[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 18 Oct 2023 01:12:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f94d33e3 by security tracker role at 2023-10-18T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-5626 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs 
prior t ...)
+       TODO: check
+CVE-2023-5621 (The Thumbnail Slider With Lightbox plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2023-5552 (A password disclosure vulnerability in the Secure PDF eXchange 
(SPX) f ...)
+       TODO: check
+CVE-2023-5538 (The MpOperationLogs plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2023-4938 (The BEAR for WordPress is vulnerable to Missing Authorization 
in versi ...)
+       TODO: check
+CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator. 
 A `__p ...)
+       TODO: check
+CVE-2023-45810 (OpenFGA is a flexible authorization/permission engine built 
for develo ...)
+       TODO: check
+CVE-2023-45051 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Gopi ...)
+       TODO: check
+CVE-2023-45049 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-45008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WPJo ...)
+       TODO: check
+CVE-2023-42507 (Stack-based buffer overflow vulnerability exists in OnSinView2 
version ...)
+       TODO: check
+CVE-2023-42506 (Improper restriction of operations within the bounds of a 
memory buffe ...)
+       TODO: check
+CVE-2023-42319 (Geth (aka go-ethereum) through 1.13.4, when --http --graphql 
is used,  ...)
+       TODO: check
+CVE-2023-41715 (SonicOS post-authentication Improper Privilege Management 
vulnerabilit ...)
+       TODO: check
+CVE-2023-41713 (SonicOS Use of Hard-coded Password vulnerability in the 
'dynHandleBuyT ...)
+       TODO: check
+CVE-2023-41712 (SonicOS post-authentication Stack-Based Buffer Overflow 
Vulnerability  ...)
+       TODO: check
+CVE-2023-41711 (SonicOS post-authentication Stack-Based Buffer Overflow 
Vulnerability  ...)
+       TODO: check
+CVE-2023-41631 (eSST Monitoring v2.147.1 was discovered to contain a remote 
code execu ...)
+       TODO: check
+CVE-2023-41630 (eSST Monitoring v2.147.1 was discovered to contain a remote 
code execu ...)
+       TODO: check
+CVE-2023-41629 (A lack of input sanitizing in the file download feature of 
eSST Monito ...)
+       TODO: check
+CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is 
vulnerable to C ...)
+       TODO: check
+CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the 
NormalizationFilter does  ...)
+       TODO: check
+CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either 
strings o ...)
+       TODO: check
+CVE-2023-39331 (A previously disclosed vulnerability (CVE-2023-30584) was 
patched insu ...)
+       TODO: check
+CVE-2023-39280 (SonicOS p  ost-authentication Stack-Based Buffer Overflow 
vulnerabilit ...)
+       TODO: check
+CVE-2023-39279 (SonicOS post-authentication Stack-Based Buffer Overflow 
vulnerability  ...)
+       TODO: check
+CVE-2023-39278 (SonicOS post-authentication user assertion failure leads to 
Stack-Base ...)
+       TODO: check
+CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow 
vulnerability  ...)
+       TODO: check
+CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow 
vulnerability  ...)
+       TODO: check
+CVE-2023-38552 (When the Node.js policy feature checks the integrity of a 
resource aga ...)
+       TODO: check
+CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas 
discove ...)
+       TODO: check
+CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution 
of Unauth ...)
+       TODO: check
+CVE-2023-35083 (Allows an authenticated attacker with network access to read 
arbitrary ...)
+       TODO: check
 CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown 
element ...)
        TODO: check
 CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during 
initial ...)
@@ -1058,13 +1124,13 @@ CVE-2023-4421
        - nss 2:3.93-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2238677
        NOTE: 
https://hg.mozilla.org/projects/nss/rev/fc05574c739947d615ab0b2b2b564f01c922eccd
-CVE-2023-38546
+CVE-2023-38546 (This flaw allows an attacker to insert cookies at will into a 
running  ...)
        {DSA-5523-1 DLA-3613-1}
        - curl 8.3.0-3
        NOTE: https://curl.se/docs/CVE-2023-38546.html
        NOTE: Fixed in 
https://github.com/curl/curl/commit/61275672b46d9abb32857404 (curl-8_4_0)
        NOTE: Introduced in 
https://github.com/curl/curl/commit/74d5a6fb3b9a96d9f
-CVE-2023-38545
+CVE-2023-38545 (This flaw makes curl overflow a heap based buffer in the 
SOCKS5 proxy  ...)
        {DSA-5523-1}
        - curl 8.3.0-3
        [buster] - curl <not-affected> (Vulnerable code not present)
@@ -31569,7 +31635,7 @@ CVE-2023-28131 (A vulnerability in the expo.io 
framework allows an attacker to t
        NOT-FOR-US: expo.io
 CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal 
hostname ...)
        NOT-FOR-US: Gaia Portal
-CVE-2023-28129 (Desktop & Server Management (DSM) may have a possible 
execution of arb ...)
+CVE-2023-28129 (DSM 2022.2 SU2 and all prior versions allows a local low 
privileged ac ...)
        NOT-FOR-US: Ivanti
 CVE-2023-28128 (An unrestricted upload of file with dangerous type 
vulnerability exist ...)
        NOT-FOR-US: Avalanche
@@ -39596,8 +39662,8 @@ CVE-2023-25478 (Cross-Site Request Forgery (CSRF) 
vulnerability in Jason Rouet W
        NOT-FOR-US: WordPress plugin
 CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Yotu ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-25476
-       RESERVED
+CVE-2023-25476 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Ezoic Am ...)
+       TODO: check
 CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir 
Prelovac S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi 
About M ...)
@@ -51896,140 +51962,140 @@ CVE-2023-22132
        RESERVED
 CVE-2023-22131
        RESERVED
-CVE-2023-22130
-       RESERVED
-CVE-2023-22129
-       RESERVED
-CVE-2023-22128
-       RESERVED
-CVE-2023-22127
-       RESERVED
-CVE-2023-22126
-       RESERVED
-CVE-2023-22125
-       RESERVED
-CVE-2023-22124
-       RESERVED
-CVE-2023-22123
-       RESERVED
-CVE-2023-22122
-       RESERVED
-CVE-2023-22121
-       RESERVED
+CVE-2023-22130 (Vulnerability in the Sun ZFS Storage Appliance product of 
Oracle Syste ...)
+       TODO: check
+CVE-2023-22129 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
+       TODO: check
+CVE-2023-22128 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
+       TODO: check
+CVE-2023-22127 (Vulnerability in the Oracle Outside In Technology product of 
Oracle Fu ...)
+       TODO: check
+CVE-2023-22126 (Vulnerability in the Oracle WebCenter Content product of 
Oracle Fusion ...)
+       TODO: check
+CVE-2023-22125 (Vulnerability in the Oracle Banking Trade Finance product of 
Oracle Fi ...)
+       TODO: check
+CVE-2023-22124 (Vulnerability in the Oracle Banking Trade Finance product of 
Oracle Fi ...)
+       TODO: check
+CVE-2023-22123 (Vulnerability in the Oracle Banking Trade Finance product of 
Oracle Fi ...)
+       TODO: check
+CVE-2023-22122 (Vulnerability in the Oracle Banking Trade Finance product of 
Oracle Fi ...)
+       TODO: check
+CVE-2023-22121 (Vulnerability in the Oracle Banking Trade Finance product of 
Oracle Fi ...)
+       TODO: check
 CVE-2023-22120
        RESERVED
-CVE-2023-22119
-       RESERVED
-CVE-2023-22118
-       RESERVED
-CVE-2023-22117
-       RESERVED
+CVE-2023-22119 (Vulnerability in the Oracle FLEXCUBE Universal Banking product 
of Orac ...)
+       TODO: check
+CVE-2023-22118 (Vulnerability in the Oracle FLEXCUBE Universal Banking product 
of Orac ...)
+       TODO: check
+CVE-2023-22117 (Vulnerability in the Oracle FLEXCUBE Universal Banking product 
of Orac ...)
+       TODO: check
 CVE-2023-22116
        RESERVED
-CVE-2023-22115
-       RESERVED
-CVE-2023-22114
-       RESERVED
-CVE-2023-22113
-       RESERVED
-CVE-2023-22112
-       RESERVED
-CVE-2023-22111
-       RESERVED
-CVE-2023-22110
-       RESERVED
-CVE-2023-22109
-       RESERVED
-CVE-2023-22108
-       RESERVED
-CVE-2023-22107
-       RESERVED
-CVE-2023-22106
-       RESERVED
-CVE-2023-22105
-       RESERVED
-CVE-2023-22104
-       RESERVED
-CVE-2023-22103
-       RESERVED
-CVE-2023-22102
-       RESERVED
-CVE-2023-22101
-       RESERVED
-CVE-2023-22100
-       RESERVED
-CVE-2023-22099
-       RESERVED
-CVE-2023-22098
-       RESERVED
-CVE-2023-22097
-       RESERVED
-CVE-2023-22096
-       RESERVED
-CVE-2023-22095
-       RESERVED
-CVE-2023-22094
-       RESERVED
-CVE-2023-22093
-       RESERVED
-CVE-2023-22092
-       RESERVED
-CVE-2023-22091
-       RESERVED
-CVE-2023-22090
-       RESERVED
-CVE-2023-22089
-       RESERVED
-CVE-2023-22088
-       RESERVED
-CVE-2023-22087
-       RESERVED
-CVE-2023-22086
-       RESERVED
-CVE-2023-22085
-       RESERVED
-CVE-2023-22084
-       RESERVED
-CVE-2023-22083
-       RESERVED
-CVE-2023-22082
-       RESERVED
-CVE-2023-22081
-       RESERVED
-CVE-2023-22080
-       RESERVED
-CVE-2023-22079
-       RESERVED
-CVE-2023-22078
-       RESERVED
-CVE-2023-22077
-       RESERVED
-CVE-2023-22076
-       RESERVED
-CVE-2023-22075
-       RESERVED
-CVE-2023-22074
-       RESERVED
-CVE-2023-22073
-       RESERVED
-CVE-2023-22072
-       RESERVED
-CVE-2023-22071
-       RESERVED
-CVE-2023-22070
-       RESERVED
-CVE-2023-22069
-       RESERVED
-CVE-2023-22068
-       RESERVED
-CVE-2023-22067
-       RESERVED
-CVE-2023-22066
-       RESERVED
-CVE-2023-22065
-       RESERVED
-CVE-2023-22064
-       RESERVED
+CVE-2023-22115 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22114 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22113 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22112 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22111 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22110 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22109 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
+       TODO: check
+CVE-2023-22108 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
+       TODO: check
+CVE-2023-22107 (Vulnerability in the Oracle Enterprise Command Center 
Framework produc ...)
+       TODO: check
+CVE-2023-22106 (Vulnerability in the Oracle Enterprise Command Center 
Framework produc ...)
+       TODO: check
+CVE-2023-22105 (Vulnerability in the BI Publisher product of Oracle Analytics 
(compone ...)
+       TODO: check
+CVE-2023-22104 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22102 (Vulnerability in the MySQL Connectors product of Oracle MySQL 
(compone ...)
+       TODO: check
+CVE-2023-22101 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
+       TODO: check
+CVE-2023-22100 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
+       TODO: check
+CVE-2023-22099 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
+       TODO: check
+CVE-2023-22098 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
+       TODO: check
+CVE-2023-22097 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22096 (Vulnerability in the Java VM component of Oracle Database 
Server.  Sup ...)
+       TODO: check
+CVE-2023-22095 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22094 (Vulnerability in the MySQL Installer product of Oracle MySQL 
(componen ...)
+       TODO: check
+CVE-2023-22093 (Vulnerability in the Oracle iRecruitment product of Oracle 
E-Business  ...)
+       TODO: check
+CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK product of Oracle 
Java SE  ...)
+       TODO: check
+CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common 
Application Objec ...)
+       TODO: check
+CVE-2023-22089 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
+       TODO: check
+CVE-2023-22088 (Vulnerability in the Oracle Communications Order and Service 
Managemen ...)
+       TODO: check
+CVE-2023-22087 (Vulnerability in the Hospitality OPERA 5 Property Services 
product of  ...)
+       TODO: check
+CVE-2023-22086 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
+       TODO: check
+CVE-2023-22085 (Vulnerability in the Hospitality OPERA 5 Property Services 
product of  ...)
+       TODO: check
+CVE-2023-22084 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border 
Controller produ ...)
+       TODO: check
+CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
+       TODO: check
+CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK 
product of ...)
+       TODO: check
+CVE-2023-22080 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
+       TODO: check
+CVE-2023-22079 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22078 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22077 (Vulnerability in the Oracle Database Recovery Manager 
component of Ora ...)
+       TODO: check
+CVE-2023-22076 (Vulnerability in the Oracle Applications Framework product of 
Oracle E ...)
+       TODO: check
+CVE-2023-22075 (Vulnerability in the Oracle Database Sharding component of 
Oracle Data ...)
+       TODO: check
+CVE-2023-22074 (Vulnerability in the Oracle Database Sharding component of 
Oracle Data ...)
+       TODO: check
+CVE-2023-22073 (Vulnerability in the Oracle Notification Server component of 
Oracle Da ...)
+       TODO: check
+CVE-2023-22072 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
+       TODO: check
+CVE-2023-22071 (Vulnerability in the PL/SQL component of Oracle Database 
Server.  Supp ...)
+       TODO: check
+CVE-2023-22070 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22069 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
+       TODO: check
+CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22067 (Vulnerability in Oracle Java SE (component: CORBA).  Supported 
version ...)
+       TODO: check
+CVE-2023-22066 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22065 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22064 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
 CVE-2023-22063
        RESERVED
 CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting 
product of Or ...)
@@ -52038,8 +52104,8 @@ CVE-2023-22061 (Vulnerability in the Oracle Business 
Intelligence Enterprise Edi
        NOT-FOR-US: Oracle
 CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of 
Oracle Hyper ...)
        NOT-FOR-US: Oracle
-CVE-2023-22059
-       RESERVED
+CVE-2023-22059 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
 CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.34-1 (bug #1041819)
 CVE-2023-22057 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -52104,22 +52170,22 @@ CVE-2023-22034 (Vulnerability in the Unified Audit 
component of Oracle Database
        NOT-FOR-US: Oracle
 CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.34-1 (bug #1041819)
-CVE-2023-22032
-       RESERVED
+CVE-2023-22032 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
 CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
        NOT-FOR-US: Oracle
 CVE-2023-22030
        RESERVED
-CVE-2023-22029
-       RESERVED
-CVE-2023-22028
-       RESERVED
+CVE-2023-22029 (Vulnerability in the Oracle Commerce Guided Search product of 
Oracle C ...)
+       TODO: check
+CVE-2023-22028 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
 CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
        NOT-FOR-US: Oracle
-CVE-2023-22026
-       RESERVED
-CVE-2023-22025
-       RESERVED
+CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
+CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       TODO: check
 CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in 
UEK has  ...)
        NOT-FOR-US: Oracle
 CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
@@ -52130,16 +52196,16 @@ CVE-2023-22021 (Vulnerability in the Oracle Business 
Intelligence Enterprise Edi
        NOT-FOR-US: Oracle
 CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
        NOT-FOR-US: Oracle
-CVE-2023-22019
-       RESERVED
+CVE-2023-22019 (Vulnerability in the Oracle HTTP Server product of Oracle 
Fusion Middl ...)
+       TODO: check
 CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
        - virtualbox 7.0.10-dfsg-1
 CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
        - virtualbox 7.0.10-dfsg-1
 CVE-2023-22016 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
        - virtualbox 7.0.10-dfsg-1
-CVE-2023-22015
-       RESERVED
+CVE-2023-22015 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
+       TODO: check
 CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94d33e31b29f7cb2ce5bed517215e384933f3ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94d33e31b29f7cb2ce5bed517215e384933f3ad
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to