Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b3dfab70 by security tracker role at 2023-07-07T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,8 +1,84 @@ +CVE-2023-3544 (A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP ...) + TODO: check +CVE-2023-3543 (A vulnerability was found in GZ Scripts Availability Booking Calendar ...) + TODO: check +CVE-2023-3542 (A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as ...) + TODO: check +CVE-2023-3541 (A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classifie ...) + TODO: check +CVE-2023-3540 (A vulnerability, which was classified as problematic, was found in Sim ...) + TODO: check +CVE-2023-3539 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-3538 (A vulnerability classified as problematic was found in SimplePHPscript ...) + TODO: check +CVE-2023-3537 (A vulnerability classified as problematic has been found in SimplePHPs ...) + TODO: check +CVE-2023-3536 (A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. ...) + TODO: check +CVE-2023-3535 (A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It h ...) + TODO: check +CVE-2023-3534 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...) + TODO: check +CVE-2023-37308 (Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username ...) + TODO: check +CVE-2023-37264 (Tekton Pipelines project provides k8s-style resources for declaring CI ...) + TODO: check +CVE-2023-37173 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2023-37172 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2023-37171 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + TODO: check +CVE-2023-37170 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an u ...) + TODO: check +CVE-2023-37149 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + TODO: check +CVE-2023-37148 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + TODO: check +CVE-2023-37146 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + TODO: check +CVE-2023-37145 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + TODO: check +CVE-2023-37144 (Tenda AC10 v15.03.06.26 was discovered to contain a command injection ...) + TODO: check +CVE-2023-37067 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + TODO: check +CVE-2023-37066 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + TODO: check +CVE-2023-37065 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + TODO: check +CVE-2023-37064 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + TODO: check +CVE-2023-37063 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + TODO: check +CVE-2023-37062 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + TODO: check +CVE-2023-37061 (Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege acco ...) + TODO: check +CVE-2023-36994 (In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installat ...) + TODO: check +CVE-2023-36993 (The cryptographically insecure random number generator being used in T ...) + TODO: check +CVE-2023-36992 (PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the ...) + TODO: check +CVE-2023-36256 (The Online Examination System Project 1.0 version is vulnerable to Cro ...) + TODO: check +CVE-2023-36201 (An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker ...) + TODO: check +CVE-2023-34197 (Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP ...) + TODO: check +CVE-2023-33715 (A buffer overflow in ACDSee Free v2.0.2.227 allows attackers to cause ...) + TODO: check +CVE-2023-33664 (ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a S ...) + TODO: check +CVE-2023-32183 (Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed ...) + TODO: check CVE-2023-34442 NOT-FOR-US: Apache Camel JIRA CVE-2023-35887 NOT-FOR-US: Apache Mina SSHD -CVE-2023-33008 +CVE-2023-33008 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) NOT-FOR-US: Apache Johnzon CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...) NOT-FOR-US: Outline @@ -338,6 +414,7 @@ CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs sh - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212 CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ...) + {DSA-5450-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird <unfixed> @@ -351,6 +428,7 @@ CVE-2023-37209 (A use-after-free condition existed in `NotifyOnHistoryReload` wh - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209 CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that these f ...) + {DSA-5450-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird <unfixed> @@ -358,6 +436,7 @@ CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that t NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208 CVE-2023-37207 (A website could have obscured the fullscreen notification by using a U ...) + {DSA-5450-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird <unfixed> @@ -377,6 +456,7 @@ CVE-2023-37203 (Insufficient validation in the Drag and Drop API in conjunction - firefox 115.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203 CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have caused ...) + {DSA-5450-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird <unfixed> @@ -384,6 +464,7 @@ CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202 CVE-2023-37201 (An attacker could have triggered a use-after-free condition when creat ...) + {DSA-5450-1} - firefox 115.0-1 - firefox-esr 102.13.0esr-1 - thunderbird <unfixed> @@ -427,6 +508,7 @@ CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Googl CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...) NOT-FOR-US: TWinSoft Configuration Tool CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles acces ...) + {DLA-3483-1} - nsis <unfixed> [bookworm] - nsis <no-dsa> (Minor issue) [bullseye] - nsis <no-dsa> (Minor issue) @@ -10238,8 +10320,8 @@ CVE-2023-30000 RESERVED CVE-2023-29999 RESERVED -CVE-2023-29998 - RESERVED +CVE-2023-29998 (A Cross-site scripting (XSS) vulnerability in the content editor in Gi ...) + TODO: check CVE-2023-29997 RESERVED CVE-2023-29996 (In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occur ...) @@ -17481,8 +17563,8 @@ CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 NOT-FOR-US: PrestaShop CVE-2023-27846 RESERVED -CVE-2023-27845 - RESERVED +CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs before v ...) + TODO: check CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and ...) NOT-FOR-US: PrestaShop CVE-2023-27843 (SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 a ...) @@ -24896,8 +24978,8 @@ CVE-2023-25203 RESERVED CVE-2023-25202 RESERVED -CVE-2023-25201 - RESERVED +CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit A ...) + TODO: check CVE-2023-25200 RESERVED CVE-2023-25199 @@ -39740,8 +39822,7 @@ CVE-2022-4363 RESERVED CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...) NOT-FOR-US: WordPress plugin -CVE-2022-4361 - RESERVED +CVE-2022-4361 (Keycloak, an open-source identity and access management solution, has ...) NOT-FOR-US: Keycloak CVE-2022-4360 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...) NOT-FOR-US: WordPress plugin @@ -43633,7 +43714,7 @@ CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly va NOT-FOR-US: WordPress plugin CVE-2022-4060 (The User Post Gallery WordPress plugin through 2.19 does not limit wha ...) NOT-FOR-US: WordPress plugin -CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin through 1.8.1 does no ...) +CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not s ...) NOT-FOR-US: WordPress plugin CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not vali ...) NOT-FOR-US: WordPress plugin @@ -50391,8 +50472,8 @@ CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software NOT-FOR-US: Cisco CVE-2023-20181 RESERVED -CVE-2023-20180 - RESERVED +CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings could all ...) + TODO: check CVE-2023-20179 RESERVED CVE-2023-20178 (A vulnerability in the client update process of Cisco AnyConnect Secur ...) @@ -50485,8 +50566,8 @@ CVE-2023-20135 RESERVED CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco -CVE-2023-20133 - RESERVED +CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings could all ...) + TODO: check CVE-2023-20132 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2023-20131 (Multiple vulnerabilities in the web-based management interface of Cisc ...) @@ -138249,8 +138330,8 @@ CVE-2021-39016 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6 NOT-FOR-US: IBM CVE-2021-39015 (IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7. ...) NOT-FOR-US: IBM -CVE-2021-39014 - RESERVED +CVE-2021-39014 (IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site s ...) + TODO: check CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...) NOT-FOR-US: IBM CVE-2021-39012 @@ -151128,15 +151209,15 @@ CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain fu NOT-FOR-US: Alibaba Druid CVE-2021-33799 RESERVED -CVE-2021-33798 - RESERVED +CVE-2021-33798 (A null pointer dereference was found in libpano13, version libpano13-2 ...) + TODO: check CVE-2021-33797 (Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1 ...) - mujs 1.1.3-2 [bullseye] - mujs <no-dsa> (Minor issue) NOTE: https://github.com/ccxvii/mujs/issues/148 NOTE: https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550 (1.1.2) -CVE-2021-33796 - RESERVED +CVE-2021-33796 (In MuJS before version 1.1.2, a use-after-free flaw in the regexp sour ...) + TODO: check CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 @@ -154612,10 +154693,10 @@ CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any NOT-FOR-US: SICK SOPAS ET CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...) NOT-FOR-US: SICK Visionary-S CX -CVE-2021-32495 - RESERVED -CVE-2021-32494 - RESERVED +CVE-2021-32495 (Radare2 has a use-after-free vulnerability in pyc parser's get_none_ob ...) + TODO: check +CVE-2021-32494 (Radare2 has a division by zero vulnerability in Mach-O parser's rebase ...) + TODO: check CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...) NOT-FOR-US: Yubico yubihsm-shell CVE-2021-32488 @@ -245679,8 +245760,8 @@ CVE-2020-8936 (An arbitrary memory overwrite vulnerability in Asylo versions up NOT-FOR-US: Asylo CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo -CVE-2020-8934 - RESERVED +CVE-2020-8934 (The Site Kit by Google plugin for WordPress is vulnerable to Sensitive ...) + TODO: check CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages <removed> (bug #987353) [buster] - google-compute-image-packages <ignored> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3dfab705b5a74f86e357dd2b33775799bc94708 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3dfab705b5a74f86e357dd2b33775799bc94708 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits