Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a178e1e0 by security tracker role at 2023-07-13T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,57 @@
+CVE-2023-3661 (A vulnerability was found in SourceCodester AC Repair and
Services Sys ...)
+ TODO: check
+CVE-2023-3660 (A vulnerability was found in Campcodes Retro Cellphone Online
Store 1. ...)
+ TODO: check
+CVE-2023-3659 (A vulnerability has been found in SourceCodester AC Repair and
Service ...)
+ TODO: check
+CVE-2023-3658 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-3657 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-37787 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog
v2.2.2 ...)
+ TODO: check
+CVE-2023-37786 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog
v2.2.2 ...)
+ TODO: check
+CVE-2023-37785 (A cross-site scripting (XSS) vulnerability in ImpressCMS
v1.4.5 and be ...)
+ TODO: check
+CVE-2023-37746 (A cross-site scripting (XSS) vulnerability in Maid Hiring
Management S ...)
+ TODO: check
+CVE-2023-37745 (A cross-site scripting (XSS) vulnerability in Maid Hiring
Management S ...)
+ TODO: check
+CVE-2023-37744 (Maid Hiring Management System v1.0 was discovered to contain a
cross-s ...)
+ TODO: check
+CVE-2023-37743 (A cross-site scripting (XSS) vulnerability in Teacher Subject
Allocati ...)
+ TODO: check
+CVE-2023-37463 (cmark-gfm is an extended version of the C reference
implementation of ...)
+ TODO: check
+CVE-2023-37267 (Umbraco is a ASP.NET CMS. Under rare conditions a restart of
Umbraco c ...)
+ TODO: check
+CVE-2023-35833 (An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82.
When mo ...)
+ TODO: check
+CVE-2023-35070 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-34458 (mx-chain-go is the official implementation of the MultiversX
blockchai ...)
+ TODO: check
+CVE-2023-33768 (Incorrect signature verification of the firmware during the
Device Fir ...)
+ TODO: check
+CVE-2023-31825 (An issue found in Inageya v.13.4.1 allows a remote attacker to
gain ac ...)
+ TODO: check
+CVE-2023-31824 (An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a
remote at ...)
+ TODO: check
+CVE-2023-31823 (An issue found in Marui Co Marui Official app v.13.6.1 allows
a remote ...)
+ TODO: check
+CVE-2023-31822 (An issue found in Entetsu Store v.13.4.1 allows a remote
attacker to g ...)
+ TODO: check
+CVE-2023-31821 (An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote
attacker to ...)
+ TODO: check
+CVE-2023-31820 (An issue found in Shizutetsu Store v.13.6.1 allows a remote
attacker t ...)
+ TODO: check
+CVE-2023-31819 (An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1
allows a ...)
+ TODO: check
+CVE-2023-31705 (A Reflected Cross-site scripting (XSS) vulnerability in
Sourcecodester ...)
+ TODO: check
+CVE-2023-31704 (Sourcecodester Online Computer and Laptop Store 1.0 is
vulnerable to I ...)
+ TODO: check
CVE-2023-3444 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
TODO: check
CVE-2023-3424 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
@@ -10091,20 +10145,20 @@ CVE-2023-30567
RESERVED
CVE-2023-30566
RESERVED
-CVE-2023-30565
- RESERVED
-CVE-2023-30564
- RESERVED
-CVE-2023-30563
- RESERVED
-CVE-2023-30562
- RESERVED
-CVE-2023-30561
- RESERVED
-CVE-2023-30560
- RESERVED
-CVE-2023-30559
- RESERVED
+CVE-2023-30565 (An insecure connection between Systems Manager and CQI
Reporter applic ...)
+ TODO: check
+CVE-2023-30564 (Alaris Systems Manager does not perform input validation
during the De ...)
+ TODO: check
+CVE-2023-30563 (A malicious file could be uploaded into a System Manager User
Import F ...)
+ TODO: check
+CVE-2023-30562 (A GRE dataset file within Systems Manager can be tampered with
and dis ...)
+ TODO: check
+CVE-2023-30561 (The data flowing between the PCU and its modules is insecure.
A threat ...)
+ TODO: check
+CVE-2023-30560 (The configuration from the PCU can be modified without
authentication ...)
+ TODO: check
+CVE-2023-30559 (The configuration from the PCU can be modified without
authentication ...)
+ TODO: check
CVE-2023-30558 (Archery is an open source SQL audit platform. The Archery
project cont ...)
NOT-FOR-US: Archery
CVE-2023-30557 (Archery is an open source SQL audit platform. The Archery
project cont ...)
@@ -10185,8 +10239,8 @@ CVE-2023-2005 (Vulnerability in Tenable Tenable.Io,
Tenable Nessus, Tenable Secu
NOT-FOR-US: Tenable
CVE-2023-2004
REJECTED
-CVE-2023-2003
- RESERVED
+CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the
build 5 of ...)
+ TODO: check
CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due
to a m ...)
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3
@@ -11126,8 +11180,8 @@ CVE-2023-30153
RESERVED
CVE-2023-30152
RESERVED
-CVE-2023-30151
- RESERVED
+CVE-2023-30151 (A SQL injection vulnerability in the Boxtal (envoimoinscher)
module fo ...)
+ TODO: check
CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL
Injection ...)
NOT-FOR-US: PrestaShop leocustomajax
CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete
(cityautocomplete ...)
@@ -12818,26 +12872,26 @@ CVE-2023-29460 (An arbitrary code execution
vulnerability contained in Rockwell
NOT-FOR-US: Rockwell Automation
CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android
exposes the ...)
NOT-FOR-US: laola.redbull
-CVE-2023-29458
- RESERVED
-CVE-2023-29457
- RESERVED
-CVE-2023-29456
- RESERVED
-CVE-2023-29455
- RESERVED
-CVE-2023-29454
- RESERVED
+CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a
focus on ...)
+ TODO: check
+CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is
reflected off ...)
+ TODO: check
+CVE-2023-29456 (URL validation scheme receives input from a user and then
parses it to ...)
+ TODO: check
+CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks,
occur whe ...)
+ TODO: check
+CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of
XSS where ...)
+ TODO: check
CVE-2023-29453
RESERVED
-CVE-2023-29452
- RESERVED
-CVE-2023-29451
- RESERVED
-CVE-2023-29450
- RESERVED
-CVE-2023-29449
- RESERVED
+CVE-2023-29452 (Currently, geomap configuration (Administration -> General ->
Geograph ...)
+ TODO: check
+CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the
JSON parser ...)
+ TODO: check
+CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain
access t ...)
+ TODO: check
+CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can
cause uncont ...)
+ TODO: check
CVE-2023-29448
RESERVED
CVE-2023-29447
@@ -19962,32 +20016,32 @@ CVE-2023-27299
RESERVED
CVE-2023-27297
RESERVED
-CVE-2023-26597
- RESERVED
+CVE-2023-26597 (Controller DoS due to buffer overflow in the handling of a
specially c ...)
+ TODO: check
CVE-2023-26585
RESERVED
-CVE-2023-25948
- RESERVED
-CVE-2023-25770
- RESERVED
-CVE-2023-25178
- RESERVED
-CVE-2023-25078
- RESERVED
+CVE-2023-25948 (Server information leak of configuration data when an error is
generat ...)
+ TODO: check
+CVE-2023-25770 (Controller DoS may occur due to buffer overflow when an error
is gener ...)
+ TODO: check
+CVE-2023-25178 (Controller may be loaded with malicious firmware which could
enable re ...)
+ TODO: check
+CVE-2023-25078 (Server or Console Station DoS due to heap overflow occurring
during th ...)
+ TODO: check
CVE-2023-24589
RESERVED
-CVE-2023-24480
- RESERVED
-CVE-2023-24474
- RESERVED
+CVE-2023-24480 (Controller DoS due to stack overflow when decoding a message
from the ...)
+ TODO: check
+CVE-2023-24474 (Experion server may experience a DoS due to a heap overflow
which coul ...)
+ TODO: check
CVE-2023-23905
RESERVED
-CVE-2023-23585
- RESERVED
+CVE-2023-23585 (Experion server DoS due to heap overflow occurring during the
handling ...)
+ TODO: check
CVE-2023-22658
RESERVED
-CVE-2023-22435
- RESERVED
+CVE-2023-22435 (Experion server may experience a DoS due to a stack overflow
when hand ...)
+ TODO: check
CVE-2023-1109 (In Phoenix Contacts ENERGY AXC PU Web service an authenticated
restric ...)
NOT-FOR-US: Phoenix Contacts ENERGY AXC PU Web service
CVE-2023-1108
@@ -57468,8 +57522,8 @@ CVE-2022-42047
RESERVED
CVE-2022-42046 (wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows
arbitrary ...)
NOT-FOR-US: HeavenBurnsRed
-CVE-2022-42045
- RESERVED
+CVE-2022-42045 (Certain Zemana products are vulnerable to Arbitrary code
injection. Th ...)
+ TODO: check
CVE-2022-42044 (The d8s-asns package for Python, as distributed on PyPI,
included a po ...)
NOT-FOR-US: d8s-asns
CVE-2022-42043 (The d8s-xml package for Python, as distributed on PyPI,
included a pot ...)
@@ -105962,8 +106016,7 @@ CVE-2022-24836 (Nokogiri is an open source XML and
HTML library for Ruby. Nokogi
NOTE:
https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
CVE-2022-24835
RESERVED
-CVE-2022-24834
- RESERVED
+CVE-2022-24834 (Redis is an in-memory database that persists on disk. A
specially craf ...)
- redis 5:7.0.12-1
[bookworm] - redis <no-dsa> (Minor issue)
[bullseye] - redis <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a178e1e05509b606f633ef133527e82b59a04c58
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a178e1e05509b606f633ef133527e82b59a04c58
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
