Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f0df28be by security tracker role at 2023-07-19T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-3765 (Absolute Path Traversal in GitHub repository mlflow/mlflow
prior to 2. ...)
+ TODO: check
+CVE-2023-3763 (A vulnerability was found in Intergard SGS 8.7.0. It has been
declared ...)
+ TODO: check
+CVE-2023-3762 (A vulnerability was found in Intergard SGS 8.7.0. It has been
classifi ...)
+ TODO: check
+CVE-2023-3761 (A vulnerability was found in Intergard SGS 8.7.0 and classified
as pro ...)
+ TODO: check
+CVE-2023-3760 (A vulnerability has been found in Intergard SGS 8.7.0 and
classified a ...)
+ TODO: check
+CVE-2023-3759 (A vulnerability, which was classified as critical, was found in
Interg ...)
+ TODO: check
+CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ
Script ...)
+ TODO: check
+CVE-2023-3756 (A vulnerability was found in Creativeitem Atlas Business
Directory Lis ...)
+ TODO: check
+CVE-2023-3755 (A vulnerability has been found in Creativeitem Atlas Business
Director ...)
+ TODO: check
+CVE-2023-3754 (A vulnerability, which was classified as problematic, was found
in Cre ...)
+ TODO: check
+CVE-2023-3753 (A vulnerability classified as problematic has been found in
Creativeit ...)
+ TODO: check
+CVE-2023-3752 (A vulnerability was found in Creativeitem Academy LMS 5.15. It
has bee ...)
+ TODO: check
+CVE-2023-3751 (A vulnerability was found in Super Store Finder 3.6. It has
been decla ...)
+ TODO: check
+CVE-2023-3722 (An OS command injection vulnerability was found in the Avaya
Aura Devi ...)
+ TODO: check
+CVE-2023-3638 (In GeoVision GV-ADR2701 cameras, an attacker could edit the
login resp ...)
+ TODO: check
+CVE-2023-3527 (A CSV injection vulnerability was found in theAvaya Call
Management Sy ...)
+ TODO: check
+CVE-2023-3519 (Unauthenticated remote code execution)
+ TODO: check
+CVE-2023-3467 (Privilege Escalation to root administrator (nsroot))
+ TODO: check
+CVE-2023-3466 (Reflected Cross-Site Scripting (XSS))
+ TODO: check
+CVE-2023-3463 (All versions of GE Digital CIMPLICITY that are not adhering to
SDG gui ...)
+ TODO: check
+CVE-2023-37899 (Feathersjs is a framework for creating web APIs and real-time
applicat ...)
+ TODO: check
+CVE-2023-37897 (Grav is a file-based Web-platform built in PHP. Grav is
subject to a s ...)
+ TODO: check
+CVE-2023-37748 (ngiflib commit 5e7292 was discovered to contain an infinite
loop via t ...)
+ TODO: check
+CVE-2023-37733 (An arbitrary file upload vulnerability in tduck-platform v4.0
allows a ...)
+ TODO: check
+CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2023-35900 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through
21.0.7.4 a ...)
+ TODO: check
+CVE-2023-35898 (IBM InfoSphere Information Server 11.7 could allow an
authenticated us ...)
+ TODO: check
+CVE-2023-34034 (Using "**" as a pattern in Spring Security configuration for
WebFlux ...)
+ TODO: check
+CVE-2023-33876 (A use-after-free vulnerability exists in the way Foxit Reader
12.1.2.1 ...)
+ TODO: check
+CVE-2023-33866 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
+ TODO: check
+CVE-2023-33832 (IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a
local user ...)
+ TODO: check
+CVE-2023-32664 (A type confusion vulnerability exists in the Javascript
checkThisBox m ...)
+ TODO: check
+CVE-2023-32635 (XBRL data create application version 7.0 and earlier
improperly restri ...)
+ TODO: check
+CVE-2023-32263 (A potential vulnerability has been identified in the Micro
Focus Dimen ...)
+ TODO: check
+CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
+ TODO: check
CVE-2023-3347 [SMB2 packet signing not enforced]
- samba 2:4.18.5+dfsg-1
[bullseye] - samba <not-affected> (Vulnerable code not present)
@@ -17,7 +87,7 @@ CVE-2023-3745
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1857
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b
-CVE-2023-3446
+CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters
may be ...)
- openssl <unfixed>
[bookworm] - openssl <postponed> (Minor issue, fix along with future
DSA)
[bullseye] - openssl <postponed> (Minor issue, fix along with future
DSA)
@@ -407,7 +477,7 @@ CVE-2023-3685 (A vulnerability was found in Nesote Inout
Search Engine AI Editio
NOT-FOR-US: Nesote Inout Search Engine AI Edition
CVE-2023-3684 (A vulnerability was found in LivelyWorks Articart 2.0.1 and
classified ...)
NOT-FOR-US: LivelyWorks Articart
-CVE-2023-3674
+CVE-2023-3674 (A flaw was found in the keylime attestation verifier, which
fails to f ...)
NOT-FOR-US: Keylime
CVE-2023-38379 (The web interface on the RIGOL MSO5000 digital oscilloscope
with firmw ...)
NOT-FOR-US: RIGOL
@@ -2422,6 +2492,7 @@ CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant
(BFT) middleware that tak
CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that
takes a s ...)
NOT-FOR-US: CometBFT
CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before
4.2.3, Em ...)
+ {DLA-3500-1}
- python-django 3:3.2.20-1 (bug #1040225)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1
NOTE:
https://www.djangoproject.com/weblog/2023/jul/03/security-releases/
@@ -2910,7 +2981,7 @@ CVE-2023-36464 (pypdf is an open source, pure-python PDF
library. In affected ve
NOTE: Introduced with: https://github.com/py-pdf/pypdf/pull/969 (2.2.0)
NOTE: Fixed with: https://github.com/py-pdf/pypdf/pull/1828
NOTE: Fixed by:
https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932
(3.9.0)
-CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms
versions v5.1.0 ...)
+CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms v5.1.1
and earl ...)
NOT-FOR-US: Snow Monkey Forms
CVE-2022-48505 (This issue was addressed with improved data protection. This
issue is ...)
NOT-FOR-US: Apple
@@ -4346,9 +4417,9 @@ CVE-2023-35144 (Jenkins Maven Repository Server Plugin
1.10 and earlier does not
NOT-FOR-US: Jenkins plugin
CVE-2023-35143 (Jenkins Maven Repository Server Plugin 1.10 and earlier does
not escap ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32262
+CVE-2023-32262 (A potential vulnerability has been identified in the Micro
Focus Dimen ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-32261
+CVE-2023-32261 (A potential vulnerability has been identified in the Micro
Focus Dimen ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-35142 (Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS
validat ...)
NOT-FOR-US: Jenkins plugin
@@ -9848,8 +9919,8 @@ CVE-2023-30801
RESERVED
CVE-2023-30800
RESERVED
-CVE-2023-30799
- RESERVED
+CVE-2023-30799 (MikroTik RouterOS stable before 6.49.7 and long-term through
6.48.6 ar ...)
+ TODO: check
CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python
framework bef ...)
- starlette 0.25.0-1
[bullseye] - starlette <no-dsa> (Minor issue)
@@ -11288,8 +11359,8 @@ CVE-2023-30435
RESERVED
CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9,
5.1.3.0 ...)
NOT-FOR-US: IBM
-CVE-2023-30433
- RESERVED
+CVE-2023-30433 (IBM Security Verify Access 10.0 could allow a remote attacker
to condu ...)
+ TODO: check
CVE-2023-30432
RESERVED
CVE-2023-30431 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
@@ -14301,10 +14372,10 @@ CVE-2023-29262
RESERVED
CVE-2023-29261
RESERVED
-CVE-2023-29260
- RESERVED
-CVE-2023-29259
- RESERVED
+CVE-2023-29260 (IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to
server-side ...)
+ TODO: check
+CVE-2023-29259 (IBM Sterling Connect:Express for UNIX 1.5 browser UI is
vulnerable to ...)
+ TODO: check
CVE-2023-29258
RESERVED
CVE-2023-29257 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
@@ -15400,8 +15471,8 @@ CVE-2023-28936 (Attacker can access arbitrary
recording/room Vendor: The Apache
NOT-FOR-US: Apache OpenMeetings
CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of
Special Ele ...)
NOT-FOR-US: Apache UIMA UICC
-CVE-2023-28744
- RESERVED
+CVE-2023-28744 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
+ TODO: check
CVE-2023-1672 (A race condition exists in the Tang server functionality for
key gener ...)
- tang 14-1 (bug #1038119)
[bookworm] - tang <no-dsa> (Minor issue)
@@ -16108,8 +16179,8 @@ CVE-2023-28755 (A ReDoS issue was discovered in the URI
component through 0.12.0
NOTE: Fixed by:
https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300
(v3_1_4)
NOTE: Fixed by:
https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175
(v0.12.1)
NOTE:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
-CVE-2023-28754
- RESERVED
+CVE-2023-28754 (Deserialization of Untrusted Data vulnerability in Apache
ShardingSphe ...)
+ TODO: check
CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow
in its pa ...)
NOT-FOR-US: netconsd
CVE-2023-28752
@@ -16916,8 +16987,8 @@ CVE-2023-28515
RESERVED
CVE-2023-28514 (IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain
sensitive ...)
NOT-FOR-US: IBM
-CVE-2023-28513
- RESERVED
+CVE-2023-28513 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD
and IBM ...)
+ TODO: check
CVE-2023-28512
RESERVED
CVE-2023-28511
@@ -19207,8 +19278,8 @@ CVE-2023-27890 (The Export User plugin through 2.0 for
MyBB allows XSS during th
NOT-FOR-US: MyBB
CVE-2023-27878
RESERVED
-CVE-2023-27877
- RESERVED
+CVE-2023-27877 (IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0
connects t ...)
+ TODO: check
CVE-2023-27876 (IBM TRIRIGA 4.0 is vulnerable to an XML external entity
injection (XXE ...)
NOT-FOR-US: IBM
CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other
user's cred ...)
@@ -24359,14 +24430,14 @@ CVE-2023-26028
RESERVED
CVE-2023-26027
RESERVED
-CVE-2023-26026
- RESERVED
+CVE-2023-26026 (Planning Analytics Cartridge for Cloud Pak for Data 4.0
exposes sensit ...)
+ TODO: check
CVE-2023-26025
RESERVED
CVE-2023-26024
RESERVED
-CVE-2023-26023
- RESERVED
+CVE-2023-26023 (Planning Analytics Cartridge for Cloud Pak for Data 4.0
exposes sensit ...)
+ TODO: check
CVE-2023-26022 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) is v ...)
NOT-FOR-US: IBM
CVE-2023-26021 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.1 ...)
@@ -24849,10 +24920,10 @@ CVE-2023-25841
RESERVED
CVE-2023-25840
RESERVED
-CVE-2023-25839
- RESERVED
-CVE-2023-25838
- RESERVED
+CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights
Desktop f ...)
+ TODO: check
+CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights
2022.1 for ...)
+ TODO: check
CVE-2023-25837
RESERVED
CVE-2023-25836
@@ -35566,14 +35637,14 @@ CVE-2023-22510
RESERVED
CVE-2023-22509
RESERVED
-CVE-2023-22508
- RESERVED
+CVE-2023-22508 (This High severity RCE (Remote Code Execution) vulnerability
known as ...)
+ TODO: check
CVE-2023-22507
RESERVED
-CVE-2023-22506
- RESERVED
-CVE-2023-22505
- RESERVED
+CVE-2023-22506 (This High severity Injection and RCE (Remote Code Execution)
vulnerabi ...)
+ TODO: check
+CVE-2023-22505 (This High severity RCE (Remote Code Execution) vulnerability
known as ...)
+ TODO: check
CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote
attacker ...)
NOT-FOR-US: Atlassian
CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data
Center allow ...)
@@ -38704,156 +38775,134 @@ CVE-2023-22064
RESERVED
CVE-2023-22063
RESERVED
-CVE-2023-22062
- RESERVED
-CVE-2023-22061
- RESERVED
-CVE-2023-22060
- RESERVED
+CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting
product of Or ...)
+ TODO: check
+CVE-2023-22061 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of
Oracle Hyper ...)
+ TODO: check
CVE-2023-22059
RESERVED
-CVE-2023-22058
- RESERVED
+CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22057
- RESERVED
+CVE-2023-22057 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22056
- RESERVED
+CVE-2023-22056 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22055
- RESERVED
-CVE-2023-22054
- RESERVED
+CVE-2023-22055 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
+ TODO: check
+CVE-2023-22054 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22053
- RESERVED
+CVE-2023-22053 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22052
- RESERVED
-CVE-2023-22051
- RESERVED
-CVE-2023-22050
- RESERVED
-CVE-2023-22049
- RESERVED
+CVE-2023-22052 (Vulnerability in the Java VM component of Oracle Database
Server. Sup ...)
+ TODO: check
+CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle
GraalVM ...)
+ TODO: check
+CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator
product of ...)
+ TODO: check
+CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22048
- RESERVED
+CVE-2023-22048 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22047
- RESERVED
-CVE-2023-22046
- RESERVED
+CVE-2023-22047 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22045
- RESERVED
+CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22044
- RESERVED
+CVE-2023-22044 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-17 17.0.8+7-1
-CVE-2023-22043
- RESERVED
+CVE-2023-22043 (Vulnerability in Oracle Java SE (component: JavaFX). The
supported v ...)
- openjfx 11+26-1
NOTE: This only affects JavaFX 8.x, so marking the first 11 upload as
fixed
-CVE-2023-22042
- RESERVED
-CVE-2023-22041
- RESERVED
+CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
+ TODO: check
+CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-8 <unfixed>
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22040
- RESERVED
-CVE-2023-22039
- RESERVED
-CVE-2023-22038
- RESERVED
+CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2023-22039 (Vulnerability in the Oracle Agile PLM product of Oracle Supply
Chain ( ...)
+ TODO: check
+CVE-2023-22038 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22037
- RESERVED
-CVE-2023-22036
- RESERVED
+CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop
Integrator produc ...)
+ TODO: check
+CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22035
- RESERVED
-CVE-2023-22034
- RESERVED
-CVE-2023-22033
- RESERVED
+CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle
E-Business Sui ...)
+ TODO: check
+CVE-2023-22034 (Vulnerability in the Unified Audit component of Oracle
Database Server ...)
+ TODO: check
+CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2023-22032
RESERVED
-CVE-2023-22031
- RESERVED
+CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
CVE-2023-22030
RESERVED
CVE-2023-22029
RESERVED
CVE-2023-22028
RESERVED
-CVE-2023-22027
- RESERVED
+CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
CVE-2023-22026
RESERVED
CVE-2023-22025
RESERVED
CVE-2023-22024
RESERVED
-CVE-2023-22023
- RESERVED
-CVE-2023-22022
- RESERVED
-CVE-2023-22021
- RESERVED
-CVE-2023-22020
- RESERVED
+CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data
Management W ...)
+ TODO: check
+CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
CVE-2023-22019
RESERVED
-CVE-2023-22018
- RESERVED
+CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
-CVE-2023-22017
- RESERVED
+CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
-CVE-2023-22016
- RESERVED
+CVE-2023-22016 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
CVE-2023-22015
RESERVED
-CVE-2023-22014
- RESERVED
-CVE-2023-22013
- RESERVED
-CVE-2023-22012
- RESERVED
-CVE-2023-22011
- RESERVED
-CVE-2023-22010
- RESERVED
-CVE-2023-22009
- RESERVED
-CVE-2023-22008
- RESERVED
+CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2023-22012 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2023-22011 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2023-22010 (Vulnerability in Oracle Essbase (component: Security and
Provisioning) ...)
+ TODO: check
+CVE-2023-22009 (Vulnerability in the Oracle Self-Service Human Resources
product of Or ...)
+ TODO: check
+CVE-2023-22008 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22007
- RESERVED
+CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22006
- RESERVED
+CVE-2023-22006 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
-CVE-2023-22005
- RESERVED
+CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-22004
- RESERVED
+CVE-2023-22004 (Vulnerability in the Oracle Applications Technology product of
Oracle ...)
+ TODO: check
CVE-2023-22003 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
CVE-2023-22002 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
@@ -38872,8 +38921,8 @@ CVE-2023-21996 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
NOT-FOR-US: Oracle
CVE-2023-21995
RESERVED
-CVE-2023-21994
- RESERVED
+CVE-2023-21994 (Vulnerability in the Oracle Mobile Security Suite product of
Oracle Fu ...)
+ TODO: check
CVE-2023-21993 (Vulnerability in the Oracle Clinical Remote Data Capture
product of Or ...)
NOT-FOR-US: Oracle
CVE-2023-21992 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources
product ...)
@@ -38894,8 +38943,8 @@ CVE-2023-21985 (Vulnerability in the Oracle Solaris
product of Oracle Systems (c
NOT-FOR-US: Oracle
CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
-CVE-2023-21983
- RESERVED
+CVE-2023-21983 (Vulnerability in the Application Express Administration
product of Ora ...)
+ TODO: check
CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
@@ -38910,10 +38959,10 @@ CVE-2023-21977 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
-CVE-2023-21975
- RESERVED
-CVE-2023-21974
- RESERVED
+CVE-2023-21975 (Vulnerability in the Application Express Customers Plugin
product of O ...)
+ TODO: check
+CVE-2023-21974 (Vulnerability in the Application Express Team Calendar Plugin
product ...)
+ TODO: check
CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle
E-Business ...)
NOT-FOR-US: Oracle
CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -38946,8 +38995,8 @@ CVE-2023-21963 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-8.0 8.0.32-1
CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
-CVE-2023-21961
- RESERVED
+CVE-2023-21961 (Vulnerability in the Oracle Hyperion Essbase Administration
Services p ...)
+ TODO: check
CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21959 (Vulnerability in the Oracle iReceivables product of Oracle
E-Business ...)
@@ -38972,11 +39021,10 @@ CVE-2023-21952 (Vulnerability in the Oracle Business
Intelligence Enterprise Edi
NOT-FOR-US: Oracle
CVE-2023-21951
RESERVED
-CVE-2023-21950
- RESERVED
+CVE-2023-21950 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
-CVE-2023-21949
- RESERVED
+CVE-2023-21949 (Vulnerability in the Advanced Networking Option component of
Oracle Da ...)
+ TODO: check
CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
NOT-FOR-US: Oracle
CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -46999,7 +47047,7 @@ CVE-2022-3924 (This issue can affect BIND 9 resolvers
with `stale-answer-enable
- bind9 1:9.18.11-1
[buster] - bind9 <not-affected> (Vulnerable code introduced later)
NOTE: https://kb.isc.org/docs/cve-2022-3924
-CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin through
1.9.6 does ...)
+CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin before
1.9.8 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does
not sanit ...)
NOT-FOR-US: WordPress plugin
@@ -52979,12 +53027,12 @@ CVE-2022-43912
RESERVED
CVE-2022-43911
RESERVED
-CVE-2022-43910
- RESERVED
+CVE-2022-43910 (IBM Security Guardium 11.3 could allow a local user to
escalate their ...)
+ TODO: check
CVE-2022-43909
RESERVED
-CVE-2022-43908
- RESERVED
+CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user
to cause ...)
+ TODO: check
CVE-2022-43907
RESERVED
CVE-2022-43906
@@ -61389,8 +61437,8 @@ CVE-2022-40897 (Python Packaging Authority (PyPA)
setuptools before 65.5.1 allow
- setuptools 65.6.3-1
[bullseye] - setuptools <no-dsa> (Minor issue)
NOTE:
https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
(v65.5.1)
-CVE-2022-40896
- RESERVED
+CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in
pygments ...)
+ TODO: check
CVE-2022-40895 (In certain Nedi products, a vulnerability in the web UI of
NeDi login ...)
NOT-FOR-US: NeDi
CVE-2022-40894
@@ -111605,6 +111653,7 @@ CVE-2022-23529
CVE-2022-23528
RESERVED
CVE-2022-23527 (mod_auth_openidc is an OpenID Certified\u2122 authentication
and autho ...)
+ {DLA-3499-1}
- libapache2-mod-auth-openidc 2.4.12.2-1 (bug #1026444)
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2
NOTE:
https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53
@@ -139921,6 +139970,7 @@ CVE-2021-39193 (Frontier is Substrate's Ethereum
compatibility layer. Prior to c
CVE-2021-39192 (Ghost is a Node.js content management system. An error in the
implemen ...)
NOT-FOR-US: Ghost CMS
CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for
the Apa ...)
+ {DLA-3499-1}
- libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648)
[bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u1
[stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
@@ -140496,8 +140546,8 @@ CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2
does not require that users
NOT-FOR-US: IBM
CVE-2021-38934 (IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is
vulnerable to ...)
NOT-FOR-US: IBM
-CVE-2021-38933
- RESERVED
+CVE-2021-38933 (IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than
expected cry ...)
+ TODO: check
CVE-2021-38932
RESERVED
CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.1 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0df28be5dddfb80c5b42e516222108c937bb22c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0df28be5dddfb80c5b42e516222108c937bb22c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
