Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0984464e by security tracker role at 2023-08-04T20:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2023-4159 (Unrestricted Upload of File with Dangerous Type in GitHub
repository o ...)
+ TODO: check
+CVE-2023-4158 (Cross-site Scripting (XSS) - Stored in GitHub repository
omeka/omeka-s ...)
+ TODO: check
+CVE-2023-4157 (Improper Input Validation in GitHub repository omeka/omeka-s
prior to ...)
+ TODO: check
+CVE-2023-4135 (A heap out-of-bounds memory read flaw was found in the virtual
nvme de ...)
+ TODO: check
+CVE-2023-39552 (PHPGurukul Online Security Guards Hiring System v.1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2023-39551 (PHPGurukul Online Security Guards Hiring System v.1.0 is
vulnerable to ...)
+ TODO: check
+CVE-2023-39379 (Fujitsu Software Infrastructure Manager (ISM) stores sensitive
informa ...)
+ TODO: check
+CVE-2023-39344 (social-media-skeleton is an uncompleted social media project.
A SQL in ...)
+ TODO: check
+CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to
path trave ...)
+ TODO: check
+CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion
vulnerability in th ...)
+ TODO: check
+CVE-2023-39107 (An arbitrary file overwrite vulnerability in NoMachine Free
Edition an ...)
+ TODO: check
+CVE-2023-38964 (Creative Item Academy LMS 6.0 was discovered to contain a
cross-site s ...)
+ TODO: check
+CVE-2023-38707
+ REJECTED
+CVE-2023-38702 (Knowage is an open source analytics and business intelligence
suite. S ...)
+ TODO: check
+CVE-2023-38700 (matrix-appservice-irc is a Node.js IRC bridge for Matrix.
Prior to ver ...)
+ TODO: check
+CVE-2023-38699 (MindsDB's AI Virtual Database allows developers to connect any
AI/ML m ...)
+ TODO: check
+CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and
extensible nam ...)
+ TODO: check
+CVE-2023-38697 (protocol-http1 provides a low-level implementation of the
HTTP/1 proto ...)
+ TODO: check
+CVE-2023-38696
+ REJECTED
+CVE-2023-38695 (cypress-image-snapshot shows visual regressions in Cypress
with jest-i ...)
+ TODO: check
+CVE-2023-38692 (CloudExplorer Lite is an open source, lightweight cloud
management pla ...)
+ TODO: check
+CVE-2023-38691 (matrix-appservice-bridge provides an API for setting up
bridges. Start ...)
+ TODO: check
+CVE-2023-38690 (matrix-appservice-irc is a Node.js IRC bridge for Matrix.
Prior to ver ...)
+ TODO: check
+CVE-2023-38689 (Logistics Pipes is a modification (a.k.a. mod) for the
computer game M ...)
+ TODO: check
+CVE-2023-38688 (twitch-tui provides Twitch chat in a terminal. Prior to
version 2.4.1, ...)
+ TODO: check
+CVE-2023-38686 (Sydent is an identity server for the Matrix communications
protocol. P ...)
+ TODO: check
+CVE-2023-38494 (MeterSphere is an open-source continuous testing platform.
Prior to ve ...)
+ TODO: check
+CVE-2023-38487 (HedgeDoc is software for creating real-time collaborative
markdown not ...)
+ TODO: check
+CVE-2023-38332 (Zoho ManageEngine ADManager Plus through 7201 allow
authenticated user ...)
+ TODO: check
+CVE-2023-37896 (Nuclei is a vulnerability scanner. Prior to version 2.9.9, a
security ...)
+ TODO: check
+CVE-2023-37470 (Metabase is an open-source business intelligence and analytics
platfor ...)
+ TODO: check
+CVE-2023-36480 (The Aerospike Java client is a Java application that
implements a netw ...)
+ TODO: check
+CVE-2023-34038 (VMware Horizon Server contains an information disclosure
vulnerability ...)
+ TODO: check
+CVE-2023-34037 (VMware Horizon Server contains a HTTP request smuggling
vulnerability. ...)
+ TODO: check
+CVE-2023-33379 (Connected IO v2.1.0 and prior has a misconfiguration in their
MQTT bro ...)
+ TODO: check
+CVE-2023-33378 (Connected IO v2.1.0 and prior has an argument injection
vulnerability ...)
+ TODO: check
+CVE-2023-33377 (Connected IO v2.1.0 and prior has an OS command injection
vulnerabilit ...)
+ TODO: check
+CVE-2023-33376 (Connected IO v2.1.0 and prior has an argument injection
vulnerability ...)
+ TODO: check
+CVE-2023-33375 (Connected IO v2.1.0 and prior has a stack-based buffer
overflow vulner ...)
+ TODO: check
+CVE-2023-33374 (Connected IO v2.1.0 and prior has a command as part of its
communicati ...)
+ TODO: check
+CVE-2023-33373 (Connected IO v2.1.0 and prior keeps passwords and credentials
in clear ...)
+ TODO: check
+CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded
username/password pair ...)
+ TODO: check
+CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior
to 108 ...)
+ TODO: check
CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress
CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
@@ -58,7 +144,7 @@ CVE-2023-36131 (PHPJabbers Availability Booking Calendar 5.0
is vulnerable to In
NOT-FOR-US: PHPJabbers
CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL
injection ...)
NOT-FOR-US: ai-dev aitable
-CVE-2023-38497 [Cargo does not respect umask when extracting packages]
+CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and
compiles the ...)
- rustc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
TODO: check details
@@ -265,36 +351,47 @@ CVE-2023-34320 [arm: Guests can trigger a deadlock on
Cortex-A77]
NOTE: https://www.openwall.com/lists/oss-security/2023/08/01/1
NOTE: https://xenbits.xen.org/xsa/advisory-436.html
CVE-2023-4078 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4077 (Insufficient data validation in Extensions in Google Chrome
prior to 1 ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4076 (Use after free in WebRTC in Google Chrome prior to
115.0.5790.170 allo ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4075 (Use after free in Cast in Google Chrome prior to 115.0.5790.170
allowe ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4074 (Use after free in Blink Task Scheduling in Google Chrome prior
to 115. ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4073 (Out of bounds memory access in ANGLE in Google Chrome on Mac
prior to ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4072 (Out of bounds read and write in WebGL in Google Chrome prior to
115.0. ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4071 (Heap buffer overflow in Visuals in Google Chrome prior to
115.0.5790.1 ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4070 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170
allowed ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4069 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170
allowed ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4068 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170
allowed ...)
+ {DSA-5467-1}
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4067 (The Bus Ticket Booking with Seat Reservation plugin for
WordPress is v ...)
@@ -2248,6 +2345,7 @@ CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered
to contain a buffer over
CVE-2023-37472 (Knowage is an open source suite for business analytics. The
applicatio ...)
NOT-FOR-US: Knowage
CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript
Object Signin ...)
+ {DLA-3515-1}
- cjose 0.6.2.2-1 (bug #1041423)
NOTE:
https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj
NOTE:
https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e
(v0.6.2.2)
@@ -14721,8 +14819,8 @@ CVE-2023-29691
RESERVED
CVE-2023-29690
RESERVED
-CVE-2023-29689
- RESERVED
+CVE-2023-29689 (PyroCMS 3.9 contains a remote code execution (RCE)
vulnerability that ...)
+ TODO: check
CVE-2023-29688
RESERVED
CVE-2023-29687
@@ -15229,8 +15327,8 @@ CVE-2023-29507 (XWiki Commons are technical libraries
common to several other to
NOT-FOR-US: XWiki
CVE-2023-29506 (XWiki Commons are technical libraries common to several other
top leve ...)
NOT-FOR-US: XWiki
-CVE-2023-29505
- RESERVED
+CVE-2023-29505 (An issue was discovered in Zoho ManageEngine Network
Configuration Man ...)
+ TODO: check
CVE-2023-28393
RESERVED
CVE-2023-1942 (A vulnerability has been found in SourceCodester Online
Computer and L ...)
@@ -34087,8 +34185,7 @@ CVE-2023-0266 (A use after free vulnerability exists in
the ALSA PCM package in
NOTE:
https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to
execut ...)
NOT-FOR-US: Uvdesk
-CVE-2023-0264
- RESERVED
+CVE-2023-0264 (A flaw was found in Keycloaks OpenID Connect user
authentication, whic ...)
NOT-FOR-US: Keycloak
CVE-2023-0263 (The WP Yelp Review Slider WordPress plugin before 7.1 does not
properl ...)
NOT-FOR-US: WordPress plugin
@@ -62079,8 +62176,8 @@ CVE-2022-41403 (OpenCart 3.x Newsletter Custom Popup
was discovered to contain a
NOT-FOR-US: OpenCart plugin
CVE-2022-41402
RESERVED
-CVE-2022-41401
- RESERVED
+CVE-2022-41401 (OpenRefine <= v3.5.2 contains a Server-Side Request Forgery
(SSRF) vul ...)
+ TODO: check
CVE-2022-41400 (Sage 300 through 2022 uses a hard-coded 40-byte blowfish key
to encryp ...)
NOT-FOR-US: Sage
CVE-2022-41399 (The optional Web Screens feature for Sage 300 through version
2022 use ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0984464e0ebbaba6da5ddfad050e3155dee75ae7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0984464e0ebbaba6da5ddfad050e3155dee75ae7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
