Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cdcfdd27 by security tracker role at 2023-07-26T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,18 +1,54 @@ -CVE-2023-3442 +CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform that al ...) + TODO: check +CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper Initial ...) + TODO: check +CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesti ...) + TODO: check +CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. This resul ...) + TODO: check +CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause ...) + TODO: check +CVE-2023-38671 (Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Thi ...) + TODO: check +CVE-2023-38670 (Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. ...) + TODO: check +CVE-2023-38669 (Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This r ...) + TODO: check +CVE-2023-37624 (Netdisco before v2.063000 was discovered to contain an open redirect v ...) + TODO: check +CVE-2023-37623 (Netdisco before v2.063000 was discovered to contain a cross-site scrip ...) + TODO: check +CVE-2023-37049 (emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\templat ...) + TODO: check +CVE-2023-33802 (A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to caus ...) + TODO: check +CVE-2023-33308 (A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS ver ...) + TODO: check +CVE-2023-33229 (The SolarWinds Platform was susceptible to the Incorrect Input Neutral ...) + TODO: check +CVE-2023-33225 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) + TODO: check +CVE-2023-33224 (The SolarWinds Platform was susceptible to the Incorrect Behavior Orde ...) + TODO: check +CVE-2023-31466 (An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Conf ...) + TODO: check +CVE-2023-31465 (An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. B ...) + TODO: check +CVE-2023-3442 (A missing authorization vulnerability exists in versions of the Jenkin ...) NOT-FOR-US: Jenkins plugin -CVE-2023-3414 +CVE-2023-3414 (A cross-site request forgery vulnerability exists in versions of the J ...) NOT-FOR-US: Jenkins plugin -CVE-2023-39156 +CVE-2023-39156 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Pl ...) NOT-FOR-US: Jenkins plugin -CVE-2023-39155 +CVE-2023-39155 (Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user. ...) NOT-FOR-US: Jenkins plugin -CVE-2023-39154 +CVE-2023-39154 (Incorrect permission checks in Jenkins Qualys Web App Scanning Connect ...) NOT-FOR-US: Jenkins plugin -CVE-2023-39153 +CVE-2023-39153 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Au ...) NOT-FOR-US: Jenkins plugin -CVE-2023-39152 +CVE-2023-39152 (Always-incorrect control flow implementation in Jenkins Gradle Plugin ...) NOT-FOR-US: Jenkins plugin -CVE-2023-39151 +CVE-2023-39151 (Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize o ...) - jenkins <removed> CVE-2023-3947 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) NOT-FOR-US: Video Conferencing with Zoom plugin for WordPress @@ -694,6 +730,7 @@ CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters ma NOTE: https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb (openssl-3.0) NOTE: https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528 (OpenSSL_1_1_1-stable) CVE-2023-32001 [fopen race condition] + {DSA-5460-1} - curl <unfixed> (bug #1041812) [bullseye] - curl <not-affected> (Vulnerable code not present) [buster] - curl <not-affected> (Vulnerable code not present) @@ -4945,7 +4982,7 @@ CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3 NOT-FOR-US: lua-resty-json CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...) NOT-FOR-US: cfnts -CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows attackers ...) +CVE-2023-35116 (jackson-databind through 2.15.2 allows attackers to cause a denial of ...) NOTE: Disputed jackson-databind issue NOTE: https://github.com/FasterXML/jackson-databind/issues/3972 NOTE: https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1597218091 @@ -10077,8 +10114,8 @@ CVE-2023-30951 RESERVED CVE-2023-30950 RESERVED -CVE-2023-30949 - RESERVED +CVE-2023-30949 (A missing origin validation in Slate sandbox could be exploited by a m ...) + TODO: check CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...) NOT-FOR-US: Palantir CVE-2023-30947 @@ -11299,8 +11336,8 @@ CVE-2023-30579 RESERVED CVE-2023-30578 RESERVED -CVE-2023-30577 - RESERVED +CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag- ...) + TODO: check CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a free ...) - guacamole-client <removed> CVE-2023-30575 (Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths ...) @@ -19116,8 +19153,8 @@ CVE-2023-28132 RESERVED CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to take ov ...) NOT-FOR-US: expo.io -CVE-2023-28130 - RESERVED +CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...) + TODO: check CVE-2023-28129 RESERVED CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...) @@ -22635,8 +22672,8 @@ CVE-2023-26913 (EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to NOT-FOR-US: EVOLUCARE ECSIMAGING CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commi ...) NOT-FOR-US: S-mall-ssm -CVE-2023-26911 - RESERVED +CVE-2023-26911 (ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contain ...) + TODO: check CVE-2023-26910 RESERVED CVE-2023-26909 @@ -22739,8 +22776,8 @@ CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet v.1.7 NOT-FOR-US: PrestaShop module CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...) NOT-FOR-US: PrestaShop Igbudget -CVE-2023-26859 - RESERVED +CVE-2023-26859 (SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 an ...) + TODO: check CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...) NOT-FOR-US: prestashop CVE-2023-26857 (An arbitrary file upload vulnerability in /admin/ajax.php?action=save_ ...) @@ -31580,12 +31617,12 @@ CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library NOT-FOR-US: Open5GS CVE-2023-23845 RESERVED -CVE-2023-23844 - RESERVED -CVE-2023-23843 - RESERVED -CVE-2023-23842 - RESERVED +CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) + TODO: check +CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) + TODO: check +CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to the Di ...) + TODO: check CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...) NOT-FOR-US: SolarWinds CVE-2023-23840 @@ -38333,7 +38370,7 @@ CVE-2022-47760 RESERVED CVE-2022-47759 RESERVED -CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allo ...) +CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowi ...) NOT-FOR-US: Nanoleaf CVE-2022-47757 (In imo.im 2022.11.1051, a path traversal vulnerability delivered via a ...) NOT-FOR-US: imo.im Android application @@ -54147,14 +54184,14 @@ CVE-2022-43715 RESERVED CVE-2022-43714 RESERVED -CVE-2022-43713 - RESERVED -CVE-2022-43712 - RESERVED -CVE-2022-43711 - RESERVED -CVE-2022-43710 - RESERVED +CVE-2022-43713 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 ...) + TODO: check +CVE-2022-43712 (POST requests to /web/mvc in GX Software XperienCentral version 10.36. ...) + TODO: check +CVE-2022-43711 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 ...) + TODO: check +CVE-2022-43710 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 ...) + TODO: check CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users ...) NOT-FOR-US: MyBB CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabil ...) @@ -88039,8 +88076,8 @@ CVE-2022-31458 (RTX TRAP v1.0 was discovered to be vulnerable to host header poi TODO: check CVE-2022-31457 (RTX TRAP v1.0 allows attackers to perform a directory traversal via a ...) TODO: check -CVE-2022-31456 - RESERVED +CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows a ...) + TODO: check CVE-2022-31455 RESERVED CVE-2022-31454 @@ -120567,9 +120604,9 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect acces NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1) CVE-2022-21953 (A Missing Authorization vulnerability in of SUSE Rancher allows authen ...) NOT-FOR-US: Rancher -CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in spacewalk-java o ...) +CVE-2022-21952 (A Missing Authentication for Critical Function vulnerability in spacew ...) NOT-FOR-US: Uyuni -CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, ...) +CVE-2022-21951 (A Cleartext Transmission of Sensitive Information vulnerability in SUS ...) NOT-FOR-US: Rancher CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service of cana ...) NOT-FOR-US: SuSE View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdcfdd27be0ca00d4f1962bbc811089c6cb96152 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdcfdd27be0ca00d4f1962bbc811089c6cb96152 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits