Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f120c3ef by security tracker role at 2023-07-20T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,77 @@
+CVE-2023-3794 (A vulnerability classified as problematic has been found in Bug
Finder ...)
+ TODO: check
+CVE-2023-3793 (A vulnerability was found in Weaver e-cology. It has been rated
as cri ...)
+ TODO: check
+CVE-2023-3792 (A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has
been cl ...)
+ TODO: check
+CVE-2023-3791 (A vulnerability was found in IBOS OA 4.5.5 and classified as
critical. ...)
+ TODO: check
+CVE-2023-3790 (A vulnerability has been found in Boom CMS 8.0.7 and classified
as pro ...)
+ TODO: check
+CVE-2023-3789 (A vulnerability, which was classified as problematic, was found
in Pau ...)
+ TODO: check
+CVE-2023-3788 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-3787 (A vulnerability classified as problematic was found in
Codecanyon Tiva ...)
+ TODO: check
+CVE-2023-3786 (A vulnerability classified as problematic has been found in
Aures Kome ...)
+ TODO: check
+CVE-2023-3785 (A vulnerability was found in PaulPrinting CMS 2018. It has been
rated ...)
+ TODO: check
+CVE-2023-38617 (Office Suite Premium Version v10.9.1.42602 was discovered to
contain a ...)
+ TODO: check
+CVE-2023-38523 (The web interface on multiple Samsung Harman AMX N-Series
devices allo ...)
+ TODO: check
+CVE-2023-38335 (Omnis Studio 10.22.00 has incorrect access control. It
advertises a fe ...)
+ TODO: check
+CVE-2023-38334 (Omnis Studio 10.22.00 has incorrect access control. It
advertises an i ...)
+ TODO: check
+CVE-2023-38203 (Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and
earlier) ...)
+ TODO: check
+CVE-2023-37728 (Icewarp Icearp v10.2.1 was discovered to contain a cross-site
scriptin ...)
+ TODO: check
+CVE-2023-37650 (A Cross-Site Request Forgery (CSRF) in the Admin portal of
Cockpit CMS ...)
+ TODO: check
+CVE-2023-37649 (Incorrect access control in the component /models/Content of
Cockpit C ...)
+ TODO: check
+CVE-2023-37602 (An arbitrary file upload vulnerability in the component
/workplace#!ex ...)
+ TODO: check
+CVE-2023-37601 (Office Suite Premium v10.9.1.42602 was discovered to contain a
local f ...)
+ TODO: check
+CVE-2023-37600 (Office Suite Premium Version v10.9.1.42602 was discovered to
contain a ...)
+ TODO: check
+CVE-2023-37471 (Open Access Management (OpenAM) is an access management
solution that ...)
+ TODO: check
+CVE-2023-37290 (InfoDoc Document On-line Submission and Approval System lacks
sufficie ...)
+ TODO: check
+CVE-2023-37165 (Millhouse-Project v1.414 was discovered to contain a remote
code execu ...)
+ TODO: check
+CVE-2023-37164 (Diafan CMS v6.0 was discovered to contain a reflected
cross-site scrip ...)
+ TODO: check
+CVE-2023-34625 (ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to
Authentication B ...)
+ TODO: check
+CVE-2023-32483 (Wyse Management Suite versions prior to 4.0 contain a
sensitive inform ...)
+ TODO: check
+CVE-2023-32482 (Wyse Management Suite versions prior to 4.0 contain an
improper author ...)
+ TODO: check
+CVE-2023-32481 (Wyse Management Suite versions prior to 4.0 contain a
denial-of-servic ...)
+ TODO: check
+CVE-2023-32476 (Dell Hybrid Client version 2.0 contains a Sensitive Data
Exposure vuln ...)
+ TODO: check
+CVE-2023-32455 (Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a
sensitive ...)
+ TODO: check
+CVE-2023-32447 (Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a
sensitive ...)
+ TODO: check
+CVE-2023-32446 (Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a
sensitive ...)
+ TODO: check
+CVE-2023-32265 (A potential security vulnerability has been identified in the
Enterpri ...)
+ TODO: check
+CVE-2023-31753 (SQL injection vulnerability in diskusi.php in eNdonesia 8.7,
allows an ...)
+ TODO: check
+CVE-2023-31462 (An issue was discovered in SteelSeries GG 36.0.0. An attacker
can chan ...)
+ TODO: check
+CVE-2023-31461 (Attackers can exploit an open API listener on SteelSeries GG
36.0.0 to ...)
+ TODO: check
CVE-2023-37450
- webkit2gtk <unfixed>
- wpewebkit <unfixed>
@@ -111,18 +185,18 @@ CVE-2023-32263 (A potential vulnerability has been
identified in the Micro Focus
NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins
CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine
of Foxi ...)
NOT-FOR-US: Foxit
-CVE-2023-3347 [SMB2 packet signing not enforced]
+CVE-2023-3347 (A vulnerability was found in Samba's SMB2 packet signing
mechanism. Th ...)
- samba 2:4.18.5+dfsg-1
[bullseye] - samba <not-affected> (Vulnerable code not present)
[buster] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2023-3347.html
-CVE-2023-34968 [Spotlight server-side Share Path Disclosure]
+CVE-2023-34968 (A path disclosure vulnerability was found in Samba. As part of
the Spo ...)
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html
-CVE-2023-34967 [Samba Spotlight mdssvc RPC Request Type Confusion
Denial-of-Service Vulnerability]
+CVE-2023-34967 (A Type Confusion vulnerability was found in Samba's mdssvc RPC
service ...)
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34967.html
-CVE-2023-34966 [Samba Spotlight mdssvc RPC Request Infinite Loop
Denial-of-Service Vulnerability]
+CVE-2023-34966 (An infinite loop vulnerability was found in Samba's mdssvc RPC
service ...)
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html
CVE-2023-3750 [improper locking in virStoragePoolObjListSearch may lead to
denial of service]
@@ -158,36 +232,47 @@ CVE-2023-32001
NOTE: Introduced at:
https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f
(curl-7_84_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/0c667188e0c6cda615a036b8a2b4125f2c404dde
(curl-8_2_0)
CVE-2023-3740
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3738
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3737
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3736
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3735
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3734
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3733
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3732
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3730
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3728
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3727
+ {DSA-5456-1}
- chromium 115.0.5790.98-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a
remote ...)
@@ -11918,8 +12003,8 @@ CVE-2023-30202
RESERVED
CVE-2023-30201
RESERVED
-CVE-2023-30200
- RESERVED
+CVE-2023-30200 (In the module \u201cImage: WebP, Compress, Zoom, Lazy load,
Alt & More ...)
+ TODO: check
CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect
Access ...)
NOT-FOR-US: Prestashop
CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect
Access Co ...)
@@ -80493,8 +80578,7 @@ CVE-2022-2129 (Out-of-bounds Write in GitHub repository
vim/vim prior to 8.2.)
NOTE:
https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d
(v8.2.5126)
CVE-2022-2128 (Unrestricted Upload of File with Dangerous Type in GitHub
repository p ...)
NOT-FOR-US: Trudesk
-CVE-2022-2127 [Out-Of-Bounds read in winbind AUTH_CRAP]
- RESERVED
+CVE-2022-2127 (An out-of-bounds read vulnerability was found in Samba due to
insuffic ...)
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2022-2127.html
CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.)
@@ -120026,8 +120110,8 @@ CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x
before 4.13.4 (when instal
NOT-FOR-US: NIME Server
CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE
(external X ...)
NOT-FOR-US: KNIME Analytics Platform
-CVE-2021-45094
- RESERVED
+CVE-2021-45094 (Imprivata Privileged Access Management (formally Xton
Privileged Acces ...)
+ TODO: check
CVE-2021-45093
RESERVED
CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html
reachab ...)
@@ -139311,8 +139395,8 @@ CVE-2021-39427 (Cross site scripting vulnerability in
188Jianzhan 2.10 allows at
NOT-FOR-US: 188Jianzhan
CVE-2021-39426 (An issue was discovered in /Upload/admin/admin_notify.php in
Seacms 11 ...)
NOT-FOR-US: Seacms
-CVE-2021-39425
- RESERVED
+CVE-2021-39425 (SeedDMS v6.0.15 was discovered to contain an open redirect
vulnerabili ...)
+ TODO: check
CVE-2021-39424
RESERVED
CVE-2021-39423
@@ -209815,8 +209899,8 @@ CVE-2020-24277
RESERVED
CVE-2020-24276
RESERVED
-CVE-2020-24275
- RESERVED
+CVE-2020-24275 (A HTTP response header injection vulnerability in Swoole
v4.5.2 allows ...)
+ TODO: check
CVE-2020-24274
RESERVED
CVE-2020-24273
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f120c3ef77cc559d2df386c64ef02cd467c2c4bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f120c3ef77cc559d2df386c64ef02cd467c2c4bf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
