Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e80cd727 by security tracker role at 2023-06-08T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to
crash dbus- ...)
+ TODO: check
+CVE-2023-34239 (Gradio is an open-source Python library that is used to build
machine ...)
+ TODO: check
+CVE-2023-34238 (Gatsby is a free and open source framework based on React. The
Gatsby ...)
+ TODO: check
+CVE-2023-33849 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX
Standard, 11.1, ...)
+ TODO: check
+CVE-2023-33848 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX
Standard, 11.1, ...)
+ TODO: check
+CVE-2023-33847 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX
Standard, 11.1, ...)
+ TODO: check
+CVE-2023-33846 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX
Standard, 11.1, ...)
+ TODO: check
+CVE-2023-33496 (xxl-rpc v1.7.0 was discovered to contain a deserialization
vulnerabili ...)
+ TODO: check
+CVE-2023-2986 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions
5.8.0 ...)
+ TODO: check
+CVE-2023-2866 (If an attacker can trick an authenticated user into loading a
maliciou ...)
+ TODO: check
CVE-2023-3153 [service monitor MAC flow is not rate limited]
- ovn <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279
@@ -393,6 +415,7 @@ CVE-2023-34417
- firefox 114.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417
CVE-2023-34416
+ {DSA-5421-1 DLA-3448-1}
- firefox 114.0-1
- firefox-esr 102.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416
@@ -401,6 +424,7 @@ CVE-2023-34415
- firefox 114.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34415
CVE-2023-34414
+ {DSA-5421-1 DLA-3448-1}
- firefox 114.0-1
- firefox-esr 102.12.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34414
@@ -3641,8 +3665,8 @@ CVE-2023-31205
RESERVED
CVE-2023-31204
RESERVED
-CVE-2023-31200
- RESERVED
+CVE-2023-31200 (PTC Vuforia Studio does not require a token; this could allow
an atta ...)
+ TODO: check
CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive
Toolbox(TM) ...)
NOT-FOR-US: Intel
CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and
Collector ...)
@@ -3795,14 +3819,14 @@ CVE-2023-30768 (Improper access control in the Intel(R)
Server Board S2600WTT be
NOT-FOR-US: Intel
CVE-2023-30763 (Heap-based overflow in Intel(R) SoC Watch based software
before versio ...)
NOT-FOR-US: Intel
-CVE-2023-29502
- RESERVED
+CVE-2023-29502 (Before importing a project into Vuforia, a user could modify
the \u20 ...)
+ TODO: check
CVE-2023-29242 (Improper access control for Intel(R) oneAPI Toolkits before
version 20 ...)
NOT-FOR-US: Intel
-CVE-2023-29168
- RESERVED
-CVE-2023-29152
- RESERVED
+CVE-2023-29168 (The local Vuforia web application does not support HTTPS, and
federate ...)
+ TODO: check
+CVE-2023-29152 (By changing the filename parameter in the request, an attacker
could ...)
+ TODO: check
CVE-2023-28822
RESERVED
CVE-2023-28745
@@ -3813,10 +3837,10 @@ CVE-2023-28719
RESERVED
CVE-2023-28378
RESERVED
-CVE-2023-27881
- RESERVED
-CVE-2023-24476
- RESERVED
+CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality
to uplo ...)
+ TODO: check
+CVE-2023-24476 (An attacker with local access to the machine could record the
traffic, ...)
+ TODO: check
CVE-2023-2270
RESERVED
CVE-2023-2269 (A denial of service problem was found, due to a possible
recursive loc ...)
@@ -3856,12 +3880,12 @@ CVE-2023-31118
RESERVED
CVE-2023-31117
RESERVED
-CVE-2023-31116
- RESERVED
-CVE-2023-31115
- RESERVED
-CVE-2023-31114
- RESERVED
+CVE-2023-31116 (An issue was discovered in the Shannon RCS component in
Samsung Exynos ...)
+ TODO: check
+CVE-2023-31115 (An issue was discovered in the Shannon RCS component in
Samsung Exynos ...)
+ TODO: check
+CVE-2023-31114 (An issue was discovered in the Shannon RCS component in
Samsung Exynos ...)
+ TODO: check
CVE-2023-31113
RESERVED
CVE-2023-31112
@@ -8776,8 +8800,8 @@ CVE-2023-1866 (The YourChannel plugin for WordPress is
vulnerable to Cross-Site
NOT-FOR-US: YourChannel plugin for WordPress
CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to
unauthorized los ...)
NOT-FOR-US: YourChannel plugin for WordPress
-CVE-2023-1864
- RESERVED
+CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is
vulnerable ...)
+ TODO: check
CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Eskom Computer Water Metering Software
CVE-2023-1862
@@ -9901,8 +9925,8 @@ CVE-2023-29022 (A cross site scripting vulnerability was
discovered in Rockwell
NOT-FOR-US: Rockwell Automation
CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab
affecting a ...)
- gitlab <unfixed>
-CVE-2023-1709
- RESERVED
+CVE-2023-1709 (The APDFL.dll contains a memory corruption vulnerability while
parsing ...)
+ TODO: check
CVE-2023-29021
RESERVED
CVE-2023-29020 (@fastify/passport is a port of passport authentication library
for the ...)
@@ -18149,7 +18173,7 @@ CVE-2023-0978 (A command injection vulnerability in
Trellix Intelligent Sandbox
NOT-FOR-US: Trellix
CVE-2023-0977 (A heap-based overflow vulnerability in Trellix Agent (Windows
and Linu ...)
NOT-FOR-US: Trellix
-CVE-2023-0976 (A heap-based overflow vulnerability in TA prior to version
5.7.9 allow ...)
+CVE-2023-0976 (A command Injection Vulnerability in TA for mac-OS prior to
version 5. ...)
TODO: check
CVE-2023-0975 (A vulnerability exists in Trellix Agent for Windows version
5.7.8 and ...)
NOT-FOR-US: Trellix
@@ -20489,10 +20513,10 @@ CVE-2015-10077 (A vulnerability was found in
webbuilders-group silverstripe-kapo
NOT-FOR-US: Silverstripe
CVE-2023-25612
RESERVED
-CVE-2023-25177
- RESERVED
-CVE-2023-24014
- RESERVED
+CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and
prior are v ...)
+ TODO: check
+CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and
prior are v ...)
+ TODO: check
CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions
before 1 ...)
- gitlab <unfixed>
CVE-2023-0755 (The affected products are vulnerable to an improper validation
of arra ...)
@@ -24271,7 +24295,7 @@ CVE-2023-24331
RESERVED
CVE-2023-24330
RESERVED
-CVE-2023-24329 (An issue in the urllib.parse component of Python before v3.11
allows a ...)
+CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4
allows ...)
- python3.11 3.11.4-1
- python3.9 <removed>
[bullseye] - python3.9 <no-dsa> (Minor issue)
@@ -26805,12 +26829,12 @@ CVE-2023-23484
RESERVED
CVE-2023-23483
RESERVED
-CVE-2023-23482
- RESERVED
-CVE-2023-23481
- RESERVED
-CVE-2023-23480
- RESERVED
+CVE-2023-23482 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1
could allo ...)
+ TODO: check
+CVE-2023-23481 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is
vulnera ...)
+ TODO: check
+CVE-2023-23480 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is
vulnera ...)
+ TODO: check
CVE-2023-23479
RESERVED
CVE-2023-23478
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e80cd72700067317e88bf998cf07f3d3ef7b6013
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e80cd72700067317e88bf998cf07f3d3ef7b6013
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
