Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f9d68407 by security tracker role at 2023-07-25T08:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2023-3888 (A vulnerability was found in Campcodes Beauty Salon Management
System ...)
+ TODO: check
+CVE-2023-3887 (A vulnerability was found in Campcodes Beauty Salon Management
System ...)
+ TODO: check
+CVE-2023-3886 (A vulnerability was found in Campcodes Beauty Salon Management
System ...)
+ TODO: check
+CVE-2023-3885 (A vulnerability was found in Campcodes Beauty Salon Management
System ...)
+ TODO: check
+CVE-2023-3884 (A vulnerability has been found in Campcodes Beauty Salon
Management Sy ...)
+ TODO: check
+CVE-2023-3883 (A vulnerability, which was classified as problematic, was found
in Cam ...)
+ TODO: check
+CVE-2023-3882 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2023-3881 (A vulnerability classified as critical was found in Campcodes
Beauty S ...)
+ TODO: check
+CVE-2023-3880 (A vulnerability classified as critical has been found in
Campcodes Bea ...)
+ TODO: check
+CVE-2023-3879 (A vulnerability was found in Campcodes Beauty Salon Management
System ...)
+ TODO: check
+CVE-2023-3878 (A vulnerability was found in Campcodes Beauty Salon Management
System ...)
+ TODO: check
+CVE-2023-3877 (A vulnerability was found in Campcodes Beauty Salon Management
System ...)
+ TODO: check
+CVE-2023-3876 (A vulnerability was found in Campcodes Beauty Salon Management
System ...)
+ TODO: check
+CVE-2023-3875 (A vulnerability has been found in Campcodes Beauty Salon
Management Sy ...)
+ TODO: check
+CVE-2023-3874 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2023-3873 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2023-3872 (A vulnerability classified as critical was found in Campcodes
Beauty S ...)
+ TODO: check
+CVE-2023-3871 (A vulnerability classified as critical has been found in
Campcodes Bea ...)
+ TODO: check
+CVE-2023-3046 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-38745 (Pandoc before 3.1.6 allows arbitrary file write: this can be
triggered ...)
+ TODO: check
+CVE-2023-37361 (REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection
via schedu ...)
+ TODO: check
+CVE-2023-35088 (Improper Neutralization of Special Elements Used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-35078 (Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron
Core, throu ...)
+ TODO: check
+CVE-2023-35067 (Plaintext Storage of a Password vulnerability in Infodrom
Software E-I ...)
+ TODO: check
+CVE-2023-35066 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-34434 (Deserialization of Untrusted Data Vulnerability in Apache
Software Fou ...)
+ TODO: check
+CVE-2023-34189 (Exposure of Resource to Wrong Sphere Vulnerability in Apache
Software ...)
+ TODO: check
+CVE-2023-33777 (An issue in /functions/fbaorder.php of Prestashop amazon
before v5.2.2 ...)
+ TODO: check
+CVE-2023-32639 (Applicant Programme Ver.7.06 and earlier improperly restricts
XML exte ...)
+ TODO: check
+CVE-2023-32637 (GBrowse accepts files with any formats uploaded and places
them in the ...)
+ TODO: check
+CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for
Windows befo ...)
+ TODO: check
+CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for
Windows befo ...)
+ TODO: check
CVE-2023-38289 [libtiff: integer overflow in tiffcp.c]
- tiff <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2224974
@@ -160,9 +224,9 @@ CVE-2023-37903 (vm2 is an open source vm/sandbox for
Node.js. In vm2 for version
NOT-FOR-US: Node vm2
CVE-2023-37901 (Indico is an open source a general-purpose, web based event
management ...)
NOT-FOR-US: CERN Indico
-CVE-2023-37742 (WebBoss.io CMS before v3.6.8.1 was discovered to contain a
reflected c ...)
+CVE-2023-37742 (WebBoss.io CMS before v3.7.0.1 was discovered to contain a
reflected c ...)
NOT-FOR-US: WebBoss.io CMS
-CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0 allows
attackers to a ...)
+CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0.1 allows
attackers to ...)
NOT-FOR-US: WebBoss.io CMS
CVE-2023-35392 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -5518,6 +5582,7 @@ CVE-2020-36728 (The Adning Advertising plugin for
WordPress is vulnerable to fil
CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to
arbitrary ...)
NOT-FOR-US: Adning Advertising plugin for WordPress
CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a
symlink ...)
+ {DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
@@ -5526,6 +5591,7 @@ CVE-2023-33865 (RenderDoc before 1.27 allows local
privilege escalation via a sy
NOTE:
https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b
(v1.27)
CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows
an Inte ...)
+ {DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
@@ -5534,6 +5600,7 @@ CVE-2023-33864 (StreamReader::ReadFromExternal in
RenderDoc before 1.27 allows a
NOTE:
https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e
(v1.27)
NOTE:
https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b
(v1.27)
CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer
Overflow wit ...)
+ {DLA-3501-1}
- renderdoc <unfixed> (bug #1037208)
NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
NOTE:
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
(v1.27)
@@ -24763,8 +24830,8 @@ CVE-2023-26047 (teler-waf is a Go HTTP middleware that
provides teler IDS functi
NOT-FOR-US: teler-waf
CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS
functionalit ...)
NOT-FOR-US: teler-waf
-CVE-2023-26045
- RESERVED
+CVE-2023-26045 (NodeBB is Node.js based forum software. Starting in version
2.5.0 and ...)
+ TODO: check
CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and
server implem ...)
- php-react-http <removed>
[buster] - php-react-http <no-dsa> (Minor issue)
@@ -27479,8 +27546,8 @@ CVE-2023-25186 (An issue was discovered on NOKIA
Airscale ASIKA Single RAN devic
NOT-FOR-US: NOKIA
CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN
devices bef ...)
NOT-FOR-US: NOKIA
-CVE-2023-25074
- RESERVED
+CVE-2023-25074 (Improper privilege validation in Command Centre Server allows
authenti ...)
+ TODO: check
CVE-2023-24590
RESERVED
CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the
Controller ...)
@@ -27491,14 +27558,14 @@ CVE-2023-23576
RESERVED
CVE-2023-23570
RESERVED
-CVE-2023-23568
- RESERVED
+CVE-2023-23568 (Improper privilege validation in Command Centre Server allows
authenti ...)
+ TODO: check
CVE-2023-22439
RESERVED
-CVE-2023-22428
- RESERVED
-CVE-2023-22363
- RESERVED
+CVE-2023-22428 (Improper privilege validation in Command Centre Server allows
authenti ...)
+ TODO: check
+CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server
allows an a ...)
+ TODO: check
CVE-2023-0672
RESERVED
CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to
2.0.10.)
@@ -48495,10 +48562,10 @@ CVE-2023-21408
RESERVED
CVE-2023-21407
RESERVED
-CVE-2023-21406
- RESERVED
-CVE-2023-21405
- RESERVED
+CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in
the AXIS A ...)
+ TODO: check
+CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network
Door Contro ...)
+ TODO: check
CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy
LUA-components ...)
NOT-FOR-US: AXIS OS
CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive
extraction rout ...)
@@ -91790,7 +91857,7 @@ CVE-2022-30115 (Using its HSTS support, curl can be
instructed to use HTTPS dire
NOTE: https://curl.se/docs/CVE-2022-30115.html
NOTE: Introduced by:
https://github.com/curl/curl/commit/b27ad8e1d3e68eb3214fcbb398ca436873aa7c67
(curl-7_82_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/fae6fea209a2d4db1582f608bd8cc8000721733a
(curl-7_83_1)
-CVE-2022-1551 (The SP Project & Document Manager WordPress plugin through 4.57
uses a ...)
+CVE-2022-1551 (The SP Project & Document Manager WordPress plugin before 4.58
uses an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1550
REJECTED
@@ -102904,7 +102971,7 @@ CVE-2022-0830 (The FormBuilder WordPress plugin
through 1.08 does not have CSRF
NOT-FOR-US: WordPress plugin
CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior
to 1.9 ...)
- webmin <removed>
-CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.39 uses the
uniqid ph ...)
+CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.34 uses the
uniqid ph ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0827 (The Bestbooks WordPress plugin through 2.6.3 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9d68407f34269f048562a1db5dff67819a13efd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9d68407f34269f048562a1db5dff67819a13efd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
