Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cbf9ed4d by security tracker role at 2023-10-03T08:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,153 @@ +CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/client com ...) + TODO: check +CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + TODO: check +CVE-2023-5334 (The WP Responsive header image slider plugin for WordPress is vulnerab ...) + TODO: check +CVE-2023-5290 + REJECTED +CVE-2023-5160 (Mattermost fails to check the Show Full Name option at the /api/v4/tea ...) + TODO: check +CVE-2023-5106 (An issue has been discovered in Ultimate-licensed GitLab EE affecting ...) + TODO: check +CVE-2023-4659 (Cross-Site Request Forgery vulnerability, whose exploitation could all ...) + TODO: check +CVE-2023-44479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim ...) + TODO: check +CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-44474 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir ...) + TODO: check +CVE-2023-44463 (An issue was discovered in pretix before 2023.7.1. Incorrect parsing o ...) + TODO: check +CVE-2023-44266 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewe ...) + TODO: check +CVE-2023-44265 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + TODO: check +CVE-2023-44264 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-44263 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riya ...) + TODO: check +CVE-2023-44262 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renz ...) + TODO: check +CVE-2023-44245 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Con ...) + TODO: check +CVE-2023-44244 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) + TODO: check +CVE-2023-44242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-44239 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobi ...) + TODO: check +CVE-2023-44230 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + TODO: check +CVE-2023-44228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + TODO: check +CVE-2023-44218 (A flaw within the SonicWall NetExtender Pre-Logon feature enables an u ...) + TODO: check +CVE-2023-44217 (A local privilege escalation vulnerability in SonicWall Net Extender M ...) + TODO: check +CVE-2023-44145 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesw ...) + TODO: check +CVE-2023-44144 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox ...) + TODO: check +CVE-2023-44012 (Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a re ...) + TODO: check +CVE-2023-44011 (An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute a ...) + TODO: check +CVE-2023-44009 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...) + TODO: check +CVE-2023-44008 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...) + TODO: check +CVE-2023-43980 (Presto Changeo testsitecreator up to v1.1.1 was discovered to contain ...) + TODO: check +CVE-2023-43893 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + TODO: check +CVE-2023-43892 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + TODO: check +CVE-2023-43891 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + TODO: check +CVE-2023-43890 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + TODO: check +CVE-2023-43836 (There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, ...) + TODO: check +CVE-2023-43835 (Super Store Finder 3.7 and below is vulnerable to authenticated Arbitr ...) + TODO: check +CVE-2023-43627 (Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earl ...) + TODO: check +CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local a ...) + TODO: check +CVE-2023-43297 (An issue in animal-art-lab v13.6.1 allows attackers to send crafted no ...) + TODO: check +CVE-2023-43268 (Deyue Remote Vehicle Management System v1.1 was discovered to contain ...) + TODO: check +CVE-2023-43267 (A cross-site scripting (XSS) vulnerability in the publish article func ...) + TODO: check +CVE-2023-42771 (Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 a ...) + TODO: check +CVE-2023-41859 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Asho ...) + TODO: check +CVE-2023-41856 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToT ...) + TODO: check +CVE-2023-41855 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regp ...) + TODO: check +CVE-2023-41847 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-41800 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniC ...) + TODO: check +CVE-2023-41797 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-41580 (Phpipam before v1.5.2 was discovered to contain a LDAP injection vulne ...) + TODO: check +CVE-2023-41086 (Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTE ...) + TODO: check +CVE-2023-40744 + REJECTED +CVE-2023-3967 (Allocation of Resources Without Limits or Throttling vulnerability in ...) + TODO: check +CVE-2023-3770 (Incorrect validation vulnerability of the data entered, allowing an at ...) + TODO: check +CVE-2023-3769 (Incorrect data input validation vulnerability, which could allow an at ...) + TODO: check +CVE-2023-3768 (Incorrect data input validation vulnerability, which could allow an at ...) + TODO: check +CVE-2023-3744 (Server-Side Request Forgery vulnerability in SLims version 9.6.0. This ...) + TODO: check +CVE-2023-3656 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...) + TODO: check +CVE-2023-3655 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...) + TODO: check +CVE-2023-3440 (Incorrect Default Permissions vulnerability in Hitachi JP1/Performance ...) + TODO: check +CVE-2023-3335 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) + TODO: check +CVE-2023-39429 (Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN acce ...) + TODO: check +CVE-2023-39222 (OS command injection vulnerability in FURUNO SYSTEMS wireless LAN acce ...) + TODO: check +CVE-2023-37605 (Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23. ...) + TODO: check +CVE-2023-36628 (A flaw exists in VASA which allows users with access to a vSphere/ESXi ...) + TODO: check +CVE-2023-36627 (A flaw exists in FlashBlade Purity whereby a user with access to an ad ...) + TODO: check +CVE-2023-33039 (Memory corruption in Automotive Display while destroying the image han ...) + TODO: check +CVE-2023-33035 (Memory corruption while invoking callback function of AFE from ADSP.) + TODO: check +CVE-2023-33034 (Memory corruption while parsing the ADSP response command.) + TODO: check +CVE-2023-33029 (Memory corruption in DSP Service during a remote call from HLOS to DSP ...) + TODO: check +CVE-2023-33028 (Memory corruption in WLAN Firmware while doing a memory copy of pmk ca ...) + TODO: check +CVE-2023-33027 (Transient DOS in WLAN Firmware while parsing rsn ies.) + TODO: check +CVE-2023-33026 (Transient DOS in WLAN Firmware while parsing a NAN management frame.) + TODO: check +CVE-2023-32572 (A flaw exists in FlashArray Purity wherein under limited circumstances ...) + TODO: check +CVE-2015-10124 (A vulnerability was found in Most Popular Posts Widget Plugin up to 0. ...) + TODO: check CVE-2023-5329 (A vulnerability classified as problematic was found in Field Logic Dat ...) NOT-FOR-US: Field Logic DataCube4 CVE-2023-5328 (A vulnerability classified as critical has been found in SATO CL4NX-J ...) @@ -530,6 +680,7 @@ CVE-2023-42117 [Exim Improper Neutralization of Special Elements Remote Code Exe NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability] + {DSA-5512-1 DLA-3599-1} - exim4 4.97~RC1-2 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1470/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3000 @@ -538,6 +689,7 @@ CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Exec NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability] + {DSA-5512-1} - exim4 4.97~RC1-2 [buster] - exim4 <not-affected> (External authenticator support was introduced later) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ @@ -547,6 +699,7 @@ CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerabilit NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability] + {DSA-5512-1 DLA-3599-1} - exim4 4.97~RC1-2 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1468/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3001 @@ -19334,8 +19487,8 @@ CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 l NOT-FOR-US: EnterpriseDB CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask variab ...) NOT-FOR-US: Octopus Deploy -CVE-2023-31042 - RESERVED +CVE-2023-31042 (A flaw exists in FlashBlade Purity whereby an authenticated user with ...) + TODO: check CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with ker ...) NOT-FOR-US: Insyde CVE-2023-31040 @@ -27113,8 +27266,8 @@ CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command paramete NOT-FOR-US: Qualcomm CVE-2023-28572 RESERVED -CVE-2023-28571 - RESERVED +CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN scan des ...) + TODO: check CVE-2023-28570 RESERVED CVE-2023-28569 @@ -27175,10 +27328,10 @@ CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status informat NOT-FOR-US: Qualcomm CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...) NOT-FOR-US: Qualcomm -CVE-2023-28540 - RESERVED -CVE-2023-28539 - RESERVED +CVE-2023-28540 (Cryptographic issue in Data Modem due to improper authentication durin ...) + TODO: check +CVE-2023-28539 (Memory corruption in WLAN Host when the firmware invokes multiple WMI ...) + TODO: check CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update driver ...) NOT-FOR-US: Qualcomm CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...) @@ -27801,10 +27954,10 @@ CVE-2022-48423 (In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not val NOTE: NTFS3 driver not enabled in Debian CVE-2022-48421 RESERVED -CVE-2023-28373 - RESERVED -CVE-2023-28372 - RESERVED +CVE-2023-28373 (A flaw exists in FlashArray Purity whereby an array administrator by c ...) + TODO: check +CVE-2023-28372 (A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user w ...) + TODO: check CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are typic ...) - stellarium <unfixed> (bug #1034183) [bookworm] - stellarium <no-dsa> (Minor issue) @@ -34276,12 +34429,12 @@ CVE-2023-26154 RESERVED CVE-2023-26153 RESERVED -CVE-2023-26152 - RESERVED -CVE-2023-26151 - RESERVED -CVE-2023-26150 - RESERVED +CVE-2023-26152 (All versions of the package static-server are vulnerable to Directory ...) + TODO: check +CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable to Denial ...) + TODO: check +CVE-2023-26150 (Versions of the package asyncua before 0.9.96 are vulnerable to Improp ...) + TODO: check CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...) TODO: check CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to CRLF Injec ...) @@ -35654,14 +35807,13 @@ CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on th NOT-FOR-US: Omron CJ1M CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) NOT-FOR-US: btcpayserver -CVE-2023-0809 - RESERVED +CVE-2023-0809 (In Mosquitto before 2.0.16, excessive memory is allocated based on mal ...) {DSA-5511-1} - mosquitto 2.0.17-1 [buster] - mosquitto <not-affected> (The vulnerable code was introduced later) NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ NOTE: Fixed by https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad -CVE-2023-3592 +CVE-2023-3592 (In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 ...) {DSA-5511-1} - mosquitto 2.0.17-1 [buster] - mosquitto <not-affected> (The vulnerable code was introduced later) @@ -38385,32 +38537,32 @@ CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not pr NOT-FOR-US: WordPress plugin CVE-2023-0601 RESERVED -CVE-2023-24855 - RESERVED +CVE-2023-24855 (Memory corruption in Modem while processing security related configura ...) + TODO: check CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...) NOT-FOR-US: Qualcomm -CVE-2023-24853 - RESERVED +CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...) + TODO: check CVE-2023-24852 RESERVED CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...) NOT-FOR-US: Qualcomm -CVE-2023-24850 - RESERVED -CVE-2023-24849 - RESERVED -CVE-2023-24848 - RESERVED -CVE-2023-24847 - RESERVED +CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...) + TODO: check +CVE-2023-24849 (Information Disclosure in data Modem while parsing an FMTP line in an ...) + TODO: check +CVE-2023-24848 (Information Disclosure in Data Modem while performing a VoLTE call wit ...) + TODO: check +CVE-2023-24847 (Transient DOS in Modem while allocating DSM items.) + TODO: check CVE-2023-24846 RESERVED CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens -CVE-2023-24844 - RESERVED -CVE-2023-24843 - RESERVED +CVE-2023-24844 (Memory Corruption in Core while invoking a call to Access Control core ...) + TODO: check +CVE-2023-24843 (Transient DOS in Modem while triggering a camping on an 5G cell.) + TODO: check CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...) NOT-FOR-US: HGiga MailSherlock CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...) @@ -47718,14 +47870,14 @@ CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write NOT-FOR-US: Qualcomm CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...) NOT-FOR-US: Qualcomm -CVE-2023-22385 - RESERVED -CVE-2023-22384 - RESERVED +CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT VOLTE cal ...) + TODO: check +CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast Message ...) + TODO: check CVE-2023-22383 RESERVED -CVE-2023-22382 - RESERVED +CVE-2023-22382 (Weak configuration in Automotive while VM is processing a listener req ...) + TODO: check CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) NOT-FOR-US: Sewio CVE-2022-47912 @@ -52464,8 +52616,8 @@ CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user NOT-FOR-US: WordPress plugin CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote low p ...) NOT-FOR-US: CODESYS -CVE-2023-21673 - RESERVED +CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Corrupti ...) + TODO: check CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...) NOT-FOR-US: Qualcomm CVE-2023-21671 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf9ed4d3f73606d76b06637c6d72cd10884a956 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf9ed4d3f73606d76b06637c6d72cd10884a956 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits