Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e2068295 by security tracker role at 2023-12-13T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,191 @@
+CVE-2023-6795 (An OS command injection vulnerability in Palo Alto Networks
PAN-OS sof ...)
+ TODO: check
+CVE-2023-6794 (An arbitrary file upload vulnerability in Palo Alto Networks
PAN-OS so ...)
+ TODO: check
+CVE-2023-6793 (An improper privilege management vulnerability in Palo Alto
Networks P ...)
+ TODO: check
+CVE-2023-6792 (An OS command injection vulnerability in the XML API of Palo
Alto Netw ...)
+ TODO: check
+CVE-2023-6791 (A credential disclosure vulnerability in Palo Alto Networks
PAN-OS sof ...)
+ TODO: check
+CVE-2023-6790 (A DOM-Based cross-site scripting (XSS) vulnerability in Palo
Alto Netw ...)
+ TODO: check
+CVE-2023-6789 (A cross-site scripting (XSS) vulnerability in Palo Alto
Networks PAN-O ...)
+ TODO: check
+CVE-2023-6774 (A vulnerability was found in CodeAstro POS and Inventory
Management Sy ...)
+ TODO: check
+CVE-2023-6773 (A vulnerability has been found in CodeAstro POS and Inventory
Manageme ...)
+ TODO: check
+CVE-2023-6772 (A vulnerability, which was classified as critical, was found in
OTCMS ...)
+ TODO: check
+CVE-2023-6771 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-6767 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2023-6766 (A vulnerability classified as problematic has been found in
PHPGurukul ...)
+ TODO: check
+CVE-2023-6765 (A vulnerability was found in SourceCodester Online Tours &
Travels Man ...)
+ TODO: check
+CVE-2023-6762 (A vulnerability, which was classified as critical, was found in
Thecos ...)
+ TODO: check
+CVE-2023-6761 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-6760 (A vulnerability classified as critical was found in Thecosy
IceCMS up ...)
+ TODO: check
+CVE-2023-6759 (A vulnerability classified as problematic has been found in
Thecosy Ic ...)
+ TODO: check
+CVE-2023-6758 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been
rated a ...)
+ TODO: check
+CVE-2023-6757 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been
declare ...)
+ TODO: check
+CVE-2023-6756 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been
classif ...)
+ TODO: check
+CVE-2023-6755 (A vulnerability was found in DedeBIZ 6.2 and classified as
critical. T ...)
+ TODO: check
+CVE-2023-6723 (An unrestricted file upload vulnerability has been identified
in Repbo ...)
+ TODO: check
+CVE-2023-6722 (A path traversal vulnerability has been detected in Repox,
which allow ...)
+ TODO: check
+CVE-2023-6721 (An XEE vulnerability has been found in Repox, which allows a
remote at ...)
+ TODO: check
+CVE-2023-6720 (An XSS vulnerability stored in Repox has been identified, which
allows ...)
+ TODO: check
+CVE-2023-6719 (An XSS vulnerability has been detected in Repox, which allows
an attac ...)
+ TODO: check
+CVE-2023-6718 (An authentication bypass vulnerability has been found in Repox,
which ...)
+ TODO: check
+CVE-2023-6660 (When a program running on an affected system appends data to a
file vi ...)
+ TODO: check
+CVE-2023-6534 (In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2,
FreeBSD 13.2 ...)
+ TODO: check
+CVE-2023-6381 (Improper input validation vulnerability in Newsletter Software
SuperMa ...)
+ TODO: check
+CVE-2023-6380 (Open redirect vulnerability has been found in the Open CMS
product aff ...)
+ TODO: check
+CVE-2023-6379 (Cross-site scripting (XSS) vulnerability in Alkacon Software
Open CMS, ...)
+ TODO: check
+CVE-2023-50779 (Missing permission checks in Jenkins PaaSLane Estimate Plugin
1.0.4 an ...)
+ TODO: check
+CVE-2023-50778 (A cross-site request forgery (CSRF) vulnerability in Jenkins
PaaSLane ...)
+ TODO: check
+CVE-2023-50777 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not
mask PaaSL ...)
+ TODO: check
+CVE-2023-50776 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores
PaaSLane aut ...)
+ TODO: check
+CVE-2023-50775 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Deploymen ...)
+ TODO: check
+CVE-2023-50774 (A cross-site request forgery (CSRF) vulnerability in Jenkins
HTMLResou ...)
+ TODO: check
+CVE-2023-50773 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not
mask acce ...)
+ TODO: check
+CVE-2023-50772 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores
access toke ...)
+ TODO: check
+CVE-2023-50771 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier
improperl ...)
+ TODO: check
+CVE-2023-50770 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier
stores a ...)
+ TODO: check
+CVE-2023-50769 (Missing permission checks in Jenkins Nexus Platform Plugin
3.18.0-03 a ...)
+ TODO: check
+CVE-2023-50768 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Nexus Pla ...)
+ TODO: check
+CVE-2023-50767 (Missing permission checks in Jenkins Nexus Platform Plugin
3.18.0-03 a ...)
+ TODO: check
+CVE-2023-50766 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Nexus Pla ...)
+ TODO: check
+CVE-2023-50765 (A missing permission check in Jenkins Scriptler Plugin
342.v6a_89fd40f ...)
+ TODO: check
+CVE-2023-50764 (Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does
not restr ...)
+ TODO: check
+CVE-2023-50441 (Encrypted folders created by PRIMX ZONECENTRAL for Windows
before Q.20 ...)
+ TODO: check
+CVE-2023-49363 (Rockoa <2.3.3 is vulnerable to SQL Injection. The problem
exists in th ...)
+ TODO: check
+CVE-2023-49296 (The Arduino Create Agent allows users to use the Arduino
Create applic ...)
+ TODO: check
+CVE-2023-48639 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and
13.1.0 ( ...)
+ TODO: check
+CVE-2023-48638 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and
13.1.0 ( ...)
+ TODO: check
+CVE-2023-48637 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and
13.1.0 ( ...)
+ TODO: check
+CVE-2023-48636 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and
13.1.0 ( ...)
+ TODO: check
+CVE-2023-48635 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0
(and earl ...)
+ TODO: check
+CVE-2023-48634 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0
(and earl ...)
+ TODO: check
+CVE-2023-48633 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0
(and earl ...)
+ TODO: check
+CVE-2023-48632 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0
(and earl ...)
+ TODO: check
+CVE-2023-48630 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are
affected by ...)
+ TODO: check
+CVE-2023-48629 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are
affected by ...)
+ TODO: check
+CVE-2023-48628 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are
affected by ...)
+ TODO: check
+CVE-2023-48627 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are
affected by ...)
+ TODO: check
+CVE-2023-48626 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are
affected by ...)
+ TODO: check
+CVE-2023-48625 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are
affected by ...)
+ TODO: check
+CVE-2023-47327 (The "Create a Space" feature in Silverpeas Core 6.3.1 is
reserved for ...)
+ TODO: check
+CVE-2023-47326 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Request
Forgery (CSR ...)
+ TODO: check
+CVE-2023-47325 (Silverpeas Core 6.3.1 administrative "Bin" feature is affected
by brok ...)
+ TODO: check
+CVE-2023-47324 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting
(XSS) via ...)
+ TODO: check
+CVE-2023-47323 (The notification/messaging feature of Silverpeas Core 6.3.1
does not e ...)
+ TODO: check
+CVE-2023-47322 (The "userModify" feature of Silverpeas Core 6.3.1 is
vulnerable to Cro ...)
+ TODO: check
+CVE-2023-47321 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access
Control via th ...)
+ TODO: check
+CVE-2023-47320 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access
Control. An at ...)
+ TODO: check
+CVE-2023-47081 (Adobe Substance 3D Stager versions 2.1.1 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-47080 (Adobe Substance 3D Stager versions 2.1.1 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-47079 (Adobe Dimension versions 3.4.10 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2023-47078 (Adobe Dimension versions 3.4.10 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2023-47077 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and
earlier) ar ...)
+ TODO: check
+CVE-2023-47076 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and
earlier) ar ...)
+ TODO: check
+CVE-2023-47075 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and
earlier) a ...)
+ TODO: check
+CVE-2023-47074 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and
earlier) a ...)
+ TODO: check
+CVE-2023-47063 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and
earlier) a ...)
+ TODO: check
+CVE-2023-47062 (Adobe Dimension versions 3.4.10 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2023-47061 (Adobe Dimension versions 3.4.10 and earlier are affected by an
out-of- ...)
+ TODO: check
+CVE-2023-46727 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2023-46726 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2023-46247 (Vyper is a Pythonic Smart Contract Language for the Ethereum
Virtual M ...)
+ TODO: check
+CVE-2023-44362 (Adobe Prelude versions 22.6 and earlier are affected by an
Access of U ...)
+ TODO: check
+CVE-2023-44252 (** UNSUPPORTED WHEN ASSIGNED **An improper authentication
vulnerabilit ...)
+ TODO: check
+CVE-2023-44251 (** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a
pathname to ...)
+ TODO: check
+CVE-2023-43813 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper
Neutraliz ...)
+ TODO: check
+CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in
TinyXML ...)
+ TODO: check
CVE-2023-6707
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1244,7 +1432,7 @@ CVE-2023-45285 (Using go get to fetch a module with the
".git" suffix may unexpe
NOTE: https://go.dev/issue/63845
NOTE:
https://github.com/golang/go/commit/23c943e5296c6fa3a6f9433bd929306c4dbf2aa3
(go1.21.5)
NOTE:
https://github.com/golang/go/commit/46bc33819ac86a9596b8059235842f0e0c7469bd
(go1.20.12)
-CVE-2023-6448 (Unitronics Vision Series PLCs and HMIs use default
administrative pass ...)
+CVE-2023-6448 (Unitronics VisiLogic before version 9.9.00, used in Vision and
Samba P ...)
NOT-FOR-US: Unitronics Vision
CVE-2023-6357 (A low-privileged remote attacker could exploit the
vulnerability and i ...)
NOT-FOR-US: CODESYS
@@ -31423,8 +31611,8 @@ CVE-2023-31212 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-31211
RESERVED
-CVE-2023-31210
- RESERVED
+CVE-2023-31210 (Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk
2.2.0p10 ...)
+ TODO: check
CVE-2023-31209 (Improper neutralization of active check command arguments in
Checkmk < ...)
- check-mk <removed>
CVE-2023-31208 (Improper neutralization of livestatus command delimiters in
the RestAP ...)
@@ -44291,7 +44479,7 @@ CVE-2023-27173
CVE-2023-27172
RESERVED
CVE-2023-27171
- RESERVED
+ REJECTED
CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform
a direc ...)
NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in
license cl ...)
@@ -137366,8 +137554,7 @@ CVE-2022-22944 (VMware Workspace ONE Boxer contains a
stored cross-site scriptin
NOT-FOR-US: VMware
CVE-2022-22943 (VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0)
contains ...)
NOT-FOR-US: VMware
-CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
- RESERVED
+CVE-2022-22942 (The vmwgfx driver contains a local privilege escalation
vulnerability ...)
{DSA-5096-1 DSA-5092-1 DLA-2941-1}
- linux 5.15.15-2
[stretch] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e20682956884f8579cf75ccd45dd8bf286e010c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e20682956884f8579cf75ccd45dd8bf286e010c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
