[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 20 Jul 2023 01:12:26 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
31eca1c6 by security tracker role at 2023-07-20T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,32 @@
-CVE-2023-38408 [Remote Code Execution in OpenSSH's forwarded ssh-agent]
+CVE-2023-3784 (A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. 
It has ...)
+       TODO: check
+CVE-2023-3783 (A vulnerability was found in Webile 1.0.1. It has been 
classified as p ...)
+       TODO: check
+CVE-2023-3782 (DoS of the OkHttp client when using a BrotliInterceptor and 
surfing to ...)
+       TODO: check
+CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 
1.4.1 HTTP ...)
+       TODO: check
+CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL 
policies ...)
+       TODO: check
+CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 
1.4.10 ACL  ...)
+       TODO: check
+CVE-2023-37362 (Weintek Weincloud v0.13.6     could allow an attacker to abuse 
the reg ...)
+       TODO: check
+CVE-2023-37289 (It is identified a vulnerability of Unrestricted Upload of 
File with D ...)
+       TODO: check
+CVE-2023-36853 (In Keysight Geolocation Server v2.4.2 and prior, a low 
privileged atta ...)
+       TODO: check
+CVE-2023-35134 (Weintek Weincloud v0.13.6   could allow an attacker to reset a 
passwor ...)
+       TODO: check
+CVE-2023-34429 (Weintek Weincloud v0.13.6     could allow an attacker to cause 
a denia ...)
+       TODO: check
+CVE-2023-34394 (In Keysight Geolocation Server v2.4.2 and prior, an attacker 
could upl ...)
+       TODO: check
+CVE-2023-32657 (Weintek Weincloud v0.13.6     could allow an attacker to 
efficiently d ...)
+       TODO: check
+CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has 
an insuff ...)
        - openssh 1:9.3p2-1
        NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9
        NOTE: 
https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
@@ -210,9 +238,9 @@ CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior 
are vulnerable to a
        NOT-FOR-US: Iagona ScrutisWeb
 CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to 
a remote ...)
        NOT-FOR-US: Iagona ScrutisWeb
-CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a User may 
cause a i ...)
+CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a user may 
inject co ...)
        NOT-FOR-US: AMI SPx
-CVE-2023-34329 (AMI SPx contains a vulnerability in BMC where a User may cause 
an auth ...)
+CVE-2023-34329 (AMI MegaRAC SPx12 contains a vulnerability in BMC where a User 
may cau ...)
        NOT-FOR-US: AMI SPx
 CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 
6.0.5,and 6.1p ...)
        - libspring-security-2.0-java <removed>
@@ -23815,8 +23843,8 @@ CVE-2023-26219
        RESERVED
 CVE-2023-26218
        RESERVED
-CVE-2023-26217
-       RESERVED
+CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s 
TIBCO EBX  ...)
+       TODO: check
 CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX 
Add-ons contai ...)
        NOT-FOR-US: TIBCO
 CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX 
Add-ons contai ...)
@@ -95339,40 +95367,35 @@ CVE-2022-28738 (A double free was found in the Regexp 
compiler in Ruby 3.x befor
        NOTE: 
https://github.com/ruby/ruby/commit/052ec6d2585c3ace95671013d336f5543624ef3d 
(v3_0_4)
        NOTE: 
https://github.com/ruby/ruby/commit/73f45e5e96ccc13a131f7c0122cf8600ce5b930f 
(v3_1_2)
        NOTE: 
https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/
-CVE-2022-28737
-       RESERVED
+CVE-2022-28737 (There's a possible overflow in handle_image() when shim tries 
to load  ...)
        - shim 15.6-1
        [bullseye] - shim 15.6-1~deb11u1
        [buster] - shim <no-dsa> (Fix via point update)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
        NOTE: 
https://github.com/rhboot/shim/commit/e99bdbb827a50cde019393d3ca1e89397db221a7 
(15.6)
        NOTE: 
https://github.com/rhboot/shim/commit/159151b6649008793d6204a34d7b9c41221fb4b0 
(15.6)
-CVE-2022-28736
-       RESERVED
+CVE-2022-28736 (There's a use-after-free vulnerability in 
grub_cmd_chainloader() funct ...)
        - grub2 2.06-3
        [bullseye] - grub2 2.06-3~deb11u1
        [buster] - grub2 2.06-3~deb10u1
        [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
        [jessie] - grub2 <ignored> (No SecureBoot support in jessie)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2022-28735
-       RESERVED
+CVE-2022-28735 (The GRUB2's shim_lock verifier allows non-kernel files to be 
loaded on ...)
        - grub2 2.06-3 (bug #1001057)
        [bullseye] - grub2 2.06-3~deb11u1
        [buster] - grub2 2.06-3~deb10u1
        [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
        [jessie] - grub2 <ignored> (No SecureBoot support in jessie)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2022-28734
-       RESERVED
+CVE-2022-28734 (Out-of-bounds write when handling split HTTP headers; When 
handling sp ...)
        - grub2 2.06-3
        [bullseye] - grub2 2.06-3~deb11u1
        [buster] - grub2 2.06-3~deb10u1
        [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
        [jessie] - grub2 <ignored> (No SecureBoot support in jessie)
        NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5
-CVE-2022-28733
-       RESERVED
+CVE-2022-28733 (Integer underflow in grub_net_recv_ip4_packets; A malicious 
crafted IP ...)
        - grub2 2.06-3
        [bullseye] - grub2 2.06-3~deb11u1
        [buster] - grub2 2.06-3~deb10u1
@@ -138345,8 +138368,8 @@ CVE-2021-39824 (Adobe Premiere Elements version 
2021.2235820 (and earlier) is af
        NOT-FOR-US: Adobe
 CVE-2021-39823 (Adobe svg-native-viewer 
8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...)
        NOT-FOR-US: Adobe
-CVE-2021-39822
-       RESERVED
+CVE-2021-39822 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and 
earlier) a ...)
+       TODO: check
 CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and 
earlier) a ...)
        NOT-FOR-US: Adobe
 CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and 
earlier) i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31eca1c6d3da3af04a560bdf99e7ff6569e4a138

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31eca1c6d3da3af04a560bdf99e7ff6569e4a138
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to