Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cbf9ed4d by security tracker role at 2023-10-03T08:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,153 @@
+CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's
fs/smb/client com ...)
+ TODO: check
+CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
+ TODO: check
+CVE-2023-5334 (The WP Responsive header image slider plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2023-5290
+ REJECTED
+CVE-2023-5160 (Mattermost fails to check the Show Full Name option at the
/api/v4/tea ...)
+ TODO: check
+CVE-2023-5106 (An issue has been discovered in Ultimate-licensed GitLab EE
affecting ...)
+ TODO: check
+CVE-2023-4659 (Cross-Site Request Forgery vulnerability, whose exploitation
could all ...)
+ TODO: check
+CVE-2023-44479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jim ...)
+ TODO: check
+CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-44474 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
MD Jakir ...)
+ TODO: check
+CVE-2023-44463 (An issue was discovered in pretix before 2023.7.1. Incorrect
parsing o ...)
+ TODO: check
+CVE-2023-44266 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jewe ...)
+ TODO: check
+CVE-2023-44265 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
+ TODO: check
+CVE-2023-44264 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-44263 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Riya ...)
+ TODO: check
+CVE-2023-44262 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Renz ...)
+ TODO: check
+CVE-2023-44245 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Leap Con ...)
+ TODO: check
+CVE-2023-44244 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
FooPlugi ...)
+ TODO: check
+CVE-2023-44242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-44239 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Jobi ...)
+ TODO: check
+CVE-2023-44230 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
+ TODO: check
+CVE-2023-44228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Gopi ...)
+ TODO: check
+CVE-2023-44218 (A flaw within the SonicWall NetExtender Pre-Logon feature
enables an u ...)
+ TODO: check
+CVE-2023-44217 (A local privilege escalation vulnerability in SonicWall Net
Extender M ...)
+ TODO: check
+CVE-2023-44145 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in jesw ...)
+ TODO: check
+CVE-2023-44144 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Dreamfox ...)
+ TODO: check
+CVE-2023-44012 (Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0
allows a re ...)
+ TODO: check
+CVE-2023-44011 (An issue in mojoPortal v.2.7.0.0 allows a remote attacker to
execute a ...)
+ TODO: check
+CVE-2023-44009 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a
remote atta ...)
+ TODO: check
+CVE-2023-44008 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a
remote atta ...)
+ TODO: check
+CVE-2023-43980 (Presto Changeo testsitecreator up to v1.1.1 was discovered to
contain ...)
+ TODO: check
+CVE-2023-43893 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2023-43892 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2023-43891 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2023-43890 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command
injection v ...)
+ TODO: check
+CVE-2023-43836 (There is a SQL injection vulnerability in the Jizhicms 2.4.9
backend, ...)
+ TODO: check
+CVE-2023-43835 (Super Store Finder 3.7 and below is vulnerable to
authenticated Arbitr ...)
+ TODO: check
+CVE-2023-43627 (Path traversal vulnerability in ACERA 1320 firmware ver.01.26
and earl ...)
+ TODO: check
+CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a
local a ...)
+ TODO: check
+CVE-2023-43297 (An issue in animal-art-lab v13.6.1 allows attackers to send
crafted no ...)
+ TODO: check
+CVE-2023-43268 (Deyue Remote Vehicle Management System v1.1 was discovered to
contain ...)
+ TODO: check
+CVE-2023-43267 (A cross-site scripting (XSS) vulnerability in the publish
article func ...)
+ TODO: check
+CVE-2023-42771 (Authentication bypass vulnerability in ACERA 1320 firmware
ver.01.26 a ...)
+ TODO: check
+CVE-2023-41859 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Asho ...)
+ TODO: check
+CVE-2023-41856 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ClickToT ...)
+ TODO: check
+CVE-2023-41855 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Regp ...)
+ TODO: check
+CVE-2023-41847 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-41800 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in UniC ...)
+ TODO: check
+CVE-2023-41797 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-41580 (Phpipam before v1.5.2 was discovered to contain a LDAP
injection vulne ...)
+ TODO: check
+CVE-2023-41086 (Cross-site request forgery (CSRF) vulnerability exists in
FURUNO SYSTE ...)
+ TODO: check
+CVE-2023-40744
+ REJECTED
+CVE-2023-3967 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
+ TODO: check
+CVE-2023-3770 (Incorrect validation vulnerability of the data entered,
allowing an at ...)
+ TODO: check
+CVE-2023-3769 (Incorrect data input validation vulnerability, which could
allow an at ...)
+ TODO: check
+CVE-2023-3768 (Incorrect data input validation vulnerability, which could
allow an at ...)
+ TODO: check
+CVE-2023-3744 (Server-Side Request Forgery vulnerability in SLims version
9.6.0. This ...)
+ TODO: check
+CVE-2023-3656 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung,
Entwic ...)
+ TODO: check
+CVE-2023-3655 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung,
Entwic ...)
+ TODO: check
+CVE-2023-3440 (Incorrect Default Permissions vulnerability in Hitachi
JP1/Performance ...)
+ TODO: check
+CVE-2023-3335 (Insertion of Sensitive Information into Log File vulnerability
in Hita ...)
+ TODO: check
+CVE-2023-39429 (Cross-site scripting vulnerability in FURUNO SYSTEMS wireless
LAN acce ...)
+ TODO: check
+CVE-2023-39222 (OS command injection vulnerability in FURUNO SYSTEMS wireless
LAN acce ...)
+ TODO: check
+CVE-2023-37605 (Buffer Overflow vulnerability in baramundi software GmbH EMM
Agent 23. ...)
+ TODO: check
+CVE-2023-36628 (A flaw exists in VASA which allows users with access to a
vSphere/ESXi ...)
+ TODO: check
+CVE-2023-36627 (A flaw exists in FlashBlade Purity whereby a user with access
to an ad ...)
+ TODO: check
+CVE-2023-33039 (Memory corruption in Automotive Display while destroying the
image han ...)
+ TODO: check
+CVE-2023-33035 (Memory corruption while invoking callback function of AFE from
ADSP.)
+ TODO: check
+CVE-2023-33034 (Memory corruption while parsing the ADSP response command.)
+ TODO: check
+CVE-2023-33029 (Memory corruption in DSP Service during a remote call from
HLOS to DSP ...)
+ TODO: check
+CVE-2023-33028 (Memory corruption in WLAN Firmware while doing a memory copy
of pmk ca ...)
+ TODO: check
+CVE-2023-33027 (Transient DOS in WLAN Firmware while parsing rsn ies.)
+ TODO: check
+CVE-2023-33026 (Transient DOS in WLAN Firmware while parsing a NAN management
frame.)
+ TODO: check
+CVE-2023-32572 (A flaw exists in FlashArray Purity wherein under limited
circumstances ...)
+ TODO: check
+CVE-2015-10124 (A vulnerability was found in Most Popular Posts Widget Plugin
up to 0. ...)
+ TODO: check
CVE-2023-5329 (A vulnerability classified as problematic was found in Field
Logic Dat ...)
NOT-FOR-US: Field Logic DataCube4
CVE-2023-5328 (A vulnerability classified as critical has been found in SATO
CL4NX-J ...)
@@ -530,6 +680,7 @@ CVE-2023-42117 [Exim Improper Neutralization of Special
Elements Remote Code Exe
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer Overflow Remote Code
Execution Vulnerability]
+ {DSA-5512-1 DLA-3599-1}
- exim4 4.97~RC1-2
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1470/
NOTE: https://bugs.exim.org/show_bug.cgi?id=3000
@@ -538,6 +689,7 @@ CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer
Overflow Remote Code Exec
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code Execution
Vulnerability]
+ {DSA-5512-1}
- exim4 4.97~RC1-2
[buster] - exim4 <not-affected> (External authenticator support was
introduced later)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
@@ -547,6 +699,7 @@ CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code
Execution Vulnerabilit
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure
Vulnerability]
+ {DSA-5512-1 DLA-3599-1}
- exim4 4.97~RC1-2
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1468/
NOTE: https://bugs.exim.org/show_bug.cgi?id=3001
@@ -19334,8 +19487,8 @@ CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced
Server (EPAS) before 14.6.0 l
NOT-FOR-US: EnterpriseDB
CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask
variab ...)
NOT-FOR-US: Octopus Deploy
-CVE-2023-31042
- RESERVED
+CVE-2023-31042 (A flaw exists in FlashBlade Purity whereby an authenticated
user with ...)
+ TODO: check
CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O
with ker ...)
NOT-FOR-US: Insyde
CVE-2023-31040
@@ -27113,8 +27266,8 @@ CVE-2023-28573 (Memory corruption in WLAN HAL while
parsing WMI command paramete
NOT-FOR-US: Qualcomm
CVE-2023-28572
RESERVED
-CVE-2023-28571
- RESERVED
+CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN
scan des ...)
+ TODO: check
CVE-2023-28570
RESERVED
CVE-2023-28569
@@ -27175,10 +27328,10 @@ CVE-2023-28542 (Memory Corruption in WLAN HOST while
fetching TX status informat
NOT-FOR-US: Qualcomm
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer
release ev ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28540
- RESERVED
-CVE-2023-28539
- RESERVED
+CVE-2023-28540 (Cryptographic issue in Data Modem due to improper
authentication durin ...)
+ TODO: check
+CVE-2023-28539 (Memory corruption in WLAN Host when the firmware invokes
multiple WMI ...)
+ TODO: check
CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update
driver ...)
NOT-FOR-US: Qualcomm
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module
in Audi ...)
@@ -27801,10 +27954,10 @@ CVE-2022-48423 (In the Linux kernel before 6.1.3,
fs/ntfs3/record.c does not val
NOTE: NTFS3 driver not enabled in Debian
CVE-2022-48421
RESERVED
-CVE-2023-28373
- RESERVED
-CVE-2023-28372
- RESERVED
+CVE-2023-28373 (A flaw exists in FlashArray Purity whereby an array
administrator by c ...)
+ TODO: check
+CVE-2023-28372 (A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby
a user w ...)
+ TODO: check
CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that
are typic ...)
- stellarium <unfixed> (bug #1034183)
[bookworm] - stellarium <no-dsa> (Minor issue)
@@ -34276,12 +34429,12 @@ CVE-2023-26154
RESERVED
CVE-2023-26153
RESERVED
-CVE-2023-26152
- RESERVED
-CVE-2023-26151
- RESERVED
-CVE-2023-26150
- RESERVED
+CVE-2023-26152 (All versions of the package static-server are vulnerable to
Directory ...)
+ TODO: check
+CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable
to Denial ...)
+ TODO: check
+CVE-2023-26150 (Versions of the package asyncua before 0.9.96 are vulnerable
to Improp ...)
+ TODO: check
CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are
vulnerable to C ...)
TODO: check
CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to
CRLF Injec ...)
@@ -35654,14 +35807,13 @@ CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has
improper access controls on th
NOT-FOR-US: Omron CJ1M
CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository
btcpayserver/ ...)
NOT-FOR-US: btcpayserver
-CVE-2023-0809
- RESERVED
+CVE-2023-0809 (In Mosquitto before 2.0.16, excessive memory is allocated based
on mal ...)
{DSA-5511-1}
- mosquitto 2.0.17-1
[buster] - mosquitto <not-affected> (The vulnerable code was introduced
later)
NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/
NOTE: Fixed by
https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad
-CVE-2023-3592
+CVE-2023-3592 (In Mosquitto before 2.0.16, a memory leak occurs when clients
send v5 ...)
{DSA-5511-1}
- mosquitto 2.0.17-1
[buster] - mosquitto <not-affected> (The vulnerable code was introduced
later)
@@ -38385,32 +38537,32 @@ CVE-2023-0602 (The Twittee Text Tweet WordPress
plugin through 1.0.8 does not pr
NOT-FOR-US: WordPress plugin
CVE-2023-0601
RESERVED
-CVE-2023-24855
- RESERVED
+CVE-2023-24855 (Memory corruption in Modem while processing security related
configura ...)
+ TODO: check
CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware
respons ...)
NOT-FOR-US: Qualcomm
-CVE-2023-24853
- RESERVED
+CVE-2023-24853 (Memory Corruption in HLOS while registering for key
provisioning notif ...)
+ TODO: check
CVE-2023-24852
RESERVED
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response
message from ...)
NOT-FOR-US: Qualcomm
-CVE-2023-24850
- RESERVED
-CVE-2023-24849
- RESERVED
-CVE-2023-24848
- RESERVED
-CVE-2023-24847
- RESERVED
+CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key
into Key ...)
+ TODO: check
+CVE-2023-24849 (Information Disclosure in data Modem while parsing an FMTP
line in an ...)
+ TODO: check
+CVE-2023-24848 (Information Disclosure in Data Modem while performing a VoLTE
call wit ...)
+ TODO: check
+CVE-2023-24847 (Transient DOS in Modem while allocating DSM items.)
+ TODO: check
CVE-2023-24846
RESERVED
CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
-CVE-2023-24844
- RESERVED
-CVE-2023-24843
- RESERVED
+CVE-2023-24844 (Memory Corruption in Core while invoking a call to Access
Control core ...)
+ TODO: check
+CVE-2023-24843 (Transient DOS in Modem while triggering a camping on an 5G
cell.)
+ TODO: check
CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access
control. A ...)
NOT-FOR-US: HGiga MailSherlock
CVE-2023-24841 (HGiga MailSherlock query function for connection log has a
vulnerabili ...)
@@ -47718,14 +47870,14 @@ CVE-2023-22387 (Arbitrary memory overwrite when VM
gets compromised in TX write
NOT-FOR-US: Qualcomm
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW
request to all ...)
NOT-FOR-US: Qualcomm
-CVE-2023-22385
- RESERVED
-CVE-2023-22384
- RESERVED
+CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT
VOLTE cal ...)
+ TODO: check
+CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast
Message ...)
+ TODO: check
CVE-2023-22383
RESERVED
-CVE-2023-22382
- RESERVED
+CVE-2023-22382 (Weak configuration in Automotive while VM is processing a
listener req ...)
+ TODO: check
CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version
2.0.0 up ...)
NOT-FOR-US: Sewio
CVE-2022-47912
@@ -52464,8 +52616,8 @@ CVE-2022-4323 (The Analyticator WordPress plugin before
6.5.6 unserializes user
NOT-FOR-US: WordPress plugin
CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an
remote low p ...)
NOT-FOR-US: CODESYS
-CVE-2023-21673
- RESERVED
+CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory
Corrupti ...)
+ TODO: check
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel
playback or ...)
NOT-FOR-US: Qualcomm
CVE-2023-21671
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf9ed4d3f73606d76b06637c6d72cd10884a956
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf9ed4d3f73606d76b06637c6d72cd10884a956
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
