Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: a6908d47 by security tracker role at 2023-07-14T20:12:24+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,67 @@ +CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.) + TODO: check +CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webment ...) + TODO: check +CVE-2023-3633 (An out-of-bounds writevulnerability in Bitdefender Engines on Windows ...) + TODO: check +CVE-2023-3434 (Improper Input Validation in the hyperlink interpretation inSavoir-fai ...) + TODO: check +CVE-2023-3433 (The "nickname" field within Savoir-faire Linux's Jami application is s ...) + TODO: check +CVE-2023-38325 (The cryptography package before 41.0.2 for Python mishandles SSH certi ...) + TODO: check +CVE-2023-38253 (An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str fun ...) + TODO: check +CVE-2023-38252 (An out-of-bounds read flaw was found in w3m, in the Strnew_size functi ...) + TODO: check +CVE-2023-37474 (Copyparty is a portable file server. Versions prior to 1.8.2 are subje ...) + TODO: check +CVE-2023-37473 (zenstruck/collections is a set of helpers for iterating/paginating/fil ...) + TODO: check +CVE-2023-37224 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...) + TODO: check +CVE-2023-37223 (Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6 ...) + TODO: check +CVE-2023-36888 (Microsoft Edge for Android (Chromium-based) Tampering Vulnerability) + TODO: check +CVE-2023-36887 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + TODO: check +CVE-2023-36883 (Microsoft Edge for iOS Spoofing Vulnerability) + TODO: check +CVE-2023-36850 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...) + TODO: check +CVE-2023-36849 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + TODO: check +CVE-2023-36848 (An Improper Handling of Undefined Values vulnerability in the periodic ...) + TODO: check +CVE-2023-36840 (A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) o ...) + TODO: check +CVE-2023-36838 (An Out-of-bounds Read vulnerability in the flow processing daemon (flo ...) + TODO: check +CVE-2023-36836 (A Use of an Uninitialized Resource vulnerability in the routing protoc ...) + TODO: check +CVE-2023-36835 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + TODO: check +CVE-2023-36834 (An Incomplete Internal State Distinction vulnerability in the packet f ...) + TODO: check +CVE-2023-36833 (A Use After Free vulnerability in the packet forwarding engine (PFE) o ...) + TODO: check +CVE-2023-36832 (An Improper Handling of Exceptional Conditions vulnerability in packet ...) + TODO: check +CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + TODO: check +CVE-2023-36119 (File upload vulnerability in PHPGurukul Online Security Guards Hiring ...) + TODO: check +CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible way to se ...) + TODO: check +CVE-2023-32761 (Cross Site Request Forgery (CSRF) vulnerability in Archer Platform bef ...) + TODO: check +CVE-2023-32760 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...) + TODO: check +CVE-2023-32759 (An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6. ...) + TODO: check +CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug that c ...) + TODO: check CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...) - froxlor <itp> (bug #581792) CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...) @@ -921,7 +985,7 @@ CVE-2023-32054 (Volume Shadow Copy Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32053 (Windows Installer Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-32052 (Microsoft Power Apps Spoofing Vulnerability) +CVE-2023-32052 (Microsoft Power Apps (online) Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-32051 (Raw Image Extension Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft @@ -3484,6 +3548,7 @@ CVE-2023-2784 (Mattermost fails to verify if the requestor is a sysadmin or not, CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided in th ...) - mattermost-server <itp> (bug #823556) CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...) + {DSA-5452-1} - gpac <unfixed> [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/ @@ -5289,6 +5354,7 @@ CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2. NOTE: https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073 NOTE: https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594 CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) + {DSA-5452-1} - gpac <unfixed> [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69 @@ -14584,8 +14650,8 @@ CVE-2023-28987 RESERVED CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...) NOT-FOR-US: WordPress plugin -CVE-2023-28985 - RESERVED +CVE-2023-28985 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) + TODO: check CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning Manager ...) NOT-FOR-US: Juniper CVE-2023-28983 (An OS Command Injection vulnerability in gRPC Network Operations Inter ...) @@ -15055,6 +15121,7 @@ CVE-2023-28864 CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of ...) NOT-FOR-US: AMI CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...) + {DLA-3496-1} - lemonldap-ng 2.16.1+ds-1 [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u4 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2896 @@ -25136,6 +25203,7 @@ CVE-2023-0762 (The Clock In Portal- Staff & Attendance Management WordPress plug CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) NOT-FOR-US: WordPress plugin CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...) + {DSA-5452-1} - gpac <unfixed> (bug #1033116) [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21 @@ -27184,8 +27252,8 @@ CVE-2023-24898 (Windows SMB Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) NOT-FOR-US: .NET -CVE-2023-24896 - RESERVED +CVE-2023-24896 (Dynamics 365 Finance Spoofing Vulnerability) + TODO: check CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) NOT-FOR-US: .NET CVE-2023-24894 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6908d47e19d40fddf0489a0722eb1d1ba4a2b73 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6908d47e19d40fddf0489a0722eb1d1ba4a2b73 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits