Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8c0d558 by security tracker role at 2023-09-13T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2023-4039 [GCC's -fstack-protector fails to guard dynamic stack
allocations on ARM64]
+CVE-2023-4828 (An improper check for an exceptional condition in the Insider
Threat M ...)
+ TODO: check
+CVE-2023-4803 (A reflected cross-site scripting vulnerability in the
WriteWindowTitle ...)
+ TODO: check
+CVE-2023-4802 (A reflected cross-site scripting vulnerability in the
UpdateInstalledS ...)
+ TODO: check
+CVE-2023-4801 (An improper certification validation vulnerability in the
Insider Thre ...)
+ TODO: check
+CVE-2023-4785 (Lack of error handling in the TCP server in Google's gRPC
starting ver ...)
+ TODO: check
+CVE-2023-4701 (A Improper Privilege Management vulnerability through an
incorrect use ...)
+ TODO: check
+CVE-2023-42469 (The com.full.dialer.top.secure.encrypted application through
1.0.1 for ...)
+ TODO: check
+CVE-2023-42468 (The com.cutestudio.colordialer application through 2.1.8-2 for
Android ...)
+ TODO: check
+CVE-2023-41892 (Craft CMS is a platform for creating digital experiences. This
is a hi ...)
+ TODO: check
+CVE-2023-41081 (The mod_jk component of Apache Tomcat Connectorsin some
circumstances, ...)
+ TODO: check
+CVE-2023-40850 (netentsec NS-ASG 6.3 is vulnerable to Incorrect Access
Control. There ...)
+ TODO: check
+CVE-2023-40717 (A use of hard-coded credentials vulnerability [CWE-798]
inFortiTester2 ...)
+ TODO: check
+CVE-2023-40715 (A cleartext storage of sensitive information vulnerability
[CWE-312] i ...)
+ TODO: check
+CVE-2023-3935 (A heap buffer overflow vulnerability in Wibu CodeMeter Runtime
network ...)
+ TODO: check
+CVE-2023-3588 (A stored Cross-site Scripting (XSS) vulnerability affecting
Teamwork C ...)
+ TODO: check
+CVE-2023-3280 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
+ TODO: check
+CVE-2023-39916 (NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1
contains ...)
+ TODO: check
+CVE-2023-39915 (NLnet Labs\u2019 Routinator up to and including version 0.12.1
may cra ...)
+ TODO: check
+CVE-2023-39914 (NLnet Labs\u2019 bcder library up to and including version
0.7.2 panic ...)
+ TODO: check
+CVE-2023-38215 (Adobe Experience Manager versions 6.5.17 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-38214 (Adobe Experience Manager versions 6.5.17 and earlier are
affected by a ...)
+ TODO: check
+CVE-2023-36642 (An improper neutralization of special elements used in an OS
command v ...)
+ TODO: check
+CVE-2023-36638 (An improper privilege management vulnerability [CWE-269] in
FortiManag ...)
+ TODO: check
+CVE-2023-36634 (An incomplete filtering of one or more instances of special
elements v ...)
+ TODO: check
+CVE-2023-36551 (A exposure of sensitive information to an unauthorized actor
in Fortin ...)
+ TODO: check
+CVE-2023-34984 (A protection mechanism failure in Fortinet FortiWeb 7.2.0
through 7.2. ...)
+ TODO: check
+CVE-2023-4039 (A failure in the -fstack-protector feature in GCC-based
toolchains th ...)
- gcc-13 13.2.0-4
- gcc-12 12.3.0-9
- gcc-11 11.4.0-4
@@ -5242,7 +5294,7 @@ CVE-2023-4200 (A vulnerability has been found in
SourceCodester Inventory Manage
NOT-FOR-US: SourceCodester Inventory Management System
CVE-2023-4199 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester Inventory Management System
-CVE-2023-4155
+CVE-2023-4155 (A flaw was found in KVM AMD Secure Encrypted Virtualization
(SEV) in t ...)
{DSA-5492-1}
- linux 6.4.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -6012,7 +6064,7 @@ CVE-2023-3385 (An issue has been discovered in GitLab
affecting all versions sta
- gitlab <unfixed>
CVE-2023-3364 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2023-3301 [net: triggerable assertion due to race condition in hot-unplug]
+CVE-2023-3301 (A flaw was found in QEMU. The async nature of hot-unplug
enables a rac ...)
- qemu 1:8.0.3+dfsg-1
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -9804,7 +9856,7 @@ CVE-2023-35786 (Zoho ManageEngine ADManager Plus before
7183 allows admin users
NOT-FOR-US: Zoho
CVE-2023-34150 (** UNSUPPORTED WHEN ASSIGNED **Use of TikaEncodingDetector in
Apache A ...)
NOT-FOR-US: Apache Any23
-CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads to denial of
service]
+CVE-2023-3255 (A flaw was found in the QEMU built-in VNC server while
processing Clie ...)
- qemu 1:8.0.4+dfsg-1
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <not-affected> (Vulnerable code not present)
@@ -15201,7 +15253,7 @@ CVE-2023-31913 (Jerryscript 3.0 *commit 1a2c047) was
discovered to contain an As
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5061
CVE-2023-2682 (A vulnerability was found in Caton Live up to 2023-04-26 and
classifie ...)
NOT-FOR-US: Caton Live
-CVE-2023-2680 [hcd-ehci: DMA reentrancy issue (incomplete fix for
CVE-2021-3750)]
+CVE-2023-2680 (This CVE exists because of an incomplete fix for CVE-2021-3750.
More s ...)
- qemu <not-affected> (Red Hat specific incomplete fix for
CVE-2021-3750)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203387
CVE-2023-2678 (A vulnerability has been found in SourceCodester File Tracker
Manager ...)
@@ -17162,7 +17214,7 @@ CVE-2023-30910
RESERVED
CVE-2023-30909
RESERVED
-CVE-2023-30908 (Potential security vulnerability have been identified in
Hewlett Packa ...)
+CVE-2023-30908 (A remote authentication bypass issue exists in a OneView API.)
NOT-FOR-US: HPE
CVE-2023-30907
RESERVED
@@ -21916,10 +21968,10 @@ CVE-2023-29308 (Adobe InDesign versions ID18.3 (and
earlier) and ID17.4.1 (and e
NOT-FOR-US: Adobe
CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
-CVE-2023-29306
- RESERVED
-CVE-2023-29305
- RESERVED
+CVE-2023-29306 (Adobe Connect versions 12.3 and earlier are affected by a
reflected Cr ...)
+ TODO: check
+CVE-2023-29305 (Adobe Connect versions 12.3 and earlier are affected by a
reflected Cr ...)
+ TODO: check
CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is
affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29303 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and
20.005.30 ...)
@@ -22321,8 +22373,8 @@ CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business
Server Pages) - versions 700
NOT-FOR-US: SAP
CVE-2023-29184
RESERVED
-CVE-2023-29183
- RESERVED
+CVE-2023-29183 (An improper neutralization of input during web page generation
('Cross ...)
+ TODO: check
CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in
Fortinet Forti ...)
NOT-FOR-US: FortiGuard
CVE-2023-29181
@@ -26569,8 +26621,8 @@ CVE-2023-28000 (An improper neutralization of special
elements used in an OS com
NOT-FOR-US: FortiGuard
CVE-2023-27999 (An improper neutralization of special elements used in an OS
command v ...)
NOT-FOR-US: FortiGuard
-CVE-2023-27998
- RESERVED
+CVE-2023-27998 (A lack of custom error pages vulnerability [CWE-756] in
FortiPresence ...)
+ TODO: check
CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in
FortiOS versio ...)
NOT-FOR-US: FortiGuard
CVE-2023-27996
@@ -31086,8 +31138,8 @@ CVE-2023-26371 (Adobe Dimension version 3.4.8 (and
earlier) is affected by an ou
NOT-FOR-US: Adobe
CVE-2023-26370
RESERVED
-CVE-2023-26369
- RESERVED
+CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier),
20.005.30516 (and ...)
+ TODO: check
CVE-2023-26368
RESERVED
CVE-2023-26367
@@ -33666,8 +33718,8 @@ CVE-2023-25610
RESERVED
CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918]
inFortiMan ...)
NOT-FOR-US: Fortinet
-CVE-2023-25608
- RESERVED
+CVE-2023-25608 (An incomplete filtering of one or more instances of special
elements v ...)
+ TODO: check
CVE-2023-25607
RESERVED
CVE-2023-25606 (An improper limitation of a pathname to a restricted directory
('Path ...)
@@ -60365,14 +60417,14 @@ CVE-2023-20238 (A vulnerability in the single sign-on
(SSO) implementation of Ci
NOT-FOR-US: Cisco
CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could
allow an u ...)
NOT-FOR-US: Cisco
-CVE-2023-20236
- RESERVED
+CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR
software cou ...)
+ TODO: check
CVE-2023-20235
RESERVED
CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow
an authe ...)
NOT-FOR-US: Cisco FXOS Software
-CVE-2023-20233
- RESERVED
+CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM)
feature of ...)
+ TODO: check
CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified
Contact ...)
NOT-FOR-US: Cisco
CVE-2023-20231
@@ -60463,10 +60515,10 @@ CVE-2023-20193 (A vulnerability in the Embedded
Service Router (ESR) of Cisco IS
NOT-FOR-US: Cisco
CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco
TelePres ...)
NOT-FOR-US: Cisco
-CVE-2023-20191
- RESERVED
-CVE-2023-20190
- RESERVED
+CVE-2023-20191 (A vulnerability in the access control list (ACL) processing on
MPLS in ...)
+ TODO: check
+CVE-2023-20190 (A vulnerability in the classic access control list (ACL)
compression f ...)
+ TODO: check
CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of
certain Ci ...)
NOT-FOR-US: Cisco
CVE-2023-20188 (A vulnerability in the web-based management interface of Cisco
Small B ...)
@@ -60575,8 +60627,8 @@ CVE-2023-20137 (Multiple vulnerabilities in the
web-based management interface o
NOT-FOR-US: Cisco
CVE-2023-20136 (A vulnerability in the OpenAPI of Cisco Secure Workload could
allow an ...)
NOT-FOR-US: Cisco
-CVE-2023-20135
- RESERVED
+CVE-2023-20135 (A vulnerability in Cisco IOS XR Software image verification
checks cou ...)
+ TODO: check
CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex
Meetings ...)
NOT-FOR-US: Cisco
CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings
could all ...)
@@ -63838,7 +63890,7 @@ CVE-2022-42931 (Logins saved by Firefox should be
managed by the Password Manage
CVE-2022-42930 (If two Workers were simultaneously initializing their
CacheStorage, a ...)
- firefox 106.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42930
-CVE-2022-42929 (If a website called <code>window.print()</code> in a
particular way, i ...)
+CVE-2022-42929 (If a website called `window.print()` in a particular way, it
could cau ...)
{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
@@ -83183,8 +83235,8 @@ CVE-2022-35851 (An improper neutralization of input
during web page generation v
NOT-FOR-US: FortiGuard
CVE-2022-35850 (An improper neutralization of script-related HTML tags in a
web page v ...)
NOT-FOR-US: Fortinet
-CVE-2022-35849
- RESERVED
+CVE-2022-35849 (An improper neutralization of special elements used in an OS
command v ...)
+ TODO: check
CVE-2022-35848
RESERVED
CVE-2022-35847 (An improper neutralization of special elements used in a
template engi ...)
@@ -119847,6 +119899,7 @@ CVE-2022-23521 (Git is distributed revision control
system. gitattributes are a
NOTE:
https://github.com/git/git/commit/3c50032ff5289cc45659f21949c8d09e52164579
NOTE:
https://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf
CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML
fragments in R ...)
+ {DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE:
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
NOTE:
https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md
@@ -119856,6 +119909,7 @@ CVE-2022-23520 (rails-html-sanitizer is responsible
for sanitizing HTML fragment
NOTE:
https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b
(v1.5.0)
NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from
ruby-loofah >= 2.19.1.
CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML
fragments in R ...)
+ {DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE:
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
NOTE:
https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md
@@ -119865,26 +119919,31 @@ CVE-2022-23519 (rails-html-sanitizer is responsible
for sanitizing HTML fragment
NOTE:
https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b
(v1.5.0)
NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from
ruby-loofah >= 2.19.1.
CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML
fragments in R ...)
+ {DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/issues/135
NOTE:
https://github.com/rails/rails-html-sanitizer/commit/d1223a29cb3e4151cdcb6ba6c8431708d8ce40a6
(v1.4.4)
NOTE:
https://github.com/rails/rails-html-sanitizer/commit/bb6dfcbaaf9c5c8c4f77555557693c08d4d4ab48
(v1.5.0)
NOTE:
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML
fragments in R ...)
+ {DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE:
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
NOTE:
https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
CVE-2022-23516 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
+ {DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
[bullseye] - ruby-loofah <no-dsa> (Minor issue)
NOTE:
https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
NOTE:
https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040
CVE-2022-23515 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
+ {DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
[bullseye] - ruby-loofah <no-dsa> (Minor issue)
NOTE:
https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
NOTE:
https://github.com/flavorjones/loofah/commit/415677f3cf7f9254f42f811e784985cd63c7407f
CVE-2022-23514 (Loofah is a general library for manipulating and transforming
HTML/XML ...)
+ {DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
[bullseye] - ruby-loofah <no-dsa> (Minor issue)
NOTE:
https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
@@ -131436,8 +131495,8 @@ CVE-2021-44174
RESERVED
CVE-2021-44173
RESERVED
-CVE-2021-44172
- RESERVED
+CVE-2021-44172 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
+ TODO: check
CVE-2021-44171 (A improper neutralization of special elements used in an os
command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the
command l ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8c0d5582e96c976ff6d85f50fac0b828ea9c34a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8c0d5582e96c976ff6d85f50fac0b828ea9c34a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
