[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 07 Jul 2023 13:12:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b3dfab70 by security tracker role at 2023-07-07T20:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,84 @@
+CVE-2023-3544 (A vulnerability was found in GZ Scripts Time Slot Booking 
Calendar PHP ...)
+       TODO: check
+CVE-2023-3543 (A vulnerability was found in GZ Scripts Availability Booking 
Calendar  ...)
+       TODO: check
+CVE-2023-3542 (A vulnerability was found in ThinuTech ThinuCMS 1.5 and 
classified as  ...)
+       TODO: check
+CVE-2023-3541 (A vulnerability has been found in ThinuTech ThinuCMS 1.5 and 
classifie ...)
+       TODO: check
+CVE-2023-3540 (A vulnerability, which was classified as problematic, was found 
in Sim ...)
+       TODO: check
+CVE-2023-3539 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2023-3538 (A vulnerability classified as problematic was found in 
SimplePHPscript ...)
+       TODO: check
+CVE-2023-3537 (A vulnerability classified as problematic has been found in 
SimplePHPs ...)
+       TODO: check
+CVE-2023-3536 (A vulnerability was found in SimplePHPscripts Funeral Script 
PHP 3.1.  ...)
+       TODO: check
+CVE-2023-3535 (A vulnerability was found in SimplePHPscripts FAQ Script PHP 
2.3. It h ...)
+       TODO: check
+CVE-2023-3534 (A vulnerability was found in SourceCodester Shopping Website 
1.0. It h ...)
+       TODO: check
+CVE-2023-37308 (Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the 
username ...)
+       TODO: check
+CVE-2023-37264 (Tekton Pipelines project provides k8s-style resources for 
declaring CI ...)
+       TODO: check
+CVE-2023-37173 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to 
contain a co ...)
+       TODO: check
+CVE-2023-37172 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to 
contain a co ...)
+       TODO: check
+CVE-2023-37171 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to 
contain a co ...)
+       TODO: check
+CVE-2023-37170 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to 
contain an u ...)
+       TODO: check
+CVE-2023-37149 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to 
contain a comm ...)
+       TODO: check
+CVE-2023-37148 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to 
contain a comm ...)
+       TODO: check
+CVE-2023-37146 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to 
contain a comm ...)
+       TODO: check
+CVE-2023-37145 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to 
contain a comm ...)
+       TODO: check
+CVE-2023-37144 (Tenda AC10 v15.03.06.26 was discovered to contain a command 
injection  ...)
+       TODO: check
+CVE-2023-37067 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege 
account ...)
+       TODO: check
+CVE-2023-37066 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege 
account ...)
+       TODO: check
+CVE-2023-37065 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege 
account ...)
+       TODO: check
+CVE-2023-37064 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege 
account ...)
+       TODO: check
+CVE-2023-37063 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege 
account ...)
+       TODO: check
+CVE-2023-37062 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege 
account ...)
+       TODO: check
+CVE-2023-37061 (Chamilo 1.11.x up to 1.11.20 allows users with an admin 
privilege acco ...)
+       TODO: check
+CVE-2023-36994 (In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the 
installat ...)
+       TODO: check
+CVE-2023-36993 (The cryptographically insecure random number generator being 
used in T ...)
+       TODO: check
+CVE-2023-36992 (PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor 
in the  ...)
+       TODO: check
+CVE-2023-36256 (The Online Examination System Project 1.0 version is 
vulnerable to Cro ...)
+       TODO: check
+CVE-2023-36201 (An issue in JerryscriptProject jerryscript v.3.0.0 allows an 
attacker  ...)
+       TODO: check
+CVE-2023-34197 (Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk 
Plus MSP  ...)
+       TODO: check
+CVE-2023-33715 (A buffer overflow in ACDSee Free v2.0.2.227 allows attackers 
to cause  ...)
+       TODO: check
+CVE-2023-33664 (ai-dev aicombinationsonfly before v0.3.1 was discovered to 
contain a S ...)
+       TODO: check
+CVE-2023-32183 (Incorrect Default Permissions vulnerability in the openSUSE 
Tumbleweed ...)
+       TODO: check
 CVE-2023-34442
        NOT-FOR-US: Apache Camel JIRA
 CVE-2023-35887
        NOT-FOR-US: Apache Mina SSHD
-CVE-2023-33008
+CVE-2023-33008 (Deserialization of Untrusted Data vulnerability in Apache 
Software Fou ...)
        NOT-FOR-US: Apache Johnzon
 CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository 
outline/outli ...)
        NOT-FOR-US: Outline
@@ -338,6 +414,7 @@ CVE-2023-37212 (Memory safety bugs present in Firefox 114. 
Some of these bugs sh
        - firefox 115.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212
 CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12, 
and Thu ...)
+       {DSA-5450-1}
        - firefox 115.0-1
        - firefox-esr 102.13.0esr-1
        - thunderbird <unfixed>
@@ -351,6 +428,7 @@ CVE-2023-37209 (A use-after-free condition existed in 
`NotifyOnHistoryReload` wh
        - firefox 115.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209
 CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that 
these f ...)
+       {DSA-5450-1}
        - firefox 115.0-1
        - firefox-esr 102.13.0esr-1
        - thunderbird <unfixed>
@@ -358,6 +436,7 @@ CVE-2023-37208 (When opening Diagcab files, Firefox did not 
warn the user that t
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208
 CVE-2023-37207 (A website could have obscured the fullscreen notification by 
using a U ...)
+       {DSA-5450-1}
        - firefox 115.0-1
        - firefox-esr 102.13.0esr-1
        - thunderbird <unfixed>
@@ -377,6 +456,7 @@ CVE-2023-37203 (Insufficient validation in the Drag and 
Drop API in conjunction
        - firefox 115.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203
 CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could 
have caused ...)
+       {DSA-5450-1}
        - firefox 115.0-1
        - firefox-esr 102.13.0esr-1
        - thunderbird <unfixed>
@@ -384,6 +464,7 @@ CVE-2023-37202 (Cross-compartment wrappers wrapping a 
scripted proxy could have
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202
 CVE-2023-37201 (An attacker could have triggered a use-after-free condition 
when creat ...)
+       {DSA-5450-1}
        - firefox 115.0-1
        - firefox-esr 102.13.0esr-1
        - thunderbird <unfixed>
@@ -427,6 +508,7 @@ CVE-2023-3497 (Out of bounds read in Google Security 
Processor firmware in Googl
 CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted 
passwo ...)
        NOT-FOR-US: TWinSoft Configuration Tool
 CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 
mishandles acces ...)
+       {DLA-3483-1}
        - nsis <unfixed>
        [bookworm] - nsis <no-dsa> (Minor issue)
        [bullseye] - nsis <no-dsa> (Minor issue)
@@ -10238,8 +10320,8 @@ CVE-2023-30000
        RESERVED
 CVE-2023-29999
        RESERVED
-CVE-2023-29998
-       RESERVED
+CVE-2023-29998 (A Cross-site scripting (XSS) vulnerability in the content 
editor in Gi ...)
+       TODO: check
 CVE-2023-29997
        RESERVED
 CVE-2023-29996 (In NanoMQ v0.15.0-0, segment fault with Null Pointer 
Dereference occur ...)
@@ -17481,8 +17563,8 @@ CVE-2023-27847 (SQL injection vulnerability found in 
PrestaShop xipblog v.2.0.1
        NOT-FOR-US: PrestaShop
 CVE-2023-27846
        RESERVED
-CVE-2023-27845
-       RESERVED
+CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs 
before v ...)
+       TODO: check
 CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite 
v.1.0 and  ...)
        NOT-FOR-US: PrestaShop
 CVE-2023-27843 (SQL injection vulnerability found in PrestaShop askforaquote 
v.5.4.2 a ...)
@@ -24896,8 +24978,8 @@ CVE-2023-25203
        RESERVED
 CVE-2023-25202
        RESERVED
-CVE-2023-25201
-       RESERVED
+CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech 
Conduit A ...)
+       TODO: check
 CVE-2023-25200
        RESERVED
 CVE-2023-25199
@@ -39740,8 +39822,7 @@ CVE-2022-4363
        RESERVED
 CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not 
validate and e ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-4361
-       RESERVED
+CVE-2022-4361 (Keycloak, an open-source identity and access management 
solution, has  ...)
        NOT-FOR-US: Keycloak
 CVE-2022-4360 (The WP RSS By Publishers WordPress plugin through 0.1 does not 
properl ...)
        NOT-FOR-US: WordPress plugin
@@ -43633,7 +43714,7 @@ CVE-2022-4061 (The JobBoardWP WordPress plugin before 
1.2.2 does not properly va
        NOT-FOR-US: WordPress plugin
 CVE-2022-4060 (The User Post Gallery WordPress plugin through 2.19 does not 
limit wha ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 
does no ...)
+CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin before 2.0 
does not s ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does 
not vali ...)
        NOT-FOR-US: WordPress plugin
@@ -50391,8 +50472,8 @@ CVE-2023-20182 (Multiple vulnerabilities in the API of 
Cisco DNA Center Software
        NOT-FOR-US: Cisco
 CVE-2023-20181
        RESERVED
-CVE-2023-20180
-       RESERVED
+CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings 
could all ...)
+       TODO: check
 CVE-2023-20179
        RESERVED
 CVE-2023-20178 (A vulnerability in the client update process of Cisco 
AnyConnect Secur ...)
@@ -50485,8 +50566,8 @@ CVE-2023-20135
        RESERVED
 CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex 
Meetings  ...)
        NOT-FOR-US: Cisco
-CVE-2023-20133
-       RESERVED
+CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings 
could all ...)
+       TODO: check
 CVE-2023-20132 (Multiple vulnerabilities in the web interface of Cisco Webex 
Meetings  ...)
        NOT-FOR-US: Cisco
 CVE-2023-20131 (Multiple vulnerabilities in the web-based management interface 
of Cisc ...)
@@ -138249,8 +138330,8 @@ CVE-2021-39016 (IBM Engineering Lifecycle 
Optimization - Publishing 6.0.6, 6.0.6
        NOT-FOR-US: IBM
 CVE-2021-39015 (IBM Engineering Lifecycle Optimization - Publishing 7.0, 
7.0.1, and 7. ...)
        NOT-FOR-US: IBM
-CVE-2021-39014
-       RESERVED
+CVE-2021-39014 (IBM Cloud Object System 3.15.8.97 is vulnerable to stored 
cross-site s ...)
+       TODO: check
 CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 
1.7.0.0 could  ...)
        NOT-FOR-US: IBM
 CVE-2021-39012
@@ -151128,15 +151209,15 @@ CVE-2021-33800 (In Druid 1.2.3, visiting the path 
with parameter in a certain fu
        NOT-FOR-US: Alibaba Druid
 CVE-2021-33799
        RESERVED
-CVE-2021-33798
-       RESERVED
+CVE-2021-33798 (A null pointer dereference was found in libpano13, version 
libpano13-2 ...)
+       TODO: check
 CVE-2021-33797 (Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 
to 1.1.1 ...)
        - mujs 1.1.3-2
        [bullseye] - mujs <no-dsa> (Minor issue)
        NOTE: https://github.com/ccxvii/mujs/issues/148
        NOTE: 
https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550 
(1.1.2)
-CVE-2021-33796
-       RESERVED
+CVE-2021-33796 (In MuJS before version 1.1.2, a use-after-free flaw in the 
regexp sour ...)
+       TODO: check
 CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the 
Linux kerne ...)
        {DLA-2690-1 DLA-2689-1}
        - linux 5.10.46-1
@@ -154612,10 +154693,10 @@ CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 
allows attackers to wrap any
        NOT-FOR-US: SICK SOPAS ET
 CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to 
an Inad ...)
        NOT-FOR-US: SICK Visionary-S CX
-CVE-2021-32495
-       RESERVED
-CVE-2021-32494
-       RESERVED
+CVE-2021-32495 (Radare2 has a use-after-free vulnerability in pyc parser's 
get_none_ob ...)
+       TODO: check
+CVE-2021-32494 (Radare2 has a division by zero vulnerability in Mach-O 
parser's rebase ...)
+       TODO: check
 CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of 
Yubico y ...)
        NOT-FOR-US: Yubico yubihsm-shell
 CVE-2021-32488
@@ -245679,8 +245760,8 @@ CVE-2020-8936 (An arbitrary memory overwrite 
vulnerability in Asylo versions up
        NOT-FOR-US: Asylo
 CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions 
up to 0. ...)
        NOT-FOR-US: Asylo
-CVE-2020-8934
-       RESERVED
+CVE-2020-8934 (The Site Kit by Google plugin for WordPress is vulnerable to 
Sensitive ...)
+       TODO: check
 CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin 
versions betw ...)
        - google-compute-image-packages <removed> (bug #987353)
        [buster] - google-compute-image-packages <ignored> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3dfab705b5a74f86e357dd2b33775799bc94708

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3dfab705b5a74f86e357dd2b33775799bc94708
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to