Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3118d130 by security tracker role at 2023-08-16T20:13:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,38 +1,94 @@
+CVE-2023-4389 (A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in
the bt ...)
+ TODO: check
+CVE-2023-4387 (A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in
drivers/ ...)
+ TODO: check
+CVE-2023-4385 (A NULL pointer dereference flaw was found in dbFree in
fs/jfs/jfs_dmap ...)
+ TODO: check
+CVE-2023-4384 (A vulnerability has been found in MaximaTech Portal Executivo
21.9.1.1 ...)
+ TODO: check
+CVE-2023-4383 (A vulnerability, which was classified as critical, was found in
MicroW ...)
+ TODO: check
+CVE-2023-4382 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-4381 (Unverified Password Change in GitHub repository
instantsoft/icms2 prio ...)
+ TODO: check
+CVE-2023-4241 (lol-html can cause panics on certain HTML inputs. Anyone
processing ar ...)
+ TODO: check
+CVE-2023-4204 (NPort IAW5000A-I/O Series firmware version v2.2 and prior is
affected ...)
+ TODO: check
+CVE-2023-39975 (kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before
1.21.2 has a ...)
+ TODO: check
+CVE-2023-39507 (Improper authorization in the custom URL scheme handler in
"Rikunabi N ...)
+ TODO: check
+CVE-2023-39250 (Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016
contain ...)
+ TODO: check
+CVE-2023-39115 (install/aiz-uploader/upload in Campcodes Online Matrimonial
Website Sy ...)
+ TODO: check
+CVE-2023-38904 (A Cross Site Scripting (XSS) vulnerability in Netlify CMS
v.2.10.192 a ...)
+ TODO: check
+CVE-2023-38737 (IBM WebSphere Application Server Liberty 22.0.0.13 through
23.0.0.7 is ...)
+ TODO: check
+CVE-2023-33663 (In the module \u201cCustomization fields fee for your
store\u201d (aic ...)
+ TODO: check
+CVE-2023-32495 (Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of
sensitive i ...)
+ TODO: check
+CVE-2023-32494 (Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper
handling of i ...)
+ TODO: check
+CVE-2023-32493 (Dell PowerScale OneFS, 9.5.0.x, contains a protection
mechanism bypass ...)
+ TODO: check
+CVE-2023-32492 (Dell PowerScale OneFS 9.5.0.x contains an incorrect default
permission ...)
+ TODO: check
+CVE-2023-32491 (Dell PowerScale OneFS 9.5.0.x, contains an insertion of
sensitive info ...)
+ TODO: check
+CVE-2023-32490 (Dell PowerScale OneFS 8.2x -9.5x contains an improper
privilege manage ...)
+ TODO: check
+CVE-2023-32489 (Dell PowerScale OneFS 8.2x -9.5x contains a privilege
escalation vulne ...)
+ TODO: check
+CVE-2023-32488 (Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information
disclosu ...)
+ TODO: check
+CVE-2023-32487 (Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation
of privi ...)
+ TODO: check
+CVE-2023-32486 (Dell PowerScale OneFS 9.5.x version contain a privilege
escalation vul ...)
+ TODO: check
+CVE-2023-32453 (Dell BIOS contains an improper authentication vulnerability. A
malicio ...)
+ TODO: check
+CVE-2023-2737 (Improper log permissions in SafeNet Authentication
ServiceVersion 3.4. ...)
+ TODO: check
CVE-2023-4302
NOT-FOR-US: Jenkins plugin
CVE-2023-4301
NOT-FOR-US: Jenkins plugin
-CVE-2023-40351
+CVE-2023-40351 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Favorite ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40350
+CVE-2023-40350 (Jenkins Docker Swarm Plugin 1.11 and earlier does not escape
values re ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40349
+CVE-2023-40349 (Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes
an optio ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40348
+CVE-2023-40348 (The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier
provide ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40347
+CVE-2023-40347 (Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14
and earl ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40346
+CVE-2023-40346 (Jenkins Shortcut Job Plugin 0.4 and earlier does not escape
the shortc ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40345
+CVE-2023-40345 (Jenkins Delphix Plugin 3.0.2 and earlier does not set the
appropriate ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40344
+CVE-2023-40344 (A missing permission check in Jenkins Delphix Plugin 3.0.2 and
earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40343
+CVE-2023-40343 (Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a
non-con ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40342
+CVE-2023-40342 (Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not
escape JU ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40341
+CVE-2023-40341 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Blue Ocea ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40340
+CVE-2023-40340 (Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask
(i.e., ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40339
+CVE-2023-40339 (Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and
earlier d ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40338
+CVE-2023-40338 (Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier
displays an err ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40337
+CVE-2023-40337 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Folders P ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-40336
+CVE-2023-40336 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Folders P ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-4374 (The WP Remote Users Sync plugin for WordPress is vulnerable to
unautho ...)
NOT-FOR-US: WP Remote Users Sync plugin for WordPress
@@ -891,17 +947,17 @@ CVE-2023-33469 (In instances where the screen is visible
and remote mouse connec
NOT-FOR-US: KramerAV
CVE-2023-33468 (KramerAV VIA Connect (2) and VIA Go (2) devices with a version
prior t ...)
NOT-FOR-US: KramerAV
-CVE-2023-32782 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760. ...)
+CVE-2023-32782 (A command injection was identified in PRTG 23.2.84.1566 and
earlier ve ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-32781 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760. ...)
+CVE-2023-32781 (A command injection vulnerability was identified in PRTG
23.2.84.1566 ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-31452 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760 ...)
+CVE-2023-31452 (A cross-site request forgery (CSRF) token bypass was
identified in PRT ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-31450 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760 ...)
+CVE-2023-31450 (A path traversal vulnerability was identified in the SQL v2
sensors in ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-31449 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760 ...)
+CVE-2023-31449 (A path traversal vulnerability was identified in the WMI
Custom sensor ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2023-31448 (An issue was discovered in Paessler PRTG Network Monitor
23.2.83.1760 ...)
+CVE-2023-31448 (A path traversal vulnerability was identified in the HL7
sensor in PRT ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2022-48604 (A SQL injection vulnerability exists in the \u201clogging
export\u201d ...)
NOT-FOR-US: ScienceLogic SL1
@@ -12446,10 +12502,10 @@ CVE-2023-2274
RESERVED
CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below,
suffer fr ...)
NOT-FOR-US: Rapid7
-CVE-2023-2272
- RESERVED
-CVE-2023-2271
- RESERVED
+CVE-2023-2272 (The Tiempo.com WordPress plugin through 0.1.2 does not sanitise
and es ...)
+ TODO: check
+CVE-2023-2271 (The Tiempo.com WordPress plugin through 0.1.2 does not have
CSRF check ...)
+ TODO: check
CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache
Software ...)
NOT-FOR-US: Apache InLong
CVE-2023-31205
@@ -12707,8 +12763,8 @@ CVE-2023-2255 (Improper access control in editor
components of The Document Foun
{DSA-5415-1 DLA-3526-1}
- libreoffice 4:7.4.5-3
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
-CVE-2023-2254
- RESERVED
+CVE-2023-2254 (The Ko-fi Button WordPress plugin before 1.3.3 does not
properly some ...)
+ TODO: check
CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in
distribution/distri ...)
{DSA-5414-1 DLA-3473-1}
- docker-registry 2.8.2+ds1-1 (bug #1035956)
@@ -13191,8 +13247,8 @@ CVE-2023-2227 (Improper Authorization in GitHub
repository modoboa/modoboa prior
NOT-FOR-US: Modoboa
CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in
Rapid7's V ...)
NOT-FOR-US: Rapid7
-CVE-2023-2225
- RESERVED
+CVE-2023-2225 (The SEO ALert WordPress plugin through 1.59 does not sanitise
and esca ...)
+ TODO: check
CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not
sanitise and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not
sanitise an ...)
@@ -13355,8 +13411,8 @@ CVE-2023-30873
RESERVED
CVE-2023-30872
RESERVED
-CVE-2023-30871
- RESERVED
+CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
PT Woo P ...)
+ TODO: check
CVE-2023-30870
RESERVED
CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital
Downloads plugin ...)
@@ -13716,22 +13772,22 @@ CVE-2023-30788 (MonicaHQ version 4.0.0 allows an
authenticated remote attacker t
NOT-FOR-US: MonicaHQ
CVE-2023-30787 (MonicaHQ version 4.0.0 allows an authenticated remote attacker
to exec ...)
NOT-FOR-US: MonicaHQ
-CVE-2023-30786
- RESERVED
-CVE-2023-30785
- RESERVED
-CVE-2023-30784
- RESERVED
+CVE-2023-30786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Benj ...)
+ TODO: check
+CVE-2023-30785 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
+ TODO: check
+CVE-2023-30784 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-30783
RESERVED
-CVE-2023-30782
- RESERVED
+CVE-2023-30782 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Andy Moy ...)
+ TODO: check
CVE-2023-30781
RESERVED
CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30779
- RESERVED
+CVE-2023-30779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Jonathan ...)
+ TODO: check
CVE-2023-30778 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
TODO: check
CVE-2023-30777 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WP Engin ...)
@@ -13754,10 +13810,10 @@ CVE-2023-2124 (An out-of-bounds memory access flaw
was found in the Linux kernel
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE:
https://lore.kernel.org/linux-xfs/20230412214034.gl3223...@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
NOTE:
https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1)
-CVE-2023-2123
- RESERVED
-CVE-2023-2122
- RESERVED
+CVE-2023-2123 (The WP Inventory Manager WordPress plugin before 2.1.0.13 does
not san ...)
+ TODO: check
+CVE-2023-2122 (The Image Optimizer by 10web WordPress plugin before 1.0.27
does not s ...)
+ TODO: check
CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff
viewer ...)
NOT-FOR-US: HashiCorp Vault
CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is
vulnerable to Re ...)
@@ -14873,8 +14929,8 @@ CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in El
NOT-FOR-US: WordPress plugin
CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian
Evang Ultima ...)
NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow
-CVE-2023-30473
- RESERVED
+CVE-2023-30473 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Maxim Gl ...)
+ TODO: check
CVE-2023-30472
RESERVED
CVE-2023-30471
@@ -14920,8 +14976,8 @@ CVE-2023-1979 (The Web Stories for WordPress plugin
supports the WordPress built
NOT-FOR-US: WordPress plugin
CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1977
- RESERVED
+CVE-2023-1977 (The Booking Manager WordPress plugin before 2.0.29 does not
validate U ...)
+ TODO: check
CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository
answerdev/ans ...)
NOT-FOR-US: answer
CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub
repository ...)
@@ -20757,8 +20813,8 @@ CVE-2023-1467 (A vulnerability classified as critical
has been found in SourceCo
NOT-FOR-US: SourceCodester Student Study Center Desk Management System
CVE-2023-1466 (A vulnerability was found in SourceCodester Student Study
Center Desk ...)
NOT-FOR-US: SourceCodester Student Study Center Desk Management System
-CVE-2023-1465
- RESERVED
+CVE-2023-1465 (The WP EasyPay WordPress plugin before 4.1 does not escape some
genera ...)
+ TODO: check
CVE-2023-1464 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Medicine Tracker System
CVE-2023-1463 (Authorization Bypass Through User-Controlled Key in GitHub
repository ...)
@@ -22321,8 +22377,8 @@ CVE-2023-28077
RESERVED
CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or
risky crypt ...)
NOT-FOR-US: Dell
-CVE-2023-28075
- RESERVED
+CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in
BIOS. A ...)
+ TODO: check
CVE-2023-28074
RESERVED
CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A
locally ...)
@@ -24484,8 +24540,8 @@ CVE-2023-1112 (A vulnerability was found in Drag and
Drop Multiple File Upload C
NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form
CVE-2023-1111
RESERVED
-CVE-2023-1110
- RESERVED
+CVE-2023-1110 (The Yellow Yard Searchbar WordPress plugin before 2.8.12 does
not vali ...)
+ TODO: check
CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on
Android ...)
{DSA-5328-1}
- chromium 109.0.5414.119-1
@@ -31966,8 +32022,8 @@ CVE-2023-0581 (The PrivateContent plugin for WordPress
is vulnerable to protecti
NOT-FOR-US: PrivateContent plugin for WordPress
CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB
My Cont ...)
NOT-FOR-US: ABB
-CVE-2023-0579
- RESERVED
+CVE-2023-0579 (The YARPP WordPress plugin before 5.30.3 does not validate and
escape ...)
+ TODO: check
CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: ASOS
CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -32541,8 +32597,8 @@ CVE-2023-0553 (The Quick Restaurant Menu plugin for
WordPress is vulnerable to S
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not
proper ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0551
- RESERVED
+CVE-2023-0551 (The REST API TO MiniProgram WordPress plugin through 4.6.1 does
not ha ...)
+ TODO: check
CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to
Insecu ...)
NOT-FOR-US: Quick Restaurant Menu plugin for WordPress
CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an
Incorrect Pr ...)
@@ -35787,8 +35843,8 @@ CVE-2023-0276 (The Weaver Xtreme Theme Support
WordPress plugin before 6.2.7 doe
NOT-FOR-US: WordPress plugin
CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before
4.9.10 doe ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0274
- RESERVED
+CVE-2023-0274 (The URL Params WordPress plugin before 2.5 does not validate
and escap ...)
+ TODO: check
CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2
does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate
and esca ...)
@@ -38986,8 +39042,8 @@ CVE-2023-0060 (The Responsive Gallery Grid WordPress
plugin before 2.3.9 does no
NOT-FOR-US: WordPress plugin
CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and
escape ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0058
- RESERVED
+CVE-2023-0058 (The Tiempo.com WordPress plugin through 0.1.2 does not have
CSRF check ...)
+ TODO: check
CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub
reposit ...)
- pyload <itp> (bug #1001980)
CVE-2023-0056 (An uncontrolled resource consumption vulnerability was
discovered in H ...)
@@ -40319,8 +40375,8 @@ CVE-2022-4784 (The Hueman Addons WordPress plugin
through 2.3.3 does not validat
NOT-FOR-US: WordPress plugin
CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does
not vali ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4782
- RESERVED
+CVE-2022-4782 (The ClickFunnels WordPress plugin through 3.1.1 does not
validate and ...)
+ TODO: check
CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does
not valid ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded
credential ...)
@@ -42595,7 +42651,7 @@ CVE-2023-22051 (Vulnerability in the Oracle GraalVM
Enterprise Edition, Oracle G
CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator
product of ...)
NOT-FOR-US: Oracle
CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-8 8u382-ga-1
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
@@ -42606,7 +42662,7 @@ CVE-2023-22047 (Vulnerability in the PeopleSoft
Enterprise PeopleTools product o
CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.34-1 (bug #1041819)
CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-8 8u382-ga-1
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
@@ -42619,7 +42675,7 @@ CVE-2023-22043 (Vulnerability in Oracle Java SE
(component: JavaFX). The suppo
CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
NOT-FOR-US: Oracle
CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
@@ -42631,7 +42687,7 @@ CVE-2023-22038 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop
Integrator produc ...)
NOT-FOR-US: Oracle
CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle
E-Business Sui ...)
@@ -42693,7 +42749,7 @@ CVE-2023-22008 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.34-1 (bug #1041819)
CVE-2023-22006 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -42771,13 +42827,13 @@ CVE-2023-21970 (Vulnerability in the Oracle BI
Publisher product of Oracle Analy
CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component:
Installation). Supp ...)
NOT-FOR-US: Oracle
CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -42807,7 +42863,7 @@ CVE-2023-21956 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -42841,19 +42897,19 @@ CVE-2023-21941 (Vulnerability in the Oracle BI
Publisher product of Oracle Analy
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -42871,7 +42927,7 @@ CVE-2023-21932 (Vulnerability in the Oracle Hospitality
OPERA 5 Property Service
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
- {DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -53432,6 +53488,7 @@ CVE-2023-20869 (VMware Workstation (17.x) and VMware
Fusion (13.x) contain a sta
CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability
due to a ...)
NOT-FOR-US: VMware
CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail
to authen ...)
+ {DLA-3531-1}
- open-vm-tools 2:12.2.5-1 (bug #1037546)
[bookworm] - open-vm-tools <no-dsa> (Minor issue)
[bullseye] - open-vm-tools <no-dsa> (Minor issue)
@@ -209369,8 +209426,8 @@ CVE-2020-26039
RESERVED
CVE-2020-26038
RESERVED
-CVE-2020-26037
- RESERVED
+CVE-2020-26037 (Directory Traversal vulnerability in Server functionalty in
Even Balan ...)
+ TODO: check
CVE-2020-26036
RESERVED
CVE-2020-26035 (An issue was discovered in Zammad before 3.4.1. There is
Stored XSS vi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3118d130388a63e36fc720bb88583fcf26ce77e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3118d130388a63e36fc720bb88583fcf26ce77e3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
