Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d7a17de by security tracker role at 2023-09-27T08:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,249 @@
+CVE-2023-5183 (Unsafe deserialization of untrusted JSON allows execution of
arbitrary ...)
+ TODO: check
+CVE-2023-4934 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4737 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4423 (The WP Event Manager \u2013 Events Calendar, Registrations,
Sell Ticke ...)
+ TODO: check
+CVE-2023-44216 (PVRIC (PowerVR Image Compression) on Imagination 2018 and
later GPU de ...)
+ TODO: check
+CVE-2023-44044 (Super Store Finder v3.6 and below was discovered to contain a
SQL inje ...)
+ TODO: check
+CVE-2023-44043 (A stored cross-site scripting (XSS) vulnerability in
/settings/index.p ...)
+ TODO: check
+CVE-2023-44042 (A stored cross-site scripting (XSS) vulnerability in
/settings/index.p ...)
+ TODO: check
+CVE-2023-43825 (Relative path traversal vulnerability in Shihonkanri Plus
Ver9.0.3 and ...)
+ TODO: check
+CVE-2023-43645 (OpenFGA is an authorization/permission engine built for
developers and ...)
+ TODO: check
+CVE-2023-43381 (SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a
remote a ...)
+ TODO: check
+CVE-2023-43331 (A cross-site scripting (XSS) vulnerability in the Add User
function of ...)
+ TODO: check
+CVE-2023-43291 (Deserialization of Untrusted Data in emlog pro v.2.1.15 and
earlier al ...)
+ TODO: check
+CVE-2023-43263 (A Cross-site scripting (XSS) vulnerability in Froala Editor
v.4.1.1 al ...)
+ TODO: check
+CVE-2023-43232 (A stored cross-site scripting (XSS) vulnerability in the
Website colum ...)
+ TODO: check
+CVE-2023-43187 (A remote code execution (RCE) vulnerability in the xmlrpc.php
endpoint ...)
+ TODO: check
+CVE-2023-43154 (In Macrob7 Macs Framework Content Management System (CMS)
1.1.4f, loos ...)
+ TODO: check
+CVE-2023-42820 (JumpServer is an open source bastion host. This vulnerability
is due t ...)
+ TODO: check
+CVE-2023-42819 (JumpServer is an open source bastion host. Logged-in users can
access ...)
+ TODO: check
+CVE-2023-42462 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-42461 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-42453 (Synapse is an open-source Matrix homeserver written and
maintained by ...)
+ TODO: check
+CVE-2023-41996 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-41995 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2023-41986 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-41984 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-41981 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-41980 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-41979 (A race condition was addressed with improved locking. This
issue is fi ...)
+ TODO: check
+CVE-2023-41968 (This issue was addressed with improved validation of symlinks.
This is ...)
+ TODO: check
+CVE-2023-41888 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-41878 (MeterSphere is a one-stop open source continuous testing
platform, cov ...)
+ TODO: check
+CVE-2023-41335 (Synapse is an open-source Matrix homeserver written and
maintained by ...)
+ TODO: check
+CVE-2023-41333 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2023-41332 (Cilium is a networking, observability, and security solution
with an e ...)
+ TODO: check
+CVE-2023-41326 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-41324 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-41323 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-41322 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-41321 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-41320 (GLPI stands for Gestionnaire Libre de Parc Informatique is a
Free Asse ...)
+ TODO: check
+CVE-2023-41232 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2023-41174 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-41079 (The issue was addressed with improved permissions logic. This
issue is ...)
+ TODO: check
+CVE-2023-41078 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
+CVE-2023-41074 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2023-41073 (An authorization issue was addressed with improved state
management. T ...)
+ TODO: check
+CVE-2023-41071 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2023-41070 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-41068 (An access issue was addressed with improved access
restrictions. This ...)
+ TODO: check
+CVE-2023-41067 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-41066 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
+CVE-2023-41065 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-41063 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40677 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
+ TODO: check
+CVE-2023-40676 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jaso ...)
+ TODO: check
+CVE-2023-40675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Plug ...)
+ TODO: check
+CVE-2023-40669 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-40668 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pdfc ...)
+ TODO: check
+CVE-2023-40667 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Lasso Si ...)
+ TODO: check
+CVE-2023-40665 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pdfc ...)
+ TODO: check
+CVE-2023-40664 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
RedNao D ...)
+ TODO: check
+CVE-2023-40663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Rextheme ...)
+ TODO: check
+CVE-2023-40605 (Auth. (contributor) Cross-Site Scripting (XSS) vulnerability
in 93digi ...)
+ TODO: check
+CVE-2023-40604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jes ...)
+ TODO: check
+CVE-2023-40541 (This issue was addressed by adding an additional prompt for
user conse ...)
+ TODO: check
+CVE-2023-40520 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2023-40456 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2023-40455 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-40454 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-40452 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2023-40451 (This issue was addressed with improved iframe sandbox
enforcement. Thi ...)
+ TODO: check
+CVE-2023-40450 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-40448 (The issue was addressed with improved handling of protocols.
This issu ...)
+ TODO: check
+CVE-2023-40443 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-40441 (A resource exhaustion issue was addressed with improved input
validati ...)
+ TODO: check
+CVE-2023-40436 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2023-40435 (This issue was addressed by enabling hardened runtime. This
issue is f ...)
+ TODO: check
+CVE-2023-40434 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
+CVE-2023-40432 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40431 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40429 (A permissions issue was addressed with improved validation.
This issue ...)
+ TODO: check
+CVE-2023-40428 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2023-40427 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2023-40426 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-40424 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-40422 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40420 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40419 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2023-40418 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
+CVE-2023-40417 (A window management issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2023-40412 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40410 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2023-40409 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40407 (The issue was addressed with improved bounds checks. This
issue is fix ...)
+ TODO: check
+CVE-2023-40406 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-40403 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40402 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-40400 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2023-40399 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40395 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2023-40391 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-40388 (A privacy issue was addressed with improved handling of
temporary file ...)
+ TODO: check
+CVE-2023-40386 (A privacy issue was addressed with improved handling of
temporary file ...)
+ TODO: check
+CVE-2023-40384 (A permissions issue was addressed with improved redaction of
sensitive ...)
+ TODO: check
+CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Milan Pe ...)
+ TODO: check
+CVE-2023-39434 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2023-39233 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-38615 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-38596 (The issue was addressed with improved handling of protocols.
This issu ...)
+ TODO: check
+CVE-2023-38586 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
+CVE-2023-37448 (A lock screen issue was addressed with improved state
management. This ...)
+ TODO: check
+CVE-2023-35990 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-35984 (The issue was addressed with improved checks. This issue is
fixed in t ...)
+ TODO: check
+CVE-2023-35793 (An issue was discovered in Cassia Access Controller
2.1.1.2303271039. ...)
+ TODO: check
+CVE-2023-35074 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-32421 (A privacy issue was addressed with improved handling of
temporary file ...)
+ TODO: check
+CVE-2023-32396 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ TODO: check
+CVE-2023-32377 (A buffer overflow issue was addressed with improved memory
handling. T ...)
+ TODO: check
+CVE-2023-32361 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to
versions 9. ...)
+ TODO: check
+CVE-2023-29497 (A privacy issue was addressed with improved handling of
temporary file ...)
+ TODO: check
CVE-2023-43040 [Improperly verified POST keys]
- ceph <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10
@@ -145,7 +391,7 @@ CVE-2023-4258 (In Bluetooth mesh implementation If
provisionee has a public key
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-43457 (An issue in Service Provider Management System v.1.0 allows a
remote a ...)
NOT-FOR-US: Service Provider Management System
-CVE-2023-43326 (mooSocial v3.1.8 was discovered to contain a cross-site
scripting (XSS ...)
+CVE-2023-43326 (A reflected cross-site scripting (XSS) vulnerability exisits
in multip ...)
NOT-FOR-US: mooSocial
CVE-2023-43325 (A reflected cross-site scripting (XSS) vulnerability in the
data[redir ...)
NOT-FOR-US: mooSocial
@@ -508,11 +754,11 @@ CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory
Traversal. The download
TODO: check
CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
NOT-FOR-US: Dreamer CMS
-CVE-2023-41993 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+CVE-2023-41993 (The issue was addressed with improved checks. This issue is
fixed in S ...)
TODO: check
-CVE-2023-41992 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+CVE-2023-41992 (The issue was addressed with improved checks. This issue is
fixed in m ...)
TODO: check
-CVE-2023-41991 (A certificate validation issue was addressed. This issue is
fixed in i ...)
+CVE-2023-41991 (A certificate validation issue was addressed. This issue is
fixed in m ...)
TODO: check
CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image`
fields targe ...)
NOT-FOR-US: plone.namedfile
@@ -20257,8 +20503,8 @@ CVE-2023-30473 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ma
NOT-FOR-US: WordPress Plugin
CVE-2023-30472
RESERVED
-CVE-2023-30471
- RESERVED
+CVE-2023-30471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Cornel R ...)
+ TODO: check
CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode
generati ...)
NOT-FOR-US: Facebook Hermes
CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in
drivers/nfc/st-nci/n ...)
@@ -25176,8 +25422,8 @@ CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in I
NOT-FOR-US: WordPress plugin
CVE-2023-28791
RESERVED
-CVE-2023-28790
- RESERVED
+CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Bre ...)
+ TODO: check
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Cimatti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28788
@@ -26188,8 +26434,8 @@ CVE-2023-28492
RESERVED
CVE-2023-28491
RESERVED
-CVE-2023-28490
- RESERVED
+CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Estatik ...)
+ TODO: check
CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE
(All vers ...)
NOT-FOR-US: Siemens
CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate
the ge ...)
@@ -29204,8 +29450,8 @@ CVE-2023-27630
RESERVED
CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27628
- RESERVED
+CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
eggemplo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27626
@@ -29216,8 +29462,8 @@ CVE-2023-27624 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-27623
RESERVED
-CVE-2023-27622
- RESERVED
+CVE-2023-27622 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Abel ...)
+ TODO: check
CVE-2023-27621 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in MrDe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS)
vulnerability i ...)
@@ -29226,10 +29472,10 @@ CVE-2023-27619 (Auth (subscriber+) Reflected
Cross-Site Scripting (XSS) vulnerab
NOT-FOR-US: WordPress theme
CVE-2023-27618 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in AGI ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27617
- RESERVED
-CVE-2023-27616
- RESERVED
+CVE-2023-27617 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Davi ...)
+ TODO: check
+CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
David F. Ca ...)
+ TODO: check
CVE-2023-27615
RESERVED
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian
Haycox ...)
@@ -35662,8 +35908,8 @@ CVE-2023-25485 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Oliv ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25483
- RESERVED
+CVE-2023-25483 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Anki ...)
+ TODO: check
CVE-2023-25482 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel
WP Tile ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove
Podlove Sub ...)
@@ -39957,8 +40203,8 @@ CVE-2023-23960
RESERVED
CVE-2023-23959
RESERVED
-CVE-2023-23958
- RESERVED
+CVE-2023-23958 (Symantec Protection Engine, prior to 9.1.0, may be susceptible
to a Ha ...)
+ TODO: check
CVE-2023-23957 (An authenticated user can see and modify the value for
\u2018next\u201 ...)
NOT-FOR-US: Symantec Identity Portal
CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will
be exec ...)
@@ -41468,8 +41714,8 @@ CVE-2023-23497 (A logic issue was addressed with
improved state management. This
NOT-FOR-US: Apple
CVE-2023-23496 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
-CVE-2023-23495
- RESERVED
+CVE-2023-23495 (A permissions issue was addressed with improved redaction of
sensitive ...)
+ TODO: check
CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking.
This is ...)
NOT-FOR-US: Apple
CVE-2023-23493 (A logic issue was addressed with improved state management.
This issue ...)
@@ -151975,8 +152221,8 @@ CVE-2021-38245
RESERVED
CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability
exits in ...)
NOT-FOR-US: cbioportal
-CVE-2021-38243
- RESERVED
+CVE-2021-38243 (xunruicms <=4.5.1 is vulnerable to Remote Code Execution.)
+ TODO: check
CVE-2021-38242
RESERVED
CVE-2021-38241 (Deserialization issue discovered in Ruoyi before 4.6.1 allows
remote a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7a17ded5df3e81d4a45a3a93868bc5236d0f7a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7a17ded5df3e81d4a45a3a93868bc5236d0f7a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
