Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
13e211d9 by security tracker role at 2023-08-09T20:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2023-4273 (A flaw was found in the exFAT driver of the Linux kernel. The
vulnerab ...)
+ TODO: check
+CVE-2023-40012 (uthenticode is a small cross-platform library for partially
verifying ...)
+ TODO: check
+CVE-2023-3953 (A CWE-119: Improper Restriction of Operations within the Bounds
of a M ...)
+ TODO: check
+CVE-2023-3518 (HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT
Auth for ...)
+ TODO: check
+CVE-2023-39969 (uthenticode is a small cross-platform library for partially
verifying ...)
+ TODO: check
+CVE-2023-39531 (Sentry is an error tracking and performance monitoring
platform. Start ...)
+ TODO: check
+CVE-2023-39008 (A command injection vulnerability in the component
/api/cron/settings/ ...)
+ TODO: check
+CVE-2023-39007 (/ui/cron/item/open in the Cron component of OPNsense before
23.7 allow ...)
+ TODO: check
+CVE-2023-39006 (The Crash Reporter (crash_reporter.php) component of OPNsense
before 2 ...)
+ TODO: check
+CVE-2023-39005 (Insecure permissions exist for configd.socket in OPNsense
before 23.7.)
+ TODO: check
+CVE-2023-39004 (Insecure permissions in the configuration directory (/conf/)
of OPNsen ...)
+ TODO: check
+CVE-2023-39003 (OPNsense before 23.7 was discovered to contain insecure
permissions in ...)
+ TODO: check
+CVE-2023-39002 (A cross-site scripting (XSS) vulnerability in the act
parameter of sys ...)
+ TODO: check
+CVE-2023-39001 (A command injection vulnerability in the component
diag_backup.php of ...)
+ TODO: check
+CVE-2023-39000 (A reflected cross-site scripting (XSS) vulnerability in the
component ...)
+ TODO: check
+CVE-2023-38999 (A Cross-Site Request Forgery (CSRF) in the System Halt API
(/system/ha ...)
+ TODO: check
+CVE-2023-38998 (An open redirect in the Login page of OPNsense before 23.7
allows atta ...)
+ TODO: check
+CVE-2023-38997 (A directory traversal vulnerability in the Captive Portal
templates of ...)
+ TODO: check
+CVE-2023-38348 (A CSRF issue was discovered in LWsystems Benno MailArchiv
2.10.1.)
+ TODO: check
+CVE-2023-38347 (An issue was discovered in LWsystems Benno MailArchiv 2.10.1.
Attacker ...)
+ TODO: check
+CVE-2023-38213 (Adobe Dimension version 3.4.9 is affected by an out-of-bounds
read vul ...)
+ TODO: check
+CVE-2023-38212 (Adobe Dimension version 3.4.9 is affected by a Heap-based
Buffer Overf ...)
+ TODO: check
+CVE-2023-38211 (Adobe Dimension version 3.4.9 is affected by a Use After Free
vulnerab ...)
+ TODO: check
+CVE-2023-37068 (Code-Projects Gym Management System V1.0 allows remote
attackers to ex ...)
+ TODO: check
+CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote
attackers ...)
+ TODO: check
+CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table
accounting error ...)
+ TODO: check
+CVE-2023-33469 (In instances where the screen is visible and remote mouse
connection i ...)
+ TODO: check
+CVE-2023-33468 (KramerAV VIA Connect (2) and VIA Go (2) devices with a version
prior t ...)
+ TODO: check
+CVE-2023-32782 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760. ...)
+ TODO: check
+CVE-2023-32781 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760. ...)
+ TODO: check
+CVE-2023-31452 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760 ...)
+ TODO: check
+CVE-2023-31450 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760 ...)
+ TODO: check
+CVE-2023-31449 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760 ...)
+ TODO: check
+CVE-2023-31448 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760 ...)
+ TODO: check
+CVE-2022-48604 (A SQL injection vulnerability exists in the \u201clogging
export\u201d ...)
+ TODO: check
+CVE-2022-48603 (A SQL injection vulnerability exists in the \u201cmessage
viewer ifram ...)
+ TODO: check
+CVE-2022-48602 (A SQL injection vulnerability exists in the \u201cmessage
viewer print ...)
+ TODO: check
+CVE-2022-48601 (A SQL injection vulnerability exists in the \u201cnetwork
print report ...)
+ TODO: check
+CVE-2022-48600 (A SQL injection vulnerability exists in the \u201cnotes
view\u201d fea ...)
+ TODO: check
+CVE-2022-48599 (A SQL injection vulnerability exists in the \u201creporter
events type ...)
+ TODO: check
+CVE-2022-48598 (A SQL injection vulnerability exists in the \u201creporter
events type ...)
+ TODO: check
+CVE-2022-48597 (A SQL injection vulnerability exists in the \u201cticket event
report\ ...)
+ TODO: check
+CVE-2022-48596 (A SQL injection vulnerability exists in the \u201cticket queue
watcher ...)
+ TODO: check
+CVE-2022-48595 (A SQL injection vulnerability exists in the \u201cticket
template watc ...)
+ TODO: check
+CVE-2022-48594 (A SQL injection vulnerability exists in the \u201cticket
watchers emai ...)
+ TODO: check
+CVE-2022-48593 (A SQL injection vulnerability exists in the \u201ctopology
data servic ...)
+ TODO: check
+CVE-2022-48592 (A SQL injection vulnerability exists in the vendor_country
parameter o ...)
+ TODO: check
+CVE-2022-48591 (A SQL injection vulnerability exists in the vendor_state
parameter of ...)
+ TODO: check
+CVE-2022-48590 (A SQL injection vulnerability exists in the \u201cadmin
dynamic app mi ...)
+ TODO: check
+CVE-2022-48589 (A SQL injection vulnerability exists in the \u201creporting
job editor ...)
+ TODO: check
+CVE-2022-48588 (A SQL injection vulnerability exists in the \u201cschedule
editor deco ...)
+ TODO: check
+CVE-2022-48587 (A SQL injection vulnerability exists in the \u201cschedule
editor\u201 ...)
+ TODO: check
+CVE-2022-48586 (A SQL injection vulnerability exists in the \u201cjson
walker\u201d fe ...)
+ TODO: check
+CVE-2022-48585 (A SQL injection vulnerability exists in the \u201cadmin brand
portal\u ...)
+ TODO: check
+CVE-2022-48584 (A command injection vulnerability exists in the download and
convert r ...)
+ TODO: check
+CVE-2022-48583 (A command injection vulnerability exists in the dashboard
scheduler fe ...)
+ TODO: check
+CVE-2022-48582 (A command injection vulnerability exists in the ticket report
generate ...)
+ TODO: check
+CVE-2022-48581 (A command injection vulnerability exists in the \u201cdash
export\u201 ...)
+ TODO: check
+CVE-2022-48580 (A command injection vulnerability exists in the ARP ping
device tool f ...)
+ TODO: check
CVE-2023-4243 (The FULL - Customer plugin for WordPress is vulnerable to
Arbitrary Fi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4242 (The FULL - Customer plugin for WordPress is vulnerable to
Information ...)
@@ -1285,7 +1403,7 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115,
Firefox ESR 115.0, and
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057
CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0,
Firefox ...)
- {DSA-5469-1 DSA-5464-1 DLA-3521-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -1295,7 +1413,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115,
Firefox ESR 115.0, Fir
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056
CVE-2023-4055 (When the number of cookies per domain was exceeded in
`document.cookie ...)
- {DSA-5469-1 DSA-5464-1 DLA-3521-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -1327,7 +1445,7 @@ CVE-2023-4051 (A website could have obscured the full
screen notification by usi
- firefox 116.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack
buffer ...)
- {DSA-5469-1 DSA-5464-1 DLA-3521-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -1337,7 +1455,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream
was copied to a stack bu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050
CVE-2023-4049 (Race conditions in reference counting code were found through
code ins ...)
- {DSA-5469-1 DSA-5464-1 DLA-3521-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -1347,7 +1465,7 @@ CVE-2023-4049 (Race conditions in reference counting code
were found through cod
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049
CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash
when pars ...)
- {DSA-5469-1 DSA-5464-1 DLA-3521-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -1357,7 +1475,7 @@ CVE-2023-4048 (An out-of-bounds read could have led to an
exploitable crash when
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048
CVE-2023-4047 (A bug in popup notifications delay calculation could have made
it poss ...)
- {DSA-5469-1 DSA-5464-1 DLA-3521-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -1367,7 +1485,7 @@ CVE-2023-4047 (A bug in popup notifications delay
calculation could have made it
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047
CVE-2023-4046 (In some circumstances, a stale value could have been used for a
global ...)
- {DSA-5469-1 DSA-5464-1 DLA-3521-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -1377,7 +1495,7 @@ CVE-2023-4046 (In some circumstances, a stale value could
have been used for a g
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046
CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting,
which c ...)
- {DSA-5469-1 DSA-5464-1 DLA-3521-1}
+ {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1}
- firefox 116.0-1
- firefox-esr 115.1.0esr-1
- thunderbird 1:115.1.0-1
@@ -32059,16 +32177,16 @@ CVE-2023-24482 (A vulnerability has been identified
in COMOS V10.2 (All versions
NOT-FOR-US: Siemens
CVE-2023-24477 (In certain conditions, depending on timing and the usage of
the Chrome ...)
TODO: check
-CVE-2023-24471
- RESERVED
-CVE-2023-24015
- RESERVED
-CVE-2023-23903
- RESERVED
-CVE-2023-23574
- RESERVED
-CVE-2023-22843
- RESERVED
+CVE-2023-24471 (An access control vulnerability was found, due to the
restrictions tha ...)
+ TODO: check
+CVE-2023-24015 (A partial DoS vulnerability has been detected in the Reports
section, ...)
+ TODO: check
+CVE-2023-23903 (An authenticated administrator can upload a SAML configuration
file wi ...)
+ TODO: check
+CVE-2023-23574 (A blind SQL Injection vulnerability in Nozomi Networks
Guardian and CM ...)
+ TODO: check
+CVE-2023-22843 (An authenticated attacker with administrative access to the
appliance ...)
+ TODO: check
CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks
Guardian and CM ...)
TODO: check
CVE-2023-0479
@@ -35404,10 +35522,10 @@ CVE-2022-48254 (There is a data processing error
vulnerability in Leia-B29 2.0.0
NOT-FOR-US: Huawei
CVE-2023-23348 (HCL Launch could disclose sensitive information if a manual
edit of a ...)
NOT-FOR-US: HCL
-CVE-2023-23347
- RESERVED
-CVE-2023-23346
- RESERVED
+CVE-2023-23347 (HCL DRYiCE iAutomate is affected by the use of a broken
cryptographic ...)
+ TODO: check
+CVE-2023-23346 (HCL DRYiCE MyCloud is affected by the use of a broken
cryptographic al ...)
+ TODO: check
CVE-2023-23345
RESERVED
CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14
allows an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e211d9d55c5046ef6ad87240f79baf3decab4c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13e211d9d55c5046ef6ad87240f79baf3decab4c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
