Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c634e94 by security tracker role at 2023-10-03T20:14:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,141 @@
+CVE-2023-5353 (Improper Access Control in GitHub repository
salesagility/suitecrm pri ...)
+ TODO: check
+CVE-2023-5351 (Cross-site Scripting (XSS) - Stored in GitHub repository
salesagility/ ...)
+ TODO: check
+CVE-2023-5350 (SQL Injection in GitHub repository salesagility/suitecrm prior
to 7.14 ...)
+ TODO: check
+CVE-2023-5255 (For certificates that utilize the auto-renew feature in Puppet
Server, ...)
+ TODO: check
+CVE-2023-4929 (All firmware versions of the NPort 5000 Series are affected by
an impr ...)
+ TODO: check
+CVE-2023-4886 (A sensitive information exposure vulnerability was found in
foreman. C ...)
+ TODO: check
+CVE-2023-4885 (Man in the Middle vulnerability, which could allow an attacker
to inte ...)
+ TODO: check
+CVE-2023-4884 (An attacker could send an HTTP request to an Open5GS endpoint
and retr ...)
+ TODO: check
+CVE-2023-4883 (Invalid pointer release vulnerability. Exploitation of this
vulnerabil ...)
+ TODO: check
+CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a
new VNF ( ...)
+ TODO: check
+CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload
maliciou ...)
+ TODO: check
+CVE-2023-4732 (A flaw was found in the Linux Kernel's memory management
subsytem. A t ...)
+ TODO: check
+CVE-2023-4564 (This vulnerability could allow an attacker to store a malicious
JavaSc ...)
+ TODO: check
+CVE-2023-4103 (QSige statistics are affected by a remote SQLi vulnerability.
It has b ...)
+ TODO: check
+CVE-2023-4102 (QSige login SSO does not have an access control mechanism to
verify wh ...)
+ TODO: check
+CVE-2023-4101 (The QSige login SSO does not have an access control mechanism
to verif ...)
+ TODO: check
+CVE-2023-4100 (Allows an attacker to perform XSS attacks stored on certain
resources. ...)
+ TODO: check
+CVE-2023-4099 (The QSige Monitor application does not have an access control
mechanis ...)
+ TODO: check
+CVE-2023-4098 (It has been identified that the web application does not
correctly fil ...)
+ TODO: check
+CVE-2023-4097 (The file upload functionality is not implemented correctly and
allows ...)
+ TODO: check
+CVE-2023-43976 (An issue in CatoNetworks CatoClient before v.5.4.0 allows
attackers to ...)
+ TODO: check
+CVE-2023-42508 (JFrog Artifactory prior to version 7.66.0 is vulnerable to
specific en ...)
+ TODO: check
+CVE-2023-41693 (Cross-Site Request Forgery (CSRF) vulnerability in
edward_plainview My ...)
+ TODO: check
+CVE-2023-41244 (Cross-Site Request Forgery (CSRF) vulnerability in Buildfail
Localize ...)
+ TODO: check
+CVE-2023-40830 (Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the
Index p ...)
+ TODO: check
+CVE-2023-40558 (Cross-Site Request Forgery (CSRF) vulnerability in eMarket
Design YouT ...)
+ TODO: check
+CVE-2023-40212 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore
Product ...)
+ TODO: check
+CVE-2023-40210 (Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton
(Tortoi ...)
+ TODO: check
+CVE-2023-40202 (Cross-Site Request Forgery (CSRF) vulnerability in Hannes
Etzelstorfer ...)
+ TODO: check
+CVE-2023-40201 (Cross-Site Request Forgery (CSRF) vulnerability inFuturioWP
Futurio Ex ...)
+ TODO: check
+CVE-2023-40199 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP
Like But ...)
+ TODO: check
+CVE-2023-40198 (Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez
Easy Coo ...)
+ TODO: check
+CVE-2023-40009 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress
WP Pipes ...)
+ TODO: check
+CVE-2023-3654 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung,
Entwic ...)
+ TODO: check
+CVE-2023-3350 (A Cryptographic Issue vulnerability has been found on
IBERMATICA RPS, ...)
+ TODO: check
+CVE-2023-3349 (Information exposure vulnerability in IBERMATICA RPS 2019,
which explo ...)
+ TODO: check
+CVE-2023-3196 (This vulnerability could allow an attacker to store a malicious
JavaSc ...)
+ TODO: check
+CVE-2023-39989 (Cross-Site Request Forgery (CSRF) vulnerability in 99robots
Header Foo ...)
+ TODO: check
+CVE-2023-39923 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme
The Pos ...)
+ TODO: check
+CVE-2023-39917 (Cross-Site Request Forgery (CSRF) vulnerability in Photo
Gallery Team ...)
+ TODO: check
+CVE-2023-39165 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch
Designs Sign- ...)
+ TODO: check
+CVE-2023-39159 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore
Fraud P ...)
+ TODO: check
+CVE-2023-39158 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore
Banner ...)
+ TODO: check
+CVE-2023-38398 (Cross-Site Request Forgery (CSRF) vulnerability in Taboola
plugin <=2. ...)
+ TODO: check
+CVE-2023-38396 (Cross-Site Request Forgery (CSRF) vulnerability in Alain
Gonzalez plug ...)
+ TODO: check
+CVE-2023-38390 (Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs
Mobile ...)
+ TODO: check
+CVE-2023-38381 (Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly
WP-FlyB ...)
+ TODO: check
+CVE-2023-37998 (Cross-Site Request Forgery (CSRF) vulnerability in Saas
Disabler plugi ...)
+ TODO: check
+CVE-2023-37996 (Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix
GTmetrix f ...)
+ TODO: check
+CVE-2023-37992 (Cross-Site Request Forgery (CSRF) vulnerability in PressPage
Entertain ...)
+ TODO: check
+CVE-2023-37991 (Cross-Site Request Forgery (CSRF) vulnerability in
Monchito.Net WP Emo ...)
+ TODO: check
+CVE-2023-37990 (Cross-Site Request Forgery (CSRF) vulnerability in Mike
Perelink Pro p ...)
+ TODO: check
+CVE-2023-37891 (Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk
OptiMonk: ...)
+ TODO: check
+CVE-2023-34970 (A local non-privileged user can make improper GPU processing
operation ...)
+ TODO: check
+CVE-2023-33200 (A local non-privileged user can make improper GPU processing
operation ...)
+ TODO: check
+CVE-2023-32792 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog
Manager 5.6.5 ...)
+ TODO: check
+CVE-2023-32791 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog
Manager 5.6.5 ...)
+ TODO: check
+CVE-2023-32790 (Cross-Site Scripting (XSS) vulnerability in NXLog Manager
5.6.5633 ver ...)
+ TODO: check
+CVE-2023-32671 (A stored XSS vulnerability has been found on BuddyBoss
Platform affect ...)
+ TODO: check
+CVE-2023-32670 (Cross-Site Scripting vulnerability in BuddyBoss 2.2.9
version , whi ...)
+ TODO: check
+CVE-2023-32669 (Authorization bypass vulnerability in BuddyBoss 2.2.9 version,
the exp ...)
+ TODO: check
+CVE-2023-32091 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor
plugin <=0 ...)
+ TODO: check
+CVE-2023-2830 (Cross-Site Request Forgery (CSRF) vulnerability in
Trustindex.Io WP Te ...)
+ TODO: check
+CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version
1.0.0. ...)
+ TODO: check
+CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the
componen ...)
+ TODO: check
CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and
may leak sensitive information into the GRUB pager]
- grub2 2.12~rc1-11
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
CVE-2023-4692 [Crafted file system images can cause heap-based buffer overflow
and may allow arbitrary code execution and secure boot bypass]
- grub2 2.12~rc1-11
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
-CVE-2023-4911 [buffer overflow in dynamic loader's processing of the
GLIBC_TUNABLES environment variable]
+CVE-2023-4911 (A buffer overflow was discovered in the GNU C Library's dynamic
loader ...)
+ {DSA-5514-1}
- glibc 2.37-12
[buster] - glibc <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/2
@@ -777,7 +908,7 @@ CVE-2023-5222 (A vulnerability classified as critical was
found in Viessmann Vit
CVE-2023-5221 (A vulnerability classified as critical has been found in ForU
CMS. Thi ...)
NOT-FOR-US: ForU CMS
CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome
prior ...)
- {DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3598-1 DLA-3591-1}
+ {DSA-5513-1 DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3598-1 DLA-3591-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox <unfixed> (unimportant)
@@ -954,7 +1085,7 @@ CVE-2023-44216 (PVRIC (PowerVR Image Compression) on
Imagination 2018 and later
TODO: check
CVE-2023-44044 (Super Store Finder v3.6 and below was discovered to contain a
SQL inje ...)
NOT-FOR-US: Super Store Finder
-CVE-2023-44043 (A stored cross-site scripting (XSS) vulnerability in
/settings/index.p ...)
+CVE-2023-44043 (A reflected cross-site scripting (XSS) vulnerability in
/install/index ...)
NOT-FOR-US: Black Cat CMS
CVE-2023-44042 (A stored cross-site scripting (XSS) vulnerability in
/settings/index.p ...)
NOT-FOR-US: Black Cat CMS
@@ -1312,7 +1443,7 @@ CVE-2023-34043 (VMware Aria Operations contains a local
privilege escalation vul
CVE-2023-32541 (A use-after-free vulnerability exists in the footerr
functionality of ...)
NOT-FOR-US: Hancom Office 2020 HWord
CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2,
and Thun ...)
- {DSA-5506-1 DLA-3587-1}
+ {DSA-5513-1 DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -1336,7 +1467,7 @@ CVE-2023-5172 (A hashtable in the Ion Engine could have
been mutated while ther
- firefox 118.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172
CVE-2023-5171 (During Ion compilation, a Garbage Collection could have
resulted in a ...)
- {DSA-5506-1 DLA-3587-1}
+ {DSA-5513-1 DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -1347,7 +1478,7 @@ CVE-2023-5170 (In canvas rendering, a compromised content
process could have cau
- firefox 118.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170
CVE-2023-5169 (A compromised content process could have provided malicious
data in a ...)
- {DSA-5506-1 DLA-3587-1}
+ {DSA-5513-1 DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -2046,7 +2177,7 @@ CVE-2023-3892 (Improper Restriction of XML External
Entity Reference vulnerabili
NOT-FOR-US: MIM Assistant and Client DICOM RTst Loading modules
CVE-2023-38356 (MiniTool Power Data Recovery 11.6 contains an insecure
installation pr ...)
NOT-FOR-US: MiniTool Power Data Recovery
-CVE-2023-38355 (MiniTool Movie Maker 6.1.0 contains an insecure installation
process t ...)
+CVE-2023-38355 (MiniTool Movie Maker 7.0 contains an insecure installation
process tha ...)
NOT-FOR-US: MiniTool Movie Maker
CVE-2023-38354 (MiniTool Shadow Maker version 4.1 contains an insecure
installation pr ...)
NOT-FOR-US: MiniTool Movie Maker
@@ -19857,7 +19988,7 @@ CVE-2023-2224 (The SEO by 10Web WordPress plugin before
1.2.7 does not sanitise
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not
sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2222 [objdump SEGV in concat_filename() at dwarf2.c:2060]
- RESERVED
+ REJECTED
- binutils 2.39.50.20221224-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29936
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09
@@ -31112,8 +31243,8 @@ CVE-2023-27437
RESERVED
CVE-2023-27436
RESERVED
-CVE-2023-27435
- RESERVED
+CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed
Siddiqui ...)
+ TODO: check
CVE-2023-27434
RESERVED
CVE-2023-27433
@@ -34997,8 +35128,8 @@ CVE-2023-25991 (Cross-Site Request Forgery (CSRF)
vulnerability in RegistrationM
NOT-FOR-US: WordPress plugin
CVE-2023-25990
RESERVED
-CVE-2023-25989
- RESERVED
+CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video
Importer ...)
+ TODO: check
CVE-2023-25988
RESERVED
CVE-2023-25987
@@ -35639,8 +35770,8 @@ CVE-2023-0830 (A vulnerability classified as critical
has been found in EasyNAS
NOT-FOR-US: EasyNAS
CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a
Cross-Site Scri ...)
NOT-FOR-US: Plesk
-CVE-2023-0828
- RESERVED
+CVE-2023-0828 (Cross-site Scripting (XSS) vulnerability in Syslog Section of
Pandora ...)
+ TODO: check
CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-0826
@@ -36999,8 +37130,8 @@ CVE-2023-25465 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Stre ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25463
- RESERVED
+CVE-2023-25463 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi
Ramasamy WP te ...)
+ TODO: check
CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WP h ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nami ...)
@@ -39731,8 +39862,8 @@ CVE-2023-24520 (Two OS command injection vulnerability
exist in the vtysh_ubus t
NOT-FOR-US: Milesight UR32L
CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus
toolsh_ ...)
NOT-FOR-US: Milesight UR32L
-CVE-2023-24518
- RESERVED
+CVE-2023-24518 (A Cross-site Request Forgery (CSRF) vulnerability in Pandora
FMS allow ...)
+ TODO: check
CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability
in the P ...)
NOT-FOR-US: Pandora FMS File Manager component
CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS
Special Da ...)
@@ -39745,8 +39876,8 @@ CVE-2023-23546 (A misconfiguration vulnerability exists
in the urvpn_client func
NOT-FOR-US: Milesight UR32L
CVE-2023-0507 (Grafana is an open-source platform for monitoring and
observability. ...)
- grafana <removed>
-CVE-2023-0506
- RESERVED
+CVE-2023-0506 (The web service of ByDemes Group Airspace CCTV Web Service in
its 2.61 ...)
+ TODO: check
CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have
CSRF che ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF
check ...)
@@ -47935,12 +48066,12 @@ CVE-2022-47895 (In JetBrains IntelliJ IDEA before
2022.3.1 the "Validate JSP Fil
- intellij-idea <itp> (bug #747616)
CVE-2022-47894
RESERVED
-CVE-2022-47893
- RESERVED
-CVE-2022-47892
- RESERVED
-CVE-2022-47891
- RESERVED
+CVE-2022-47893 (There is a remote code execution vulnerability that affects
all versio ...)
+ TODO: check
+CVE-2022-47892 (All versions of NetMan 204 could allow an unauthenticated
remote attac ...)
+ TODO: check
+CVE-2022-47891 (All versions of NetMan 204 allow an attacker that knows the
MAC and se ...)
+ TODO: check
CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version
2.0.0 up ...)
NOT-FOR-US: Sewio
CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in
initial de ...)
@@ -52310,8 +52441,8 @@ CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Le
NOT-FOR-US: WordPress plugin
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk
plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46841
- RESERVED
+CVE-2022-46841 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy
Oxygen Build ...)
+ TODO: check
CVE-2022-46840
RESERVED
CVE-2022-46839
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c634e948c0fd1bf2d10bbf723fbe4c8fdf1aaac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c634e948c0fd1bf2d10bbf723fbe4c8fdf1aaac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
