CVE-2023-27226
RESERVED
-CVE-2023-27225
- RESERVED
+CVE-2023-27225 (A cross-site scripting (XSS) vulnerability in User
Registration & Logi ...)
+ TODO: check
CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an
attacker to exe ...)
NOT-FOR-US: NginxProxyManager
CVE-2023-27223
@@ -21702,10 +21728,10 @@ CVE-2023-26140
RESERVED
CVE-2023-26139
RESERVED
-CVE-2023-26138
- RESERVED
-CVE-2023-26137
- RESERVED
+CVE-2023-26138 (All versions of the package drogonframework/drogon are
vulnerable to C ...)
+ TODO: check
+CVE-2023-26137 (All versions of the package drogonframework/drogon are
vulnerable to H ...)
+ TODO: check
CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are
vulnerable to Pr ...)
TODO: check
CVE-2023-26135 (All versions of the package flatnest are vulnerable to
Prototype Pollu ...)
@@ -27582,8 +27608,8 @@ CVE-2023-24258 (SPIP v4.1.5 and earlier was discovered
to contain a SQL injectio
NOTE:
https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md
CVE-2023-24257
RESERVED
-CVE-2023-24256
- RESERVED
+CVE-2023-24256 (An issue in the com.nextev.datastatistic component of NIO EC6
Aspen be ...)
+ TODO: check
CVE-2023-24255
RESERVED
CVE-2023-24254
@@ -41861,8 +41887,8 @@ CVE-2022-46082
RESERVED
CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session
wouldn't preve ...)
NOT-FOR-US: Garmin
-CVE-2022-46080
- RESERVED
+CVE-2022-46080 (Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass
and comm ...)
+ TODO: check
CVE-2022-46079
RESERVED
CVE-2022-46078
@@ -63721,6 +63747,7 @@ CVE-2022-3066 (An issue has been discovered in GitLab
affecting all versions sta
CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio
prior to 20 ...)
NOT-FOR-US: jgraph/drawio
CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive
amount ...)
+ {DLA-3479-1}
- golang-yaml.v2 2.2.8-1
NOTE:
https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5
(v2.2.4)
CVE-2022-3063
@@ -69590,6 +69617,7 @@ CVE-2021-4237
CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which
may be ...)
NOT-FOR-US: ecnepsnai/web
CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file
can ca ...)
+ {DLA-3479-1}
- golang-yaml.v2 2.2.8-1
NOTE:
https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241
(v2.2.3)
NOTE: https://github.com/go-yaml/yaml/pull/375
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11dc469084d279b185f3077a2114ce3355e18a4a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11dc469084d279b185f3077a2114ce3355e18a4a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
