Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2e30a4d by security tracker role at 2023-07-12T20:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,52 +1,164 @@
-CVE-2023-37965
+CVE-2023-3644 (A vulnerability was found in SourceCodester Service Provider
Managemen ...)
+ TODO: check
+CVE-2023-3643 (A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has
been c ...)
+ TODO: check
+CVE-2023-3642 (A vulnerability was found in GZ Scripts Vacation Rental Website
1.8 an ...)
+ TODO: check
+CVE-2023-3641 (A vulnerability has been found in khodakhah NodCMS 3.4.1 and
classifie ...)
+ TODO: check
+CVE-2023-3635 (GzipSource does not handle an exception that might be raised
when pars ...)
+ TODO: check
+CVE-2023-3596 (Where this vulnerability exists in the Rockwell Automation
1756-EN4* E ...)
+ TODO: check
+CVE-2023-3595 (Where this vulnerability exists in the Rockwell Automation 1756
EN2* a ...)
+ TODO: check
+CVE-2023-3106 (A NULL pointer dereference vulnerability was found in
netlink_dump. Th ...)
+ TODO: check
+CVE-2023-38069 (In JetBrains IntelliJ IDEA before 2023.1.4 license dialog
could be sup ...)
+ TODO: check
+CVE-2023-38068 (In JetBrains YouTrack before 2023.1.16597 captcha was not
properly val ...)
+ TODO: check
+CVE-2023-38067 (In JetBrains TeamCity before 2023.05.1 build parameters of the
"passwo ...)
+ TODO: check
+CVE-2023-38066 (In JetBrains TeamCity before 2023.05.1 reflected XSS via the
Referer h ...)
+ TODO: check
+CVE-2023-38065 (In JetBrains TeamCity before 2023.05.1 stored XSS while
viewing the bu ...)
+ TODO: check
+CVE-2023-38064 (In JetBrains TeamCity before 2023.05.1 build chain parameters
of the " ...)
+ TODO: check
+CVE-2023-38063 (In JetBrains TeamCity before 2023.05.1 stored XSS while
running custom ...)
+ TODO: check
+CVE-2023-38062 (In JetBrains TeamCity before 2023.05.1 parameters of the
"password" ty ...)
+ TODO: check
+CVE-2023-38061 (In JetBrains TeamCity before 2023.05.1 stored XSS when using a
custom ...)
+ TODO: check
+CVE-2023-38046 (A vulnerability exists in Palo Alto Networks PAN-OS software
that enab ...)
+ TODO: check
+CVE-2023-37630 (Online Piggery Management System 1.0 is vulnerable to Cross
Site Scrip ...)
+ TODO: check
+CVE-2023-37629 (Online Piggery Management System 1.0 is vulnerable to File
Upload. An ...)
+ TODO: check
+CVE-2023-37628 (Online Piggery Management System 1.0 is vulnerable to SQL
Injection.)
+ TODO: check
+CVE-2023-37627 (Code-projects Online Restaurant Management System 1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2023-37582 (The RocketMQ NameServer component still has a remote command
execution ...)
+ TODO: check
+CVE-2023-37456 (The session restore helper crashed whenever there was no
parameter sen ...)
+ TODO: check
+CVE-2023-37455 (The permission request prompt from the site in the background
tab was ...)
+ TODO: check
+CVE-2023-36266 (An issue was discovered in Keeper Password Manager for Desktop
version ...)
+ TODO: check
+CVE-2023-33905 (In iwnpi server, there is a possible out of bounds write due
to a miss ...)
+ TODO: check
+CVE-2023-33904 (In hci_server, there is a possible out of bounds read due to a
missing ...)
+ TODO: check
+CVE-2023-33903 (In FM service, there is a possible missing params check. This
could l ...)
+ TODO: check
+CVE-2023-33902 (In bluetooth service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33901 (In bluetooth service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33900 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33899 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33898 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33897 (In libimpl-ril, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2023-33896 (In libimpl-ril, there is a possible out of bounds write due to
a missi ...)
+ TODO: check
+CVE-2023-33895 (In fastDial service, there is a missing permission check. This
could l ...)
+ TODO: check
+CVE-2023-33894 (In fastDial service, there is a missing permission check. This
could l ...)
+ TODO: check
+CVE-2023-33893 (In fastDial service, there is a missing permission check. This
could l ...)
+ TODO: check
+CVE-2023-33892 (In fastDial service, there is a missing permission check. This
could l ...)
+ TODO: check
+CVE-2023-33891 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33890 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33889 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33888 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33887 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33886 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33885 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33884 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33883 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33882 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33881 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-33880 (In music service, there is a missing permission check. This
could lead ...)
+ TODO: check
+CVE-2023-33879 (In music service, there is a missing permission check. This
could lead ...)
+ TODO: check
+CVE-2023-33668 (DigiExam up to v14.0.2 lacks integrity checks for native
modules, allo ...)
+ TODO: check
+CVE-2023-32789 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-32788 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-37965 (A missing permission check in Jenkins ElasticBox CI Plugin
5.0.1 and e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37964
+CVE-2023-37964 (A cross-site request forgery (CSRF) vulnerability in Jenkins
ElasticBo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37963
+CVE-2023-37963 (A missing permission check in Jenkins Benchmark Evaluator
Plugin 1.0.1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37962
+CVE-2023-37962 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Benchmark ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37961
+CVE-2023-37961 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Assembla ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37960
+CVE-2023-37960 (Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows
attackers ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37959
+CVE-2023-37959 (A missing permission check in Jenkins Sumologic Publisher
Plugin 2.2.1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37958
+CVE-2023-37958 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Sumologic ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37957
+CVE-2023-37957 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Pipeline ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37956
+CVE-2023-37956 (A missing permission check in Jenkins Test Results Aggregator
Plugin 1 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37955
+CVE-2023-37955 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Test Resu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37954
+CVE-2023-37954 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Rebuilder ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37953
+CVE-2023-37953 (A missing permission check in Jenkins mabl Plugin 0.0.46 and
earlier a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37952
+CVE-2023-37952 (A cross-site request forgery (CSRF) vulnerability in Jenkins
mabl Plug ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37951
+CVE-2023-37951 (Jenkins mabl Plugin 0.0.46 and earlier does not set the
appropriate co ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37950
+CVE-2023-37950 (A missing permission check in Jenkins mabl Plugin 0.0.46 and
earlier a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37949
+CVE-2023-37949 (A missing permission check in Jenkins Orka by MacStadium
Plugin 1.33 a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37948
+CVE-2023-37948 (Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and
earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37947
+CVE-2023-37947 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and
earlier i ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37946
+CVE-2023-37946 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and
earlier d ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37945
+CVE-2023-37945 (A missing permission check in Jenkins SAML Single Sign On(SSO)
Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37944
+CVE-2023-37944 (A missing permission check in Jenkins Datadog Plugin 5.4.1 and
earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37943
+CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and earlier ignores the
"Require ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-37942
+CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10
and earl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-3618
+CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can
lead to ...)
- tiff <unfixed> (bug #1040945)
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -190,7 +302,7 @@ CVE-2020-36752 (The Coming Soon & Maintenance Mode Page
plugin for WordPress is
NOT-FOR-US: Coming Soon & Maintenance Mode Page plugin for WordPress
CVE-2020-36750 (The EWWW Image Optimizer plugin for WordPress is vulnerable to
Cross-S ...)
NOT-FOR-US: EWWW Image Optimizer plugin for WordPress
-CVE-2023-37579
+CVE-2023-37579 (Incorrect Authorization vulnerability in Apache Software
Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository
salesagility/su ...)
NOT-FOR-US: SuiteCRM core
@@ -601,9 +713,9 @@ CVE-2023-29156 (DroneScout ds230 Remote ID receiver from
BlueMark Innovationsis
TODO: check
CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x
through ...)
TODO: check
-CVE-2023-36543
+CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability
where an au ...)
- airflow <itp> (bug #819700)
-CVE-2023-35908
+CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a
vulnerability ...)
- airflow <itp> (bug #819700)
CVE-2023-XXXX [ESNET-SECADV-2023-0001: iperf3 memory allocation hazard and
crash]
- iperf3 3.14-1 (bug #1040830)
@@ -665,7 +777,7 @@ CVE-2023-31405 (SAP NetWeaver AS for Java - versions
ENGINEAPI 7.50, SERVERCORE
NOT-FOR-US: SAP
CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal
1.0. It ...)
NOT-FOR-US: PHPGurukul Online Shopping Portal
-CVE-2023-3600
+CVE-2023-3600 (During the worker lifecycle, a use-after-free condition could
have occ ...)
- firefox 115.0.2-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/#CVE-2023-3600
CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management
System ...)
@@ -3727,6 +3839,7 @@ CVE-2023-34335 (AMI BMC contains a vulnerability in the
IPMI handler, where an u
CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an
attacke ...)
NOT-FOR-US: AMI BMC
CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Prior to ...)
+ {DLA-3494-1}
[experimental] - ruby-doorkeeper 5.6.6-1
- ruby-doorkeeper <unfixed> (bug #1038950)
NOTE:
https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w
@@ -8274,8 +8387,7 @@ CVE-2023-31009
RESERVED
CVE-2023-31008
RESERVED
-CVE-2023-31007
- RESERVED
+CVE-2023-31007 (Improper Authentication vulnerability in Apache Software
Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-31006
RESERVED
@@ -8405,66 +8517,66 @@ CVE-2023-30944 (The vulnerability was found Moodle
which exists due to insuffici
- moodle <removed>
CVE-2023-30943 (The vulnerability was found Moodle which exists because the
applicatio ...)
- moodle <removed>
-CVE-2023-30942
- RESERVED
-CVE-2023-30941
- RESERVED
-CVE-2023-30940
- RESERVED
-CVE-2023-30939
- RESERVED
-CVE-2023-30938
- RESERVED
-CVE-2023-30937
- RESERVED
-CVE-2023-30936
- RESERVED
-CVE-2023-30935
- RESERVED
-CVE-2023-30934
- RESERVED
-CVE-2023-30933
- RESERVED
-CVE-2023-30932
- RESERVED
-CVE-2023-30931
- RESERVED
-CVE-2023-30930
- RESERVED
-CVE-2023-30929
- RESERVED
-CVE-2023-30928
- RESERVED
-CVE-2023-30927
- RESERVED
-CVE-2023-30926
- RESERVED
-CVE-2023-30925
- RESERVED
-CVE-2023-30924
- RESERVED
-CVE-2023-30923
- RESERVED
-CVE-2023-30922
- RESERVED
-CVE-2023-30921
- RESERVED
-CVE-2023-30920
- RESERVED
-CVE-2023-30919
- RESERVED
-CVE-2023-30918
- RESERVED
-CVE-2023-30917
- RESERVED
-CVE-2023-30916
- RESERVED
+CVE-2023-30942 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30941 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30940 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30939 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30938 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30937 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30936 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30935 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30934 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30933 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30932 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30931 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30930 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30929 (In telephony service, there is a possible missing permission
check. Th ...)
+ TODO: check
+CVE-2023-30928 (In telephony service, there is a possible missing permission
check. Th ...)
+ TODO: check
+CVE-2023-30927 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30926 (In opm service, there is a missing permission check. This
could lead t ...)
+ TODO: check
+CVE-2023-30925 (In opm service, there is a missing permission check. This
could lead t ...)
+ TODO: check
+CVE-2023-30924 (In messaging service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30923 (In messaging service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30922 (In messaging service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30921 (In messaging service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30920 (In messaging service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30919 (In messaging service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30918 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30917 (In DMService, there is a possible missing permission check.
This could ...)
+ TODO: check
+CVE-2023-30916 (In DMService, there is a possible missing permission check.
This could ...)
+ TODO: check
CVE-2023-30915 (In email service, there is a missing permission check. This
could lead ...)
NOT-FOR-US: Unisoc
CVE-2023-30914 (In email service, there is a missing permission check. This
could lead ...)
NOT-FOR-US: Unisoc
-CVE-2023-30913
- RESERVED
+CVE-2023-30913 (In telephony service, there is a missing permission check.
This could ...)
+ TODO: check
CVE-2023-2240 (Improper Privilege Management in GitHub repository
microweber/microweb ...)
NOT-FOR-US: microweber
CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized
Actor in G ...)
@@ -9834,10 +9946,10 @@ CVE-2022-48453
RESERVED
CVE-2022-48452
RESERVED
-CVE-2022-48451
- RESERVED
-CVE-2022-48450
- RESERVED
+CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write
due to r ...)
+ TODO: check
+CVE-2022-48450 (In bluetooth service, there is a possible missing params
check. This ...)
+ TODO: check
CVE-2022-48449
RESERVED
CVE-2022-48448 (In telephony service, there is a possible missing permission
check. Th ...)
@@ -10333,11 +10445,9 @@ CVE-2012-10012 (A vulnerability has been found in
BestWebSoft Facebook Like Butt
NOT-FOR-US: BestWebSoft
CVE-2009-10004 (A vulnerability was found in Turante Sandbox Theme up to
1.5.2. It has ...)
NOT-FOR-US: Turante Sandbox Theme
-CVE-2023-30429
- RESERVED
+CVE-2023-30429 (Incorrect Authorization vulnerability in Apache Software
Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
-CVE-2023-30428
- RESERVED
+CVE-2023-30428 (Incorrect Authorization vulnerability in Apache Software
Foundation Ap ...)
NOT-FOR-US: Apache Pulsar
CVE-2023-30427
RESERVED
@@ -12759,8 +12869,8 @@ CVE-2023-29415 (An issue was discovered in libbzip3.a
in bzip3 before 1.3.0. A d
- bzip3 1.2.2-2 (bug #1034177)
NOTE: https://github.com/kspalaiologos/bzip3/issues/95
NOTE:
https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465
(1.3.0)
-CVE-2023-29414
- RESERVED
+CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic
Buffer ...)
+ TODO: check
CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function
vulnerability ...)
NOT-FOR-US: Schneider
CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability
exists t ...)
@@ -13153,30 +13263,30 @@ CVE-2023-29321 (Adobe Animate versions 22.0.9 (and
earlier) and 23.0.1 (and earl
NOT-FOR-US: Adobe
CVE-2023-29320
RESERVED
-CVE-2023-29319
- RESERVED
-CVE-2023-29318
- RESERVED
-CVE-2023-29317
- RESERVED
-CVE-2023-29316
- RESERVED
-CVE-2023-29315
- RESERVED
-CVE-2023-29314
- RESERVED
-CVE-2023-29313
- RESERVED
-CVE-2023-29312
- RESERVED
-CVE-2023-29311
- RESERVED
-CVE-2023-29310
- RESERVED
-CVE-2023-29309
- RESERVED
-CVE-2023-29308
- RESERVED
+CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29317 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29316 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29315 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29314 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29313 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29312 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29311 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29310 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29309 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
+CVE-2023-29308 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and
earlier ...)
+ TODO: check
CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29306
@@ -13189,14 +13299,14 @@ CVE-2023-29303
RESERVED
CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
-CVE-2023-29301
- RESERVED
-CVE-2023-29300
- RESERVED
+CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
+ TODO: check
+CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
+ TODO: check
CVE-2023-29299
RESERVED
-CVE-2023-29298
- RESERVED
+CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and
earlier) ...)
+ TODO: check
CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and
earlier) an ...)
NOT-FOR-US: Adobe
CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and
earlier) an ...)
@@ -33035,11 +33145,9 @@ CVE-2023-22890 (SmartBear Zephyr Enterprise through
7.15.0 allows unauthenticate
NOT-FOR-US: SmartBear Zephyr Enterprise
CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles
user-defined inp ...)
NOT-FOR-US: SmartBear Zephyr Enterprise
-CVE-2023-22888
- RESERVED
+CVE-2023-22888 (Apache Airflow, versions before 2.6.3, is affected by a
vulnerability ...)
- airflow <itp> (bug #819700)
-CVE-2023-22887
- RESERVED
+CVE-2023-22887 (Apache Airflow, versions before 2.6.3, is affected by a
vulnerability ...)
- airflow <itp> (bug #819700)
CVE-2023-22886 (Improper Input Validation vulnerability in Apache Software
Foundation ...)
NOT-FOR-US: Apache Airflow JDBC Provider
@@ -41288,8 +41396,7 @@ CVE-2022-46663 (In GNU Less before 609, crafted data
can result in "less -R" not
NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/7
NOTE: Introduced by:
https://github.com/gwsw/less/commit/0f810ef16781bf0f59690be63af876bddabf68bf
(v566)
NOTE: Fixed by:
https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
-CVE-2022-46651
- RESERVED
+CVE-2022-46651 (Apache Airflow, versions before 2.6.3, is affected by a
vulnerability ...)
- airflow <itp> (bug #819700)
CVE-2022-46650 (Acemanager in ALEOS before version 4.16 allows a user with
valid crede ...)
NOT-FOR-US: ALEOS
@@ -43674,8 +43781,7 @@ CVE-2022-45857 (An incorrect user management
vulnerability [CWE-286] in the Fort
NOT-FOR-US: Fortinet
CVE-2022-45856
RESERVED
-CVE-2022-45855
- RESERVED
+CVE-2022-45855 (SpringEL injection in the metrics source in Apache Ambari
version 2.7. ...)
NOT-FOR-US: Apache Ambari
CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX
firmware ve ...)
NOT-FOR-US: Zyxel
@@ -51341,14 +51447,14 @@ CVE-2023-20212
RESERVED
CVE-2023-20211
RESERVED
-CVE-2023-20210
- RESERVED
+CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an
authenticated, loca ...)
+ TODO: check
CVE-2023-20209
RESERVED
CVE-2023-20208
RESERVED
-CVE-2023-20207
- RESERVED
+CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo
Authentication P ...)
+ TODO: check
CVE-2023-20206
RESERVED
CVE-2023-20205
@@ -51391,8 +51497,8 @@ CVE-2023-20187
RESERVED
CVE-2023-20186
RESERVED
-CVE-2023-20185
- RESERVED
+CVE-2023-20185 (A vulnerability in the Cisco ACI Multi-Site CloudSec
encryption featur ...)
+ TODO: check
CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center
Software could ...)
NOT-FOR-US: Cisco
CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center
Software could ...)
@@ -51523,7 +51629,7 @@ CVE-2023-20121 (Multiple vulnerabilities in the
restricted shell of Cisco Evolve
NOT-FOR-US: Cisco
CVE-2023-20120 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2023-20119 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+CVE-2023-20119 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2023-20118 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
@@ -51551,7 +51657,7 @@ CVE-2023-20107 (A vulnerability in the deterministic
random bit generator (DRBG)
NOT-FOR-US: Cisco
CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine
(ISE) could ...)
NOT-FOR-US: Cisco
-CVE-2023-20105 (Multiple vulnerabilities in Cisco Expressway Series and Cisco
TelePres ...)
+CVE-2023-20105 (A vulnerability in the change password functionality of Cisco
Expressw ...)
NOT-FOR-US: Cisco
CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco
Webex App fo ...)
NOT-FOR-US: Cisco
@@ -57349,8 +57455,7 @@ CVE-2022-42010 (An issue was discovered in D-Bus before
1.12.24, 1.13.x and 1.14
NOTE: Fixed by:
https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916
CVE-2022-3390
RESERVED
-CVE-2022-42009
- RESERVED
+CVE-2022-42009 (SpringEL injection in the server agent in Apache Ambari
version 2.7.0 ...)
NOT-FOR-US: Apache Ambari
CVE-2022-3389 (Path Traversal in GitHub repository ikus060/rdiffweb prior to
2.4.10.)
- rdiffweb <itp> (bug #969974)
@@ -69893,7 +69998,7 @@ CVE-2022-2638 (The Export All URLs WordPress plugin
before 4.4 does not validate
NOT-FOR-US: WordPress plugin
CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Hitachi
Storag ...)
NOT-FOR-US: Hitachi
-CVE-2022-2636 (Improper Input Validation in GitHub repository
hestiacp/hestiacp prior ...)
+CVE-2022-2636 (Improper Control of Generation of Code ('Code Injection') in
GitHub re ...)
NOT-FOR-US: Hestia Control Panel
CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise
and es ...)
NOT-FOR-US: WordPress plugin
@@ -120436,8 +120541,8 @@ CVE-2021-44698 (Adobe Audition versions 14.4 (and
earlier), and 22.0 (and earlie
NOT-FOR-US: Adobe
CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and
earlier)are ...)
NOT-FOR-US: Adobe
-CVE-2021-44696
- RESERVED
+CVE-2021-44696 (Adobe Prelude version 22.1.1 (and earlier) is affected by an
out-of-bo ...)
+ TODO: check
CVE-2021-44695 (A vulnerability has been identified in SIMATIC Drive
Controller CPU 15 ...)
NOT-FOR-US: Siemens
CVE-2021-44694 (A vulnerability has been identified in SIMATIC Drive
Controller CPU 15 ...)
@@ -124576,14 +124681,14 @@ CVE-2021-43762 (AEM's Cloud Service offering, as
well as version 6.5.10.0 (and b
NOT-FOR-US: Adobe
CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and
below), ...)
NOT-FOR-US: Adobe
-CVE-2021-43760
- RESERVED
-CVE-2021-43759
- RESERVED
-CVE-2021-43758
- RESERVED
-CVE-2021-43757
- RESERVED
+CVE-2021-43760 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are
affected b ...)
+ TODO: check
+CVE-2021-43759 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are
affected b ...)
+ TODO: check
+CVE-2021-43758 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are
affected b ...)
+ TODO: check
+CVE-2021-43757 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are
affected b ...)
+ TODO: check
CVE-2021-43756 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are
affected b ...)
NOT-FOR-US: Adobe
CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2
(and earlie ...)
@@ -217776,8 +217881,8 @@ CVE-2020-20023
RESERVED
CVE-2020-20022
RESERVED
-CVE-2020-20021
- RESERVED
+CVE-2020-20021 (An issue discovered in MikroTik Router v6.46.3 and earlier
allows atta ...)
+ TODO: check
CVE-2020-20020
RESERVED
CVE-2020-20019
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2e30a4de9d57f8d70d046e8d19c394fef9c0648
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2e30a4de9d57f8d70d046e8d19c394fef9c0648
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
