Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f80ffec6 by security tracker role at 2023-06-13T20:12:34+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,93 @@ +CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.) + TODO: check +CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...) + TODO: check +CVE-2023-3050 (Reliance on Cookies without Validation and Integrity Checking in a Sec ...) + TODO: check +CVE-2023-3049 (Unrestricted Upload of File with Dangerous Type vulnerability in TMT L ...) + TODO: check +CVE-2023-3048 (Authorization Bypass Through User-Controlled Key vulnerability in TMT ...) + TODO: check +CVE-2023-3047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-35064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-34965 (SSPanel-Uim 2023.3 does not restrict access to the /link/ interface wh ...) + TODO: check +CVE-2023-34249 (benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd ...) + TODO: check +CVE-2023-34247 (Keystone is a content management system for Node.JS. There is an open ...) + TODO: check +CVE-2023-34122 (Improper input validation in the installer for Zoom for Windows clien ...) + TODO: check +CVE-2023-34121 (Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom V ...) + TODO: check +CVE-2023-34120 (Improper privilege management in Zoom for Windows, Zoom Rooms for Wind ...) + TODO: check +CVE-2023-34115 (Buffer copy without checking size of input in Zoom Meeting SDK befor ...) + TODO: check +CVE-2023-34114 (Exposure of resource to wrong sphere in Zoom for Windows and Zoom for ...) + TODO: check +CVE-2023-34113 (Insufficient verification of data authenticity in Zoom for Windows cl ...) + TODO: check +CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + TODO: check +CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + TODO: check +CVE-2023-33919 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + TODO: check +CVE-2023-33695 (Hutool v5.8.17 and below was discovered to contain an information disc ...) + TODO: check +CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication ...) + TODO: check +CVE-2023-33620 (GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its ...) + TODO: check +CVE-2023-33568 (An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attacke ...) + TODO: check +CVE-2023-33305 (A loop with unreachable exit condition ('infinite loop') in Fortinet F ...) + TODO: check +CVE-2023-33124 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) + TODO: check +CVE-2023-33123 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) + TODO: check +CVE-2023-33122 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) + TODO: check +CVE-2023-33121 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) + TODO: check +CVE-2023-32548 (OS command injection vulnerability exists in WPS Office version 10.8.0 ...) + TODO: check +CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop Application (M ...) + TODO: check +CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the \u2018B ...) + TODO: check +CVE-2023-31439 (An issue was discovered in systemd 253. An attacker can modify the con ...) + TODO: check +CVE-2023-31438 (An issue was discovered in systemd 253. An attacker can truncate a sea ...) + TODO: check +CVE-2023-31437 (An issue was discovered in systemd 253. An attacker can modify a seale ...) + TODO: check +CVE-2023-31198 (OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If ...) + TODO: check +CVE-2023-31196 (Missing authentication for critical function in Wi-Fi AP UNIT allows a ...) + TODO: check +CVE-2023-31195 (ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 use ...) + TODO: check +CVE-2023-30766 (Hidden functionality issue exists in KB-AHR series and KB-IRIP series. ...) + TODO: check +CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and KB-IRIP ...) + TODO: check +CVE-2023-30762 (Improper authentication vulnerability exists in KB-AHR series and KB-I ...) + TODO: check +CVE-2023-2807 (Authentication Bypass by Spoofing vulnerability in the password reset ...) + TODO: check +CVE-2023-29501 (Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, an ...) + TODO: check +CVE-2023-29498 (Improper restriction of XML external entity reference (XXE) vulnerabil ...) + TODO: check +CVE-2023-29167 (Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. ...) + TODO: check +CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader ...) + TODO: check CVE-2023-XXXX [Parsing of KeyInfo elements can cause remote resource access] - xmltooling <unfixed> NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt @@ -1594,16 +1684,16 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0. NOT-FOR-US: OpenEMR CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) NOT-FOR-US: OpenEMR -CVE-2023-3217 +CVE-2023-3217 (Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allow ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-3216 +CVE-2023-3216 (Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-3215 +CVE-2023-3215 (Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allo ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-3214 +CVE-2023-3214 (Use after free in Autofill payments in Google Chrome prior to 114.0.57 ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-3079 (Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed ...) @@ -3827,8 +3917,8 @@ CVE-2023-31251 CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file paths in ...) - drupal7 <removed> NOTE: https://www.drupal.org/sa-core-2023-005 -CVE-2023-31238 - RESERVED +CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) + TODO: check CVE-2023-31237 RESERVED CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...) @@ -4829,8 +4919,8 @@ CVE-2023-30903 RESERVED CVE-2023-30902 RESERVED -CVE-2023-30901 - RESERVED +CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) + TODO: check CVE-2023-30900 RESERVED CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...) @@ -4850,8 +4940,8 @@ CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kerne NOTE: https://git.kernel.org/linus/92fbb6d1296f81f41f65effd7f5f8c0f74943d15 (6.3-rc4) CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...) - mattermost-server <itp> (bug #823556) -CVE-2023-30897 - RESERVED +CVE-2023-30897 (A vulnerability has been identified in SIMATIC WinCC (All versions < V ...) + TODO: check CVE-2023-2192 RESERVED CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...) @@ -5455,8 +5545,8 @@ CVE-2023-30770 (A stack-based buffer overflow vulnerability was found in the ASU CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) communic ...) - dogecoin <unfixed> (bug #1034806) NOTE: https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks -CVE-2023-30757 - RESERVED +CVE-2023-30757 (A vulnerability has been identified in Totally Integrated Automation P ...) + TODO: check CVE-2023-30756 RESERVED CVE-2023-30755 @@ -7068,8 +7158,8 @@ CVE-2023-30181 RESERVED CVE-2023-30180 RESERVED -CVE-2023-30179 - RESERVED +CVE-2023-30179 (CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injectio ...) + TODO: check CVE-2023-30178 RESERVED CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker ...) @@ -8368,8 +8458,8 @@ CVE-2023-29564 RESERVED CVE-2023-29563 RESERVED -CVE-2023-29562 - RESERVED +CVE-2023-29562 (TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack ov ...) + TODO: check CVE-2023-29561 RESERVED CVE-2023-29560 @@ -9769,14 +9859,14 @@ CVE-2023-29180 RESERVED CVE-2023-29179 RESERVED -CVE-2023-29178 - RESERVED +CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in Fortinet ...) + TODO: check CVE-2023-29177 RESERVED CVE-2023-29176 RESERVED -CVE-2023-29175 - RESERVED +CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...) + TODO: check CVE-2023-29174 RESERVED CVE-2023-29173 @@ -9918,8 +10008,8 @@ CVE-2023-29131 RESERVED CVE-2023-29130 RESERVED -CVE-2023-29129 - RESERVED +CVE-2023-29129 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) + TODO: check CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) NOT-FOR-US: Siemens CVE-2023-29127 @@ -10442,8 +10532,8 @@ CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions vulnerab NOT-FOR-US: Juniper CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...) - gitlab 15.10.8+ds1-2 -CVE-2023-1707 - RESERVED +CVE-2023-1707 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...) + TODO: check CVE-2023-1706 REJECTED CVE-2023-1705 @@ -11002,8 +11092,8 @@ CVE-2023-28831 RESERVED CVE-2023-28830 RESERVED -CVE-2023-28829 - RESERVED +CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V14 (Al ...) + TODO: check CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2023-28827 @@ -11731,8 +11821,8 @@ CVE-2023-28622 RESERVED CVE-2023-28621 RESERVED -CVE-2023-28620 - RESERVED +CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...) + TODO: check CVE-2023-28619 RESERVED CVE-2023-28618 @@ -11913,18 +12003,18 @@ CVE-2023-1480 (A vulnerability classified as critical was found in SourceCodeste NOT-FOR-US: SourceCodester Monitoring of Students Cyber Accounts System CVE-2023-1479 (A vulnerability classified as critical has been found in SourceCodeste ...) NOT-FOR-US: SourceCodester Simple Music Player -CVE-2023-28603 - RESERVED -CVE-2023-28602 - RESERVED -CVE-2023-28601 - RESERVED -CVE-2023-28600 - RESERVED -CVE-2023-28599 - RESERVED -CVE-2023-28598 - RESERVED +CVE-2023-28603 (Zoom VDI client installer prior to 5.14.0 contains an improper access ...) + TODO: check +CVE-2023-28602 (Zoom for Windows clients prior to 5.13.5 contain an improper verificat ...) + TODO: check +CVE-2023-28601 (Zoom for Windows clients prior to 5.14.0 contain an improper restricti ...) + TODO: check +CVE-2023-28600 (Zoom for MacOSclients prior to 5.14.0 contain an improper access contr ...) + TODO: check +CVE-2023-28599 (Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. ...) + TODO: check +CVE-2023-28598 (Zoom for Linux clients prior to 5.13.10 contain an HTML injection vul ...) + TODO: check CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust boundary implem ...) NOT-FOR-US: Zoom CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version 5.13.5 contai ...) @@ -12971,8 +13061,8 @@ CVE-2023-28305 (Windows DNS Server Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28304 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-28303 - RESERVED +CVE-2023-28303 (Windows Snipping Tool Information Disclosure Vulnerability) + TODO: check CVE-2023-28302 (Microsoft Message Queuing Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28301 (Microsoft Edge (Chromium-based) Tampering Vulnerability) @@ -13962,14 +14052,14 @@ CVE-2023-28002 RESERVED CVE-2023-28001 RESERVED -CVE-2023-28000 - RESERVED +CVE-2023-28000 (An improper neutralization of special elements used in an OS command v ...) + TODO: check CVE-2023-27999 (An improper neutralization of special elements used in an OS command v ...) NOT-FOR-US: FortiGuard CVE-2023-27998 RESERVED -CVE-2023-27997 - RESERVED +CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS versio ...) + TODO: check CVE-2023-27996 RESERVED CVE-2023-27995 (A improper neutralization of special elements used in a template engin ...) @@ -14645,10 +14735,10 @@ CVE-2023-27839 RESERVED CVE-2023-27838 RESERVED -CVE-2023-27837 - RESERVED -CVE-2023-27836 - RESERVED +CVE-2023-27837 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...) + TODO: check +CVE-2023-27836 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...) + TODO: check CVE-2023-27835 RESERVED CVE-2023-27834 @@ -15111,8 +15201,8 @@ CVE-2023-27626 RESERVED CVE-2023-27625 RESERVED -CVE-2023-27624 - RESERVED +CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + TODO: check CVE-2023-27623 RESERVED CVE-2023-27622 @@ -15659,8 +15749,8 @@ CVE-2023-27467 RESERVED CVE-2023-27466 RESERVED -CVE-2023-27465 - RESERVED +CVE-2023-27465 (A vulnerability has been identified in SIMOTION C240 (All versions >= ...) + TODO: check CVE-2023-27464 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...) NOT-FOR-US: Siemens CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) @@ -17934,8 +18024,8 @@ CVE-2023-26540 RESERVED CVE-2023-26539 RESERVED -CVE-2023-26538 - RESERVED +CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...) + TODO: check CVE-2023-26537 RESERVED CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...) @@ -17954,8 +18044,8 @@ CVE-2023-26530 RESERVED CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dupe ...) NOT-FOR-US: WordPress plugin -CVE-2023-26528 - RESERVED +CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...) + TODO: check CVE-2023-26527 RESERVED CVE-2023-26526 @@ -18938,20 +19028,20 @@ CVE-2023-26212 RESERVED CVE-2023-26211 RESERVED -CVE-2023-26210 - RESERVED +CVE-2023-26210 (Multiple improper neutralization of special elements used in an os com ...) + TODO: check CVE-2023-26209 (A improper restriction of excessive authentication attempts vulnerabil ...) NOT-FOR-US: FortiGuard CVE-2023-26208 (A improper restriction of excessive authentication attempts vulnerabil ...) NOT-FOR-US: FortiGuard -CVE-2023-26207 - RESERVED +CVE-2023-26207 (An insertion of sensitive information into log file vulnerability in F ...) + TODO: check CVE-2023-26206 RESERVED CVE-2023-26205 RESERVED -CVE-2023-26204 - RESERVED +CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...) + TODO: check CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F ...) NOT-FOR-US: FortiGuard CVE-2023-26202 @@ -19578,8 +19668,8 @@ CVE-2023-25980 RESERVED CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...) NOT-FOR-US: WordPress plugin -CVE-2023-25978 - RESERVED +CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate ...) + TODO: check CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...) NOT-FOR-US: WordPress plugin CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...) @@ -19606,8 +19696,8 @@ CVE-2023-25966 RESERVED CVE-2023-25965 RESERVED -CVE-2023-25964 - RESERVED +CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...) + TODO: check CVE-2023-25963 RESERVED CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...) @@ -19762,8 +19852,8 @@ CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows NOT-FOR-US: Danfoss AK-EM100 CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...) NOT-FOR-US: Danfoss AK-EM100 -CVE-2023-25910 - RESERVED +CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...) + TODO: check CVE-2023-0872 RESERVED CVE-2023-0871 @@ -20905,8 +20995,8 @@ CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vuln NOT-FOR-US: Fortinet CVE-2023-25610 RESERVED -CVE-2023-25609 - RESERVED +CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...) + TODO: check CVE-2023-25608 RESERVED CVE-2023-25607 @@ -25957,8 +26047,8 @@ CVE-2023-23833 RESERVED CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...) NOT-FOR-US: WordPress plugin -CVE-2023-23831 - RESERVED +CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...) NOT-FOR-US: WordPress plugin CVE-2023-23829 @@ -29987,8 +30077,8 @@ CVE-2023-22641 (A url redirection to untrusted site ('open redirect') in Fortine NOT-FOR-US: Fortinet CVE-2023-22640 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...) NOT-FOR-US: FortiGuard -CVE-2023-22639 - RESERVED +CVE-2023-22639 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...) + TODO: check CVE-2023-22638 (Several improper neutralization of inputs during web page generation v ...) NOT-FOR-US: FortiGuard CVE-2023-22637 (An improper neutralization of input during web page generation ('Cross ...) @@ -29999,8 +30089,8 @@ CVE-2023-22635 (A download of code without Integrity check vulnerability [CWE-49 NOT-FOR-US: Fortinet CVE-2023-22634 RESERVED -CVE-2023-22633 - RESERVED +CVE-2023-22633 (An improper permissions, privileges, and access controls vulnerability ...) + TODO: check CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid within ...) NOT-FOR-US: OpenHarmony CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...) @@ -35041,8 +35131,8 @@ CVE-2022-47378 (Multiple CODESYS products in multiple versions are prone to a im NOT-FOR-US: CODESYS CVE-2022-47377 (Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 w ...) NOT-FOR-US: SICK SIM2000ST Partnumber 2086502 -CVE-2022-47376 - RESERVED +CVE-2022-47376 (The Alaris Infusion Central software, versions 1.1 to 1.3.2, may conta ...) + TODO: check CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides install ...) NOT-FOR-US: Squirrel.Windows CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate a ...) @@ -44488,8 +44578,8 @@ CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a sta NOT-FOR-US: VMware CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...) NOT-FOR-US: VMware -CVE-2023-20867 - RESERVED +CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail to authen ...) + TODO: check CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...) NOT-FOR-US: Spring Session CVE-2023-20865 (VMware Aria Operations for Logs contains a command injection vulnerabi ...) @@ -47790,16 +47880,16 @@ CVE-2022-43955 (An improper neutralization of input during web page generation [ NOT-FOR-US: Fortinet CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...) NOT-FOR-US: Fortinet -CVE-2022-43953 - RESERVED +CVE-2022-43953 (A use of externally-controlled format string in Fortinet FortiOS versi ...) + TODO: check CVE-2022-43952 (An improper neutralization of input during web page generation ('Cross ...) NOT-FOR-US: Fortinet CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: Fortinet CVE-2022-43950 (A URL redirection to untrusted site ('Open Redirect') vulnerability [C ...) NOT-FOR-US: FortiGuard -CVE-2022-43949 - RESERVED +CVE-2022-43949 (A use of a broken or risky cryptographic algorithm [CWE-327] in Forti ...) + TODO: check CVE-2022-43948 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet CVE-2022-43947 (Animproper restriction of excessive authentication attempts vulnerabil ...) @@ -48469,8 +48559,8 @@ CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9. NOT-FOR-US: Concrete CMS CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users when an ...) NOT-FOR-US: CKAN -CVE-2022-43684 - RESERVED +CVE-2022-43684 (ServiceNow has released patches and an upgrade that address an Access ...) + TODO: check CVE-2022-43683 RESERVED CVE-2022-43682 @@ -48947,9 +49037,9 @@ CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions NOTE: Fixed by: https://github.com/nodejs/node/commit/2b433af094fb79cf80f086038b7f36342cb6826f (v14.x) CVE-2022-43547 RESERVED -CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) +CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) NOT-FOR-US: Siemens -CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) +CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) NOT-FOR-US: Siemens CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) NOT-FOR-US: Aruba @@ -49062,7 +49152,7 @@ CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings [buster] - node-sqlite3 <not-affected> (Vulnerable code not present) NOTE: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74 NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781 (v5.1.5) -CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) +CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) NOT-FOR-US: Siemens CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect Authorization ...) NOT-FOR-US: EasyTest @@ -49078,8 +49168,8 @@ CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Qui NOT-FOR-US: WordPress plugin CVE-2022-42882 RESERVED -CVE-2022-42880 - RESERVED +CVE-2022-42880 (Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Uplo ...) + TODO: check CVE-2022-42699 (Auth. Remote Code Execution vulnerability inEasy WP SMTP plugin <= 1.5 ...) NOT-FOR-US: WordPress plugin CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Brid ...) @@ -49455,7 +49545,7 @@ CVE-2022-3592 (A symlink following vulnerability was found in Samba, where a use NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html CVE-2022-43399 REJECTED -CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) +CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) NOT-FOR-US: Siemens CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...) NOT-FOR-US: Siemens @@ -52009,16 +52099,16 @@ CVE-2022-42482 RESERVED CVE-2022-42481 RESERVED -CVE-2022-42478 - RESERVED +CVE-2022-42478 (An Improper Restriction of Excessive Authentication Attempts [CWE-307] ...) + TODO: check CVE-2022-42477 (An improper input validation vulnerability [CWE-20] in FortiAnalyzer v ...) NOT-FOR-US: Fortinet CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...) NOT-FOR-US: Fortinet CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122]in FortiOS SSL-VPN ...) NOT-FOR-US: FortiOS SSL-VPN -CVE-2022-42474 - RESERVED +CVE-2022-42474 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...) + TODO: check CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...) NOT-FOR-US: FortiGuard CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('http res ...) @@ -54361,15 +54451,15 @@ CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vuln NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...) NOT-FOR-US: Siemens -CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...) +CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens -CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...) +CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens -CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...) +CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens -CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...) +CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens -CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...) +CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens CVE-2022-41656 RESERVED @@ -54563,6 +54653,7 @@ CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a compan CVE-2022-3342 RESERVED CVE-2022-3341 (A null pointer dereference issue was discovered in 'FFmpeg' in decode_ ...) + {DLA-3454-1} - ffmpeg 7:5.1-1 [bullseye] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.3.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157054 @@ -55250,8 +55341,8 @@ CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vu NOT-FOR-US: Fortinet CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...) NOT-FOR-US: Fortinet -CVE-2022-41327 - RESERVED +CVE-2022-41327 (A cleartext transmission of sensitive information vulnerability [CWE-3 ...) + TODO: check CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...) - gitlab <not-affected> (Only affects Gitlab EE) CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) @@ -55841,7 +55932,7 @@ CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege Vulnera NOT-FOR-US: Microsoft CVE-2022-41124 RESERVED -CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...) +CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft @@ -55927,11 +56018,11 @@ CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability.) NOT-FOR-US: Microsoft CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) NOT-FOR-US: Microsoft -CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability. This C ...) +CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...) +CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft -CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is uniqu ...) +CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft @@ -55985,7 +56076,7 @@ CVE-2022-41053 (Windows Kerberos Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41052 (Windows Graphics Component Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2022-41051 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability.) +CVE-2022-41051 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2022-41050 (Windows Extensible File Allocation Table Elevation of Privilege Vulner ...) NOT-FOR-US: Microsoft @@ -58698,8 +58789,8 @@ CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in Fo NOT-FOR-US: Fortinet CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet -CVE-2022-39946 - RESERVED +CVE-2022-39946 (An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 an ...) + TODO: check CVE-2022-39945 (An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, ...) NOT-FOR-US: FortiGuard CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deser ...) @@ -59089,7 +59180,7 @@ CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rt [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1) CVE-2022-3109 (An issue was discovered in the FFmpeg package, where vp3_decode_frame ...) - {DSA-5394-1} + {DSA-5394-1 DLA-3454-1} - ffmpeg 7:5.1-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 (n5.1) NOTE: https://github.com/FFmpeg/FFmpeg/commit/7694a44baaaa4786995590a8ba2b16acd8ef8177 (n4.3.6) @@ -60727,7 +60818,7 @@ CVE-2022-39138 (A vulnerability has been identified in Parasolid V33.1 (All vers NOT-FOR-US: Siemens CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) NOT-FOR-US: Siemens -CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.4 ...) +CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) NOT-FOR-US: Siemens CVE-2022-39135 (In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NOD ...) NOT-FOR-US: Apache Calcite @@ -75752,8 +75843,8 @@ CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regex NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5 CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor vulnerab ...) NOT-FOR-US: FortiGuard -CVE-2022-33877 - RESERVED +CVE-2022-33877 (An incorrect default permission [CWE-276] vulnerability in FortiClient ...) + TODO: check CVE-2022-33876 (Multiple instances of improper input validation vulnerability in Forti ...) NOT-FOR-US: FortiGuard CVE-2022-33875 (An improper neutralization of special elements used in an SQL Command ...) @@ -81534,16 +81625,16 @@ CVE-2022-31641 RESERVED CVE-2022-31640 RESERVED -CVE-2022-31639 - RESERVED -CVE-2022-31638 - RESERVED -CVE-2022-31637 - RESERVED -CVE-2022-31636 - RESERVED -CVE-2022-31635 - RESERVED +CVE-2022-31639 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + TODO: check +CVE-2022-31638 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + TODO: check +CVE-2022-31637 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + TODO: check +CVE-2022-31636 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + TODO: check +CVE-2022-31635 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + TODO: check CVE-2022-31634 RESERVED CVE-2022-31633 @@ -82228,7 +82319,7 @@ CVE-2022-31467 (A DLL hijacking vulnerability in the installed for Quick Heal To NOT-FOR-US: Quick Heal Total Security CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total ...) NOT-FOR-US: Quick Heal Total Security -CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer (All version ...) +CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer VX.2.10 (All ...) NOT-FOR-US: Siemens CVE-2022-31464 (Insecure permissions configuration in Adaware Protect v1.2.439.4251 al ...) NOT-FOR-US: Adaware @@ -90825,8 +90916,8 @@ CVE-2022-28552 (Cscms 4.1 is vulnerable to SQL Injection. Log into the backgroun NOT-FOR-US: Cscms CVE-2022-28551 RESERVED -CVE-2022-28550 - RESERVED +CVE-2022-28550 (Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via ...) + TODO: check CVE-2022-28549 RESERVED CVE-2022-28548 @@ -363617,7 +363708,7 @@ CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic < NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic < V3.1 ...) NOT-FOR-US: Siemens / TeleControl Server Basic -CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...) +CVE-2018-4834 (A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All ver ...) NOT-FOR-US: Desigo CVE-2018-4833 (A vulnerability has been identified in RFID 181EIP (All versions), RUG ...) NOT-FOR-US: Siemens View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80ffec6e5584bd620bae46bce47005534994bfb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80ffec6e5584bd620bae46bce47005534994bfb You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits