diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2023-07-03 20:12:46 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2023-07-03 20:12:46 +0000 |
| commit | 6a06fff4172517845c541775c7a09208565e78c7 (patch) | |
| tree | 9c8d330f2a9025ce119ee3770ac6ec650043be16 | |
| parent | a2dbc85fdf2931240cd57388a0051b030beb5fd3 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list | 79 |
1 files changed, 63 insertions, 16 deletions
diff --git a/data/CVE/list b/data/CVE/list index 484e320182..bcfd71b0e2 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,10 +1,56 @@ -CVE-2023-36053 [Potential regular expression denial of service vulnerability in EmailValidator/URLValidator] +CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Google Chr ...) + TODO: check +CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...) + TODO: check +CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles acces ...) + TODO: check +CVE-2023-36819 (Knowage is the professional open source suite for modern business anal ...) + TODO: check +CVE-2023-36817 (`tktchurch/website` contains the codebase for The King's Temple Church ...) + TODO: check +CVE-2023-36816 (2FA is a Web app to manage Two-Factor Authentication (2FA) accounts an ...) + TODO: check +CVE-2023-36815 (Sealos is a Cloud Operating System designed for managing cloud-native ...) + TODO: check +CVE-2023-36814 (Products.CMFCore are the key framework services for the Zope Content M ...) + TODO: check +CVE-2023-36611 (The affected TBox RTUs allow low privilege users to access software se ...) + TODO: check +CVE-2023-36610 (The affected TBox RTUs generate software security tokens using insuffi ...) + TODO: check +CVE-2023-36609 (The affected TBox RTUs run OpenVPN with root privileges and can run us ...) + TODO: check +CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 encryption, wh ...) + TODO: check +CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and befor ...) + TODO: check +CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a rem ...) + TODO: check +CVE-2023-36262 (An issue in OBS Studio OBS-Studio v.29.1.2 allows a local attack to ob ...) + TODO: check +CVE-2023-36258 (An issue in langchain v.0.0.199 allows an attacker to execute arbitrar ...) + TODO: check +CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...) + TODO: check +CVE-2023-36222 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...) + TODO: check +CVE-2023-36183 (Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before all ...) + TODO: check +CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remot ...) + TODO: check +CVE-2023-35935 (@fastify/oauth2, a wrapper around the `simple-oauth2` library, is vuln ...) + TODO: check +CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...) + TODO: check +CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...) + TODO: check +CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...) - python-django <unfixed> (bug #1040225) NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1 NOTE: https://www.djangoproject.com/weblog/2023/jul/03/security-releases/ NOTE: https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd (main) NOTE: https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582 (3.2.20) -CVE-2023-35797 +CVE-2023-35797 (Improper Input Validation vulnerability in Apache Software Foundation ...) NOT-FOR-US: Hive provider for Apache Airflow CVE-2023-3438 (An unquoted Windows search path vulnerability existed in the install t ...) TODO: check @@ -710,6 +756,7 @@ CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x thro CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...) NOT-FOR-US: INEX IXP-Manager CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission validation f ...) + {DSA-5446-1} - ghostscript 10.01.2~dfsg-1 [buster] - ghostscript <not-affected> (Vulnerable code not present; no path validaton at all) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706761 @@ -1644,13 +1691,13 @@ CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to by NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here NOTE: https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10 NOTE: https://github.com/kubernetes/kubernetes/issues/118690 -CVE-2023-2728 +CVE-2023-2728 (Users may be able to launch containers that bypass the mountable secre ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here NOTE: https://groups.google.com/g/kubernetes-security-announce/c/9oU_lW2cU_g NOTE: https://github.com/kubernetes/kubernetes/issues/118640 -CVE-2023-2727 +CVE-2023-2727 (Users may be able to launch containers using images that are restricte ...) - kubernetes 1.20.5+really1.20.2-1 NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here @@ -20364,8 +20411,8 @@ CVE-2023-26511 (A Hard Coded Admin Credentials issue in the Web-UI Admin Panel i NOT-FOR-US: Propius MachineSelector CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft ...) NOT-FOR-US: Ghost CMS -CVE-2023-26509 - RESERVED +CVE-2023-26509 (AnyDesk 7.0.8 allows remote Denial of Service.) + TODO: check CVE-2023-26508 RESERVED CVE-2023-26507 @@ -21073,8 +21120,8 @@ CVE-2023-26260 (OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows sess NOT-FOR-US: OXID eShop CVE-2023-26259 RESERVED -CVE-2023-26258 - RESERVED +CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass. The method ...) + TODO: check CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...) NOT-FOR-US: Connected Vehicle Systems Alliance CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...) @@ -210582,8 +210629,8 @@ CVE-2020-22599 RESERVED CVE-2020-22598 RESERVED -CVE-2020-22597 - RESERVED +CVE-2020-22597 (An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote at ...) + TODO: check CVE-2020-22596 RESERVED CVE-2020-22595 @@ -211498,12 +211545,12 @@ CVE-2020-22155 RESERVED CVE-2020-22154 RESERVED -CVE-2020-22153 - RESERVED -CVE-2020-22152 - RESERVED -CVE-2020-22151 - RESERVED +CVE-2020-22153 (File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker ...) + TODO: check +CVE-2020-22152 (Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4. ...) + TODO: check +CVE-2020-22151 (Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker ...) + TODO: check CVE-2020-22150 (A cross site scripting (XSS) vulnerability in /admin.php?page=permalin ...) - piwigo <removed> CVE-2020-22149 |