Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d393443b by security tracker role at 2023-09-15T20:18:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been
rated ...)
+ TODO: check
+CVE-2023-4988 (A vulnerability, which was classified as problematic, was found
in Bet ...)
+ TODO: check
+CVE-2023-4987 (A vulnerability, which was classified as critical, has been
found in i ...)
+ TODO: check
+CVE-2023-4986 (A vulnerability classified as problematic was found in Supcon
InPlant ...)
+ TODO: check
+CVE-2023-4985 (A vulnerability classified as critical has been found in Supcon
InPlan ...)
+ TODO: check
+CVE-2023-4984 (A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It
has bee ...)
+ TODO: check
+CVE-2023-4983 (A vulnerability was found in app1pro Shopicial up to 20230830.
It has ...)
+ TODO: check
+CVE-2023-4982 (Cross-site Scripting (XSS) - Stored in GitHub repository
librenms/libr ...)
+ TODO: check
+CVE-2023-4981 (Cross-site Scripting (XSS) - DOM in GitHub repository
librenms/librenm ...)
+ TODO: check
+CVE-2023-4980 (Cross-site Scripting (XSS) - Generic in GitHub repository
librenms/lib ...)
+ TODO: check
+CVE-2023-4979 (Cross-site Scripting (XSS) - Reflected in GitHub repository
librenms/l ...)
+ TODO: check
+CVE-2023-4978 (Cross-site Scripting (XSS) - DOM in GitHub repository
librenms/librenm ...)
+ TODO: check
+CVE-2023-4977 (Code Injection in GitHub repository librenms/librenms prior to
23.9.0.)
+ TODO: check
+CVE-2023-4974 (A vulnerability was found in Academy LMS 6.2. It has been rated
as cri ...)
+ TODO: check
+CVE-2023-4973 (A vulnerability was found in Academy LMS 6.2 on Windows. It has
been d ...)
+ TODO: check
+CVE-2023-4963 (The WS Facebook Like Box Widget for WordPress plugin for
WordPress is ...)
+ TODO: check
+CVE-2023-4959 (A flaw was found in Quay. Cross-site request forgery (CSRF)
attacks fo ...)
+ TODO: check
+CVE-2023-4835 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4833 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4831 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4830 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4680 (HashiCorp Vault and Vault Enterprise transit secrets engine
allowed au ...)
+ TODO: check
+CVE-2023-4673 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4670 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4665 (Incorrect Execution-Assigned Permissions vulnerability in
Saphira Saph ...)
+ TODO: check
+CVE-2023-4664 (Incorrect Default Permissions vulnerability in Saphira Saphira
Connect ...)
+ TODO: check
+CVE-2023-4663 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2023-4662 (Execution with Unnecessary Privileges vulnerability in Saphira
Saphira ...)
+ TODO: check
+CVE-2023-4661 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4231 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-42405 (SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1
allows attac ...)
+ TODO: check
+CVE-2023-42398 (An issue in zzCMS v.2023 allows a remote attacker to execute
arbitrary ...)
+ TODO: check
+CVE-2023-42362 (An arbitrary file upload vulnerability in Teller Web App
v.4.4.0 allow ...)
+ TODO: check
+CVE-2023-42270 (Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery
(CSRF).)
+ TODO: check
+CVE-2023-41889 (SHIRASAGI is a Content Management System. Prior to version
1.18.0, SHI ...)
+ TODO: check
+CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working
with messy ...)
+ TODO: check
+CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working
with messy ...)
+ TODO: check
+CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime
versions fr ...)
+ TODO: check
+CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a
cross-site ...)
+ TODO: check
+CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
+ TODO: check
+CVE-2023-41160 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH
configura ...)
+ TODO: check
+CVE-2023-41159 (A Stored Cross-Site Scripting (XSS) vulnerability while
editing the au ...)
+ TODO: check
+CVE-2023-41156 (A Stored Cross-Site Scripting (XSS) vulnerability in the
filter and fo ...)
+ TODO: check
+CVE-2023-41043 (Discourse is an open-source discussion platform. Prior to
version 3.1. ...)
+ TODO: check
+CVE-2023-41042 (Discourse is an open-source discussion platform. Prior to
version 3.1. ...)
+ TODO: check
+CVE-2023-40986 (A stored cross-site scripting (XSS) vulnerability in the
Usermin Confi ...)
+ TODO: check
+CVE-2023-40985 (An issue was discovered in Webmin 2.100. The File Manager
functionalit ...)
+ TODO: check
+CVE-2023-40984 (A reflected cross-site scripting (XSS) vulnerability in the
File Manag ...)
+ TODO: check
+CVE-2023-40983 (A reflected cross-site scripting (XSS) vulnerability in the
File Manag ...)
+ TODO: check
+CVE-2023-40982 (A stored cross-site scripting (XSS) vulnerability in Webmin
v2.100 all ...)
+ TODO: check
+CVE-2023-40958 (A SQL injection vulnerability in Didotech srl Engineering &
Lifecycle ...)
+ TODO: check
+CVE-2023-40957 (A SQL injection vulnerability in Didotech srl Engineering &
Lifecycle ...)
+ TODO: check
+CVE-2023-40956 (A SQL injection vulnerability in Cloudroits Website Job Search
v.15.0 ...)
+ TODO: check
+CVE-2023-40955 (A SQL injection vulnerability in Didotech srl Engineering &
Lifecycle ...)
+ TODO: check
+CVE-2023-40869 (Cross Site Scripting vulnerability in mooSocial mooSocial
Software 3.1 ...)
+ TODO: check
+CVE-2023-40868 (Cross Site Request Forgery vulnerability in mooSocial
MooSocial Softwa ...)
+ TODO: check
+CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to
version 3.1. ...)
+ TODO: check
+CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to
versions ...)
+ TODO: check
+CVE-2023-40019 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2023-40018 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
+ TODO: check
+CVE-2023-3891 (Race condition in Lapce v0.2.8 allows an attacker to elevate
privilege ...)
+ TODO: check
+CVE-2023-3378
+ REJECTED
+CVE-2023-39643 (Bl Modules xmlfeeds before v3.9.8 was discovered to contain a
SQL inje ...)
+ TODO: check
+CVE-2023-39642 (Carts Guru cartsguru up to v2.4.2 was discovered to contain a
SQL inje ...)
+ TODO: check
+CVE-2023-39641 (Active Design psaffiliate before v1.9.8 was discovered to
contain a SQ ...)
+ TODO: check
+CVE-2023-39639 (LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL
injectio ...)
+ TODO: check
+CVE-2023-39638 (D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to
contain ...)
+ TODO: check
+CVE-2023-38912 (SQL injection vulnerability in Super Store Finder PHP Script
v.3.6 all ...)
+ TODO: check
+CVE-2023-38891 (SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a
remote auth ...)
+ TODO: check
+CVE-2023-38706 (Discourse is an open-source discussion platform. Prior to
version 3.1. ...)
+ TODO: check
+CVE-2023-38507 (Strapi is the an open-source headless content management
system. Prior ...)
+ TODO: check
+CVE-2023-37459 (Contiki-NG is an operating system for internet-of-things
devices. In v ...)
+ TODO: check
+CVE-2023-37281 (Contiki-NG is an operating system for internet-of-things
devices. In v ...)
+ TODO: check
+CVE-2023-37263 (Strapi is the an open-source headless content management
system. Prior ...)
+ TODO: check
+CVE-2023-36659 (An issue was discovered in OPSWAT MetaDefender KIOSK
4.6.1.9996. Long ...)
+ TODO: check
+CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK
4.6.1.9996. It ha ...)
+ TODO: check
+CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK
4.6.1.9996. Built ...)
+ TODO: check
+CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository
for the ...)
+ TODO: check
+CVE-2023-36472 (Strapi is the an open-source headless content management
system. Prior ...)
+ TODO: check
+CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer
overflow ...)
+ TODO: check
CVE-2023-4958
NOT-FOR-US: StackRox
CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital
Yepas all ...)
@@ -88,7 +248,7 @@ CVE-2023-38204 (Adobe ColdFusion versions 2018u18 (and
earlier), 2021u8 (and ear
NOT-FOR-US: Adobe
CVE-2023-4910
NOT-FOR-US: 3scale-admin-portal
-CVE-2023-38039 [HTTP headers eat all memory]
+CVE-2023-38039 (When curl retrieves an HTTP response, it stores the incoming
headers s ...)
- curl 8.3.0-1
[bookworm] - curl <no-dsa> (Minor issue, can be fixed in point release)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -511,7 +671,7 @@ CVE-2023-4900 (Inappropriate implementation in Custom Tabs
in Google Chrome on A
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to
116.0.5845.187 ...)
- {DSA-5497-1 DSA-5496-1}
+ {DSA-5498-1 DSA-5497-1 DSA-5496-1}
- chromium 117.0.5938.62-1 (unimportant)
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox 117.0.1-1
@@ -24593,8 +24753,8 @@ CVE-2023-28616
RESERVED
CVE-2023-28615
RESERVED
-CVE-2023-28614
- RESERVED
+CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command
Injectio ...)
+ TODO: check
CVE-2023-28613 (An issue was discovered in Samsung Exynos Mobile Processor and
Baseban ...)
NOT-FOR-US: Samsung
CVE-2023-28612
@@ -33939,28 +34099,24 @@ CVE-2023-0733 (The Newsletter Popup WordPress plugin
through 1.2 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear
Shop 1 ...)
NOT-FOR-US: SourceCodester
-CVE-2023-25588
- RESERVED
+CVE-2023-25588 (A flaw was found in Binutils. The field `the_bfd` of
`asymbol`struct i ...)
- binutils 2.39.50.20221208-1 (unimportant)
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
NOTE: binutils not covered by security support
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29677
CVE-2023-25587
REJECTED
-CVE-2023-25586
- RESERVED
+CVE-2023-25586 (A flaw was found in Binutils. A logic fail in the
bfd_init_section_dec ...)
- binutils 2.39.50.20221208-1 (unimportant)
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502
NOTE: binutils not covered by security support
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29855
-CVE-2023-25585
- RESERVED
+CVE-2023-25585 (A flaw was found in Binutils. The use of an uninitialized
field in the ...)
- binutils 2.39.50.20221224-1 (unimportant)
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
NOTE: binutils not covered by security support
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29892
-CVE-2023-25584
- RESERVED
+CVE-2023-25584 (An out-of-bounds read flaw was found in the parse_module
function in b ...)
- binutils 2.39.50.20221224-1 (unimportant)
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
NOTE: binutils not covered by security support
@@ -45543,8 +45699,8 @@ CVE-2022-47850
RESERVED
CVE-2022-47849
RESERVED
-CVE-2022-47848
- RESERVED
+CVE-2022-47848 (An issue was discovered in Bezeq Vtech NB403-IL version
BZ_2.02.07.09. ...)
+ TODO: check
CVE-2022-47847
RESERVED
CVE-2022-47846
@@ -46045,8 +46201,8 @@ CVE-2022-47633 (An image signature validation bypass
vulnerability in Kyverno 1.
NOT-FOR-US: Kyverno
CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege
escalation due t ...)
NOT-FOR-US: Razer
-CVE-2022-47631
- RESERVED
+CVE-2022-47631 (Razer Synapse through 3.7.1209.121307 allows privilege
escalation due ...)
+ TODO: check
CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in
the X.509 ...)
- arm-trusted-firmware <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/16/8
@@ -64342,8 +64498,7 @@ CVE-2022-3468
RESERVED
CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA.
Affected ...)
NOT-FOR-US: Jiusi OA
-CVE-2022-3466
- RESERVED
+CVE-2022-3466 (The version of cri-o as released for Red Hat OpenShift
Container Platf ...)
- cri-o <itp> (bug #979702)
CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge
Medial ...)
NOT-FOR-US: Mediabridge Medialink
@@ -75730,7 +75885,7 @@ CVE-2022-38638 (Casdoor v1.97.3 was discovered to
contain an arbitrary file writ
CVE-2022-38637 (Hospital Management System v1.0 was discovered to contain
multiple SQL ...)
NOT-FOR-US: Hospital Management System
CVE-2022-38636
- RESERVED
+ REJECTED
CVE-2022-38635
RESERVED
CVE-2022-38634
@@ -136004,8 +136159,8 @@ CVE-2022-20919 (A vulnerability in the processing of
malformed Common Industrial
NOT-FOR-US: Cisco
CVE-2022-20918 (A vulnerability in the Simple Network Management Protocol
(SNMP) acces ...)
NOT-FOR-US: Cisco
-CVE-2022-20917
- RESERVED
+CVE-2022-20917 (A vulnerability in the Extensible Messaging and Presence
Protocol (XMP ...)
+ TODO: check
CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco
IoT Con ...)
NOT-FOR-US: Cisco
CVE-2022-20915 (A vulnerability in the implementation of IPv6 VPN over MPLS
(6VPE) wit ...)
@@ -165745,7 +165900,7 @@ CVE-2021-32294 (An issue was discovered in libgig
through 20200507. A heap-buffe
NOTE: https://github.com/drbye78/libgig/issues/1
CVE-2021-32293
RESERVED
-CVE-2021-32292 (An issue was discovered in json-c through 0.15-20200726. A
stack-buffe ...)
+CVE-2021-32292 (An issue was discovered in json-c from 20200420 (post 0.14
unreleased ...)
{DSA-5486-1}
- json-c 0.16-1
[buster] - json-c <not-affected> (Vulnerable code was introduced later)
@@ -176015,7 +176170,7 @@ CVE-2021-28487
RESERVED
CVE-2021-28486
RESERVED
-CVE-2021-28485 (Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS
3.1 rele ...)
+CVE-2021-28485 (In Ericsson Mobile Switching Center Server (MSC-S) before IS
3.1 CP22, ...)
NOT-FOR-US: Ericsson
CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler
in Yubi ...)
NOT-FOR-US: yubihsm-connector
@@ -222735,6 +222890,7 @@ CVE-2020-22218 (An issue was discovered in function
_libssh2_packet_add in libss
NOTE: https://github.com/libssh2/libssh2/pull/476
NOTE:
https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45
(libssh2-1.10.0)
CVE-2020-22217 (Buffer overflow vulnerability in c-ares before 1_16_1 thru
1_17_0 via ...)
+ {DLA-3567-1}
- c-ares 1.17.1-1
NOTE: https://github.com/c-ares/c-ares/issues/333
NOTE: https://github.com/c-ares/c-ares/pull/332
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d393443bc0930c27cd634f1ee8ccb61aeeacf208
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d393443bc0930c27cd634f1ee8ccb61aeeacf208
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
