Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e19a95ef by security tracker role at 2023-08-03T20:21:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,177 @@
+CVE-2023-4145 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/custo ...)
+ TODO: check
+CVE-2023-4138 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
+ TODO: check
+CVE-2023-4136 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-4133 (A use-after-free vulnerability was found in the cxgb4 driver in
the Li ...)
+ TODO: check
+CVE-2023-4132 (A use-after-free vulnerability was found in the siano smsusb
module in ...)
+ TODO: check
+CVE-2023-4127 (Race Condition within a Thread in GitHub repository
answerdev/answer p ...)
+ TODO: check
+CVE-2023-4126 (Insufficient Session Expiration in GitHub repository
answerdev/answer ...)
+ TODO: check
+CVE-2023-4125 (Weak Password Requirements in GitHub repository
answerdev/answer prior ...)
+ TODO: check
+CVE-2023-4124 (Missing Authorization in GitHub repository answerdev/answer
prior to v ...)
+ TODO: check
+CVE-2023-4121 (A vulnerability was found in Beijing Baichuo Smart S85F
Management Pla ...)
+ TODO: check
+CVE-2023-4120 (A vulnerability was found in Beijing Baichuo Smart S85F
Management Pla ...)
+ TODO: check
+CVE-2023-4119 (A vulnerability has been found in Academy LMS 6.0 and
classified as pr ...)
+ TODO: check
+CVE-2023-4118 (A vulnerability, which was classified as problematic, was found
in Cut ...)
+ TODO: check
+CVE-2023-4117 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-4116 (A vulnerability classified as problematic was found in PHP
Jabbers Tax ...)
+ TODO: check
+CVE-2023-4115 (A vulnerability classified as problematic has been found in PHP
Jabber ...)
+ TODO: check
+CVE-2023-4114 (A vulnerability was found in PHP Jabbers Night Club Booking
Software 1 ...)
+ TODO: check
+CVE-2023-4113 (A vulnerability was found in PHP Jabbers Service Booking Script
1.0. I ...)
+ TODO: check
+CVE-2023-4112 (A vulnerability was found in PHP Jabbers Shuttle Booking
Software 1.0. ...)
+ TODO: check
+CVE-2023-4111 (A vulnerability was found in PHP Jabbers Bus Reservation System
1.1 an ...)
+ TODO: check
+CVE-2023-4110 (A vulnerability has been found in PHP Jabbers Availability
Booking Cal ...)
+ TODO: check
+CVE-2023-3932 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
+CVE-2023-3766 (A vulnerability was discovered in the odoh-rs rust crate that
stems fr ...)
+ TODO: check
+CVE-2023-3749 (A local user could edit the VideoEdge configuration file and
interfere ...)
+ TODO: check
+CVE-2023-3669 (A missing Brute-Force protection in CODESYS Development System
prior t ...)
+ TODO: check
+CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and
before 3.5.1 ...)
+ TODO: check
+CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior
to 3.5. ...)
+ TODO: check
+CVE-2023-3348 (The Wrangler command line tool (<=wrangler@3.1.0) was affected
by a di ...)
+ TODO: check
+CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
+ TODO: check
+CVE-2023-3329 (SpiderControl SCADA Webserver versions 2.08 and prior are
vulnerable t ...)
+ TODO: check
+CVE-2023-3180 (A flaw was found in the QEMU virtual crypto device while
handling data ...)
+ TODO: check
+CVE-2023-39144 (Element55 KnowMore appliances version 21 and older was
discovered to s ...)
+ TODO: check
+CVE-2023-39121 (emlog v2.1.9 was discovered to contain a SQL injection
vulnerability v ...)
+ TODO: check
+CVE-2023-39114 (ngiflib commit 84a75 was discovered to contain a segmentation
violatio ...)
+ TODO: check
+CVE-2023-39113 (ngiflib commit fb271 was discovered to contain a segmentation
violatio ...)
+ TODO: check
+CVE-2023-39097 (WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting
(XSS) v ...)
+ TODO: check
+CVE-2023-39096 (WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting
(XSS) v ...)
+ TODO: check
+CVE-2023-39075 (Renault Zoe EV 2021 automotive infotainment system versions
283C35202R ...)
+ TODO: check
+CVE-2023-38958 (An access control issue in ZKTeco BioAccess IVS v3.3.1 allows
unauthen ...)
+ TODO: check
+CVE-2023-38956 (A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1
allows u ...)
+ TODO: check
+CVE-2023-38955 (ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers
to obtain ...)
+ TODO: check
+CVE-2023-38954 (ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL
injection ...)
+ TODO: check
+CVE-2023-38948 (An arbitrary file download vulnerability in the
/c/PluginsController.p ...)
+ TODO: check
+CVE-2023-38947 (An arbitrary file upload vulnerability in the
/languages/install.php c ...)
+ TODO: check
+CVE-2023-38942 (Dango-Translator v4.5.5 was discovered to contain a remote
command exe ...)
+ TODO: check
+CVE-2023-38812
+ REJECTED
+CVE-2023-38748 (Use after free vulnerability exists in CX-Programmer Included
in CX-On ...)
+ TODO: check
+CVE-2023-38747 (Heap-based buffer overflow vulnerability exists in
CX-Programmer Inclu ...)
+ TODO: check
+CVE-2023-38746 (Out-of-bounds read vulnerability/issue exists in CX-Programmer
Include ...)
+ TODO: check
+CVE-2023-38744 (Denial-of-service (DoS) vulnerability due to improper
validation of sp ...)
+ TODO: check
+CVE-2023-37679 (A remote command execution (RCE) vulnerability in NextGen
Mirth Connec ...)
+ TODO: check
+CVE-2023-37559 (After successful authentication as a user in multiple Codesys
products ...)
+ TODO: check
+CVE-2023-37558 (After successful authentication as a user in multiple Codesys
products ...)
+ TODO: check
+CVE-2023-37557 (After successful authentication as a user in multiple Codesys
products ...)
+ TODO: check
+CVE-2023-37556 (In multiple versions of multiple Codesys products, after
successful au ...)
+ TODO: check
+CVE-2023-37555 (In multiple versions of multiple Codesys products, after
successful au ...)
+ TODO: check
+CVE-2023-37554 (In multiple versions of multiple Codesys products, after
successful au ...)
+ TODO: check
+CVE-2023-37553 (In multiple versions of multiple Codesys products, after
successful au ...)
+ TODO: check
+CVE-2023-37552 (In multiple versions of multiple Codesys products, after
successful au ...)
+ TODO: check
+CVE-2023-37551 (In multiple Codesys products in multiple versions, after
successful au ...)
+ TODO: check
+CVE-2023-37550 (In multiple Codesys products in multiple versions, after
successful au ...)
+ TODO: check
+CVE-2023-37549 (In multiple Codesys products in multiple versions, after
successful au ...)
+ TODO: check
+CVE-2023-37548 (In multiple Codesys products in multiple versions, after
successful au ...)
+ TODO: check
+CVE-2023-37547 (In multiple Codesys products in multiple versions, after
successful au ...)
+ TODO: check
+CVE-2023-37546 (In multiple Codesys products in multiple versions, after
successful au ...)
+ TODO: check
+CVE-2023-37545 (In multiple Codesys products in multiple versions, after
successful au ...)
+ TODO: check
+CVE-2023-37364 (In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML
protocol adapt ...)
+ TODO: check
+CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote
attacke ...)
+ TODO: check
+CVE-2023-36298 (DedeCMS v5.7.109 has a File Upload vulnerability, leading to
remote co ...)
+ TODO: check
+CVE-2023-36255 (An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a
remote ...)
+ TODO: check
+CVE-2023-36217 (Cross Site Scripting vulnerability in Xoops CMS v.2.5.10
allows a remo ...)
+ TODO: check
+CVE-2023-36213 (SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote
attacke ...)
+ TODO: check
+CVE-2023-36212 (File Upload vulnerability in Total CMS v.1.7.4 allows a remote
attacke ...)
+ TODO: check
+CVE-2023-36082 (An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W
allows a ...)
+ TODO: check
+CVE-2023-35081 (A path traversal vulnerability in Ivanti EPMM versions
(11.10.x < 11.1 ...)
+ TODO: check
+CVE-2023-34196 (In the Keyfactor EJBCA before 8.0.0, the RA web certificate
distributi ...)
+ TODO: check
+CVE-2023-33666 (ai-dev aioptimizedcombinations before v0.1.3 was discovered to
contain ...)
+ TODO: check
+CVE-2023-33371 (Control ID IDSecure 4.7.26.0 and prior uses a hardcoded
cryptographic ...)
+ TODO: check
+CVE-2023-33370 (An uncaught exception vulnerability exists in Control ID
IDSecure 4.7. ...)
+ TODO: check
+CVE-2023-33369 (A path traversal vulnerability exists in Control ID IDSecure
4.7.26.0 ...)
+ TODO: check
+CVE-2023-33368 (Some API routes exists in Control ID IDSecure 4.7.26.0 and
prior, exfi ...)
+ TODO: check
+CVE-2023-33366 (A SQL injection vulnerability exists in Suprema BioStar 2
before 2.9.1 ...)
+ TODO: check
+CVE-2023-33365 (A path traversal vulnerability exists in Suprema BioStar 2
before 2.9. ...)
+ TODO: check
+CVE-2023-33364 (An OS Command injection vulnerability exists in Suprema
BioStar 2 befo ...)
+ TODO: check
+CVE-2023-33363 (An authentication bypass vulnerability exists in Suprema
BioStar 2 bef ...)
+ TODO: check
+CVE-2023-32764 (Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to
escalate ...)
+ TODO: check
+CVE-2023-2754 (The Cloudflare WARP client for Windows assigns loopback IPv4
addresses ...)
+ TODO: check
CVE-2023-4104
- mozillavpn <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/1
@@ -10,37 +184,37 @@ CVE-2023-34320 [arm: Guests can trigger a deadlock on
Cortex-A77]
[buster] - xen <end-of-life> (DSA 4677-1)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/01/1
NOTE: https://xenbits.xen.org/xsa/advisory-436.html
-CVE-2023-4078
+CVE-2023-4078 (Inappropriate implementation in Extensions in Google Chrome
prior to 1 ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4077
+CVE-2023-4077 (Insufficient data validation in Extensions in Google Chrome
prior to 1 ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4076
+CVE-2023-4076 (Use after free in WebRTC in Google Chrome prior to
115.0.5790.170 allo ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4075
+CVE-2023-4075 (Use after free in Cast in Google Chrome prior to 115.0.5790.170
allowe ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4074
+CVE-2023-4074 (Use after free in Blink Task Scheduling in Google Chrome prior
to 115. ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4073
+CVE-2023-4073 (Out of bounds memory access in ANGLE in Google Chrome on Mac
prior to ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4072
+CVE-2023-4072 (Out of bounds read and write in WebGL in Google Chrome prior to
115.0. ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4071
+CVE-2023-4071 (Heap buffer overflow in Visuals in Google Chrome prior to
115.0.5790.1 ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4070
+CVE-2023-4070 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170
allowed ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4069
+CVE-2023-4069 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170
allowed ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4068
+CVE-2023-4068 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170
allowed ...)
- chromium 115.0.5790.170-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4067 (The Bus Ticket Booking with Seat Reservation plugin for
WordPress is v ...)
@@ -135,7 +309,7 @@ CVE-2023-31426 (The Brocade Fabric OS Commands
\u201cconfigupload\u201d and \u20
NOT-FOR-US: Brocade
CVE-2023-31425 (A vulnerability in the fosexec command of Brocade Fabric OS
after Broc ...)
NOT-FOR-US: Brocade
-CVE-2023-4008
+CVE-2023-4008 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2023-4011 (An issue has been discovered in GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
@@ -215,6 +389,7 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115,
Firefox ESR 115.0, and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057
CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0,
Firefox ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -224,6 +399,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115,
Firefox ESR 115.0, Fir
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056
CVE-2023-4055 (When the number of cookies per domain was exceeded in
`document.cookie ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -255,6 +431,7 @@ CVE-2023-4051 (A website could have obscured the full
screen notification by usi
- firefox 116.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack
buffer ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -264,6 +441,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream was
copied to a stack bu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050
CVE-2023-4049 (Race conditions in reference counting code were found through
code ins ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -273,6 +451,7 @@ CVE-2023-4049 (Race conditions in reference counting code
were found through cod
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049
CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash
when pars ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -282,6 +461,7 @@ CVE-2023-4048 (An out-of-bounds read could have led to an
exploitable crash when
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048
CVE-2023-4047 (A bug in popup notifications delay calculation could have made
it poss ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -291,6 +471,7 @@ CVE-2023-4047 (A bug in popup notifications delay
calculation could have made it
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047
CVE-2023-4046 (In some circumstances, a stale value could have been used for a
global ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -300,6 +481,7 @@ CVE-2023-4046 (In some circumstances, a stale value could
have been used for a g
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046
CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting,
which c ...)
+ {DSA-5464-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -318,7 +500,7 @@ CVE-2023-3825 (PTC\u2019s KEPServerEX Versions 6.0 to
6.14.263 are vulnerable to
NOT-FOR-US: PTC KEPServerEX
CVE-2023-3462 (HashiCorp's Vault and Vault Enterprise are vulnerable to user
enumerat ...)
NOT-FOR-US: HashiCorp Vault
-CVE-2023-39122 (BMC Control-M Software v9.0.20.200 was discovered to contain a
SQL inj ...)
+CVE-2023-39122 (BMC Control-M through 9.0.20.200 allows SQL injection via the
/RF-Serv ...)
NOT-FOR-US: BMC Control-M Software
CVE-2023-37772 (Online Shopping Portal Project v3.1 was discovered to contain
a SQL in ...)
NOT-FOR-US: Online Shopping Portal Project
@@ -414,7 +596,7 @@ CVE-2023-34872 (A vulnerability in Outline.cc for Poppler
prior to 23.06.0 allow
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
CVE-2023-34842 (Remote Code Execution vulnerability in DedeCMS through 5.7.109
allows ...)
NOT-FOR-US: DedeCMS
-CVE-2023-34644 (A command injection vulnerability exists in the EWEB
management system ...)
+CVE-2023-34644 (Remote code execution vulnerability in Ruijie Networks
Product: RG-EW ...)
NOT-FOR-US: Ruijie
CVE-2023-34635 (Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to
SQL Injec ...)
NOT-FOR-US: Wifi Soft Unibox Administration
@@ -15121,8 +15303,8 @@ CVE-2023-22310
RESERVED
CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 15.11.11+ds1-1
-CVE-2023-1935
- RESERVED
+CVE-2023-1935 (ROC800-Series RTU devices are vulnerable to an authentication
bypass, ...)
+ TODO: check
CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is
afflicted by ...)
NOT-FOR-US: PnPSCADA
CVE-2023-1933
@@ -18652,8 +18834,8 @@ CVE-2023-1439 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: SourceCodester Medicine Tracker System
CVE-2023-1438
RESERVED
-CVE-2023-1437
- RESERVED
+CVE-2023-1437 (All versions prior to 9.1.4 of Advantech WebAccess/SCADA are
vulnerabl ...)
+ TODO: check
CVE-2023-1436 (An infinite recursion is triggered in Jettison when
constructing a JSO ...)
- libjettison-java 1.5.4-1 (bug #1033846)
[bookworm] - libjettison-java <no-dsa> (Minor issue)
@@ -18741,8 +18923,8 @@ CVE-2023-28470 (In Couchbase Server 5 through 7 before
7.1.4, the nsstats endpoi
NOT-FOR-US: Couchbase Server
CVE-2023-28469 (An issue was discovered in the Arm Mali GPU Kernel Driver. A
non-privi ...)
NOT-FOR-US: ARM
-CVE-2023-28468
- RESERVED
+CVE-2023-28468 (An issue was discovered in FvbServicesRuntimeDxe in Insyde
InsydeH2O w ...)
+ TODO: check
CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via
the user ...)
NOT-FOR-US: MyBB
CVE-2023-28465
@@ -23356,8 +23538,8 @@ CVE-2023-26981
RESERVED
CVE-2023-26980 (PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race
Condition ...)
NOT-FOR-US: PAX Technology PAX A920 Pro PayDroid
-CVE-2023-26979
- RESERVED
+CVE-2023-26979 (Bluetens Electrostimulation Device BluetensQ device app
version 4.3.15 ...)
+ TODO: check
CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to
contain a com ...)
NOT-FOR-US: TOTOLINK
CVE-2023-26977
@@ -25046,8 +25228,8 @@ CVE-2023-0958 (Several plugins for WordPress by Inisev
are vulnerable to unautho
NOT-FOR-US: WordPress plugin
CVE-2023-0957 (An issue was discovered in Gitpod versions prior to
release-2022.11.2. ...)
NOT-FOR-US: Gitpod
-CVE-2023-0956
- RESERVED
+CVE-2023-0956 (External input could be used on TEL-STER TelWin SCADA
WebInterface to ...)
+ TODO: check
CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape
a param ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4
Dome and ...)
@@ -26450,7 +26632,7 @@ CVE-2023-25837 (There is a Cross-site Scripting
vulnerabilityin Esri Portal Site
NOT-FOR-US: Esri
CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal
Sites in v ...)
NOT-FOR-US: Esri
-CVE-2023-25835 (There is a Cross-site Scripting vulnerabilityin Esri Portal
Sites in v ...)
+CVE-2023-25835 (There is a stored Cross-site Scripting vulnerabilityin Esri
Portal for ...)
NOT-FOR-US: Esri
CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and
below are ...)
NOT-FOR-US: Esri
@@ -27509,8 +27691,8 @@ CVE-2022-48318 (No authorisation controls in the
RestAPI documentation for Tribe
- check-mk <removed>
CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI
for Tribe ...)
- check-mk <removed>
-CVE-2023-25600
- RESERVED
+CVE-2023-25600 (An issue was discovered in InsydeH2O. A malicious operating
system can ...)
+ TODO: check
CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice
Connect ...)
NOT-FOR-US: Mitel
CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice
Connect ...)
@@ -27767,8 +27949,8 @@ CVE-2023-25526
RESERVED
CVE-2023-25525
RESERVED
-CVE-2023-25524
- RESERVED
+CVE-2023-25524 (NVIDIA Omniverse Workstation Launcher for Windows and Linux
contains a ...)
+ TODO: check
CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a
vulnerability in ...)
- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1042766)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5469
@@ -38357,12 +38539,12 @@ CVE-2023-22366 (CX-Motion-MCH v2.32 and earlier
contains an access of uninitiali
NOT-FOR-US: CX-Motion-MCH
CVE-2023-22357 (Active debug code exists in OMRON CP1L-EL20DR-D all versions,
which ma ...)
NOT-FOR-US: OMROM
-CVE-2023-22317
- RESERVED
-CVE-2023-22314
- RESERVED
-CVE-2023-22277
- RESERVED
+CVE-2023-22317 (Use after free vulnerability exists in CX-Programmer Ver.9.79
and earl ...)
+ TODO: check
+CVE-2023-22314 (Use after free vulnerability exists in CX-Programmer Ver.9.79
and earl ...)
+ TODO: check
+CVE-2023-22277 (Use after free vulnerability exists in CX-Programmer Ver.9.79
and earl ...)
+ TODO: check
CVE-2023-0026 (An Improper Input Validation vulnerability in the Routing
Protocol Dae ...)
NOT-FOR-US: Juniper
CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected
and stor ...)
@@ -47392,8 +47574,8 @@ CVE-2022-4048 (Inadequate Encryption Strength in
CODESYS Development System V3 v
NOT-FOR-US: CODESYS
CVE-2022-4047 (The Return Refund and Exchange For WooCommerce WordPress plugin
before ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4046
- RESERVED
+CVE-2022-4046 (In CODESYS Control in multiple versions a improper restriction
of oper ...)
+ TODO: check
CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an
authenti ...)
- mattermost-server <itp> (bug #823556)
CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an
authenticate ...)
@@ -49687,18 +49869,18 @@ CVE-2023-21414
RESERVED
CVE-2023-21413
RESERVED
-CVE-2023-21412
- RESERVED
-CVE-2023-21411
- RESERVED
-CVE-2023-21410
- RESERVED
-CVE-2023-21409
- RESERVED
-CVE-2023-21408
- RESERVED
-CVE-2023-21407
- RESERVED
+CVE-2023-21412 (User provided input is not sanitized on the AXIS License Plate
Verifie ...)
+ TODO: check
+CVE-2023-21411 (User provided input is not sanitized in the \u201cSettings >
Access Co ...)
+ TODO: check
+CVE-2023-21410 (User provided input is not sanitized on the AXIS License Plate
Verifie ...)
+ TODO: check
+CVE-2023-21409 (Due to insufficient file permissions, unprivileged users could
gain ac ...)
+ TODO: check
+CVE-2023-21408 (Due to insufficient file permissions, unprivileged users could
gain ac ...)
+ TODO: check
+CVE-2023-21407 (A broken access control was found allowing for privileged
escalation o ...)
+ TODO: check
CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in
the AXIS A ...)
NOT-FOR-US: AXIS
CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network
Door Contro ...)
@@ -57258,7 +57440,7 @@ CVE-2022-3537 (The Role Based Pricing for WooCommerce
WordPress plugin before 1.
CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before
1.6.3 d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-42986
- RESERVED
+ REJECTED
CVE-2022-42985 (The ScratchLogin extension through 1.1 for MediaWiki does not
escape v ...)
NOT-FOR-US: MediaWiki extension ScratchLogin
CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to
contain a SQL ...)
@@ -80849,8 +81031,8 @@ CVE-2022-34455
RESERVED
CVE-2022-34454 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a
heap-based buff ...)
NOT-FOR-US: Dell
-CVE-2022-34453
- RESERVED
+CVE-2022-34453 (Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an
improper acc ...)
+ TODO: check
CVE-2022-34452 (PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 &
3.0* con ...)
NOT-FOR-US: Dell
CVE-2022-34451 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 &
3.0* co ...)
@@ -97429,8 +97611,8 @@ CVE-2022-28613 (A vulnerability in the HCI Modbus TCP
COMPONENT of Hitachi Energ
NOT-FOR-US: HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series
CMU Firmware
CVE-2022-28610
RESERVED
-CVE-2022-26838
- RESERVED
+CVE-2022-26838 (Path traversal vulnerability in Importing Mobile Device Data
of Cybozu ...)
+ TODO: check
CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository
plantu ...)
- plantuml <unfixed> (bug #1039989)
[bookworm] - plantuml <no-dsa> (Minor issue)
@@ -218956,8 +219138,8 @@ CVE-2020-20810
RESERVED
CVE-2020-20809
RESERVED
-CVE-2020-20808
- RESERVED
+CVE-2020-20808 (Cross Site Scripting vulnerability in Qibosoft qibosoft v.7
and before ...)
+ TODO: check
CVE-2020-20807
RESERVED
CVE-2020-20806
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e19a95ef1ac80d4b42186ef6f8c29c06181847b7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e19a95ef1ac80d4b42186ef6f8c29c06181847b7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
