[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 05 Sep 2023 13:13:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ca02008e by security tracker role at 2023-09-05T20:12:44+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,72 @@
-CVE-2023-40743 [RCE when untrusted input is passed to getService]
+CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.1 ...)
+       TODO: check
+CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.3-DEV.)
+       TODO: check
+CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-4480 (Due to an out-of-date dependency in the \u201cFusion File 
Manager\u201 ...)
+       TODO: check
+CVE-2023-4178 (Authentication Bypass by Spoofing vulnerability in Neutron 
Neutron Sma ...)
+       TODO: check
+CVE-2023-4034 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-41317 (The Apollo Router is a configurable, high-performance graph 
router wri ...)
+       TODO: check
+CVE-2023-41108 (TEF portal 2023-07-17 is vulnerable to authenticated remote 
code execu ...)
+       TODO: check
+CVE-2023-41107 (TEF portal 2023-07-17 is vulnerable to a persistent cross site 
scripti ...)
+       TODO: check
+CVE-2023-41012 (An issue in China Mobile Communications China Mobile 
Intelligent Home  ...)
+       TODO: check
+CVE-2023-41009 (File Upload vulnerability in adlered bolo-solo v.2.6 allows a 
remote a ...)
+       TODO: check
+CVE-2023-40918 (KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. 
Unautho ...)
+       TODO: check
+CVE-2023-3616 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Bookr ...)
+       TODO: check
+CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Bookreen 
allows  ...)
+       TODO: check
+CVE-2023-39681 (Cuppa CMS v1.0 was discovered to contain a remote code 
execution (RCE) ...)
+       TODO: check
+CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection 
vulnerabi ...)
+       TODO: check
+CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation 
WebClient v. ...)
+       TODO: check
+CVE-2023-39515 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       TODO: check
+CVE-2023-39514 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       TODO: check
+CVE-2023-36361 (Audimexee v14.1.7 was discovered to contain a SQL injection 
vulnerabil ...)
+       TODO: check
+CVE-2023-35124 (An information disclosure vulnerability exists in the OAS 
Engine confi ...)
+       TODO: check
+CVE-2023-35072 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-35068 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-35065 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-34998 (An authentication bypass vulnerability exists in the OAS 
Engine functi ...)
+       TODO: check
+CVE-2023-34994 (An improper resource allocation vulnerability exists in the 
OAS Engine ...)
+       TODO: check
+CVE-2023-34353 (An authentication bypass vulnerability exists in the OAS 
Engine authen ...)
+       TODO: check
+CVE-2023-34317 (An improper input validation vulnerability exists in the OAS 
Engine Us ...)
+       TODO: check
+CVE-2023-32615 (A file write vulnerability exists in the OAS Engine 
configuration func ...)
+       TODO: check
+CVE-2023-32271 (An information disclosure vulnerability exists in the OAS 
Engine confi ...)
+       TODO: check
+CVE-2023-32086
+       REJECTED
+CVE-2023-31242 (An authentication bypass vulnerability exists in the OAS 
Engine functi ...)
+       TODO: check
+CVE-2023-2453 (There is insufficient sanitization of tainted file names that 
are dire ...)
+       TODO: check
+CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 
1.x in an ...)
        - axis <unfixed> (bug #1051288)
        NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1
        NOTE: 
https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210
@@ -56250,10 +56318,10 @@ CVE-2023-20900 (VMware Tools contains a SAML token 
signature bypass vulnerabilit
        NOTE: Fixed by: 
https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16
 (stable-12.3.0)
 CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass authentication 
vulnerability. A ...)
        NOT-FOR-US: VMware
-CVE-2023-20898
-       RESERVED
-CVE-2023-20897
-       RESERVED
+CVE-2023-20898 (Git Providers can read from the wrong environment because they 
get the ...)
+       TODO: check
+CVE-2023-20897 (Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion 
return. ...)
+       TODO: check
 CVE-2023-20896 (The VMware vCenter Server contains an out-of-bounds read 
vulnerability ...)
        NOT-FOR-US: VMware
 CVE-2023-20895 (The VMware vCenter Server contains a memory corruption 
vulnerability i ...)
@@ -65940,8 +66008,8 @@ CVE-2022-41765 (An issue was discovered in MediaWiki 
before 1.35.8, 1.36.x and 1
        NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836892
 CVE-2022-41764
        RESERVED
-CVE-2022-41763
-       RESERVED
+CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code 
Execution exi ...)
+       TODO: check
 CVE-2022-41762
        RESERVED
 CVE-2022-41761
@@ -143446,8 +143514,8 @@ CVE-2021-40548
        RESERVED
 CVE-2021-40547
        RESERVED
-CVE-2021-40546
-       RESERVED
+CVE-2021-40546 (Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers 
(who have ...)
+       TODO: check
 CVE-2021-40545
        RESERVED
 CVE-2021-40544
@@ -194249,8 +194317,8 @@ CVE-2020-35595
        RESERVED
 CVE-2020-35594 (Zoho ManageEngine ADManager Plus before 7066 allows XSS.)
        NOT-FOR-US: Zoho ManageEngine
-CVE-2020-35593
-       RESERVED
+CVE-2020-35593 (BMC PATROL Agent through 20.08.00 allows local privilege 
escalation vi ...)
+       TODO: check
 CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header 
to the a ...)
        NOT-FOR-US: Pi-hole
 CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The 
application d ...)
@@ -252230,8 +252298,8 @@ CVE-2020-10130
        RESERVED
 CVE-2020-10129
        RESERVED
-CVE-2020-10128
-       RESERVED
+CVE-2020-10128 (SearchBlox product with version before 9.2.1 is vulnerable to 
stored c ...)
+       TODO: check
 CVE-2020-10127
        RESERVED
 CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly 
validate  ...)
@@ -413152,8 +413220,8 @@ CVE-2017-9454 (Buffer overflow in the 
ares_parse_a_reply function in the embedde
        NOTE: 
https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df
        NOTE: Fixed sourcewise in 1:1.11.0~beta4-1 but unimportant since uses 
the
        NOTE: system library.
-CVE-2017-9453
-       RESERVED
+CVE-2017-9453 (BMC Server Automation before 8.9.01 patch 1 allows Process 
Spawner com ...)
+       TODO: check
 CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 
2.9.0  ...)
        - piwigo <removed>
 CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php 
in fla ...)
@@ -490442,10 +490510,10 @@ CVE-2015-2206 (libraries/select_lang.lib.php in 
phpMyAdmin 4.0.x before 4.0.10.9
        NOTE: https://www.phpmyadmin.net/security/PMASA-2015-1/
 CVE-2015-2205
        RESERVED
-CVE-2015-2202
-       RESERVED
-CVE-2015-2201
-       RESERVED
+CVE-2015-2202 (Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows 
administrati ...)
+       TODO: check
+CVE-2015-2201 (Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows 
VisualRF rem ...)
+       TODO: check
 CVE-2015-2200
        RESERVED
 CVE-2015-2199 (Multiple SQL injection vulnerabilities in the WonderPlugin 
Audio Playe ...)
@@ -492965,10 +493033,10 @@ CVE-2015-1393 (SQL injection vulnerability in the 
Photo Gallery plugin before 1.
        NOT-FOR-US: WordPress plugin photo-gallery
 CVE-2015-1392 (Multiple SQL injection vulnerabilities in Aruba Networks 
ClearPass Pol ...)
        NOT-FOR-US: Aruba Networks CPPM
-CVE-2015-1391
-       RESERVED
-CVE-2015-1390
-       RESERVED
+CVE-2015-1391 (Aruba AirWave before 8.0.7 allows bypass of a CSRF protection 
mechanis ...)
+       TODO: check
+CVE-2015-1390 (Aruba AirWave before 8.0.7 allows XSS attacks agsinat an 
administrator ...)
+       TODO: check
 CVE-2015-1389 (Cross-site scripting (XSS) vulnerability in Aruba Networks 
ClearPass P ...)
        NOT-FOR-US: Aruba Networks CPPM
 CVE-2015-1388 (The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x 
before 6 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca02008e4313e802a0298a27239380666325d9fa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca02008e4313e802a0298a27239380666325d9fa
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to