Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20a17e2e by security tracker role at 2023-08-29T20:12:45+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to
116.0.5845.140 ...)
+ TODO: check
+CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support
Option 1 ...)
+ TODO: check
+CVE-2023-41376 (Nokia Service Router Operating System (SR OS) 22.10 and SR
Linux, when ...)
+ TODO: check
+CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain
high pr ...)
+ TODO: check
+CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP
protocol. In ...)
+ TODO: check
+CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the
lookup_seque ...)
+ TODO: check
+CVE-2023-40889 (A heap-based buffer overflow exists in the
qr_reader_match_centers fun ...)
+ TODO: check
+CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters
submitt ...)
+ TODO: check
+CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to
multiple de ...)
+ TODO: check
+CVE-2023-3253 (An improper authorization vulnerability exists where an
authenticated, ...)
+ TODO: check
+CVE-2023-3252 (An arbitrary file write vulnerability exists where an
authenticated, r ...)
+ TODO: check
+CVE-2023-3251 (A pass-back vulnerability exists where an authenticated, remote
attack ...)
+ TODO: check
+CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web
interface ...)
+ TODO: check
+CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular
expression ...)
+ TODO: check
+CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid
read mem ...)
+ TODO: check
+CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain a global
buffer over ...)
+ TODO: check
+CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected
versions ...)
+ TODO: check
+CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead
to unau ...)
+ TODO: check
+CVE-2023-39267 (An authenticated remote code execution vulnerability exists in
the com ...)
+ TODO: check
+CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface
could a ...)
+ TODO: check
+CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow
a remote ...)
+ TODO: check
+CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data
(length ...)
+ TODO: check
+CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass
vulnera ...)
+ TODO: check
CVE-2023-4585
- firefox <unfixed>
- firefox-esr <unfixed>
@@ -3392,7 +3438,7 @@ CVE-2023-3663 (In CODESYS Development System versions
from 3.5.11.20 and before
NOT-FOR-US: Codesys
CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior
to 3.5. ...)
NOT-FOR-US: Codesys
-CVE-2023-3348 (The Wrangler command line tool (<=wrangler@3.1.0) was affected
by a di ...)
+CVE-2023-3348 (The Wrangler command line tool (<=wrangler@3.1.0 or
<=wrangler@2.20.1) ...)
NOT-FOR-US: Wrangler
CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
NOT-FOR-US: Mitsubishi
@@ -32866,8 +32912,8 @@ CVE-2023-0656 (A Stack-based buffer overflow
vulnerability in the SonicOS allows
NOT-FOR-US: SonicOS
CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could
permit a ...)
NOT-FOR-US: SonicWall
-CVE-2023-0654
- RESERVED
+CVE-2023-0654 (Due to a misconfiguration, the WARP Mobile Client (< 6.29) for
Android ...)
+ TODO: check
CVE-2023-0653
RESERVED
CVE-2023-0652 (Due to a hardlink created in the ProgramData folder during the
repair ...)
@@ -34314,8 +34360,8 @@ CVE-2023-24550 (A vulnerability has been identified in
Solid Edge SE2022 (All ve
NOT-FOR-US: Siemens
CVE-2023-24549 (A vulnerability has been identified in Solid Edge SE2022 (All
versions ...)
NOT-FOR-US: Siemens
-CVE-2023-24548
- RESERVED
+CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN
configured, malfor ...)
+ TODO: check
CVE-2023-24547
RESERVED
CVE-2023-24546 (On affected versions of the CloudVision Portal improper access
control ...)
@@ -36594,16 +36640,16 @@ CVE-2014-125083 (A vulnerability has been found in
Anant Labs google-enterprise-
NOT-FOR-US: Anant Labs google-enterprise-connect
CVE-2013-10014 (A vulnerability classified as critical has been found in
oktora24 2moo ...)
NOT-FOR-US: oktora24 2moons
-CVE-2023-23774
- RESERVED
-CVE-2023-23773
- RESERVED
-CVE-2023-23772
- RESERVED
-CVE-2023-23771
- RESERVED
-CVE-2023-23770
- RESERVED
+CVE-2023-23774 (Motorola EBTS/MBTS Site Controller drops to debug prompt on
unhandled ...)
+ TODO: check
+CVE-2023-23773 (Motorola EBTS/MBTS Base Radio fails to check firmware
authenticity. Th ...)
+ TODO: check
+CVE-2023-23772 (Motorola MBTS Site Controller fails to check firmware update
authentic ...)
+ TODO: check
+CVE-2023-23771 (Motorola MBTS Base Radio accepts hard-coded backdoor password.
The Mot ...)
+ TODO: check
+CVE-2023-23770 (Motorola MBTS Site Controller accepts hard-coded backdoor
password. Th ...)
+ TODO: check
CVE-2023-23769
RESERVED
CVE-2023-23768
@@ -37739,8 +37785,8 @@ CVE-2023-0240 (There is a logic error in io_uring's
implementation which can be
NOTE: https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93
CVE-2023-0239
RESERVED
-CVE-2023-0238
- RESERVED
+CVE-2023-0238 (Due to lack of a security policy, the WARP Mobile Client
(<=6.29) for ...)
+ TODO: check
CVE-2023-0237
REJECTED
CVE-2023-0236 (The Tutor LMS WordPress plugin before 2.0.10 does not sanitise
and esc ...)
@@ -55046,8 +55092,8 @@ CVE-2023-20892 (The vCenter Server contains a heap
overflow vulnerability due to
NOT-FOR-US: VMware
CVE-2023-20891 (The VMware Tanzu Application Service for VMs and Isolation
Segment con ...)
NOT-FOR-US: VMware
-CVE-2023-20890
- RESERVED
+CVE-2023-20890 (Aria Operations for Networks contains an arbitrary file write
vulnerab ...)
+ TODO: check
CVE-2023-20889 (Aria Operations for Networks contains an information
disclosure vulner ...)
NOT-FOR-US: VMware
CVE-2023-20888 (Aria Operations for Networks contains an authenticated
deserialization ...)
@@ -163709,8 +163755,8 @@ CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1
before 3.1.10, and 3.2 before 3
NOTE: Only an issue in combination with python3.9 3.9.5+
CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL
injection via ...)
NOT-FOR-US: Hexagon G!nius Auskunftsportal
-CVE-2021-32050
- RESERVED
+CVE-2021-32050 (Some MongoDB Drivers may erroneously publish events containing
authent ...)
+ TODO: check
CVE-2021-32049
RESERVED
CVE-2021-32048
@@ -171078,7 +171124,7 @@ CVE-2021-29392
RESERVED
CVE-2021-29391
RESERVED
-CVE-2021-29390 (libjpeg-turbo version 2.0.90 is vulnerable to a
heap-buffer-overflow v ...)
+CVE-2021-29390 (libjpeg-turbo version 2.0.90 has a heap-based buffer over-read
(2 byte ...)
- libjpeg-turbo <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943797
TODO: check, no sensible information and RHBZ#1943797 is restricted
@@ -179858,8 +179904,8 @@ CVE-2021-3264 (SQL Injection vulnerability in cxuucms
3.1 ivia the pid parameter
NOT-FOR-US: cxuucms
CVE-2021-3263
RESERVED
-CVE-2021-3262
- RESERVED
+CVE-2021-3262 (TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084
NovusEDU-2.2. ...)
+ TODO: check
CVE-2021-3261
RESERVED
CVE-2021-3260
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20a17e2e4385c1539c3cdcf90d76de39ccb1955d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20a17e2e4385c1539c3cdcf90d76de39ccb1955d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
