Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d2e30a4d by security tracker role at 2023-07-12T20:12:55+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,52 +1,164 @@ -CVE-2023-37965 +CVE-2023-3644 (A vulnerability was found in SourceCodester Service Provider Managemen ...) + TODO: check +CVE-2023-3643 (A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been c ...) + TODO: check +CVE-2023-3642 (A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 an ...) + TODO: check +CVE-2023-3641 (A vulnerability has been found in khodakhah NodCMS 3.4.1 and classifie ...) + TODO: check +CVE-2023-3635 (GzipSource does not handle an exception that might be raised when pars ...) + TODO: check +CVE-2023-3596 (Where this vulnerability exists in the Rockwell Automation 1756-EN4* E ...) + TODO: check +CVE-2023-3595 (Where this vulnerability exists in the Rockwell Automation 1756 EN2* a ...) + TODO: check +CVE-2023-3106 (A NULL pointer dereference vulnerability was found in netlink_dump. Th ...) + TODO: check +CVE-2023-38069 (In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be sup ...) + TODO: check +CVE-2023-38068 (In JetBrains YouTrack before 2023.1.16597 captcha was not properly val ...) + TODO: check +CVE-2023-38067 (In JetBrains TeamCity before 2023.05.1 build parameters of the "passwo ...) + TODO: check +CVE-2023-38066 (In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer h ...) + TODO: check +CVE-2023-38065 (In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the bu ...) + TODO: check +CVE-2023-38064 (In JetBrains TeamCity before 2023.05.1 build chain parameters of the " ...) + TODO: check +CVE-2023-38063 (In JetBrains TeamCity before 2023.05.1 stored XSS while running custom ...) + TODO: check +CVE-2023-38062 (In JetBrains TeamCity before 2023.05.1 parameters of the "password" ty ...) + TODO: check +CVE-2023-38061 (In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom ...) + TODO: check +CVE-2023-38046 (A vulnerability exists in Palo Alto Networks PAN-OS software that enab ...) + TODO: check +CVE-2023-37630 (Online Piggery Management System 1.0 is vulnerable to Cross Site Scrip ...) + TODO: check +CVE-2023-37629 (Online Piggery Management System 1.0 is vulnerable to File Upload. An ...) + TODO: check +CVE-2023-37628 (Online Piggery Management System 1.0 is vulnerable to SQL Injection.) + TODO: check +CVE-2023-37627 (Code-projects Online Restaurant Management System 1.0 is vulnerable to ...) + TODO: check +CVE-2023-37582 (The RocketMQ NameServer component still has a remote command execution ...) + TODO: check +CVE-2023-37456 (The session restore helper crashed whenever there was no parameter sen ...) + TODO: check +CVE-2023-37455 (The permission request prompt from the site in the background tab was ...) + TODO: check +CVE-2023-36266 (An issue was discovered in Keeper Password Manager for Desktop version ...) + TODO: check +CVE-2023-33905 (In iwnpi server, there is a possible out of bounds write due to a miss ...) + TODO: check +CVE-2023-33904 (In hci_server, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2023-33903 (In FM service, there is a possible missing params check. This could l ...) + TODO: check +CVE-2023-33902 (In bluetooth service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33901 (In bluetooth service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33900 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33899 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33898 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33897 (In libimpl-ril, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-33896 (In libimpl-ril, there is a possible out of bounds write due to a missi ...) + TODO: check +CVE-2023-33895 (In fastDial service, there is a missing permission check. This could l ...) + TODO: check +CVE-2023-33894 (In fastDial service, there is a missing permission check. This could l ...) + TODO: check +CVE-2023-33893 (In fastDial service, there is a missing permission check. This could l ...) + TODO: check +CVE-2023-33892 (In fastDial service, there is a missing permission check. This could l ...) + TODO: check +CVE-2023-33891 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33890 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33889 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33888 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33887 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33886 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33885 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33884 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33883 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33882 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33881 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-33880 (In music service, there is a missing permission check. This could lead ...) + TODO: check +CVE-2023-33879 (In music service, there is a missing permission check. This could lead ...) + TODO: check +CVE-2023-33668 (DigiExam up to v14.0.2 lacks integrity checks for native modules, allo ...) + TODO: check +CVE-2023-32789 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-32788 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-37965 (A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and e ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37964 +CVE-2023-37964 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBo ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37963 +CVE-2023-37963 (A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37962 +CVE-2023-37962 (A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37961 +CVE-2023-37961 (A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37960 +CVE-2023-37960 (Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37959 +CVE-2023-37959 (A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37958 +CVE-2023-37958 (A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37957 +CVE-2023-37957 (A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37956 +CVE-2023-37956 (A missing permission check in Jenkins Test Results Aggregator Plugin 1 ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37955 +CVE-2023-37955 (A cross-site request forgery (CSRF) vulnerability in Jenkins Test Resu ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37954 +CVE-2023-37954 (A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37953 +CVE-2023-37953 (A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier a ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37952 +CVE-2023-37952 (A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plug ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37951 +CVE-2023-37951 (Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate co ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37950 +CVE-2023-37950 (A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier a ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37949 +CVE-2023-37949 (A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 a ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37948 +CVE-2023-37948 (Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37947 +CVE-2023-37947 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier i ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37946 +CVE-2023-37946 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier d ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37945 +CVE-2023-37945 (A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37944 +CVE-2023-37944 (A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37943 +CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require ...) NOT-FOR-US: Jenkins plugin -CVE-2023-37942 +CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earl ...) NOT-FOR-US: Jenkins plugin -CVE-2023-3618 +CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can lead to ...) - tiff <unfixed> (bug #1040945) [bookworm] - tiff <no-dsa> (Minor issue) [bullseye] - tiff <no-dsa> (Minor issue) @@ -190,7 +302,7 @@ CVE-2020-36752 (The Coming Soon & Maintenance Mode Page plugin for WordPress is NOT-FOR-US: Coming Soon & Maintenance Mode Page plugin for WordPress CVE-2020-36750 (The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-S ...) NOT-FOR-US: EWWW Image Optimizer plugin for WordPress -CVE-2023-37579 +CVE-2023-37579 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Pulsar CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/su ...) NOT-FOR-US: SuiteCRM core @@ -601,9 +713,9 @@ CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark Innovationsis TODO: check CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through ...) TODO: check -CVE-2023-36543 +CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...) - airflow <itp> (bug #819700) -CVE-2023-35908 +CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow <itp> (bug #819700) CVE-2023-XXXX [ESNET-SECADV-2023-0001: iperf3 memory allocation hazard and crash] - iperf3 3.14-1 (bug #1040830) @@ -665,7 +777,7 @@ CVE-2023-31405 (SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE NOT-FOR-US: SAP CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...) NOT-FOR-US: PHPGurukul Online Shopping Portal -CVE-2023-3600 +CVE-2023-3600 (During the worker lifecycle, a use-after-free condition could have occ ...) - firefox 115.0.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/#CVE-2023-3600 CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...) @@ -3727,6 +3839,7 @@ CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an u CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) NOT-FOR-US: AMI BMC CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ...) + {DLA-3494-1} [experimental] - ruby-doorkeeper 5.6.6-1 - ruby-doorkeeper <unfixed> (bug #1038950) NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w @@ -8274,8 +8387,7 @@ CVE-2023-31009 RESERVED CVE-2023-31008 RESERVED -CVE-2023-31007 - RESERVED +CVE-2023-31007 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Pulsar CVE-2023-31006 RESERVED @@ -8405,66 +8517,66 @@ CVE-2023-30944 (The vulnerability was found Moodle which exists due to insuffici - moodle <removed> CVE-2023-30943 (The vulnerability was found Moodle which exists because the applicatio ...) - moodle <removed> -CVE-2023-30942 - RESERVED -CVE-2023-30941 - RESERVED -CVE-2023-30940 - RESERVED -CVE-2023-30939 - RESERVED -CVE-2023-30938 - RESERVED -CVE-2023-30937 - RESERVED -CVE-2023-30936 - RESERVED -CVE-2023-30935 - RESERVED -CVE-2023-30934 - RESERVED -CVE-2023-30933 - RESERVED -CVE-2023-30932 - RESERVED -CVE-2023-30931 - RESERVED -CVE-2023-30930 - RESERVED -CVE-2023-30929 - RESERVED -CVE-2023-30928 - RESERVED -CVE-2023-30927 - RESERVED -CVE-2023-30926 - RESERVED -CVE-2023-30925 - RESERVED -CVE-2023-30924 - RESERVED -CVE-2023-30923 - RESERVED -CVE-2023-30922 - RESERVED -CVE-2023-30921 - RESERVED -CVE-2023-30920 - RESERVED -CVE-2023-30919 - RESERVED -CVE-2023-30918 - RESERVED -CVE-2023-30917 - RESERVED -CVE-2023-30916 - RESERVED +CVE-2023-30942 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30941 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30940 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30939 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30938 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30937 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30936 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30935 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30934 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30933 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30932 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30931 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30930 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30929 (In telephony service, there is a possible missing permission check. Th ...) + TODO: check +CVE-2023-30928 (In telephony service, there is a possible missing permission check. Th ...) + TODO: check +CVE-2023-30927 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30926 (In opm service, there is a missing permission check. This could lead t ...) + TODO: check +CVE-2023-30925 (In opm service, there is a missing permission check. This could lead t ...) + TODO: check +CVE-2023-30924 (In messaging service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30923 (In messaging service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30922 (In messaging service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30921 (In messaging service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30920 (In messaging service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30919 (In messaging service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30918 (In telephony service, there is a missing permission check. This could ...) + TODO: check +CVE-2023-30917 (In DMService, there is a possible missing permission check. This could ...) + TODO: check +CVE-2023-30916 (In DMService, there is a possible missing permission check. This could ...) + TODO: check CVE-2023-30915 (In email service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc CVE-2023-30914 (In email service, there is a missing permission check. This could lead ...) NOT-FOR-US: Unisoc -CVE-2023-30913 - RESERVED +CVE-2023-30913 (In telephony service, there is a missing permission check. This could ...) + TODO: check CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...) NOT-FOR-US: microweber CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) @@ -9834,10 +9946,10 @@ CVE-2022-48453 RESERVED CVE-2022-48452 RESERVED -CVE-2022-48451 - RESERVED -CVE-2022-48450 - RESERVED +CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write due to r ...) + TODO: check +CVE-2022-48450 (In bluetooth service, there is a possible missing params check. This ...) + TODO: check CVE-2022-48449 RESERVED CVE-2022-48448 (In telephony service, there is a possible missing permission check. Th ...) @@ -10333,11 +10445,9 @@ CVE-2012-10012 (A vulnerability has been found in BestWebSoft Facebook Like Butt NOT-FOR-US: BestWebSoft CVE-2009-10004 (A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has ...) NOT-FOR-US: Turante Sandbox Theme -CVE-2023-30429 - RESERVED +CVE-2023-30429 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Pulsar -CVE-2023-30428 - RESERVED +CVE-2023-30428 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) NOT-FOR-US: Apache Pulsar CVE-2023-30427 RESERVED @@ -12759,8 +12869,8 @@ CVE-2023-29415 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A d - bzip3 1.2.2-2 (bug #1034177) NOTE: https://github.com/kspalaiologos/bzip3/issues/95 NOTE: https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465 (1.3.0) -CVE-2023-29414 - RESERVED +CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer ...) + TODO: check CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability exists t ...) @@ -13153,30 +13263,30 @@ CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earl NOT-FOR-US: Adobe CVE-2023-29320 RESERVED -CVE-2023-29319 - RESERVED -CVE-2023-29318 - RESERVED -CVE-2023-29317 - RESERVED -CVE-2023-29316 - RESERVED -CVE-2023-29315 - RESERVED -CVE-2023-29314 - RESERVED -CVE-2023-29313 - RESERVED -CVE-2023-29312 - RESERVED -CVE-2023-29311 - RESERVED -CVE-2023-29310 - RESERVED -CVE-2023-29309 - RESERVED -CVE-2023-29308 - RESERVED +CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29317 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29316 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29315 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29314 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29313 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29312 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29311 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29310 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29309 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check +CVE-2023-29308 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + TODO: check CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2023-29306 @@ -13189,14 +13299,14 @@ CVE-2023-29303 RESERVED CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) NOT-FOR-US: Adobe -CVE-2023-29301 - RESERVED -CVE-2023-29300 - RESERVED +CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) + TODO: check +CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) + TODO: check CVE-2023-29299 RESERVED -CVE-2023-29298 - RESERVED +CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) + TODO: check CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) NOT-FOR-US: Adobe CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) @@ -33035,11 +33145,9 @@ CVE-2023-22890 (SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticate NOT-FOR-US: SmartBear Zephyr Enterprise CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined inp ...) NOT-FOR-US: SmartBear Zephyr Enterprise -CVE-2023-22888 - RESERVED +CVE-2023-22888 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow <itp> (bug #819700) -CVE-2023-22887 - RESERVED +CVE-2023-22887 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow <itp> (bug #819700) CVE-2023-22886 (Improper Input Validation vulnerability in Apache Software Foundation ...) NOT-FOR-US: Apache Airflow JDBC Provider @@ -41288,8 +41396,7 @@ CVE-2022-46663 (In GNU Less before 609, crafted data can result in "less -R" not NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/7 NOTE: Introduced by: https://github.com/gwsw/less/commit/0f810ef16781bf0f59690be63af876bddabf68bf (v566) NOTE: Fixed by: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c -CVE-2022-46651 - RESERVED +CVE-2022-46651 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) - airflow <itp> (bug #819700) CVE-2022-46650 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...) NOT-FOR-US: ALEOS @@ -43674,8 +43781,7 @@ CVE-2022-45857 (An incorrect user management vulnerability [CWE-286] in the Fort NOT-FOR-US: Fortinet CVE-2022-45856 RESERVED -CVE-2022-45855 - RESERVED +CVE-2022-45855 (SpringEL injection in the metrics source in Apache Ambari version 2.7. ...) NOT-FOR-US: Apache Ambari CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...) NOT-FOR-US: Zyxel @@ -51341,14 +51447,14 @@ CVE-2023-20212 RESERVED CVE-2023-20211 RESERVED -CVE-2023-20210 - RESERVED +CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated, loca ...) + TODO: check CVE-2023-20209 RESERVED CVE-2023-20208 RESERVED -CVE-2023-20207 - RESERVED +CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...) + TODO: check CVE-2023-20206 RESERVED CVE-2023-20205 @@ -51391,8 +51497,8 @@ CVE-2023-20187 RESERVED CVE-2023-20186 RESERVED -CVE-2023-20185 - RESERVED +CVE-2023-20185 (A vulnerability in the Cisco ACI Multi-Site CloudSec encryption featur ...) + TODO: check CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) NOT-FOR-US: Cisco CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) @@ -51523,7 +51629,7 @@ CVE-2023-20121 (Multiple vulnerabilities in the restricted shell of Cisco Evolve NOT-FOR-US: Cisco CVE-2023-20120 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco -CVE-2023-20119 (Multiple vulnerabilities in the web-based management interface of Cisc ...) +CVE-2023-20119 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2023-20118 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco @@ -51551,7 +51657,7 @@ CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG) NOT-FOR-US: Cisco CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) NOT-FOR-US: Cisco -CVE-2023-20105 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...) +CVE-2023-20105 (A vulnerability in the change password functionality of Cisco Expressw ...) NOT-FOR-US: Cisco CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...) NOT-FOR-US: Cisco @@ -57349,8 +57455,7 @@ CVE-2022-42010 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916 CVE-2022-3390 RESERVED -CVE-2022-42009 - RESERVED +CVE-2022-42009 (SpringEL injection in the server agent in Apache Ambari version 2.7.0 ...) NOT-FOR-US: Apache Ambari CVE-2022-3389 (Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.) - rdiffweb <itp> (bug #969974) @@ -69893,7 +69998,7 @@ CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate NOT-FOR-US: WordPress plugin CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storag ...) NOT-FOR-US: Hitachi -CVE-2022-2636 (Improper Input Validation in GitHub repository hestiacp/hestiacp prior ...) +CVE-2022-2636 (Improper Control of Generation of Code ('Code Injection') in GitHub re ...) NOT-FOR-US: Hestia Control Panel CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...) NOT-FOR-US: WordPress plugin @@ -120436,8 +120541,8 @@ CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlie NOT-FOR-US: Adobe CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) NOT-FOR-US: Adobe -CVE-2021-44696 - RESERVED +CVE-2021-44696 (Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bo ...) + TODO: check CVE-2021-44695 (A vulnerability has been identified in SIMATIC Drive Controller CPU 15 ...) NOT-FOR-US: Siemens CVE-2021-44694 (A vulnerability has been identified in SIMATIC Drive Controller CPU 15 ...) @@ -124576,14 +124681,14 @@ CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and b NOT-FOR-US: Adobe CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...) NOT-FOR-US: Adobe -CVE-2021-43760 - RESERVED -CVE-2021-43759 - RESERVED -CVE-2021-43758 - RESERVED -CVE-2021-43757 - RESERVED +CVE-2021-43760 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + TODO: check +CVE-2021-43759 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + TODO: check +CVE-2021-43758 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + TODO: check +CVE-2021-43757 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + TODO: check CVE-2021-43756 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) NOT-FOR-US: Adobe CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) @@ -217776,8 +217881,8 @@ CVE-2020-20023 RESERVED CVE-2020-20022 RESERVED -CVE-2020-20021 - RESERVED +CVE-2020-20021 (An issue discovered in MikroTik Router v6.46.3 and earlier allows atta ...) + TODO: check CVE-2020-20020 RESERVED CVE-2020-20019 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2e30a4de9d57f8d70d046e8d19c394fef9c0648 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2e30a4de9d57f8d70d046e8d19c394fef9c0648 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits