[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 01 Jun 2023 01:12:17 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9cc09a3c by security tracker role at 2023-06-01T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-3029 (A vulnerability has been found in Guangdong Pythagorean OA 
Office Syst ...)
+       TODO: check
+CVE-2023-3028 (Insufficient authentication in the MQTT backend (broker) allows 
an att ...)
+       TODO: check
+CVE-2023-3026 (Cross-site Scripting (XSS) - Stored in GitHub repository 
jgraph/drawio ...)
+       TODO: check
+CVE-2023-34312 (In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, 
QQProte ...)
+       TODO: check
+CVE-2023-33778 (Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, 
Access Poin ...)
+       TODO: check
+CVE-2023-33719 (mp4v2 v2.1.3 was discovered to contain a memory leak via 
MP4SdpAtom::R ...)
+       TODO: check
+CVE-2023-33716 (mp4v2 v2.1.3 was discovered to contain a memory leak via the 
class MP4 ...)
+       TODO: check
+CVE-2023-33643 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33642 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33641 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33640 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33639 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33638 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33637 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33636 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33635 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33634 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33633 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33632 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33631 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33630 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33629 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33628 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33627 (H3C Magic R300 version R300-2100MV100R004 was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-33461 (iniparser v4.1 is vulnerable to NULL Pointer Dereference in 
function i ...)
+       TODO: check
+CVE-2023-30758 (Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and 
earlier  ...)
+       TODO: check
+CVE-2023-29159 (Directory traversal vulnerability in Starlette versions 0.13.5 
and lat ...)
+       TODO: check
+CVE-2023-29154 (SQL injection vulnerability exists in the CONPROSYS HMI System 
(CHS) v ...)
+       TODO: check
+CVE-2023-28937 (DataSpider Servista version 4.4 and earlier uses a hard-coded 
cryptogr ...)
+       TODO: check
+CVE-2023-28824 (Server-side request forgery vulnerability exists in CONPROSYS 
HMI Syst ...)
+       TODO: check
+CVE-2023-28713 (Plaintext storage of a password exists in CONPROSYS HMI System 
(CHS) v ...)
+       TODO: check
+CVE-2023-28657 (Improper access control vulnerability exists in CONPROSYS HMI 
System ( ...)
+       TODO: check
+CVE-2023-28651 (Cross-site scripting vulnerability exists in CONPROSYS HMI 
System (CHS ...)
+       TODO: check
+CVE-2023-28399 (Incorrect permission assignment for critical resource exists 
in CONPRO ...)
+       TODO: check
+CVE-2018-25086 (A vulnerability was found in sea75300 FanPress CM up to 3.6.3. 
It has  ...)
+       TODO: check
+CVE-2010-10010 (A vulnerability classified as problematic has been found in 
Stars Alli ...)
+       TODO: check
 CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository 
mkucej/i-libr ...)
        TODO: check
 CVE-2023-3020 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
mkucej/i-l ...)
@@ -207,7 +279,7 @@ CVE-2023-32218 (Avaya IX Workforce Engagement v15.2.7.1195 
- CWE-601: URL Redire
        NOT-FOR-US: Avaya
 CVE-2023-2994
        REJECTED
-CVE-2023-2985 [fs: hfsplus: fix UAF issue in hfsplus_put_super]
+CVE-2023-2985 (A use after free flaw was found in hfsplus_put_super in 
fs/hfsplus/sup ...)
        - linux 6.1.20-1
        [bullseye] - linux 5.10.178-1
        [buster] - linux 4.19.282-1
@@ -224,7 +296,7 @@ CVE-2023-2979 (A vulnerability classified as critical has 
been found in Abstrium
        NOT-FOR-US: Abstrium Pydio Cells
 CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has 
been r ...)
        NOT-FOR-US: Abstrium Pydio Cells
-CVE-2023-2977
+CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a 
buffer  ...)
        - opensc <unfixed>
        NOTE: https://github.com/OpenSC/OpenSC/issues/2785
        NOTE: https://github.com/OpenSC/OpenSC/pull/2787
@@ -878,7 +950,7 @@ CVE-2023-32373
        NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
 CVE-2023-32350 (Versions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT 
router firm ...)
        NOT-FOR-US: Teltonika
-CVE-2023-32349 (Versions 00.07.00 through 00.07.03.4 of Teltonika\u2019s RUT 
router fi ...)
+CVE-2023-32349 (Version 00.07.03.4 and prior of Teltonika\u2019s RUT router 
firmware c ...)
        NOT-FOR-US: Teltonika
 CVE-2023-32348 (Teltonika\u2019s Remote Management System versions prior to 
4.10.0 con ...)
        NOT-FOR-US: Teltonika
@@ -2083,7 +2155,7 @@ CVE-2023-2609 (NULL Pointer Dereference in GitHub 
repository vim/vim prior to 9.
        NOTE: https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622
        NOTE: 
https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad 
(v9.0.1531)
        NOTE: Crash in CLI tool, no security impact
-CVE-2023-2598 [io_uring/rsrc: check for nonconsecutive pages]
+CVE-2023-2598 (A flaw was found in the fixed buffer registration code for 
io_uring (i ...)
        - linux <not-affected> (Vulnerable code not present)
        NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/3
        NOTE: 
https://git.kernel.org/linus/776617db78c6d208780e7c69d4d68d1fa82913de (6.4-rc1)
@@ -6717,8 +6789,8 @@ CVE-2023-29750
        RESERVED
 CVE-2023-29749
        RESERVED
-CVE-2023-29748
-       RESERVED
+CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for 
Android has an ...)
+       TODO: check
 CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for 
Android exists ...)
        TODO: check
 CVE-2023-29746
@@ -20755,8 +20827,8 @@ CVE-2023-25074
        RESERVED
 CVE-2023-24590
        RESERVED
-CVE-2023-24584
-       RESERVED
+CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the 
Controller  ...)
+       TODO: check
 CVE-2023-23584
        RESERVED
 CVE-2023-23576
@@ -24294,14 +24366,14 @@ CVE-2023-23957
        RESERVED
 CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will 
be exec ...)
        TODO: check
-CVE-2023-23955
-       RESERVED
-CVE-2023-23954
-       RESERVED
-CVE-2023-23953
-       RESERVED
-CVE-2023-23952
-       RESERVED
+CVE-2023-23955 (Advanced Secure Gateway and Content Analysis, prior to 
7.3.13.1 / 3.1. ...)
+       TODO: check
+CVE-2023-23954 (Advanced Secure Gateway and Content Analysis, prior to 
7.3.13.1 / 3.1. ...)
+       TODO: check
+CVE-2023-23953 (Advanced Secure Gateway and Content Analysis, prior to 
7.3.13.1 / 3.1. ...)
+       TODO: check
+CVE-2023-23952 (Advanced Secure Gateway and Content Analysis, prior to 
7.3.13.1 / 3.1. ...)
+       TODO: check
 CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the 
current user b ...)
        NOT-FOR-US: Symantec
 CVE-2023-23950 (User\u2019s supplied input (usually a CRLF sequence) can be 
used to sp ...)
@@ -35567,10 +35639,10 @@ CVE-2022-4335 (A blind SSRF vulnerability was 
identified in all versions of GitL
        - gitlab <not-affected> (Specific to EE)
 CVE-2022-4334
        REJECTED
-CVE-2022-4333
-       RESERVED
-CVE-2022-4332
-       RESERVED
+CVE-2022-4333 (Hardcoded Credentials in multiple SPRECON-E CPU variants of 
Sprecher A ...)
+       TODO: check
+CVE-2022-4332 (In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x 
avulnera ...)
+       TODO: check
 CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not 
sanitise and ...)
@@ -68674,7 +68746,7 @@ CVE-2022-35826 (Visual Studio Remote Code Execution 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
-CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability. This 
CVE ID i ...)
+CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2022-35823 (Microsoft SharePoint Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
@@ -68838,8 +68910,8 @@ CVE-2022-35744 (Windows Point-to-Point Protocol (PPP) 
Remote Code Execution Vuln
        TODO: check
 CVE-2022-35743 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code 
Execution ...)
        TODO: check
-CVE-2022-35742
-       RESERVED
+CVE-2022-35742 (Microsoft Outlook Denial of Service Vulnerability)
+       TODO: check
 CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user 
logged into  ...)
        NOT-FOR-US: ESET
 CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost 
version ...)
@@ -71875,9 +71947,9 @@ CVE-2022-34688
        RESERVED
 CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
-CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. 
This CVE  ...)
+CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability)
        NOT-FOR-US: Microsoft
-CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability. 
This CVE  ...)
+CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2022-34684 (NVIDIA GPU Display Driver for Linux contains a vulnerability 
in the ke ...)
        - nvidia-graphics-drivers 510.108.03-1 (bug #1025279)
@@ -74947,7 +75019,7 @@ CVE-2022-33648 (Microsoft Excel Remote Code Execution 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability)
        NOT-FOR-US: Microsoft
-CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability.)
+CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability.)
        NOT-FOR-US: Microsoft
@@ -101513,7 +101585,7 @@ CVE-2022-24518 (Azure Site Recovery Elevation of 
Privilege Vulnerability. This C
        NOT-FOR-US: Microsoft
 CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability. This 
CVE ID i ...)
        NOT-FOR-US: Microsoft
-CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege 
Vulnerability. This C ...)
+CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability. This 
CVE ID  ...)
        NOT-FOR-US: Microsoft
@@ -101591,7 +101663,7 @@ CVE-2022-24479 (Connected User Experiences and 
Telemetry Elevation of Privilege
        NOT-FOR-US: Microsoft
 CVE-2022-24478
        RESERVED
-CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege 
Vulnerability. This C ...)
+CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2022-24476
        RESERVED
@@ -112993,9 +113065,9 @@ CVE-2022-21982
        RESERVED
 CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege 
Vulnerabi ...)
        NOT-FOR-US: Microsoft
-CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege 
Vulnerability. This C ...)
+CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
        NOT-FOR-US: Microsoft
-CVE-2022-21979 (Microsoft Exchange Information Disclosure Vulnerability. This 
CVE ID i ...)
+CVE-2022-21979 (Microsoft Exchange Server Information Disclosure Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege 
Vulnerability.)
        NOT-FOR-US: Microsoft



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc09a3c20cba0fdbbb616f81b44392020855d26

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cc09a3c20cba0fdbbb616f81b44392020855d26
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to