Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
89cf2160 by security tracker role at 2023-10-23T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to
2.1.3.0 and ...)
+ TODO: check
+CVE-2023-5701 (A vulnerability has been found in vnotex vnote up to 3.17.0 and
classi ...)
+ TODO: check
+CVE-2023-5700 (A vulnerability, which was classified as critical, was found in
Netent ...)
+ TODO: check
+CVE-2023-5699 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-5698 (A vulnerability classified as problematic was found in
CodeAstro Inter ...)
+ TODO: check
+CVE-2023-5697 (A vulnerability classified as problematic has been found in
CodeAstro ...)
+ TODO: check
+CVE-2023-5696 (A vulnerability was found in CodeAstro Internet Banking System
1.0. It ...)
+ TODO: check
+CVE-2023-5695 (A vulnerability was found in CodeAstro Internet Banking System
1.0. It ...)
+ TODO: check
+CVE-2023-5694 (A vulnerability was found in CodeAstro Internet Banking System
1.0. It ...)
+ TODO: check
+CVE-2023-5693 (A vulnerability was found in CodeAstro Internet Banking System
1.0 and ...)
+ TODO: check
+CVE-2023-46324 (pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before
1.19 is u ...)
+ TODO: check
+CVE-2023-46322 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not
sanitize ...)
+ TODO: check
+CVE-2023-46321 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not
sanitize ...)
+ TODO: check
+CVE-2023-46319 (WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows
unauthen ...)
+ TODO: check
+CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections
upon receiv ...)
+ TODO: check
+CVE-2023-46315 (The zanllp sd-webui-infinite-image-browsing (aka Infinite
Image Browsi ...)
+ TODO: check
+CVE-2023-46095 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole
Smooth ...)
+ TODO: check
+CVE-2023-46089 (Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @
Userback U ...)
+ TODO: check
+CVE-2023-46085 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp
Ultimate R ...)
+ TODO: check
+CVE-2023-43624 (CX-Designer Ver.3.740 and earlier (included in CX-One
CXONE-AL[][]D-V4 ...)
+ TODO: check
CVE-2023-46306 (The web administration interface in NetModule Router Software
(NRSW) 4 ...)
NOT-FOR-US: NetModule Router Software
CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py
in calib ...)
@@ -439,12 +479,12 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum
Plugin for WordPress is
NOT-FOR-US: WordPress plugin
CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-45802
+CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there
was a ti ...)
- apache2 2.4.58-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
NOTE:
https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802
-CVE-2023-43622
+CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial
window size o ...)
- apache2 2.4.58-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622
@@ -619,6 +659,7 @@ CVE-2023-5632 (In Eclipse Mosquito before and including
2.0.5, establishing a co
NOTE: https://github.com/eclipse/mosquitto/pull/2053
NOTE:
https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d
(v2.0.6)
CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before
1.6.4 al ...)
+ {DSA-5531-1}
- roundcube 1.6.4+dfsg-1 (bug #1054079)
NOTE:
https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d
(1.6.4)
CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System
Config ...)
@@ -9173,7 +9214,7 @@ CVE-2023-40477
[bullseye] - unrar-nonfree 1:6.0.3-1+deb11u3
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
NOTE:
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa
-CVE-2023-38831 (RARLabs WinRAR before 6.23 allows attackers to execute
arbitrary code ...)
+CVE-2023-38831 (RARLAB WinRAR before 6.23 allows attackers to execute
arbitrary code w ...)
NOTE: RARLabs WinRAR
CVE-2023-38422 (Walchem Intuition 9 firmware versions prior to v4.21 are
missing authe ...)
NOT-FOR-US: Walchem Intuition 9 firmware
@@ -11524,6 +11565,7 @@ CVE-2023-36499 (Netgear XR300 v1.0.3.78 was discovered
to contain multiple buffe
CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8
allows a r ...)
NOT-FOR-US: Textpattern CMS
CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before
1.20.2 an ...)
+ {DLA-3626-1}
- krb5 1.20.1-3 (bug #1043431)
[bookworm] - krb5 1.20.1-2+deb12u1
[bullseye] - krb5 1.18.3-6+deb11u4
@@ -22762,8 +22804,7 @@ CVE-2023-2259 (Improper Neutralization of Special
Elements Used in a Template En
NOT-FOR-US: Alf.io
CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in
GitHub re ...)
NOT-FOR-US: Alf.io
-CVE-2023-31122
- RESERVED
+CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP
Server.Th ...)
- apache2 2.4.58-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89cf2160f2c2f3cdb0b430569e6d84a2b3212ebf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89cf2160f2c2f3cdb0b430569e6d84a2b3212ebf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
