Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30a6f2fc by security tracker role at 2023-12-25T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-7102 (Use of a Third Party library produced a vulnerability in
Barracuda Net ...)
+ TODO: check
+CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for
parsing ...)
+ TODO: check
+CVE-2023-7100 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2023-7099 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2023-7098 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
problema ...)
+ TODO: check
+CVE-2023-7097 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2023-7096 (A vulnerability was found in code-projects Faculty Management
System 1 ...)
+ TODO: check
+CVE-2023-7095 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2023-7094 (A vulnerability classified as problematic was found in
Netentsec NS-AS ...)
+ TODO: check
+CVE-2023-7093 (A vulnerability classified as critical has been found in
KylinSoft kyl ...)
+ TODO: check
+CVE-2023-7092 (A vulnerability was found in Uniway UW-302VP 2.0. It has been
rated as ...)
+ TODO: check
+CVE-2023-7091 (A vulnerability was found in Dreamer CMS 4.1.3. It has been
declared a ...)
+ TODO: check
+CVE-2023-51772 (One Identity Password Manager before 5.13.1 allows Kiosk
Escape. This ...)
+ TODO: check
+CVE-2023-51771 (In MicroHttpServer (aka Micro HTTP Server) through a8ab029,
_ParseHead ...)
+ TODO: check
+CVE-2023-51714 (An issue was discovered in the HTTP2 implementation in Qt
before 5.15. ...)
+ TODO: check
+CVE-2023-49954 (The CRM Integration in 3CX before 18.0.9.23 and 20 before
20.0.0.1494 ...)
+ TODO: check
+CVE-2023-49944 (The Challenge Response feature of BeyondTrust Privilege
Management for ...)
+ TODO: check
+CVE-2023-49880 (In the Message Entry and Repair (MER) facility of IBM
Financial Transa ...)
+ TODO: check
+CVE-2023-49328 (On a Wolters Kluwer B.POINT 23.70.00 server running Linux on
premises, ...)
+ TODO: check
+CVE-2023-49226 (An issue was discovered in Peplink Balance Two before 8.4.0.
Command i ...)
+ TODO: check
+CVE-2023-48654 (One Identity Password Manager before 5.13.1 allows Kiosk
Escape. This ...)
+ TODO: check
+CVE-2023-48652 (Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site
Request Forger ...)
+ TODO: check
+CVE-2023-47247 (In SysAid On-Premise before 23.3.34, there is an edge case in
which an ...)
+ TODO: check
+CVE-2023-47091 (An issue was discovered in Stormshield Network Security (SNS)
SNS 4.3. ...)
+ TODO: check
+CVE-2023-43064 (Facsimile Support for IBM i 7.2, 7.3, 7.4, and 7.5 could allow
a local ...)
+ TODO: check
+CVE-2023-40236 (In Pexip VMR self-service portal before 3, the same SSH host
key is us ...)
+ TODO: check
+CVE-2023-38826 (A Cross Site Scripting (XSS) vulnerability exists in Follet
Learning S ...)
+ TODO: check
+CVE-2023-37225 (Pexip Infinity before 32 allows Webapp1 XSS via preconfigured
links.)
+ TODO: check
+CVE-2023-37188 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer
derefer ...)
+ TODO: check
+CVE-2023-37187 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer
derefer ...)
+ TODO: check
+CVE-2023-37186 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer
derefer ...)
+ TODO: check
+CVE-2023-37185 (C-blosc2 before 2.9.3 was discovered to contain a NULL pointer
derefer ...)
+ TODO: check
+CVE-2023-36486 (The workflow-engine of ILIAS before 7.23 and 8 before 8.3
allows remot ...)
+ TODO: check
+CVE-2023-36485 (The workflow-engine of ILIAS before 7.23 and 8 before 8.3
allows remot ...)
+ TODO: check
+CVE-2023-31455 (Pexip Infinity before 31.2 has Improper Input Validation for
RTCP, all ...)
+ TODO: check
+CVE-2023-31297 (An issue was discovered in SESAMI planfocus CPTO (Cash Point &
Transpo ...)
+ TODO: check
CVE-2023-51767 (OpenSSH through 9.6, when common types of DRAM are used, might
allow r ...)
- openssh <unfixed> (bug #1059393)
[bookworm] - openssh <postponed> (Revisit once hardening/mitigation for
Rowhammer type of attack exists)
@@ -1262,7 +1334,7 @@ CVE-2023-32725 (The website configured in the URL widget
will receive a session
CVE-2023-32230 (An improper handling of a malformed API request to an API
server in Bo ...)
NOT-FOR-US: Bosch
CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions,
found in O ...)
- {DSA-5586-1}
+ {DSA-5588-1 DSA-5586-1}
- dropbear <unfixed> (bug #1059001)
- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
[bookworm] - erlang <no-dsa> (Minor issue)
@@ -33947,8 +34019,8 @@ CVE-2023-31436 (qfq_change_class in net/sched/sch_qfq.c
in the Linux kernel befo
NOTE: https://kernel.dance/#3037933448f60f9acb705997eae62013ecb81e0d
CVE-2023-31290 (Trust Wallet Core before 3.1.1, as used in the Trust Wallet
browser ex ...)
NOT-FOR-US: Trust Wallet Core
-CVE-2023-31289
- RESERVED
+CVE-2023-31289 (Pexip Infinity before 31.2 has Improper Input Validation for
signallin ...)
+ TODO: check
CVE-2023-31288
RESERVED
CVE-2023-31287 (An issue was discovered in Serenity Serene (and StartSharp)
before 6.7 ...)
@@ -34136,8 +34208,8 @@ CVE-2021-46882 (The video framework has memory
overwriting caused by addition ov
NOT-FOR-US: Huawei
CVE-2021-46881 (The video framework has memory overwriting caused by addition
overflow ...)
NOT-FOR-US: Huawei
-CVE-2023-31224
- RESERVED
+CVE-2023-31224 (There is broken access control during authentication in Jamf
Pro Serve ...)
+ TODO: check
CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated
author user ...)
NOT-FOR-US: Dradis
CVE-2023-2295 (A vulnerability was found in the libreswan library. This
security issu ...)
@@ -36827,8 +36899,8 @@ CVE-2023-1963 (A vulnerability was found in PHPGurukul
Bank Locker Management Sy
NOT-FOR-US: PHPGurukul Bank Locker Management System
CVE-2018-25084 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: Ping Identity Self-Service Account Manager
-CVE-2023-30451
- RESERVED
+CVE-2023-30451 (In TYPO3 11.5.24, the filelist component allows attackers (who
have ac ...)
+ TODO: check
CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the
redpanda.rpc_server_tls f ...)
NOT-FOR-US: Redpanda
CVE-2023-30449 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
@@ -41334,8 +41406,8 @@ CVE-2023-28874 (The next parameter in the
/accounts/login endpoint of Seafile 9.
- seafile-server <itp> (bug #865830)
CVE-2023-28873 (An XSS issue in wiki and discussion pages in Seafile 9.0.6
allows atta ...)
- seafile-server <itp> (bug #865830)
-CVE-2023-28872
- RESERVED
+CVE-2023-28872 (Support Assistant in NCP Secure Enterprise Client before 13.10
allows ...)
+ TODO: check
CVE-2023-28871 (Support Assistant in NCP Secure Enterprise Client before 12.22
allows ...)
NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client
CVE-2023-28870 (Insecure File Permissions in Support Assistant in NCP Secure
Enterpris ...)
@@ -79660,8 +79732,8 @@ CVE-2022-43677 (In free5GC 3.2.1, a malformed NGAP
message can crash the AMF and
NOT-FOR-US: free5GC
CVE-2022-43676
RESERVED
-CVE-2022-43675
- RESERVED
+CVE-2022-43675 (An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in
the Net ...)
+ TODO: check
CVE-2022-43674
RESERVED
CVE-2022-43673 (Wire through 3.22.3993 on Windows advertises deletion of sent
messages ...)
@@ -85239,12 +85311,12 @@ CVE-2022-41764
RESERVED
CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code
Execution exi ...)
NOT-FOR-US: NOKIA AMS
-CVE-2022-41762
- RESERVED
-CVE-2022-41761
- RESERVED
-CVE-2022-41760
- RESERVED
+CVE-2022-41762 (An issue was discovered in NOKIA NFM-T R19.9. Multiple
Reflected XSS v ...)
+ TODO: check
+CVE-2022-41761 (An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path
Travers ...)
+ TODO: check
+CVE-2022-41760 (An issue was discovered in NOKIA NFM-T R19.9. Relative Path
Traversal ...)
+ TODO: check
CVE-2022-41759
RESERVED
CVE-2022-41758
@@ -90235,16 +90307,16 @@ CVE-2022-39824 (Server-side JavaScript injection in
Appsmith through 1.7.14 allo
NOT-FOR-US: Appsmith
CVE-2022-39823 (An issue was discovered in Softing OPC UA C++ SDK 5.66 through
6.x bef ...)
NOT-FOR-US: Softing
-CVE-2022-39822
- RESERVED
+CVE-2022-39822 (In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in
/cgi-bin ...)
+ TODO: check
CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information
into an ...)
NOT-FOR-US: NOKIA
-CVE-2022-39820
- RESERVED
+CVE-2022-39820 (In Network Element Manager in NOKIA NFM-T R19.9, an
Unprotected Storag ...)
+ TODO: check
CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection
vulnerabilities ...)
NOT-FOR-US: NOKIA
-CVE-2022-39818
- RESERVED
+CVE-2022-39818 (In NOKIA NFM-T R19.9, an OS Command Injection vulnerability
occurs in ...)
+ TODO: check
CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection
vulnerabilities occurs ...)
NOT-FOR-US: NOKIA
CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials
(clearte ...)
@@ -105883,10 +105955,10 @@ CVE-2022-34270
RESERVED
CVE-2022-34269
RESERVED
-CVE-2022-34268
- RESERVED
-CVE-2022-34267
- RESERVED
+CVE-2022-34268 (An issue was discovered in RWS WorldServer before 11.7.3.
/clientLogin ...)
+ TODO: check
+CVE-2022-34267 (An issue was discovered in RWS WorldServer before 11.7.3.
Adding a tok ...)
+ TODO: check
CVE-2022-34266 (The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon
Linux 2 a ...)
NOT-FOR-US: libtiff-4.0.3-35.amzn2.0.1 Amazon package
CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0
before 4.0 ...)
@@ -166889,8 +166961,8 @@ CVE-2021-38929 (IBM System Storage DS8000 Management
Console (HMC) R8.5 88.5x.x.
NOT-FOR-US: IBM
CVE-2021-38928 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through
6.1.2.1 u ...)
NOT-FOR-US: IBM
-CVE-2021-38927
- RESERVED
+CVE-2021-38927 (IBM Aspera Console 3.4.0 is vulnerable to cross-site
scripting. This v ...)
+ TODO: check
CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through
6.1.1.0 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30a6f2fc5293ef8df06625d5af5b289ebc2e1a6e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30a6f2fc5293ef8df06625d5af5b289ebc2e1a6e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
