Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ef0dfcf by security tracker role at 2023-09-29T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2023-5289 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
+ TODO: check
+CVE-2023-5288 (A remote unauthorized attacker may connect to the SIM1012,
interact wi ...)
+ TODO: check
+CVE-2023-5287 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
+ TODO: check
+CVE-2023-5286 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-5285 (A vulnerability classified as critical was found in Tongda OA
2017. Af ...)
+ TODO: check
+CVE-2023-5284 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-5283 (A vulnerability was found in SourceCodester Engineers Online
Portal 1. ...)
+ TODO: check
+CVE-2023-5282 (A vulnerability was found in SourceCodester Engineers Online
Portal 1. ...)
+ TODO: check
+CVE-2023-5281 (A vulnerability was found in SourceCodester Engineers Online
Portal 1. ...)
+ TODO: check
+CVE-2023-5280 (A vulnerability was found in SourceCodester Engineers Online
Portal 1. ...)
+ TODO: check
+CVE-2023-5279 (A vulnerability has been found in SourceCodester Engineers
Online Port ...)
+ TODO: check
+CVE-2023-5278 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-5277 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-5276 (A vulnerability classified as critical was found in
SourceCodester Eng ...)
+ TODO: check
+CVE-2023-5273 (A vulnerability classified as problematic was found in
SourceCodester ...)
+ TODO: check
+CVE-2023-5272 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2023-5271 (A vulnerability was found in SourceCodester Best Courier
Management Sy ...)
+ TODO: check
+CVE-2023-5270 (A vulnerability was found in SourceCodester Best Courier
Management Sy ...)
+ TODO: check
+CVE-2023-5269 (A vulnerability was found in SourceCodester Best Courier
Management Sy ...)
+ TODO: check
+CVE-2023-5268 (A vulnerability was found in DedeBIZ 6.2 and classified as
critical. T ...)
+ TODO: check
+CVE-2023-5267 (A vulnerability has been found in Tongda OA 2017 and classified
as cri ...)
+ TODO: check
+CVE-2023-5266 (A vulnerability, which was classified as critical, was found in
DedeBI ...)
+ TODO: check
+CVE-2023-5265 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2023-5264 (A vulnerability classified as critical was found in huakecms
3.0. Affe ...)
+ TODO: check
+CVE-2023-5263 (A vulnerability was found in ZZZCMS 2.1.7 and classified as
critical. ...)
+ TODO: check
+CVE-2023-5262 (A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and
classif ...)
+ TODO: check
+CVE-2023-5261 (A vulnerability, which was classified as critical, was found in
Tongda ...)
+ TODO: check
+CVE-2023-5260 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2023-5259 (A vulnerability classified as problematic was found in ForU
CMS. This ...)
+ TODO: check
+CVE-2023-5258 (A vulnerability classified as critical has been found in
OpenRapid Rap ...)
+ TODO: check
+CVE-2023-5257 (A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on
Windows. It ...)
+ TODO: check
+CVE-2023-5196 (Mattermost fails to enforce character limits in all possible
notificat ...)
+ TODO: check
+CVE-2023-5195 (Mattermost fails to properly validate the permissions when soft
deleti ...)
+ TODO: check
+CVE-2023-5194 (Mattermost fails to properly validate permissions when demoting
and de ...)
+ TODO: check
+CVE-2023-5193 (Mattermost fails to properly check permissions when retrieving
a post ...)
+ TODO: check
+CVE-2023-5159 (Mattermost fails to properly verify the permissions when
managing/upda ...)
+ TODO: check
+CVE-2023-43944 (A Stored Cross Site Scripting (XSS) vulnerability was found in
SourceC ...)
+ TODO: check
+CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to
contain ...)
+ TODO: check
+CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a
composer. ...)
+ TODO: check
+CVE-2023-41691 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Pensopay ...)
+ TODO: check
+CVE-2023-41687 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-41666 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-41663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Giovamba ...)
+ TODO: check
+CVE-2023-41662 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ulf Benj ...)
+ TODO: check
+CVE-2023-41661 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pres ...)
+ TODO: check
+CVE-2023-41658 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
+ TODO: check
+CVE-2023-41657 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Grou ...)
+ TODO: check
+CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Andr ...)
+ TODO: check
+CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions
starting ...)
+ TODO: check
+CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write
response' pac ...)
+ TODO: check
+CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible
for a r ...)
+ TODO: check
+CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
UserFeedbac ...)
+ TODO: check
CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions
prior to ...)
TODO: check
CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an
Insecure File ...)
@@ -42,7 +146,7 @@ CVE-2023-44164 (The 'Email' parameter of the
process_login.php resource does no
TODO: check
CVE-2023-44163 (The 'search' parameter of the process_search.php resource
does not va ...)
TODO: check
-CVE-2023-43740 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION]
on [PLATF ...)
+CVE-2023-43740 (Online Book Store Project v1.0 is vulnerable to an Insecure
File Uploa ...)
TODO: check
CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not
validate t ...)
TODO: check
@@ -260,6 +364,7 @@ CVE-2023-5222 (A vulnerability classified as critical was
found in Viessmann Vit
CVE-2023-5221 (A vulnerability classified as critical has been found in ForU
CMS. Thi ...)
NOT-FOR-US: ForU CMS
CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome
prior ...)
+ {DSA-5509-1 DSA-5508-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox <unfixed> (unimportant)
@@ -273,9 +378,11 @@ CVE-2023-5217 (Heap buffer overflow in vp8 encoding in
libvpx in Google Chrome p
NOTE: src:firefox and firefox-esr use the system libvpx starting in
bookworm and above. For
NOTE: older releases still needs the fixes in src:firefox-esr.
CVE-2023-5187 (Use after free in Extensions in Google Chrome prior to
117.0.5938.132 ...)
+ {DSA-5508-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5186 (Use after free in Passwords in Google Chrome prior to
117.0.5938.132 a ...)
+ {DSA-5508-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5184 (Two potential signed to unsigned conversion errors and buffer
overflow ...)
@@ -789,7 +896,7 @@ CVE-2023-34043 (VMware Aria Operations contains a local
privilege escalation vul
CVE-2023-32541 (A use-after-free vulnerability exists in the footerr
functionality of ...)
NOT-FOR-US: Hancom Office 2020 HWord
CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2,
and Thun ...)
- {DSA-5506-1}
+ {DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -813,7 +920,7 @@ CVE-2023-5172 (A hashtable in the Ion Engine could have
been mutated while ther
- firefox 118.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172
CVE-2023-5171 (During Ion compilation, a Garbage Collection could have
resulted in a ...)
- {DSA-5506-1}
+ {DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -824,7 +931,7 @@ CVE-2023-5170 (In canvas rendering, a compromised content
process could have cau
- firefox 118.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170
CVE-2023-5169 (A compromised content process could have provided malicious
data in a ...)
- {DSA-5506-1}
+ {DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -3157,6 +3264,7 @@ CVE-2023-29166 (A logic issue was addressed with improved
state management. This
CVE-2023-36851 (A Missing Authentication for Critical Function vulnerability
in Junipe ...)
NOT-FOR-US: Juniper
CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
+ {DLA-3588-1}
- vim 2:9.0.1894-1
[bookworm] - vim <no-dsa> (Minor issue)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -3329,6 +3437,7 @@ CVE-2023-4754 (Out-of-bounds Write in GitHub repository
gpac/gpac prior to 2.3-D
NOTE:
https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.)
+ {DLA-3588-1}
- vim 2:9.0.1894-1
[bookworm] - vim <no-dsa> (Minor issue)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -4049,6 +4158,7 @@ CVE-2023-41163 (A Reflected Cross-site scripting (XSS)
vulnerability in the file
CVE-2023-41041 (Graylog is a free and open log management platform. In a
multi-node Gr ...)
- graylog2 <itp> (bug #652273)
CVE-2023-41040 (GitPython is a python library used to interact with Git
repositories. ...)
+ {DLA-3589-1}
- python-git 3.1.36-1
[bookworm] - python-git <no-dsa> (Minor issue; can be fixed via point
release)
[bullseye] - python-git <no-dsa> (Minor issue; can be fixed via point
release)
@@ -33718,8 +33828,8 @@ CVE-2023-26220
RESERVED
CVE-2023-26219
RESERVED
-CVE-2023-26218
- RESERVED
+CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus
contain ...)
+ TODO: check
CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s
TIBCO EBX ...)
NOT-FOR-US: TIBICO Software
CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX
Add-ons contai ...)
@@ -207750,6 +207860,7 @@ CVE-2020-28465
CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the
schema f ...)
NOT-FOR-US: Node djv
CVE-2020-28463 (All versions of package reportlab are vulnerable to
Server-side Reques ...)
+ {DLA-3590-1}
- python-reportlab 3.5.55-1
[stretch] - python-reportlab <postponed> (Can be fixed in next DLA)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
@@ -278050,6 +278161,7 @@ CVE-2019-19451 (When GNOME Dia before 2019-11-27 is
launched with a filename arg
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/dia/commit/baa2df853f9fb770eedcf3d94c7f5becebc90bb9
NOTE: Negligible security impact, hang in end user tool
CVE-2019-19450 (paraparser in ReportLab before 3.5.31 allows remote code
execution bec ...)
+ {DLA-3590-1}
- python-reportlab 3.5.31-1
NOTE:
https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md#release-353115102019
NOTE: Fixed by:
https://hg.reportlab.com/hg-public/reportlab/rev/b117091a73c2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ef0dfcf9c4729e65d70dfb7f883f79b6aa1929a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ef0dfcf9c4729e65d70dfb7f883f79b6aa1929a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
