Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0a242378 by security tracker role at 2023-10-19T20:11:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2023-5654 (The React Developer Tools extension registers a message
listener with ...)
+ TODO: check
+CVE-2023-5059 (Santesoft Sante FFT Imaging lacks proper validation of
user-supplied d ...)
+ TODO: check
+CVE-2023-46227 (Deserialization of Untrusted Data Vulnerability in Apache
Software Fou ...)
+ TODO: check
+CVE-2023-46042 (An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to
execute ...)
+ TODO: check
+CVE-2023-46033 (D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U
N150 ADSL ...)
+ TODO: check
+CVE-2023-45992 (Cross Site Scripting vulnerability in Ruckus Wireless
(CommScope) Ruck ...)
+ TODO: check
+CVE-2023-45883 (A privilege escalation vulnerability exists within the Qumu
Multicast ...)
+ TODO: check
+CVE-2023-45826 (Leantime is an open source project management system. A
'userId' varia ...)
+ TODO: check
+CVE-2023-45825 (ydb-go-sdk is a pure Go native and database/sql driver for the
YDB pla ...)
+ TODO: check
+CVE-2023-45820 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
+ TODO: check
+CVE-2023-45809 (Wagtail is an open source content management system built on
Django. A ...)
+ TODO: check
+CVE-2023-45665
+ REJECTED
+CVE-2023-45384 (KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to
Unrestrict ...)
+ TODO: check
+CVE-2023-45381 (In the module "Creative Popup" (creativepopup) up to version
1.6.9 fro ...)
+ TODO: check
+CVE-2023-45379 (In the module "Rotator Img" (posrotatorimg) in versions at
least up to ...)
+ TODO: check
+CVE-2023-45376 (In the module "Carousels Pack - Instagram, Products, Brands,
Supplier" ...)
+ TODO: check
+CVE-2023-45281 (An issue in Yamcs 5.8.6 allows attackers to obtain the session
cookie ...)
+ TODO: check
+CVE-2023-45278 (Directory Traversal vulnerability in the storage functionality
of the ...)
+ TODO: check
+CVE-2023-45277 (Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of
2). The v ...)
+ TODO: check
+CVE-2023-43986 (DM Concept configurator before v4.9.4 was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2023-43492 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin
codesys.cgi conta ...)
+ TODO: check
+CVE-2023-43252 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a
crafted i ...)
+ TODO: check
+CVE-2023-43251 (XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted
via a c ...)
+ TODO: check
+CVE-2023-42666 (The affected product is vulnerable to an exposure of sensitive
informa ...)
+ TODO: check
+CVE-2023-42435 (The affected product is vulnerable to a cross-site request
forgery vul ...)
+ TODO: check
+CVE-2023-41089 (The affected product is vulnerable to an improper
authentication vulne ...)
+ TODO: check
+CVE-2023-41088 (The affected product is vulnerable to a cleartext transmission
of sens ...)
+ TODO: check
+CVE-2023-40153 (The affected product is vulnerable to a cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2023-40145 (In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker
can exe ...)
+ TODO: check
+CVE-2023-39431 (Sante DICOM Viewer Pro lacks proper validation of
user-supplied data w ...)
+ TODO: check
+CVE-2023-38584 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin
command_wb.cgi co ...)
+ TODO: check
+CVE-2023-38128 (An out-of-bounds write vulnerability exists in the
"HyperLinkFrame" st ...)
+ TODO: check
+CVE-2023-38127 (An integer overflow exists in the "HyperLinkFrame" stream
parser of Ic ...)
+ TODO: check
+CVE-2023-35986 (Sante DICOM Viewer Pro lacks proper validation of
user-supplied data w ...)
+ TODO: check
+CVE-2023-35187 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
+ TODO: check
+CVE-2023-35186 (The SolarWinds Access Rights Manager was susceptible to Remote
Code Ex ...)
+ TODO: check
+CVE-2023-35185 (The SolarWinds Access Rights Manager was susceptible to a
Directory Tr ...)
+ TODO: check
+CVE-2023-35184 (The SolarWinds Access Rights Manager was susceptible to Remote
Code Ex ...)
+ TODO: check
+CVE-2023-35183 (The SolarWinds Access Rights Manager was susceptible to
Privilege Esca ...)
+ TODO: check
+CVE-2023-35182 (The SolarWinds Access Rights Manager was susceptible to Remote
Code Ex ...)
+ TODO: check
+CVE-2023-35181 (The SolarWinds Access Rights Manager was susceptible to
Privilege Esca ...)
+ TODO: check
+CVE-2023-35180 (The SolarWinds Access Rights Manager was susceptible to Remote
Code Ex ...)
+ TODO: check
+CVE-2023-35126 (An out-of-bounds write vulnerability exists within the parsers
for bot ...)
+ TODO: check
+CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream
parsing fun ...)
+ TODO: check
CVE-2023-45024
- request-tracker5 <unfixed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
@@ -22410,8 +22498,8 @@ CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before
4.1.9, and 4.2 before 4.
NOTE:
https://github.com/django/django/commit/fb4c55d9ec4bb812a7fb91fa20510d91645e411b
(main)
NOTE:
https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965
(3.2.19)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/03/1
-CVE-2023-31046
- RESERVED
+CVE-2023-31046 (A Path Traversal vulnerability exists in PaperCut NG before
22.1.1 and ...)
+ TODO: check
CVE-2023-31045 (A stored Cross-site scripting (XSS) issue in Text Editors and
Formats ...)
- backdrop <itp> (bug #914257)
CVE-2023-31044
@@ -23705,8 +23793,8 @@ CVE-2023-30635 (TiKV 6.1.2 allows remote attackers to
cause a denial of service
NOT-FOR-US: TiKV
CVE-2023-30634
RESERVED
-CVE-2023-30633
- RESERVED
+CVE-2023-30633 (An issue was discovered in TrEEConfigDriver in Insyde
InsydeH2O with k ...)
+ TODO: check
CVE-2023-30632
RESERVED
CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software
Foundation ...)
@@ -33002,8 +33090,8 @@ CVE-2023-27793
RESERVED
CVE-2023-27792
RESERVED
-CVE-2023-27791
- RESERVED
+CVE-2023-27791 (An issue found in IXP Data Easy Install 6.6.148840 allows a
remote att ...)
+ TODO: check
CVE-2023-27790
RESERVED
CVE-2023-27789 (An issue found in TCPprep v.4.4.3 allows a remote attacker to
cause a ...)
@@ -38579,8 +38667,8 @@ CVE-2023-0817 (Buffer Over-read in GitHub repository
gpac/gpac prior to v2.3.0-D
NOTE:
https://github.com/gpac/gpac/commit/99dfc2bc443bfb6b80c610c25f98747d358c209d
(v2.2.1)
CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache
Software Fou ...)
- airflow <itp> (bug #819700)
-CVE-2023-25753
- RESERVED
+CVE-2023-25753 (There exists an SSRF (Server-Side Request Forgery)
vulnerability locat ...)
+ TODO: check
CVE-2023-25752 (When accessing throttled streams, the count of available bytes
needed ...)
{DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1}
- firefox 111.0-1
@@ -51635,8 +51723,8 @@ CVE-2022-47585
RESERVED
CVE-2022-47584
RESERVED
-CVE-2022-47583
- RESERVED
+CVE-2022-47583 (Terminal character injection in Mintty before 3.6.3 allows
code execut ...)
+ TODO: check
CVE-2022-47582
RESERVED
CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash
upon an LDA ...)
@@ -71871,8 +71959,8 @@ CVE-2022-42152
RESERVED
CVE-2022-42151
RESERVED
-CVE-2022-42150
- RESERVED
+CVE-2022-42150 (TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are
vulnera ...)
+ TODO: check
CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery
(SSRF) via ...)
NOT-FOR-US: kkFileView
CVE-2022-42148
@@ -83599,8 +83687,8 @@ CVE-2022-37832 (Mutiny 7.2.0-10788 suffers from
Hardcoded root password.)
NOT-FOR-US: Mutiny
CVE-2022-37831
RESERVED
-CVE-2022-37830
- RESERVED
+CVE-2022-37830 (Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site
Scripting ...)
+ TODO: check
CVE-2022-37829
RESERVED
CVE-2022-37828
@@ -112136,8 +112224,8 @@ CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the
/tmp/swhkd.pid pathname. There can
NOT-FOR-US: SWHKD
CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c
option.)
NOT-FOR-US: SWHKD
-CVE-2022-27813
- RESERVED
+CVE-2022-27813 (Motorola MTM5000 series firmwares lack properly configured
memory prot ...)
+ TODO: check
CVE-2022-27812 (Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to
3.11.17, 4.2 ...)
NOT-FOR-US: Flooding SNS firewall
CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via
shell met ...)
@@ -114682,12 +114770,12 @@ CVE-2022-26945 (go-getter up to 1.5.11 and 2.0.2
allowed protocol switching, end
CVE-2022-26944 (Percona XtraBackup 2.4.20 unintentionally writes the command
line to a ...)
- percona-xtrabackup <removed>
NOTE: https://jira.percona.com/browse/PXB-2722
-CVE-2022-26943
- RESERVED
-CVE-2022-26942
- RESERVED
-CVE-2022-26941
- RESERVED
+CVE-2022-26943 (The Motorola MTM5000 series firmwares generate TETRA
authentication ch ...)
+ TODO: check
+CVE-2022-26942 (The Motorola MTM5000 series firmwares lack pointer validation
on argum ...)
+ TODO: check
+CVE-2022-26941 (A format string vulnerability exists in Motorola MTM5000
series firmwa ...)
+ TODO: check
CVE-2022-26940 (Remote Desktop Protocol Client Information Disclosure
Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-26939 (Storage Spaces Direct Elevation of Privilege Vulnerability.
This CVE I ...)
@@ -119099,12 +119187,12 @@ CVE-2022-25336 (Ibexa DXP
ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3
NOT-FOR-US: Ibexa
CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner
modifier for s ...)
NOT-FOR-US: RigoBlock Dragos
-CVE-2022-25334
- RESERVED
-CVE-2022-25333
- RESERVED
-CVE-2022-25332
- RESERVED
+CVE-2022-25334 (The Texas Instruments OMAP L138 (secure variants) trusted
execution en ...)
+ TODO: check
+CVE-2022-25333 (The Texas Instruments OMAP L138 (secure variants) trusted
execution en ...)
+ TODO: check
+CVE-2022-25332 (The AES implementation in the Texas Instruments OMAP L138
(secure vari ...)
+ TODO: check
CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro
ServerProtect ...)
NOT-FOR-US: Trend Micro
CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro
ServerProtect 6. ...)
@@ -122193,16 +122281,16 @@ CVE-2022-24406 (OX App Suite through 7.10.6 allows
SSRF because multipart/form-d
NOT-FOR-US: OX App Suite
CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a
serializ ...)
NOT-FOR-US: OX App Suite
-CVE-2022-24404
- RESERVED
+CVE-2022-24404 (Lack of cryptographic integrity check on TETRA air-interface
encrypted ...)
+ TODO: check
CVE-2022-24403
RESERVED
-CVE-2022-24402
- RESERVED
-CVE-2022-24401
- RESERVED
-CVE-2022-24400
- RESERVED
+CVE-2022-24402 (The TETRA TEA1 keystream generator implements a key register
initializ ...)
+ TODO: check
+CVE-2022-24401 (Adversary-induced keystream re-use on TETRA air-interface
encrypted tr ...)
+ TODO: check
+CVE-2022-24400 (A flaw in the TETRA authentication procecure allows a MITM
adversary t ...)
+ TODO: check
CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs
may allow ...)
NOT-FOR-US: Intel
CVE-2022-24379
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a2423780592c6caff83dbc6d06d08a7ee537005
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a2423780592c6caff83dbc6d06d08a7ee537005
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
