Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cdf3a30c by security tracker role at 2023-06-23T08:12:00+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2023-3128 (Grafana is validating Azure AD accounts based on the email
claim. On ...)
+ TODO: check
+CVE-2023-3114 (Terraform Enterprise since v202207-1 did not properly implement
author ...)
+ TODO: check
+CVE-2023-36193 (Gifsicle v1.9.3 was discovered to contain a heap buffer
overflow via t ...)
+ TODO: check
+CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow
via the ...)
+ TODO: check
+CVE-2023-36191 (sqlite3 v3.40.1 was discovered to contain a segmentation
violation at ...)
+ TODO: check
+CVE-2023-35801 (A directory traversal vulnerability in Safe Software FME
Server before ...)
+ TODO: check
+CVE-2023-35133 (An issue in the logic used to check 0.0.0.0 against the cURL
blocked h ...)
+ TODO: check
+CVE-2023-35132 (A limited SQL injection risk was identified on the Mnet SSO
access con ...)
+ TODO: check
+CVE-2023-35131 (Content on the groups page required additional sanitizing to
prevent a ...)
+ TODO: check
+CVE-2023-34553 (An issue was discovered in WAFU Keyless Smart Lock v1.0 allows
attacke ...)
+ TODO: check
+CVE-2023-34462 (Netty is an asynchronous event-driven network application
framework fo ...)
+ TODO: check
+CVE-2023-34110 (Flask-AppBuilder is an application development framework,
built on top ...)
+ TODO: check
+CVE-2023-33299 (A deserialization of untrusted data in Fortinet FortiNAC below
7.2.1, ...)
+ TODO: check
+CVE-2023-33141 (Yet Another Reverse Proxy (YARP) Denial of Service
Vulnerability)
+ TODO: check
+CVE-2023-32464 (Dell VxRail, versions prior to 7.0.450, contain an improper
certificat ...)
+ TODO: check
+CVE-2023-32463 (Dell VxRail, version(s) 8.0.100 and earlier contain a
denial-of-servic ...)
+ TODO: check
+CVE-2023-32320 (Nextcloud Server is a data storage system for Nextcloud, a
self-hosted ...)
+ TODO: check
+CVE-2023-31469 (A REST interface in Apache StreamPipes (versions 0.69.0 to
0.91.0) was ...)
+ TODO: check
CVE-2023-3326 (pam_krb5 authenticates a user by essentially running kinit with
the pa ...)
TODO: check
CVE-2023-3256 (Advantech R-SeeNet versions 2.4.22 allows low-level users to
access ...)
@@ -607,7 +643,7 @@ CVE-2023-34453 (snappy-java is a fast
compressor/decompressor for Java. Due to u
NOT-FOR-US: snappy-java
CVE-2023-34242 (Cilium is a networking, observability, and security solution
with an e ...)
- cilium <itp> (bug #858303)
-CVE-2023-34241 [use-after-free in cupsdAcceptClient()]
+CVE-2023-34241 (OpenPrinting CUPS is a standards-based, open source printing
system fo ...)
- cups 2.4.2-5 (bug #1038885)
[bookworm] - cups <no-dsa> (Minor issue; explotiable under specific
conditions; can be fixed via point release)
[bullseye] - cups <no-dsa> (Minor issue; explotiable under specific
conditions; can be fixed via point release)
@@ -7856,8 +7892,8 @@ CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to
contain a remote code execut
NOT-FOR-US: JFinal CMS
CVE-2023-30348
RESERVED
-CVE-2023-30347
- RESERVED
+CVE-2023-30347 (Cross Site Scripting (XSS) vulnerability in Neox Contact
Center 2.3.9, ...)
+ TODO: check
CVE-2023-30346
RESERVED
CVE-2023-30345
@@ -14846,8 +14882,8 @@ CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol
(SIP) server implementat
NOT-FOR-US: OpenSIPS
CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server
implementation. ...)
NOT-FOR-US: OpenSIPS
-CVE-2023-28094
- RESERVED
+CVE-2023-28094 (Pega platform clients who are using versions 6.1 through 8.8.3
and hav ...)
+ TODO: check
CVE-2023-28093 (A user with a compromised configuration can start an unsigned
binary a ...)
NOT-FOR-US: Pegasystems
CVE-2023-28092 (A potential security vulnerability has been identified in HPE
ProLiant ...)
@@ -15082,8 +15118,8 @@ CVE-2023-28018
RESERVED
CVE-2023-28017
RESERVED
-CVE-2023-28016
- RESERVED
+CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare
Metal S ...)
+ TODO: check
CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a
User Accoun ...)
NOT-FOR-US: HCL
CVE-2023-28014
@@ -15102,8 +15138,8 @@ CVE-2023-28008 (HCL Workload Automation 9.4, 9.5, and
10.1 are vulnerable to an
NOT-FOR-US: HCL
CVE-2023-28007
RESERVED
-CVE-2023-28006
- RESERVED
+CVE-2023-28006 (The OSD Bare Metal Server uses a cryptographic algorithm that
is no lo ...)
+ TODO: check
CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk
Encryptio ...)
NOT-FOR-US: Trend Micro
CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository
froxlor ...)
@@ -16408,7 +16444,7 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on
Cairo, a 2D graphics libra
NOTE:
https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
NOTE: Introduced in
https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c
(0.3)
CVE-2023-27585 (PJSIP is a free and open source multimedia communication
library writt ...)
- {DLA-3394-1}
+ {DSA-5438-1 DLA-3394-1}
- asterisk <unfixed> (bug #1036697)
- pjproject <removed>
- ring <unfixed>
@@ -28796,10 +28832,10 @@ CVE-2023-23346
RESERVED
CVE-2023-23345
RESERVED
-CVE-2023-23344
- RESERVED
-CVE-2023-23343
- RESERVED
+CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14
allows an ...)
+ TODO: check
+CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal
Server v ...)
+ TODO: check
CVE-2023-23342
RESERVED
CVE-2023-23341
@@ -205612,7 +205648,7 @@ CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the
interaction between barriers a
NOTE:
https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110
NOTE: https://www.lua.org/bugs.html#5.4.0-10
CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and
segmentation faul ...)
- {DLA-2381-1}
+ {DLA-3469-1 DLA-2381-1}
- lua5.4 5.4.1-1 (bug #971613)
- lua5.3 5.3.6-1 (bug #988734)
[bullseye] - lua5.3 <no-dsa> (Minor issue)
@@ -305476,6 +305512,7 @@ CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the
admin.php?mod=order state pa
CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the
admin.php?mod=product&act=state p ...)
NOT-FOR-US: PHPSHE
CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c.
For examp ...)
+ {DLA-3469-1}
- lua5.3 5.3.6-1 (bug #920321)
[bullseye] - lua5.3 <postponed> (Minor issue, revisit when fixed
upstream)
- lua5.2 <not-affected> (Vulnerable code introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdf3a30c9674928384d83ca70bd0ce0dd594a58e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdf3a30c9674928384d83ca70bd0ce0dd594a58e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
