Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6908d47 by security tracker role at 2023-07-14T20:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to
10.5.24.)
+ TODO: check
+CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository
plaidweb/webment ...)
+ TODO: check
+CVE-2023-3633 (An out-of-bounds writevulnerability in Bitdefender Engines on
Windows ...)
+ TODO: check
+CVE-2023-3434 (Improper Input Validation in the hyperlink interpretation
inSavoir-fai ...)
+ TODO: check
+CVE-2023-3433 (The "nickname" field within Savoir-faire Linux's Jami
application is s ...)
+ TODO: check
+CVE-2023-38325 (The cryptography package before 41.0.2 for Python mishandles
SSH certi ...)
+ TODO: check
+CVE-2023-38253 (An out-of-bounds read flaw was found in w3m, in the
growbuf_to_Str fun ...)
+ TODO: check
+CVE-2023-38252 (An out-of-bounds read flaw was found in w3m, in the
Strnew_size functi ...)
+ TODO: check
+CVE-2023-37474 (Copyparty is a portable file server. Versions prior to 1.8.2
are subje ...)
+ TODO: check
+CVE-2023-37473 (zenstruck/collections is a set of helpers for
iterating/paginating/fil ...)
+ TODO: check
+CVE-2023-37224 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6
and v.6. ...)
+ TODO: check
+CVE-2023-37223 (Cross Site Scripting (XSS) vulnerability in Archer Platform
before v.6 ...)
+ TODO: check
+CVE-2023-36888 (Microsoft Edge for Android (Chromium-based) Tampering
Vulnerability)
+ TODO: check
+CVE-2023-36887 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2023-36883 (Microsoft Edge for iOS Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36850 (An Improper Validation of Specified Index, Position, or Offset
in Inpu ...)
+ TODO: check
+CVE-2023-36849 (An Improper Check or Handling of Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2023-36848 (An Improper Handling of Undefined Values vulnerability in the
periodic ...)
+ TODO: check
+CVE-2023-36840 (A Reachable Assertion vulnerability in Routing Protocol Daemon
(RPD) o ...)
+ TODO: check
+CVE-2023-36838 (An Out-of-bounds Read vulnerability in the flow processing
daemon (flo ...)
+ TODO: check
+CVE-2023-36836 (A Use of an Uninitialized Resource vulnerability in the
routing protoc ...)
+ TODO: check
+CVE-2023-36835 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2023-36834 (An Incomplete Internal State Distinction vulnerability in the
packet f ...)
+ TODO: check
+CVE-2023-36833 (A Use After Free vulnerability in the packet forwarding engine
(PFE) o ...)
+ TODO: check
+CVE-2023-36832 (An Improper Handling of Exceptional Conditions vulnerability
in packet ...)
+ TODO: check
+CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions
vulnerability ...)
+ TODO: check
+CVE-2023-36119 (File upload vulnerability in PHPGurukul Online Security Guards
Hiring ...)
+ TODO: check
+CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible
way to se ...)
+ TODO: check
+CVE-2023-32761 (Cross Site Request Forgery (CSRF) vulnerability in Archer
Platform bef ...)
+ TODO: check
+CVE-2023-32760 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6
and v.6. ...)
+ TODO: check
+CVE-2023-32759 (An issue in Archer Platform before v.6.13 and fixed in
6.12.0.6 and 6. ...)
+ TODO: check
+CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug
that c ...)
+ TODO: check
CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository
froxlor/f ...)
- froxlor <itp> (bug #581792)
CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial
of ser ...)
@@ -921,7 +985,7 @@ CVE-2023-32054 (Volume Shadow Copy Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-32053 (Windows Installer Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-32052 (Microsoft Power Apps Spoofing Vulnerability)
+CVE-2023-32052 (Microsoft Power Apps (online) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-32051 (Raw Image Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -3484,6 +3548,7 @@ CVE-2023-2784 (Mattermost fails to verify if the
requestor is a sysadmin or not,
CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret
provided in th ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.2 ...)
+ {DSA-5452-1}
- gpac <unfixed>
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
@@ -5289,6 +5354,7 @@ CVE-2023-3013 (Unchecked Return Value in GitHub
repository gpac/gpac prior to 2.
NOTE: https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073
NOTE:
https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594
CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.2.2 ...)
+ {DSA-5452-1}
- gpac <unfixed>
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
@@ -14584,8 +14650,8 @@ CVE-2023-28987
RESERVED
CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider,
wpaffil ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28985
- RESERVED
+CVE-2023-28985 (An Improper Validation of Syntactic Correctness of Input
vulnerability ...)
+ TODO: check
CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning
Manager ...)
NOT-FOR-US: Juniper
CVE-2023-28983 (An OS Command Injection vulnerability in gRPC Network
Operations Inter ...)
@@ -15055,6 +15121,7 @@ CVE-2023-28864
CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient
Verification of ...)
NOT-FOR-US: AMI
CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak
session I ...)
+ {DLA-3496-1}
- lemonldap-ng 2.16.1+ds-1
[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u4
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2896
@@ -25136,6 +25203,7 @@ CVE-2023-0762 (The Clock In Portal- Staff & Attendance
Management WordPress plug
CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress
plugin th ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to V2. ...)
+ {DSA-5452-1}
- gpac <unfixed> (bug #1033116)
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
@@ -27184,8 +27252,8 @@ CVE-2023-24898 (Windows SMB Denial of Service
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution
Vulnerab ...)
NOT-FOR-US: .NET
-CVE-2023-24896
- RESERVED
+CVE-2023-24896 (Dynamics 365 Finance Spoofing Vulnerability)
+ TODO: check
CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution
Vulnerab ...)
NOT-FOR-US: .NET
CVE-2023-24894
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6908d47e19d40fddf0489a0722eb1d1ba4a2b73
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6908d47e19d40fddf0489a0722eb1d1ba4a2b73
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
