Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6df9dc59 by security tracker role at 2023-10-06T20:12:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2023-5452 (Cross-site Scripting (XSS) - Stored in GitHub repository
snipe/snipe-i ...)
+ TODO: check
+CVE-2023-5214 (In Puppet Bolt versions prior to 3.27.4, a path to escalate
privileges ...)
+ TODO: check
+CVE-2023-4530 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-4469 (The Profile Extra Fields by BestWebSoft plugin for WordPress is
vulner ...)
+ TODO: check
+CVE-2023-45311 (fsevents before 1.2.11 depends on the
https://fsevents-binaries.s3-us- ...)
+ TODO: check
+CVE-2023-45303 (ThingsBoard before 3.5 allows Server-Side Template Injection
if users ...)
+ TODO: check
+CVE-2023-45282 (In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype
polluti ...)
+ TODO: check
+CVE-2023-45246 (Sensitive information disclosure and manipulation due to
improper auth ...)
+ TODO: check
+CVE-2023-45245 (Sensitive information disclosure due to missing authorization.
The fol ...)
+ TODO: check
+CVE-2023-45244 (Sensitive information disclosure and manipulation due to
missing autho ...)
+ TODO: check
+CVE-2023-45239 (A lack of input validation exists in tac_plus prior to commit
4fdf178 ...)
+ TODO: check
+CVE-2023-44807 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in
the canc ...)
+ TODO: check
+CVE-2023-44771 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS
v.9.4.59197 ...)
+ TODO: check
+CVE-2023-44770 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS
v.9.4.59197 ...)
+ TODO: check
+CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
+ TODO: check
+CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
+ TODO: check
+CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
+ TODO: check
+CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
+ TODO: check
+CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in
Concrete CMS v. ...)
+ TODO: check
+CVE-2023-44758 (GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS)
vulnerabil ...)
+ TODO: check
+CVE-2023-44384 (Discourse-jira is a Discourse plugin allows Jira projects,
issue types ...)
+ TODO: check
+CVE-2023-44243 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan
Blokhuis Inst ...)
+ TODO: check
+CVE-2023-44233 (Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins
Best Wor ...)
+ TODO: check
+CVE-2023-44146 (Cross-Site Request Forgery (CSRF) vulnerability in Checkfront
Inc. Che ...)
+ TODO: check
+CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a
vendor-neutral open- ...)
+ TODO: check
+CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to
privilege escal ...)
+ TODO: check
+CVE-2023-42445 (Gradle is a build tool with a focus on build automation and
support fo ...)
+ TODO: check
+CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta -
Roel Bous ...)
+ TODO: check
+CVE-2023-41801 (Cross-Site Request Forgery (CSRF) vulnerability in AWP
Classifieds Tea ...)
+ TODO: check
+CVE-2023-41732 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople
CP Block ...)
+ TODO: check
+CVE-2023-41659 (Cross-Site Request Forgery (CSRF) vulnerability in Jules
Colle, BDWM R ...)
+ TODO: check
+CVE-2023-41654 (Cross-Site Request Forgery (CSRF) vulnerability in Andreas
Heigl authL ...)
+ TODO: check
+CVE-2023-41650 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal
Remove/hi ...)
+ TODO: check
+CVE-2023-40671 (Cross-Site Request Forgery (CSRF) vulnerability in
\u5927\u4fa0wp DX-a ...)
+ TODO: check
+CVE-2023-40607 (Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO
CLUEVO LMS, ...)
+ TODO: check
+CVE-2023-40008 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh
Matta Simpl ...)
+ TODO: check
+CVE-2023-3725 (Potential buffer overflow vulnerability in the Zephyr CAN bus
subsyste ...)
+ TODO: check
+CVE-2023-38703 (PJSIP is a free and open source multimedia communication
library writt ...)
+ TODO: check
+CVE-2023-36465 (Decidim is a participatory democracy framework, written in
Ruby on Rai ...)
+ TODO: check
+CVE-2023-35897 (IBM Spectrum Protect Client and IBM Storage Protect for
Virtual Enviro ...)
+ TODO: check
+CVE-2023-32972 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-32971 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
CVE-2023-5408
NOT-FOR-US: OpenShift
CVE-2023-4061
@@ -360,7 +444,7 @@ CVE-2023-33269 (An issue was discovered in DTS Monitoring
3.57.0. The parameter
NOT-FOR-US: DTS Monitoring
CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The
parameter port w ...)
NOT-FOR-US: DTS Monitoring
-CVE-2023-5366 [openvswitch don't match packets on nd_target field]
+CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
Advertise ...)
- openvswitch 3.1.2-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
NOTE:
https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459
(v3.1.2)
@@ -506,12 +590,12 @@ CVE-2023-2681 (An SQL Injection vulnerability has been
found on Jorani version 1
CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the
componen ...)
NOT-FOR-US: UPV PEIX
CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and
may leak sensitive information into the GRUB pager]
- {DLA-3605-1}
+ {DSA-5519-1 DLA-3605-1}
- grub2 2.12~rc1-11
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
NOTE:
https://lore.kernel.org/all/zrxk8s4nqv2jbq%[email protected]/
CVE-2023-4692 [Crafted file system images can cause heap-based buffer overflow
and may allow arbitrary code execution and secure boot bypass]
- {DLA-3605-1}
+ {DSA-5519-1 DLA-3605-1}
- grub2 2.12~rc1-11
NOTE:
https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
NOTE:
https://lore.kernel.org/all/zrxk8s4nqv2jbq%[email protected]/
@@ -3200,7 +3284,7 @@ CVE-2023-3588 (A stored Cross-site Scripting (XSS)
vulnerability affecting Teamw
NOT-FOR-US: 3ds
CVE-2023-3280 (A problem with a protection mechanism in the Palo Alto Networks
Cortex ...)
NOT-FOR-US: Palo Alto Networks
-CVE-2023-39928 [A malicious web page can cause memory corruption and
potentially arbitrary code execution]
+CVE-2023-39928 (A use-after-free vulnerability exists in the MediaRecorder API
of Webk ...)
- webkit2gtk 2.42.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
@@ -25433,8 +25517,8 @@ CVE-2023-29237
RESERVED
CVE-2023-29236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Cththeme ...)
NOT-FOR-US: WordPress theme
-CVE-2023-29235
- RESERVED
+CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu
Maintenance Sw ...)
+ TODO: check
CVE-2023-29234
RESERVED
CVE-2023-23581
@@ -27037,8 +27121,8 @@ CVE-2023-28793
RESERVED
CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28791
- RESERVED
+CVE-2023-28791 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh
Matta Simpl ...)
+ TODO: check
CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS)
vulnerability in Bre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Cimatti ...)
@@ -31095,8 +31179,8 @@ CVE-2023-27617 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
David F. Ca ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27615
- RESERVED
+CVE-2023-27615 (Cross-Site Request Forgery (CSRF) vulnerability in Dipak C.
Gajjar WP ...)
+ TODO: check
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian
Haycox ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
MonitorC ...)
@@ -31660,8 +31744,8 @@ CVE-2023-27450 (Unauth. Stored Cross-Site Scripting
(XSS) vulnerability in Tepli
NOT-FOR-US: WordPress plugin
CVE-2023-27449
RESERVED
-CVE-2023-27448
- RESERVED
+CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories
Team Ma ...)
+ TODO: check
CVE-2023-27447
RESERVED
CVE-2023-27446
@@ -37539,8 +37623,8 @@ CVE-2023-25482 (Cross-Site Request Forgery (CSRF)
vulnerability in Mike Martel W
NOT-FOR-US: WordPress plugin
CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove
Podlove Sub ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25480
- RESERVED
+CVE-2023-25480 (Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid
Post and P ...)
+ TODO: check
CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Podl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet
Weather ...)
@@ -38630,8 +38714,8 @@ CVE-2023-25035
RESERVED
CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP
Clean U ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25033
- RESERVED
+CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social
Share B ...)
+ TODO: check
CVE-2023-25032
RESERVED
CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
@@ -43740,20 +43824,20 @@ CVE-2023-23373
RESERVED
CVE-2023-23372
RESERVED
-CVE-2023-23371
- RESERVED
-CVE-2023-23370
- RESERVED
+CVE-2023-23371 (A cleartext transmission of sensitive information
vulnerability has be ...)
+ TODO: check
+CVE-2023-23370 (An insufficiently protected credentials vulnerability has been
reporte ...)
+ TODO: check
CVE-2023-23369
RESERVED
CVE-2023-23368
RESERVED
CVE-2023-23367
RESERVED
-CVE-2023-23366
- RESERVED
-CVE-2023-23365
- RESERVED
+CVE-2023-23366 (A path traversal vulnerability has been reported to affect
Music Stati ...)
+ TODO: check
+CVE-2023-23365 (A path traversal vulnerability has been reported to affect
Music Stati ...)
+ TODO: check
CVE-2023-23364 (A buffer copy without checking size of input vulnerability has
been re ...)
NOT-FOR-US: QNAP
CVE-2023-23363 (A buffer copy without checking size of input vulnerability has
been re ...)
@@ -51962,8 +52046,8 @@ CVE-2022-47177 (Cross-Site Request Forgery (CSRF)
vulnerability in WP Easy Pay W
NOT-FOR-US: WordPress plugin
CVE-2022-47176
RESERVED
-CVE-2022-47175
- RESERVED
+CVE-2022-47175 (Cross-Site Request Forgery (CSRF) vulnerability in P Royal
Royal Eleme ...)
+ TODO: check
CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress
Performan ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in nasi ...)
@@ -59710,8 +59794,8 @@ CVE-2023-21293
RESERVED
CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2023-21291
- RESERVED
+CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to
reveal i ...)
+ TODO: check
CVE-2023-21290 (In update of MmsProvider.java, there is a possible way to
bypass file ...)
NOT-FOR-US: Android
CVE-2023-21289 (In multiple locations, there is a possible bypass of a multi
user secu ...)
@@ -59760,8 +59844,8 @@ CVE-2023-21268 (In update of MmsProvider.java, there is
a possible way to change
NOT-FOR-US: Android
CVE-2023-21267 (In doKeyguardLocked of KeyguardViewMediator.java, there is a
possible ...)
NOT-FOR-US: Android
-CVE-2023-21266
- RESERVED
+CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java,
there is a ...)
+ TODO: check
CVE-2023-21265 (In multiple locations, there are root CA certificates which
need to be ...)
NOT-FOR-US: Android
CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible
way to acc ...)
@@ -59793,10 +59877,10 @@ CVE-2023-21255 (In multiple functions of binder.c,
there is a possible memory co
NOTE:
https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4)
CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there
is a po ...)
NOT-FOR-US: Android
-CVE-2023-21253
- RESERVED
-CVE-2023-21252
- RESERVED
+CVE-2023-21253 (In multiple locations, there is a possible way to crash
multiple syste ...)
+ TODO: check
+CVE-2023-21252 (In validatePassword of WifiConfigurationUtil.java, there is a
possible ...)
+ TODO: check
CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to
connect ...)
NOT-FOR-US: Android
CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible
out of bou ...)
@@ -59811,8 +59895,8 @@ CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java,
there is a possible way fo
NOT-FOR-US: Android
CVE-2023-21245 (In showNextSecurityScreenOrFinish of
KeyguardSecurityContainerControll ...)
NOT-FOR-US: Android
-CVE-2023-21244
- RESERVED
+CVE-2023-21244 (In visitUris of Notification.java, there is a possible bypass
of user ...)
+ TODO: check
CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java,
there is a ...)
NOT-FOR-US: Android
CVE-2023-21242 (In isServerCertChainValid of InsecureEapNetworkHandler.java,
there is ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6df9dc5931074b483a4429362c85179fb7a80022
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6df9dc5931074b483a4429362c85179fb7a80022
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
