[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 08 Sep 2023 01:15:28 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dfb52da9 by security tracker role at 2023-09-08T08:15:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2023-41775 (Improper access control vulnerability in 'direct' Desktop App 
for macO ...)
+       TODO: check
+CVE-2023-41646 (Buttercup v2.20.3 allows attackers to obtain the hash of the 
master pa ...)
+       TODO: check
+CVE-2023-41615 (Zoo Management System v1.0 was discovered to contain multiple 
SQL inje ...)
+       TODO: check
+CVE-2023-41594 (Dairy Farm Shop Management System Using PHP and MySQL v1.1 was 
discove ...)
+       TODO: check
+CVE-2023-41161 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
Usermin  ...)
+       TODO: check
+CVE-2023-40953 (icms 7.0.16 is vulnerable to Cross Site Request Forgery 
(CSRF).)
+       TODO: check
+CVE-2023-40584 (Argo CD is a declarative continuous deployment for Kubernetes. 
All ver ...)
+       TODO: check
+CVE-2023-40353 (An issue was discovered in Exynos Mobile Processor 980 and 
2100. An in ...)
+       TODO: check
+CVE-2023-40271 (In Trusted Firmware-M through TF-Mv1.8.0, for platforms that 
integrate ...)
+       TODO: check
+CVE-2023-40029 (Argo CD is a declarative continuous deployment for Kubernetes. 
Argo CD ...)
+       TODO: check
+CVE-2023-39620 (An Issue in Buffalo America, Inc. TeraStation NAS TS5410R 
v.5.00 thru  ...)
+       TODO: check
+CVE-2023-37759 (Incorrect access control in the User Registration page of 
Crypto Curre ...)
+       TODO: check
+CVE-2023-37377 (An issue was discovered in Samsung Exynos Mobile Processor and 
Wearabl ...)
+       TODO: check
+CVE-2023-37368 (An issue was discovered in Samsung Exynos Mobile Processor, 
Automotive ...)
+       TODO: check
+CVE-2023-37367 (An issue was discovered in Samsung Exynos Mobile Processor, 
Automotive ...)
+       TODO: check
+CVE-2023-36184 (CMysten Labs Sui blockchain v1.2.0 was discovered to contain a 
stack o ...)
+       TODO: check
+CVE-2023-34041 (Cloud foundry routing release versions prior to 0.278.0 are 
vulnerable ...)
+       TODO: check
+CVE-2023-32470 (Dell Digital Delivery versions prior to 5.0.82.0 contain an 
Insecure O ...)
+       TODO: check
 CVE-2023-4685 (Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft 
versions 4.0. ...)
        NOT-FOR-US: Delta Electronics
 CVE-2023-4528 (Unsafe deserialization in JSCAPE MFT Server versions prior 
to2023.1.9  ...)
@@ -1805,7 +1841,7 @@ CVE-2023-38288
        REJECTED
 CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and 
Wearabl ...)
        NOT-FOR-US: Samsung
-CVE-2023-35785 (Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 
2FA byp ...)
+CVE-2023-35785 (Zoho ManageEngine Active Directory 360 versions 4315 and 
below, ADAudi ...)
        NOT-FOR-US: Zoho
 CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic 
implementa ...)
        NOT-FOR-US: Slive
@@ -8986,7 +9022,7 @@ CVE-2023-36933 (In Progress MOVEit Transfer before 
2021.0.9 (13.0.9), 2021.1.7 (
        NOT-FOR-US: Progress MOVEit Transfer
 CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 
2021.0.9 (13.0 ...)
        NOT-FOR-US: Progress MOVEit Transfer
-CVE-2023-36665 (protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 
allows Pr ...)
+CVE-2023-36665 ("protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 
allows P ...)
        NOT-FOR-US: protobuf.js
 CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an 
authenticated o ...)
        NOT-FOR-US: Loxone Miniserver Go
@@ -12606,7 +12642,7 @@ CVE-2023-33551 (Heap Buffer Overflow in the 
erofsfsck_dirent_iter function in fs
        [bullseye] - erofs-utils <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/lometsj/blog_repo/issues/2
        NOTE: Proposed fix: 
https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?h=experimental&id=27aeef179bf17d5f1d98f827e93d24839a6d4176
-CVE-2023-33546 (janino 3.1.9 and earlier are subject to denial of service 
(DOS) attack ...)
+CVE-2023-33546 (Janino 3.1.9 and earlier are subject to denial of service 
(DOS) attack ...)
        - janino <unfixed>
        [bookworm] - janino <no-dsa> (Minor issue)
        [bullseye] - janino <no-dsa> (Minor issue)
@@ -16439,8 +16475,8 @@ CVE-2023-30910
        RESERVED
 CVE-2023-30909
        RESERVED
-CVE-2023-30908
-       RESERVED
+CVE-2023-30908 (Potential security vulnerabilities have been identified in 
Hewlett Pac ...)
+       TODO: check
 CVE-2023-30907
        RESERVED
 CVE-2023-30906 (The vulnerability could be locally exploited to allow 
escalation of pr ...)
@@ -106265,8 +106301,8 @@ CVE-2022-27601
        RESERVED
 CVE-2022-27600
        RESERVED
-CVE-2022-27599
-       RESERVED
+CVE-2022-27599 (An insertion of sensitive information into Log file 
vulnerability has  ...)
+       TODO: check
 CVE-2022-27598 (A vulnerability has been reported to affect QNAP operating 
systems. If ...)
        NOT-FOR-US: QNAP
 CVE-2022-27597 (A vulnerability has been reported to affect QNAP operating 
systems. If ...)
@@ -124836,8 +124872,8 @@ CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected 
by a Cross Site Scripting (X
        NOT-FOR-US: SLICAN WebCTI
 CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a 
Cross Site  ...)
        NOT-FOR-US: NUUO Network Video Recorder NVRsolo
-CVE-2021-45811
-       RESERVED
+CVE-2021-45811 (A SQL injection vulnerability in the "Search" functionality of 
"ticket ...)
+       TODO: check
 CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by 
incorre ...)
        NOT-FOR-US: GlobalProtect-openconnect
 CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected 
by inco ...)
@@ -160656,8 +160692,8 @@ CVE-2021-33836
        RESERVED
 CVE-2021-33835
        RESERVED
-CVE-2021-33834
-       RESERVED
+CVE-2021-33834 (An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde 
H2OFFT 6. ...)
+       TODO: check
 CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a 
stack-based b ...)
        {DLA-2915-1}
        - connman 1.36-2.2 (bug #989662)
@@ -177027,8 +177063,8 @@ CVE-2021-27717
        RESERVED
 CVE-2021-27716
        RESERVED
-CVE-2021-27715
-       RESERVED
+CVE-2021-27715 (An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 
3.5.6-xnet ...)
+       TODO: check
 CVE-2021-27714
        RESERVED
 CVE-2021-27713
@@ -508583,8 +508619,8 @@ CVE-2014-5331 (Cross-site scripting (XSS) 
vulnerability in Aflax allows remote a
        NOT-FOR-US: Aflax
 CVE-2014-5330 (Cross-site scripting (XSS) vulnerability in BirdBlog allows 
remote att ...)
        NOT-FOR-US: BirdBlog
-CVE-2014-5329
-       RESERVED
+CVE-2014-5329 (GIGAPOD file servers (Appliance model and Software model) 
provide two  ...)
+       TODO: check
 CVE-2014-5328 (Buffer overflow in the Webserver component on the Huawei E5332 
router  ...)
        NOT-FOR-US: Huawei router
 CVE-2014-5327 (Buffer overflow in the Webserver component on the Huawei E5332 
router  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfb52da936c5e1595e41808d22052cc3d343b5ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfb52da936c5e1595e41808d22052cc3d343b5ba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to