Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e2068295 by security tracker role at 2023-12-13T20:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,191 @@ +CVE-2023-6795 (An OS command injection vulnerability in Palo Alto Networks PAN-OS sof ...) + TODO: check +CVE-2023-6794 (An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS so ...) + TODO: check +CVE-2023-6793 (An improper privilege management vulnerability in Palo Alto Networks P ...) + TODO: check +CVE-2023-6792 (An OS command injection vulnerability in the XML API of Palo Alto Netw ...) + TODO: check +CVE-2023-6791 (A credential disclosure vulnerability in Palo Alto Networks PAN-OS sof ...) + TODO: check +CVE-2023-6790 (A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Netw ...) + TODO: check +CVE-2023-6789 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...) + TODO: check +CVE-2023-6774 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...) + TODO: check +CVE-2023-6773 (A vulnerability has been found in CodeAstro POS and Inventory Manageme ...) + TODO: check +CVE-2023-6772 (A vulnerability, which was classified as critical, was found in OTCMS ...) + TODO: check +CVE-2023-6771 (A vulnerability, which was classified as critical, has been found in S ...) + TODO: check +CVE-2023-6767 (A vulnerability, which was classified as problematic, was found in Sou ...) + TODO: check +CVE-2023-6766 (A vulnerability classified as problematic has been found in PHPGurukul ...) + TODO: check +CVE-2023-6765 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + TODO: check +CVE-2023-6762 (A vulnerability, which was classified as critical, was found in Thecos ...) + TODO: check +CVE-2023-6761 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-6760 (A vulnerability classified as critical was found in Thecosy IceCMS up ...) + TODO: check +CVE-2023-6759 (A vulnerability classified as problematic has been found in Thecosy Ic ...) + TODO: check +CVE-2023-6758 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated a ...) + TODO: check +CVE-2023-6757 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declare ...) + TODO: check +CVE-2023-6756 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classif ...) + TODO: check +CVE-2023-6755 (A vulnerability was found in DedeBIZ 6.2 and classified as critical. T ...) + TODO: check +CVE-2023-6723 (An unrestricted file upload vulnerability has been identified in Repbo ...) + TODO: check +CVE-2023-6722 (A path traversal vulnerability has been detected in Repox, which allow ...) + TODO: check +CVE-2023-6721 (An XEE vulnerability has been found in Repox, which allows a remote at ...) + TODO: check +CVE-2023-6720 (An XSS vulnerability stored in Repox has been identified, which allows ...) + TODO: check +CVE-2023-6719 (An XSS vulnerability has been detected in Repox, which allows an attac ...) + TODO: check +CVE-2023-6718 (An authentication bypass vulnerability has been found in Repox, which ...) + TODO: check +CVE-2023-6660 (When a program running on an affected system appends data to a file vi ...) + TODO: check +CVE-2023-6534 (In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2 ...) + TODO: check +CVE-2023-6381 (Improper input validation vulnerability in Newsletter Software SuperMa ...) + TODO: check +CVE-2023-6380 (Open redirect vulnerability has been found in the Open CMS product aff ...) + TODO: check +CVE-2023-6379 (Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, ...) + TODO: check +CVE-2023-50779 (Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 an ...) + TODO: check +CVE-2023-50778 (A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane ...) + TODO: check +CVE-2023-50777 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSL ...) + TODO: check +CVE-2023-50776 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane aut ...) + TODO: check +CVE-2023-50775 (A cross-site request forgery (CSRF) vulnerability in Jenkins Deploymen ...) + TODO: check +CVE-2023-50774 (A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResou ...) + TODO: check +CVE-2023-50773 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask acce ...) + TODO: check +CVE-2023-50772 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access toke ...) + TODO: check +CVE-2023-50771 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperl ...) + TODO: check +CVE-2023-50770 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a ...) + TODO: check +CVE-2023-50769 (Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 a ...) + TODO: check +CVE-2023-50768 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Pla ...) + TODO: check +CVE-2023-50767 (Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 a ...) + TODO: check +CVE-2023-50766 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Pla ...) + TODO: check +CVE-2023-50765 (A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f ...) + TODO: check +CVE-2023-50764 (Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restr ...) + TODO: check +CVE-2023-50441 (Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.20 ...) + TODO: check +CVE-2023-49363 (Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in th ...) + TODO: check +CVE-2023-49296 (The Arduino Create Agent allows users to use the Arduino Create applic ...) + TODO: check +CVE-2023-48639 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) + TODO: check +CVE-2023-48638 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) + TODO: check +CVE-2023-48637 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) + TODO: check +CVE-2023-48636 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) + TODO: check +CVE-2023-48635 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) + TODO: check +CVE-2023-48634 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) + TODO: check +CVE-2023-48633 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) + TODO: check +CVE-2023-48632 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) + TODO: check +CVE-2023-48630 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + TODO: check +CVE-2023-48629 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + TODO: check +CVE-2023-48628 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + TODO: check +CVE-2023-48627 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + TODO: check +CVE-2023-48626 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + TODO: check +CVE-2023-48625 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + TODO: check +CVE-2023-47327 (The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for ...) + TODO: check +CVE-2023-47326 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSR ...) + TODO: check +CVE-2023-47325 (Silverpeas Core 6.3.1 administrative "Bin" feature is affected by brok ...) + TODO: check +CVE-2023-47324 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via ...) + TODO: check +CVE-2023-47323 (The notification/messaging feature of Silverpeas Core 6.3.1 does not e ...) + TODO: check +CVE-2023-47322 (The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cro ...) + TODO: check +CVE-2023-47321 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via th ...) + TODO: check +CVE-2023-47320 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An at ...) + TODO: check +CVE-2023-47081 (Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by a ...) + TODO: check +CVE-2023-47080 (Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by a ...) + TODO: check +CVE-2023-47079 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) + TODO: check +CVE-2023-47078 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) + TODO: check +CVE-2023-47077 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) ar ...) + TODO: check +CVE-2023-47076 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) ar ...) + TODO: check +CVE-2023-47075 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) + TODO: check +CVE-2023-47074 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) + TODO: check +CVE-2023-47063 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) + TODO: check +CVE-2023-47062 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) + TODO: check +CVE-2023-47061 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) + TODO: check +CVE-2023-46727 (GLPI is a free asset and IT management software package. Starting in v ...) + TODO: check +CVE-2023-46726 (GLPI is a free asset and IT management software package. Starting in v ...) + TODO: check +CVE-2023-46247 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) + TODO: check +CVE-2023-44362 (Adobe Prelude versions 22.6 and earlier are affected by an Access of U ...) + TODO: check +CVE-2023-44252 (** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerabilit ...) + TODO: check +CVE-2023-44251 (** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to ...) + TODO: check +CVE-2023-43813 (GLPI is a free asset and IT management software package. Starting in v ...) + TODO: check +CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutraliz ...) + TODO: check +CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...) + TODO: check CVE-2023-6707 - chromium 120.0.6099.109-1 [buster] - chromium <end-of-life> (see DSA 5046) @@ -1244,7 +1432,7 @@ CVE-2023-45285 (Using go get to fetch a module with the ".git" suffix may unexpe NOTE: https://go.dev/issue/63845 NOTE: https://github.com/golang/go/commit/23c943e5296c6fa3a6f9433bd929306c4dbf2aa3 (go1.21.5) NOTE: https://github.com/golang/go/commit/46bc33819ac86a9596b8059235842f0e0c7469bd (go1.20.12) -CVE-2023-6448 (Unitronics Vision Series PLCs and HMIs use default administrative pass ...) +CVE-2023-6448 (Unitronics VisiLogic before version 9.9.00, used in Vision and Samba P ...) NOT-FOR-US: Unitronics Vision CVE-2023-6357 (A low-privileged remote attacker could exploit the vulnerability and i ...) NOT-FOR-US: CODESYS @@ -31423,8 +31611,8 @@ CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Comma NOT-FOR-US: WordPress plugin CVE-2023-31211 RESERVED -CVE-2023-31210 - RESERVED +CVE-2023-31210 (Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 ...) + TODO: check CVE-2023-31209 (Improper neutralization of active check command arguments in Checkmk < ...) - check-mk <removed> CVE-2023-31208 (Improper neutralization of livestatus command delimiters in the RestAP ...) @@ -44291,7 +44479,7 @@ CVE-2023-27173 CVE-2023-27172 RESERVED CVE-2023-27171 - RESERVED + REJECTED CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a direc ...) NOT-FOR-US: Xpand IT Write-back manager CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...) @@ -137366,8 +137554,7 @@ CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site scriptin NOT-FOR-US: VMware CVE-2022-22943 (VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains ...) NOT-FOR-US: VMware -CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy] - RESERVED +CVE-2022-22942 (The vmwgfx driver contains a local privilege escalation vulnerability ...) {DSA-5096-1 DSA-5092-1 DLA-2941-1} - linux 5.15.15-2 [stretch] - linux <not-affected> (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e20682956884f8579cf75ccd45dd8bf286e010c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e20682956884f8579cf75ccd45dd8bf286e010c5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits