Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9aee9f01 by security tracker role at 2023-08-31T20:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.3-D ...)
+ TODO: check
+CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior
to 2.3 ...)
+ TODO: check
+CVE-2023-4681 (NULL Pointer Dereference in GitHub repository gpac/gpac prior
to 2.3-D ...)
+ TODO: check
+CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.)
+ TODO: check
+CVE-2023-41748 (Remote command execution due to improper input validation. The
followi ...)
+ TODO: check
+CVE-2023-41747 (Sensitive information disclosure due to improper input
validation. The ...)
+ TODO: check
+CVE-2023-41746 (Remote command execution due to improper input validation. The
followi ...)
+ TODO: check
+CVE-2023-41745 (Sensitive information disclosure due to excessive collection
of system ...)
+ TODO: check
+CVE-2023-41744 (Local privilege escalation due to unrestricted loading of
unsigned lib ...)
+ TODO: check
+CVE-2023-41743 (Local privilege escalation due to insecure driver
communication port p ...)
+ TODO: check
+CVE-2023-41742 (Excessive attack surface due to binding to an unrestricted IP
address. ...)
+ TODO: check
+CVE-2023-41741 (Exposure of sensitive information to an unauthorized actor
vulnerabili ...)
+ TODO: check
+CVE-2023-41740 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
+ TODO: check
+CVE-2023-41739 (Uncontrolled resource consumption vulnerability in File
Functionality ...)
+ TODO: check
+CVE-2023-41738 (Improper neutralization of special elements used in an OS
command ('OS ...)
+ TODO: check
+CVE-2023-41717 (Inappropriate file type control in Zscaler Proxy versions
3.6.1.25 and ...)
+ TODO: check
+CVE-2023-41642 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in the E ...)
+ TODO: check
+CVE-2023-41640 (An improper error handling vulnerability in the component
ErroreNonGes ...)
+ TODO: check
+CVE-2023-41638 (An arbitrary file upload vulnerability in the Gestione
Documentale mod ...)
+ TODO: check
+CVE-2023-41637 (An arbitrary file upload vulnerability in the Carica immagine
function ...)
+ TODO: check
+CVE-2023-41636 (A SQL injection vulnerability in the Data Richiesta dal
parameter of G ...)
+ TODO: check
+CVE-2023-41635 (A XML External Entity (XXE) vulnerability in the
VerifichePeriodiche.a ...)
+ TODO: check
+CVE-2023-41045 (Graylog is a free and open log management platform. Graylog
makes use ...)
+ TODO: check
+CVE-2023-41044 (Graylog is a free and open log management platform. A partial
path tra ...)
+ TODO: check
+CVE-2023-41034 (Eclipse Leshan is a device management server and client Java
implement ...)
+ TODO: check
+CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
+ TODO: check
+CVE-2023-39355 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
+ TODO: check
+CVE-2023-39354 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
+ TODO: check
+CVE-2023-39351 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
+ TODO: check
+CVE-2023-39350 (FreeRDP is a free implementation of the Remote Desktop
Protocol (RDP), ...)
+ TODO: check
+CVE-2023-34392 (A Missing Authentication for Critical Function vulnerability
in the Sc ...)
+ TODO: check
+CVE-2023-34391 (Insecure Inherited Permissions vulnerability in Schweitzer
Engineering ...)
+ TODO: check
+CVE-2023-33835 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could
allow a ...)
+ TODO: check
+CVE-2023-33834 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could
allow a ...)
+ TODO: check
+CVE-2023-33833 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores
sensiti ...)
+ TODO: check
CVE-2023-4655 (Cross-site Scripting (XSS) - Reflected in GitHub repository
instantsof ...)
NOT-FOR-US: icms2
CVE-2023-4654 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
@@ -292,6 +362,7 @@ CVE-2023-4611 (A use-after-free flaw was found in
mm/mempolicy.c in the memory m
CVE-2023-4481
NOT-FOR-US: Juniper
CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to
116.0.5845.140 ...)
+ {DSA-5487-1}
- chromium 116.0.5845.140-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support
Option 1 ...)
@@ -6122,7 +6193,8 @@ CVE-2023-36832 (An Improper Handling of Exceptional
Conditions vulnerability in
NOT-FOR-US: Juniper
CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions
vulnerability ...)
NOT-FOR-US: Juniper
-CVE-2023-36119 (File upload vulnerability in PHPGurukul Online Security Guards
Hiring ...)
+CVE-2023-36119
+ REJECTED
NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible
way to se ...)
NOT-FOR-US: Android
@@ -14458,24 +14530,24 @@ CVE-2023-31177
RESERVED
CVE-2023-31176
RESERVED
-CVE-2023-31175
- RESERVED
-CVE-2023-31174
- RESERVED
-CVE-2023-31173
- RESERVED
-CVE-2023-31172
- RESERVED
-CVE-2023-31171
- RESERVED
-CVE-2023-31170
- RESERVED
-CVE-2023-31169
- RESERVED
-CVE-2023-31168
- RESERVED
-CVE-2023-31167
- RESERVED
+CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the
Schweitz ...)
+ TODO: check
+CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the
Schweitzer En ...)
+ TODO: check
+CVE-2023-31173 (Use of Hard-coded Credentials vulnerability in Schweitzer
Engineering ...)
+ TODO: check
+CVE-2023-31172 (An Incomplete Filtering of Special Elements vulnerability in
the Schwe ...)
+ TODO: check
+CVE-2023-31171 (An Improper Neutralization of Special Elements used in an SQL
Command ...)
+ TODO: check
+CVE-2023-31170 (An Inclusion of Functionality from Untrusted Control Sphere
vulnerabil ...)
+ TODO: check
+CVE-2023-31169 (An Improper Handling of Unicode Encoding vulnerability in the
Schweitz ...)
+ TODO: check
+CVE-2023-31168 (An Inclusion of Functionality from Untrusted Control Sphere
vulnerabil ...)
+ TODO: check
+CVE-2023-31167 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory
('Path ...)
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
@@ -21704,8 +21776,8 @@ CVE-2023-28803
RESERVED
CVE-2023-28802
RESERVED
-CVE-2023-28801
- RESERVED
+CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the
SAML authen ...)
+ TODO: check
CVE-2023-28800 (When using local accounts for administration, the redirect url
paramet ...)
NOT-FOR-US: Zscaler
CVE-2023-28799 (A URL parameter during login flow was vulnerable to injection.
An atta ...)
@@ -47457,10 +47529,10 @@ CVE-2022-46871 (An out of date library (libusrsctp)
contained vulnerabilities th
NOTE: https://lists.debian.org/debian-lts/2023/06/msg00051.html
CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
NOT-FOR-US: Apache Zeppelin
-CVE-2022-46869
- RESERVED
-CVE-2022-46868
- RESERVED
+CVE-2022-46869 (Local privilege escalation during installation due to improper
soft li ...)
+ TODO: check
+CVE-2022-46868 (Local privilege escalation during recovery due to improper
soft link h ...)
+ TODO: check
CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil
Universal St ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty
Thornley Impo ...)
@@ -51738,8 +51810,8 @@ CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The
following products are a
NOT-FOR-US: Acronis
CVE-2022-45452 (Local privilege escalation due to insecure folder permissions.
The fol ...)
NOT-FOR-US: Acronis
-CVE-2022-45451
- RESERVED
+CVE-2022-45451 (Local privilege escalation due to insecure driver
communication port p ...)
+ TODO: check
CVE-2022-45450 (Sensitive information disclosure and manipulation due to
improper auth ...)
NOT-FOR-US: Acronis
CVE-2022-45449
@@ -55456,8 +55528,7 @@ CVE-2023-20902
RESERVED
CVE-2023-20901
RESERVED
-CVE-2023-20900
- RESERVED
+CVE-2023-20900 (VMware Tools contains a SAML token signature bypass
vulnerability.A ma ...)
- open-vm-tools <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1
NOTE:
https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
@@ -66528,7 +66599,7 @@ CVE-2022-41311 (A stored cross-site scripting
vulnerability exists in the web ap
CVE-2022-40691 (An information disclosure vulnerability exists in the web
application ...)
NOT-FOR-US: Moxa
CVE-2022-40214
- RESERVED
+ REJECTED
CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab
CE/EE affec ...)
- gitlab 15.10.8+ds1-2
CVE-2022-3264
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aee9f01ba6ef3f1ae5ade180922ac08051d19bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aee9f01ba6ef3f1ae5ade180922ac08051d19bf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
