Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
62f7974c by security tracker role at 2023-09-12T08:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2023-4899 (SQL Injection in GitHub repository mintplex-labs/anything-llm
prior to ...)
+ TODO: check
+CVE-2023-4898 (Authentication Bypass by Primary Weakness in GitHub repository
mintple ...)
+ TODO: check
+CVE-2023-4897 (Relative Path Traversal in GitHub repository
mintplex-labs/anything-ll ...)
+ TODO: check
+CVE-2023-4893 (The Crayon Syntax Highlighter plugin for WordPress is
vulnerable to Se ...)
+ TODO: check
+CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for
WordPress is ...)
+ TODO: check
+CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for
WordPress ...)
+ TODO: check
+CVE-2023-4840 (The MapPress Maps for WordPress plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-42472 (Due to insufficient file type validation, SAP
BusinessObjectsBusiness ...)
+ TODO: check
+CVE-2023-41990 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2023-41879 (Magento LTS is the official OpenMage LTS codebase. Guest
orders may be ...)
+ TODO: check
+CVE-2023-41369 (The Create Single Payment application of SAP S/4HANA- versions
100, 10 ...)
+ TODO: check
+CVE-2023-41368 (The OData service of the S4 HANA (Manage checkbook apps) -
versions 10 ...)
+ TODO: check
+CVE-2023-41367 (Due to missing authentication check in webdynpro application,
an unaut ...)
+ TODO: check
+CVE-2023-40625 (S4CORE (Manage Purchase Contracts App) - versions 102, 103,
104, 105, ...)
+ TODO: check
+CVE-2023-40624 (SAP NetWeaver AS ABAP (applications based on Unified
Rendering)- versi ...)
+ TODO: check
+CVE-2023-40623 (SAP BusinessObjects SuiteInstaller - version 420, 430, allows
an attac ...)
+ TODO: check
+CVE-2023-40622 (SAP BusinessObjects Business Intelligence Platform (Promotion
Manageme ...)
+ TODO: check
+CVE-2023-40621 (SAP PowerDesigner Client - version 16.7, allows an
unauthenticated att ...)
+ TODO: check
+CVE-2023-40442 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-40440 (This issue was addressed with improved state management of
S/MIME encr ...)
+ TODO: check
+CVE-2023-40309 (SAP CommonCryptoLib does not perform necessary authentication
checks, ...)
+ TODO: check
+CVE-2023-40308 (SAP CommonCryptoLiballows an unauthenticated attacker to craft
a reque ...)
+ TODO: check
+CVE-2023-3039 (SD ROM Utility, versions prior to 1.0.2.0 contain an Improper
Access C ...)
+ TODO: check
+CVE-2023-39069 (An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex
v.3.1.6 al ...)
+ TODO: check
+CVE-2023-38878 (A reflected cross-site scripting (XSS) vulnerability in
DevCode OpenST ...)
+ TODO: check
+CVE-2023-37489 (Due to the lack of validation, SAP BusinessObjects Business
Intelligen ...)
+ TODO: check
+CVE-2023-35687 (In MtpPropertyValue of MtpProperty.h, there is a possible
memory corru ...)
+ TODO: check
+CVE-2023-35684 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of
bounds wr ...)
+ TODO: check
+CVE-2023-35683 (In bindSelection of DatabaseUtils.java, there is a possible
way to acc ...)
+ TODO: check
+CVE-2023-35682 (In hasPermissionForActivity of PackageManagerHelper.java,
there is a p ...)
+ TODO: check
+CVE-2023-35681 (In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a
possible o ...)
+ TODO: check
+CVE-2023-35680 (In multiple locations, there is a possible way to import
contacts belo ...)
+ TODO: check
+CVE-2023-35679 (In MtpPropertyValue of MtpProperty.h, there is a possible out
of bound ...)
+ TODO: check
+CVE-2023-35677 (In onCreate of DeviceAdminAdd.java, there is a possible way to
forcibl ...)
+ TODO: check
+CVE-2023-35676 (In createQuickShareAction of SaveImageInBackgroundTask.java,
there is ...)
+ TODO: check
+CVE-2023-35675 (In loadMediaResumptionControls of MediaResumeListener.kt,
there is a p ...)
+ TODO: check
+CVE-2023-35674 (In onCreate of WindowState.java, there is a possible way to
launch a b ...)
+ TODO: check
+CVE-2023-35673 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out
of boun ...)
+ TODO: check
+CVE-2023-35671 (In onHostEmulationData of HostEmulationManager.java, there is
a possib ...)
+ TODO: check
+CVE-2023-35670 (In computeValuesFromData of FileUtils.java, there is a
possible way to ...)
+ TODO: check
+CVE-2023-35669 (In checkKeyIntentParceledCorrectly of
AccountManagerService.java, ther ...)
+ TODO: check
+CVE-2023-35667 (In updateList of NotificationAccessSettings.java, there is a
possible ...)
+ TODO: check
+CVE-2023-35666 (In bta_av_rc_msg of bta_av_act.cc, there is a possible use
after free ...)
+ TODO: check
+CVE-2023-35665 (In multiple files, there is a possible way to import a contact
from an ...)
+ TODO: check
+CVE-2023-35664 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a
possible ou ...)
+ TODO: check
+CVE-2023-35658 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a
possible priv ...)
+ TODO: check
CVE-2023-4881 (A stack based out-of-bounds write flaw was found in the
netfilter subs ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/fd94d9dadee58e09b49075240fe83423eb1dcd36 (6.6-rc1)
@@ -4160,7 +4252,7 @@ CVE-2023-32559 (A privilege escalation vulnerability
exists in the experimental
NOTE:
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559
NOTE:
https://github.com/nodejs/node/commit/d4570fae358693b8f7fec05294b9bb92a966226d
(v18.x)
NOTE:
https://github.com/nodejs/node/commit/4aa0eff787c14f14a239cf2f44bf751a0151e3eb
(main)
-CVE-2023-32558
+CVE-2023-32558 (The use of the deprecated API `process.binding()` can bypass
the permi ...)
- nodejs <not-affected> (Only affects 20.x and later)
NOTE:
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558
CVE-2023-32006 (The use of `module.constructor.createRequire()` can bypass the
policy ...)
@@ -4169,7 +4261,7 @@ CVE-2023-32006 (The use of
`module.constructor.createRequire()` can bypass the p
NOTE:
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006
NOTE:
https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a
(v18.x)
NOTE:
https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1
(main)
-CVE-2023-32005
+CVE-2023-32005 (A vulnerability has been identified in Node.js version 20,
affecting u ...)
- nodejs <not-affected> (Only affects 20.x and later)
NOTE:
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsstatfs-can-retrive-stats-from-files-restricted-by-the-permission-model-lowcve-2023-32005
CVE-2023-32004 (A vulnerability has been discovered in Node.js version 20,
specificall ...)
@@ -9856,7 +9948,7 @@ CVE-2023-34487 (itsourcecode Online Hotel Management
System Project In PHP v1.0.
CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP
v1.0.0 is v ...)
NOT-FOR-US: itsourcecode Online Hotel Management System Project
CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access
to the Or ...)
- {DSA-5473-1}
+ {DSA-5473-1 DLA-3562-1}
- orthanc 1.12.1+dfsg-1 (bug #1040597)
NOTE:
https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
NOTE: Requires the addition of a new RestApiWriteToFileSystemEnabled
configuration and
@@ -17122,10 +17214,10 @@ CVE-2023-2139 (A reflected Cross-site Scripting (XSS)
Vulnerability in DELMIA Ap
NOT-FOR-US: DELMIA Apriso
CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter
up to 0 ...)
NOT-FOR-US: eslint-detailed-reporter
-CVE-2022-48475
- RESERVED
-CVE-2022-48474
- RESERVED
+CVE-2022-48475 (Buffer Overflow vulnerability in Control de Ciber version
1.650, in th ...)
+ TODO: check
+CVE-2022-48474 (Control de Ciber, in its 1.650 version, is affected by a
Denial of Ser ...)
+ TODO: check
CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei
Printer. ...)
NOT-FOR-US: Huawei
CVE-2022-48472 (A Huawei printer has a system command injection vulnerability.
Success ...)
@@ -31287,8 +31379,8 @@ CVE-2023-26144
RESERVED
CVE-2023-26143
RESERVED
-CVE-2023-26142
- RESERVED
+CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP
Response Split ...)
+ TODO: check
CVE-2023-26141
RESERVED
CVE-2023-26140 (Versions of the package @excalidraw/excalidraw from 0.0.0 are
vulnerab ...)
@@ -33539,8 +33631,8 @@ CVE-2023-25521 (NVIDIA DGX A100/A800 contains a
vulnerability in SBIOS where an
NOT-FOR-US: NVIDIA
CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in
nvbootc ...)
NOT-FOR-US: NVIDIA
-CVE-2023-25519
- RESERVED
+CVE-2023-25519 (NVIDIA ConnectX Host Firmware for the BlueField Data
Processing Unit c ...)
+ TODO: check
CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the
PCIe contro ...)
NOT-FOR-US: NVIDIA
CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual
GPU Manag ...)
@@ -36758,8 +36850,8 @@ CVE-2023-0458 (A speculative pointer dereference
problem exists in the Linux Ker
NOTE:
https://git.kernel.org/linus/739790605705ddcf18f21782b9c99ad7d53a8c11 (6.2-rc5)
CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi
Electric C ...)
NOT-FOR-US: Mitsubishi
-CVE-2022-4896
- RESERVED
+CVE-2022-4896 (Cyber Control, in its 1.650 version, is affected by a
vulnerabilityin ...)
+ TODO: check
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize
user inpu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24470 (Potential XML External Entity Injection in ArcSight Logger
versions pr ...)
@@ -100855,8 +100947,7 @@ CVE-2022-1417 (Improper access control in GitLab
CE/EE affecting all versions st
- gitlab 15.10.8+ds1-2
CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in
GitLab CE/E ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-1415
- RESERVED
+CVE-2022-1415 (A flaw was found where some utility classes in Drools core did
not use ...)
NOT-FOR-US: drools
CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation
for user ...)
NOT-FOR-US: 3scale API Management
@@ -117180,8 +117271,8 @@ CVE-2022-24095 (Adobe After Effects versions 22.2
(and earlier) and 18.4.4 (and
NOT-FOR-US: Adobe
CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4
(and earlie ...)
NOT-FOR-US: Adobe
-CVE-2022-24093
- RESERVED
+CVE-2022-24093 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2
(and earli ...)
+ TODO: check
CVE-2022-24092 (Acrobat Reader DC version 21.007.20099 (and earlier),
20.004.30017 (an ...)
NOT-FOR-US: Adobe
CVE-2022-24091 (Acrobat Reader DC version 21.007.20099 (and earlier),
20.004.30017 (an ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f7974cde30ab9db653cb77aaf6f66fd583ffa2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f7974cde30ab9db653cb77aaf6f66fd583ffa2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
