[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 05 Nov 2023 12:12:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5d3b1d9b by security tracker role at 2023-11-05T20:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-47260 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via 
thumbnails ...)
+       TODO: check
+CVE-2023-47259 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the 
Textile ...)
+       TODO: check
+CVE-2023-47258 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a 
Markdown  ...)
+       TODO: check
+CVE-2023-47249 (In International Color Consortium DemoIccMAX 79ecb74, a 
CIccXmlArrayTy ...)
+       TODO: check
+CVE-2023-46981 (SQL injection vulnerability in Novel-Plus v.4.2.0 allows a 
remote atta ...)
+       TODO: check
+CVE-2023-46964 (Cross Site Scripting (XSS) vulnerability in Hillstone Next 
Generation  ...)
+       TODO: check
+CVE-2023-46963 (An issue in Beijing Yunfan Internet Technology Co., Ltd, 
Yunfan Learni ...)
+       TODO: check
+CVE-2023-46382 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 
6.2.2 and LI ...)
+       TODO: check
+CVE-2023-46381 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 
6.2.2 and LI ...)
+       TODO: check
+CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 
6.2.2 and LI ...)
+       TODO: check
+CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL 
injection vulner ...)
+       TODO: check
 CVE-2023-XXXX [cross-site scripting (XSS) vulnerability in setting 
Content-Type/Content-Disposition for attachment preview/download]
        - roundcube 1.6.5+dfsg-1 (bug #1055421)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a
 (1.6.5)
@@ -3196,6 +3218,7 @@ CVE-2023-42459 (Fast DDS is a C++ implementation of the 
DDS (Data Distribution S
        NOTE: https://github.com/eProsima/Fast-DDS/pull/3824
        NOTE: 
https://github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb
 CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
+       {DSA-5549-1}
        - trafficserver 9.2.3+ds-1 (bug #1054427)
        NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
        NOTE: 
https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0
 (8.1.9)
@@ -4647,7 +4670,7 @@ CVE-2023-3961 (A path traversal vulnerability was 
identified in Samba when proce
        NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
        NOTE: In scope for continued Samba support
 CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server 
resource consum ...)
-       {DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 
DLA-3617-1}
+       {DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3641-1 DLA-3638-1 
DLA-3621-1 DLA-3617-1}
        - tomcat9 9.0.70-2
        - tomcat10 10.1.14-1
        - trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
@@ -13397,7 +13420,7 @@ CVE-2023-37856 (In PHOENIX CONTACTs WP 6xxx series web 
panels in versions prior
 CVE-2023-37855 (In PHOENIX CONTACTs WP 6xxx series web panels in versions 
prior to 4.0 ...)
        NOT-FOR-US: PHOENIX
 CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software 
Foundation  ...)
-       {DLA-3595-1}
+       {DSA-5549-1 DLA-3595-1}
        - trafficserver 9.2.2+ds-1 (bug #1043430)
        NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
 CVE-2023-2905 (Due to a failure in validating the length of a provided 
MQTT_CMD_PUBLI ...)
@@ -55260,7 +55283,7 @@ CVE-2023-22083 (Vulnerability in the Oracle Enterprise 
Session Border Controller
 CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
        NOT-FOR-US: Oracle
 CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK 
product of ...)
-       {DSA-5537-1 DLA-3636-1}
+       {DSA-5548-1 DSA-5537-1 DLA-3636-1}
        - openjdk-8 8u392-ga-1
        - openjdk-11 11.0.21+9-1
        - openjdk-17 17.0.9+9-1
@@ -55388,6 +55411,7 @@ CVE-2023-22027 (Vulnerability in the Oracle Business 
Intelligence Enterprise Edi
 CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.32-1
 CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+       {DSA-5548-1}
        - openjdk-17 17.0.9+9-1
        - openjdk-21 21.0.1+12-1
 CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in 
UEK has  ...)
@@ -57253,7 +57277,7 @@ CVE-2022-47187 (There is a file upload XSS 
vulnerability in Generex CS141 below
 CVE-2022-47186 (There is an unrestricted upload of file vulnerability in 
Generex CS141 ...)
        NOT-FOR-US: Generex CS141
 CVE-2022-47185 (Improper input validation vulnerability on the range header in 
Apache  ...)
-       {DLA-3595-1}
+       {DSA-5549-1 DLA-3595-1}
        - trafficserver 9.2.2+ds-1 (bug #1043430)
        NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
        NOTE: https://github.com/apache/trafficserver/issues/9265



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d3b1d9b39f73642baef7422cd712551418220ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d3b1d9b39f73642baef7422cd712551418220ba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to