Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8a0b3a4b by security tracker role at 2023-11-08T20:11:41+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,103 @@ +CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...) + TODO: check +CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain ...) + TODO: check +CVE-2023-5941 (In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeB ...) + TODO: check +CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext Fortify ScanC ...) + TODO: check +CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (inpu ...) + TODO: check +CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) + TODO: check +CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin for GP ...) + TODO: check +CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestran ...) + TODO: check +CVE-2023-47379 (Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Script ...) + TODO: check +CVE-2023-47231 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-47229 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-47228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) + TODO: check +CVE-2023-47227 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...) + TODO: check +CVE-2023-47226 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...) + TODO: check +CVE-2023-47223 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP M ...) + TODO: check +CVE-2023-47190 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-47181 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...) + TODO: check +CVE-2023-47107 (PILOS is an open source front-end for BigBlueButton servers with a bui ...) + TODO: check +CVE-2023-46774 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) + TODO: check +CVE-2023-46772 (Vulnerability of parameters being out of the value range in the QMI se ...) + TODO: check +CVE-2023-46771 (Security vulnerability in the face unlock module. Successful exploitat ...) + TODO: check +CVE-2023-46767 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46766 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46765 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) + TODO: check +CVE-2023-46764 (Unauthorized startup vulnerability of background apps. Successful expl ...) + TODO: check +CVE-2023-46763 (Vulnerability of background app permission management in the framework ...) + TODO: check +CVE-2023-46762 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46761 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + TODO: check +CVE-2023-46759 (Permission control vulnerability in the call module. Successful exploi ...) + TODO: check +CVE-2023-46758 (The multi-screen interaction module has a vulnerability in permission ...) + TODO: check +CVE-2023-46757 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...) + TODO: check +CVE-2023-46756 (Permission control vulnerability in the window management module. Succ ...) + TODO: check +CVE-2023-46755 (Vulnerability of input parameters being not strictly verified in the i ...) + TODO: check +CVE-2023-46643 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZ ...) + TODO: check +CVE-2023-46642 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahu ...) + TODO: check +CVE-2023-46640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-46627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish A ...) + TODO: check +CVE-2023-46626 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT ...) + TODO: check +CVE-2023-46621 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Baj ...) + TODO: check +CVE-2023-46613 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-45849 (An arbitrary code execution which results in privilege escalation was ...) + TODO: check +CVE-2023-45319 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) + TODO: check +CVE-2023-45140 (The Bastion provides authentication, authorization, traceability and a ...) + TODO: check +CVE-2023-44098 (Vulnerability of missing encryption in the card management module. Suc ...) + TODO: check +CVE-2023-3282 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...) + TODO: check +CVE-2023-39913 (Deserialization of Untrusted Data, Improper Input Validation vulnerabi ...) + TODO: check +CVE-2023-35767 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) + TODO: check +CVE-2023-32298 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Da ...) + TODO: check +CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful exploita ...) + TODO: check CVE-2023-47248 - apache-arrow <itp> (bug #970021) CVE-2023-40114 @@ -132,7 +232,7 @@ CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0- [buster] - gpac <end-of-life> (EOL in buster LTS) NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e -CVE-2023-5996 +CVE-2023-5996 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 al ...) - chromium 119.0.6045.123-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...) @@ -3474,6 +3574,7 @@ CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup NOTE: https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 (unstable) NOTE: https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc (7.0.14) CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino development. ...) + {DLA-3649-1} NOT-FOR-US: Arduino Create Agent CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino development. ...) NOT-FOR-US: Arduino Create Agent @@ -3841,7 +3942,7 @@ CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-D NOTE: https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1 CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...) NOT-FOR-US: Devolutions Server -CVE-2023-5561 (The Popup Builder WordPress plugin through 4.1.15 does not sanitise an ...) +CVE-2023-5561 (WordPress does not properly restrict which user fields are searchable ...) NOT-FOR-US: WordPress plugin CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as sending e-ma ...) NOT-FOR-US: OTRS @@ -10138,10 +10239,12 @@ CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vul CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...) NOT-FOR-US: IceWarp CVE-2023-39516 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e CVE-2023-39515 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e @@ -10152,6 +10255,7 @@ CVE-2023-39514 (Cacti is an open source operational monitoring and fault managem NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7 NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 [bookworm] - cacti 1.2.24+ds1-1+deb12u1 [bullseye] - cacti <not-affected> (Vulnerable code not present) @@ -10176,21 +10280,25 @@ CVE-2023-39366 (Cacti is an open source operational monitoring and fault managem NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009 CVE-2023-39365 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1499/ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1500/ NOTE: https://github.com/cacti/cacti/commit/f775c115e9d6e4b6a326eee682af8afebc43f20e CVE-2023-39364 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x NOTE: https://github.com/Cacti/cacti/commit/05bf9dd89d056c7de9591396d92b25ddf140c0da CVE-2023-39362 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp NOTE: https://github.com/cacti/cacti/commit/cb9ab92f2580fc6cb9b64ce129655fb15e35d056 NOTE: https://github.com/Cacti/cacti/commit/ca5a66ceace19a565cae61b484064a06c7b0c3c1 CVE-2023-39361 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg NOTE: https://github.com/cacti/cacti/commit/4246aee6310846d0e106bd05279e54fff3765822 @@ -10199,6 +10307,7 @@ CVE-2023-39360 (Cacti is an open source operational monitoring and fault managem NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4 NOTE: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2 CVE-2023-39359 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h NOTE: https://github.com/cacti/cacti/commit/7459ff57abcd97ab8bc7a19de9e308ca62c17d38 @@ -10208,6 +10317,7 @@ CVE-2023-39358 (Cacti is an open source operational monitoring and fault managem NOTE: https://github.com/cacti/cacti/commit/318c377180039b22970f1f6636aa586d3b84c44d NOTE: https://github.com/cacti/cacti/commit/58a2df17c94fda1cdae74613153524ad1a6aae82 CVE-2023-39357 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} - cacti 1.2.25+ds1-1 NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg NOTE: https://github.com/cacti/cacti/commit/21f6b5c9238b3e8c83f2c9295374d96eb104f21d @@ -40782,8 +40892,8 @@ CVE-2023-26223 RESERVED CVE-2023-26222 RESERVED -CVE-2023-26221 - RESERVED +CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire An ...) + TODO: check CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analy ...) NOT-FOR-US: TIBCO CVE-2023-26219 (The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TI ...) @@ -48355,7 +48465,8 @@ CVE-2023-23769 RESERVED CVE-2023-23768 RESERVED -CVE-2023-23767 (Incorrect Permission Assignment for Critical Resource in GitHub Enterp ...) +CVE-2023-23767 + REJECTED NOT-FOR-US: Github Enterprise Server CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: Github Enterprise Server View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a0b3a4bd50c3d33d56a03f3512d6a27f82879ec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a0b3a4bd50c3d33d56a03f3512d6a27f82879ec You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits