[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 26 Jul 2023 13:12:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cdcfdd27 by security tracker role at 2023-07-26T20:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,18 +1,54 @@
-CVE-2023-3442
+CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform 
that al ...)
+       TODO: check
+CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper 
Initial ...)
+       TODO: check
+CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was 
requesti ...)
+       TODO: check
+CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. 
This resul ...)
+       TODO: check
+CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw 
can cause  ...)
+       TODO: check
+CVE-2023-38671 (Heap buffer overflow in paddle.trace in PaddlePaddle before 
2.5.0. Thi ...)
+       TODO: check
+CVE-2023-38670 (Null pointer dereference in paddle.flip in PaddlePaddle before 
2.5.0.  ...)
+       TODO: check
+CVE-2023-38669 (Use after free in paddle.diagonal in PaddlePaddle before 
2.5.0. This r ...)
+       TODO: check
+CVE-2023-37624 (Netdisco before v2.063000 was discovered to contain an open 
redirect v ...)
+       TODO: check
+CVE-2023-37623 (Netdisco before v2.063000 was discovered to contain a 
cross-site scrip ...)
+       TODO: check
+CVE-2023-37049 (emlog 2.1.9 is vulnerable to Arbitrary file deletion via 
admin\templat ...)
+       TODO: check
+CVE-2023-33802 (A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers 
to caus ...)
+       TODO: check
+CVE-2023-33308 (A stack-based overflow vulnerability [CWE-124] in Fortinet 
FortiOS ver ...)
+       TODO: check
+CVE-2023-33229 (The SolarWinds Platform was susceptible to the Incorrect Input 
Neutral ...)
+       TODO: check
+CVE-2023-33225 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
+       TODO: check
+CVE-2023-33224 (The SolarWinds Platform was susceptible to the Incorrect 
Behavior Orde ...)
+       TODO: check
+CVE-2023-31466 (An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On 
the "Conf ...)
+       TODO: check
+CVE-2023-31465 (An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 
8.0.28. B ...)
+       TODO: check
+CVE-2023-3442 (A missing authorization vulnerability exists in versions of the 
Jenkin ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-3414
+CVE-2023-3414 (A cross-site request forgery vulnerability exists in versions 
of the J ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-39156
+CVE-2023-39156 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
Bazaar Pl ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-39155
+CVE-2023-39155 (Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask 
the user. ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-39154
+CVE-2023-39154 (Incorrect permission checks in Jenkins Qualys Web App Scanning 
Connect ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-39153
+CVE-2023-39153 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
GitLab Au ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-39152
+CVE-2023-39152 (Always-incorrect control flow implementation in Jenkins Gradle 
Plugin  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-39151
+CVE-2023-39151 (Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not 
sanitize o ...)
        - jenkins <removed>
 CVE-2023-3947 (The Video Conferencing with Zoom plugin for WordPress is 
vulnerable to ...)
        NOT-FOR-US: Video Conferencing with Zoom plugin for WordPress
@@ -694,6 +730,7 @@ CVE-2023-3446 (Issue summary: Checking excessively long DH 
keys or parameters ma
        NOTE: 
https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb
 (openssl-3.0)
        NOTE: 
https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528
 (OpenSSL_1_1_1-stable)
 CVE-2023-32001 [fopen race condition]
+       {DSA-5460-1}
        - curl <unfixed> (bug #1041812)
        [bullseye] - curl <not-affected> (Vulnerable code not present)
        [buster] - curl <not-affected> (Vulnerable code not present)
@@ -4945,7 +4982,7 @@ CVE-2023-3040 (A debug function in the lua-resty-json 
package, up to commit id 3
        NOT-FOR-US: lua-resty-json
 CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts 
prior t ...)
        NOT-FOR-US: cfnts
-CVE-2023-35116 (An issue was discovered jackson-databind thru 2.15.2 allows 
attackers  ...)
+CVE-2023-35116 (jackson-databind through 2.15.2 allows attackers to cause a 
denial of  ...)
        NOTE: Disputed jackson-databind issue
        NOTE: https://github.com/FasterXML/jackson-databind/issues/3972
        NOTE: 
https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1597218091
@@ -10077,8 +10114,8 @@ CVE-2023-30951
        RESERVED
 CVE-2023-30950
        RESERVED
-CVE-2023-30949
-       RESERVED
+CVE-2023-30949 (A missing origin validation in Slate sandbox could be 
exploited by a m ...)
+       TODO: check
 CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted 
in the  ...)
        NOT-FOR-US: Palantir
 CVE-2023-30947
@@ -11299,8 +11336,8 @@ CVE-2023-30579
        RESERVED
 CVE-2023-30578
        RESERVED
-CVE-2023-30577
-       RESERVED
+CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) 
before tag- ...)
+       TODO: check
 CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to 
reference a free ...)
        - guacamole-client <removed>
 CVE-2023-30575 (Apache Guacamole 1.5.1 and older may incorrectly calculate the 
lengths ...)
@@ -19116,8 +19153,8 @@ CVE-2023-28132
        RESERVED
 CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to 
take ov ...)
        NOT-FOR-US: expo.io
-CVE-2023-28130
-       RESERVED
+CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal 
hostname ...)
+       TODO: check
 CVE-2023-28129
        RESERVED
 CVE-2023-28128 (An unrestricted upload of file with dangerous type 
vulnerability exist ...)
@@ -22635,8 +22672,8 @@ CVE-2023-26913 (EVOLUCARE ECSIMAGING (aka ECS Imaging) 
< 6.21.5 is vulnerable to
        NOT-FOR-US: EVOLUCARE ECSIMAGING
 CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm 
thru commi ...)
        NOT-FOR-US: S-mall-ssm
-CVE-2023-26911
-       RESERVED
+CVE-2023-26911 (ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 
contain ...)
+       TODO: check
 CVE-2023-26910
        RESERVED
 CVE-2023-26909
@@ -22739,8 +22776,8 @@ CVE-2023-26861 (SQL injection vulnerability found in 
PrestaShop vivawallet v.1.7
        NOT-FOR-US: PrestaShop module
 CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget 
v.1.0.3 and b ...)
        NOT-FOR-US: PrestaShop Igbudget
-CVE-2023-26859
-       RESERVED
+CVE-2023-26859 (SQL injection vulnerability found in PrestaShop sendinblue 
v.4.0.15 an ...)
+       TODO: check
 CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 
allows a r ...)
        NOT-FOR-US: prestashop
 CVE-2023-26857 (An arbitrary file upload vulnerability in 
/admin/ajax.php?action=save_ ...)
@@ -31580,12 +31617,12 @@ CVE-2023-23846 (Due to insufficient length validation 
in the Open5GS GTP library
        NOT-FOR-US: Open5GS
 CVE-2023-23845
        RESERVED
-CVE-2023-23844
-       RESERVED
-CVE-2023-23843
-       RESERVED
-CVE-2023-23842
-       RESERVED
+CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
+       TODO: check
+CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
+       TODO: check
+CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible 
to the Di ...)
+       TODO: check
 CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing 
or updat ...)
        NOT-FOR-US: SolarWinds
 CVE-2023-23840
@@ -38333,7 +38370,7 @@ CVE-2022-47760
        RESERVED
 CVE-2022-47759
        RESERVED
-CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing an SSL 
certificate, allo ...)
+CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing TLS 
verification, allowi ...)
        NOT-FOR-US: Nanoleaf
 CVE-2022-47757 (In imo.im 2022.11.1051, a path traversal vulnerability 
delivered via a ...)
        NOT-FOR-US: imo.im Android application
@@ -54147,14 +54184,14 @@ CVE-2022-43715
        RESERVED
 CVE-2022-43714
        RESERVED
-CVE-2022-43713
-       RESERVED
-CVE-2022-43712
-       RESERVED
-CVE-2022-43711
-       RESERVED
-CVE-2022-43710
-       RESERVED
+CVE-2022-43713 (Interactive Forms (IAF) in GX Software XperienCentral versions 
10.33.1 ...)
+       TODO: check
+CVE-2022-43712 (POST requests to /web/mvc in GX Software XperienCentral 
version 10.36. ...)
+       TODO: check
+CVE-2022-43711 (Interactive Forms (IAF) in GX Software XperienCentral versions 
10.29.1 ...)
+       TODO: check
+CVE-2022-43710 (Interactive Forms (IAF) in GX Software XperienCentral versions 
10.31.0 ...)
+       TODO: check
 CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin 
CP's Users  ...)
        NOT-FOR-US: MyBB
 CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) 
vulnerabil ...)
@@ -88039,8 +88076,8 @@ CVE-2022-31458 (RTX TRAP v1.0 was discovered to be 
vulnerable to host header poi
        TODO: check
 CVE-2022-31457 (RTX TRAP v1.0 allows attackers to perform a directory 
traversal via a  ...)
        TODO: check
-CVE-2022-31456
-       RESERVED
+CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 
allows a ...)
+       TODO: check
 CVE-2022-31455
        RESERVED
 CVE-2022-31454
@@ -120567,9 +120604,9 @@ CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is 
affected by an incorrect acces
        NOTE: 
https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe
 (v2.6.1)
 CVE-2022-21953 (A Missing Authorization vulnerability in of SUSE Rancher 
allows authen ...)
        NOT-FOR-US: Rancher
-CVE-2022-21952 (An Uncontrolled Resource Consumption vulnerability in 
spacewalk-java o ...)
+CVE-2022-21952 (A Missing Authentication for Critical Function vulnerability 
in spacew ...)
        NOT-FOR-US: Uyuni
-CVE-2022-21951 (A Missing Encryption of Sensitive Data vulnerability in SUSE 
Rancher,  ...)
+CVE-2022-21951 (A Cleartext Transmission of Sensitive Information 
vulnerability in SUS ...)
        NOT-FOR-US: Rancher
 CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service 
of cana ...)
        NOT-FOR-US: SuSE



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdcfdd27be0ca00d4f1962bbc811089c6cb96152

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cdcfdd27be0ca00d4f1962bbc811089c6cb96152
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to