Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ecf3c8dc by security tracker role at 2023-11-06T08:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in
Mitsub ...)
+ TODO: check
+CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
+ TODO: check
+CVE-2023-47271 (PKP-WAL (aka PKP Web Application Library or pkp-lib) before
3.3.0-16, ...)
+ TODO: check
+CVE-2023-47253 (Qualitor through 8.20 allows remote attackers to execute
arbitrary cod ...)
+ TODO: check
+CVE-2023-46802 (e-Tax software Version3.0.10 and earlier improperly restricts
XML exte ...)
+ TODO: check
+CVE-2023-40207 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-38407 (bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to
read beyond ...)
+ TODO: check
+CVE-2023-38406 (bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles
an nlri ...)
+ TODO: check
+CVE-2023-38382 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-33924 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-32840 (In modem CCCI, there is a possible out of bounds write due to
a missin ...)
+ TODO: check
+CVE-2023-32839 (In dpe, there is a possible out of bounds write due to a
missing valid ...)
+ TODO: check
+CVE-2023-32838 (In dpe, there is a possible out of bounds write due to a
missing valid ...)
+ TODO: check
+CVE-2023-32837 (In video, there is a possible out of bounds write due to a
missing bou ...)
+ TODO: check
+CVE-2023-32836 (In display, there is a possible out of bounds write due to an
integer ...)
+ TODO: check
+CVE-2023-32835 (In keyinstall, there is a possible memory corruption due to
type confu ...)
+ TODO: check
+CVE-2023-32834 (In secmem, there is a possible memory corruption due to type
confusion ...)
+ TODO: check
+CVE-2023-32832 (In video, there is a possible memory corruption due to a race
conditio ...)
+ TODO: check
+CVE-2023-32825 (In bluethooth service, there is a possible out of bounds reads
due to ...)
+ TODO: check
+CVE-2023-32818 (In vdec, there is a possible out of bounds write due to type
confusion ...)
+ TODO: check
+CVE-2021-4430 (A vulnerability classified as problematic has been found in
Ortus Solu ...)
+ TODO: check
+CVE-2018-25093 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to
2.10.2. I ...)
+ TODO: check
+CVE-2018-25092 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to
2.10.2. I ...)
+ TODO: check
+CVE-2017-20187 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in
Magnesium ...)
+ TODO: check
CVE-2023-47260 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via
thumbnails ...)
- redmine <unfixed>
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
@@ -23,7 +71,7 @@ CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and
LVIS-3ME12-A1 firmware 6.2.2
NOT-FOR-US: LOYTEC electronics GmbH
CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL
injection vulner ...)
NOT-FOR-US: kerawen
-CVE-2023-47272 [cross-site scripting (XSS) vulnerability in setting
Content-Type/Content-Disposition for attachment preview/download]
+CVE-2023-47272 (Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS
via a C ...)
- roundcube 1.6.5+dfsg-1 (bug #1055421)
NOTE:
https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a
(1.6.5)
CVE-2023-47235 (An issue was discovered in FRRouting FRR through 9.0.1. A
crash can oc ...)
@@ -1234,13 +1282,13 @@ CVE-2023-39726 (An issue in Mintty v.3.6.4 and before
allows a remote attacker t
CVE-2023-38328 (An issue was discovered in eGroupWare 17.1.20190111. An
Improper Passw ...)
- egroupware <removed>
CVE-2023-34059 (open-vm-tools contains a file descriptor hijack vulnerability
in the v ...)
- {DSA-5543-1}
+ {DSA-5543-1 DLA-3646-1}
- open-vm-tools 2:12.3.5-1 (bug #1054666)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/2
NOTE:
https://github.com/vmware/open-vm-tools/blob/CVE-2023-34059.patch/CVE-2023-34059.patch
NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/3
CVE-2023-34058 (VMware Tools contains a SAML token signature bypass
vulnerability.A ma ...)
- {DSA-5543-1}
+ {DSA-5543-1 DLA-3646-1}
- open-vm-tools 2:12.3.5-1 (bug #1054666)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/1
NOTE:
https://github.com/vmware/open-vm-tools/blob/CVE-2023-34058.patch/CVE-2023-34058.patch
@@ -3221,7 +3269,7 @@ CVE-2023-42459 (Fast DDS is a C++ implementation of the
DDS (Data Distribution S
NOTE: https://github.com/eProsima/Fast-DDS/pull/3824
NOTE:
https://github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb
CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- {DSA-5549-1}
+ {DSA-5549-1 DLA-3645-1}
- trafficserver 9.2.3+ds-1 (bug #1054427)
NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
NOTE:
https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0
(8.1.9)
@@ -4648,7 +4696,7 @@ CVE-2023-42670 (A flaw was found in Samba. It is
susceptible to a vulnerability
[bullseye] - samba <not-affected> (Vulnerable code not present)
[buster] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2023-42670.html
-CVE-2023-42669 ["rpcecho" development server allows Denial of Service via
sleep() call on AD DC]
+CVE-2023-42669 (A vulnerability was found in Samba's "rpcecho" development
server, a n ...)
{DSA-5525-1}
- samba 2:4.19.1+dfsg-1
[bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
@@ -4673,7 +4721,7 @@ CVE-2023-3961 (A path traversal vulnerability was
identified in Samba when proce
NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
NOTE: In scope for continued Samba support
CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server
resource consum ...)
- {DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3641-1 DLA-3638-1
DLA-3621-1 DLA-3617-1}
+ {DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3645-1 DLA-3641-1
DLA-3638-1 DLA-3621-1 DLA-3617-1}
- tomcat9 9.0.70-2
- tomcat10 10.1.14-1
- trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
@@ -32372,8 +32420,8 @@ CVE-2023-28796 (Improper Verification of Cryptographic
Signature vulnerability i
NOT-FOR-US: Zscaler Client Connector
CVE-2023-28795 (Origin Validation Error vulnerability in Zscaler Client
Connector on L ...)
NOT-FOR-US: Zscaler Client Connector
-CVE-2023-28794
- RESERVED
+CVE-2023-28794 (Origin Validation Error vulnerability in Zscaler Client
Connector on L ...)
+ TODO: check
CVE-2023-28793 (Buffer overflow vulnerability in the signelf library used by
Zscaler C ...)
NOT-FOR-US: Zscaler Client Connector
CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
I Thirte ...)
@@ -36558,7 +36606,7 @@ CVE-2023-27578 (Galaxy is an open-source platform for
data analysis. All support
NOT-FOR-US: Galaxy
CVE-2023-27577 (flarum is a forum software package for building communities.
In versio ...)
NOT-FOR-US: Flarum
-CVE-2023-27576 (An issue was discovered in phpList 3.6.12. Due to an access
error, it ...)
+CVE-2023-27576 (An issue was discovered in phpList before 3.6.14. Due to an
access err ...)
- phplist <itp> (bug #612288)
CVE-2023-27575
RESERVED
@@ -56404,16 +56452,16 @@ CVE-2022-47434 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel
Powney ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47432
- RESERVED
+CVE-2022-47432 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-47431 (Reflected Cross-Site Scripting (XSS) vulnerability in
Tussendoor inter ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47430
- RESERVED
+CVE-2022-47430 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-47429
RESERVED
-CVE-2022-47428
- RESERVED
+CVE-2022-47428 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C
Dolson My ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -56428,8 +56476,8 @@ CVE-2022-47422 (Cross-Site Request Forgery (CSRF)
vulnerability in HM Plugin Acc
NOT-FOR-US: WordPress plugin
CVE-2022-47421 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Repu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47420
- RESERVED
+CVE-2022-47420 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS.
Successful ...)
NOT-FOR-US: Mayan EDMS DMS
CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are
vulnerable to a s ...)
@@ -58203,8 +58251,8 @@ CVE-2022-46862 (Cross-Site Request Forgery (CSRF)
vulnerability in ExpressTech Q
NOT-FOR-US: WordPress plugin
CVE-2022-46861 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Zia ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46860
- RESERVED
+CVE-2022-46860 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Amin A.R ...)
@@ -58225,8 +58273,8 @@ CVE-2022-46851 (Cross-Site Request Forgery (CSRF)
vulnerability in Brainstorm Fo
NOT-FOR-US: WordPress plugin
CVE-2022-46850 (Auth. (author+) Broken Access Control vulnerability leading to
Arbitra ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46849
- RESERVED
+CVE-2022-46849 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-46848 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46847
@@ -63036,8 +63084,8 @@ CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site
Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2022-45374
RESERVED
-CVE-2022-45373
- RESERVED
+CVE-2022-45373 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer
Product Ga ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet
ShopEngine pl ...)
@@ -68082,8 +68130,8 @@ CVE-2023-20704 (In apu, there is a possible out of
bounds read due to a missing
NOT-FOR-US: Mediatek
CVE-2023-20703 (In apu, there is a possible out of bounds read due to a
missing bounds ...)
NOT-FOR-US: Mediatek
-CVE-2023-20702
- RESERVED
+CVE-2023-20702 (In 5G NRLC, there is a possible invalid memory access due to
lack of e ...)
+ TODO: check
CVE-2023-20701 (In widevine, there is a possible out of bounds write due to a
logic er ...)
NOT-FOR-US: Mediatek
CVE-2023-20700 (In widevine, there is a possible out of bounds write due to a
logic er ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecf3c8dc462ead68d221bc20c3bb1bbc505aa4f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecf3c8dc462ead68d221bc20c3bb1bbc505aa4f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
