[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 08 Nov 2023 12:11:59 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8a0b3a4b by security tracker role at 2023-11-08T20:11:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-6012 (An improper input validation vulnerability has been found in 
Lanaccess ...)
+       TODO: check
+CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under 
certain  ...)
+       TODO: check
+CVE-2023-5941 (In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 
and FreeB ...)
+       TODO: check
+CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext 
Fortify ScanC ...)
+       TODO: check
+CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of 
IOCTL (inpu ...)
+       TODO: check
+CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated 
remote Deni ...)
+       TODO: check
+CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin 
for GP ...)
+       TODO: check
+CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via 
admin/categoriestran ...)
+       TODO: check
+CVE-2023-47379 (Microweber CMS version 2.0.1 is vulnerable to stored Cross 
Site Script ...)
+       TODO: check
+CVE-2023-47231 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-47229 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-47228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Mune ...)
+       TODO: check
+CVE-2023-47227 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Web- ...)
+       TODO: check
+CVE-2023-47226 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in I Th ...)
+       TODO: check
+CVE-2023-47223 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WP M ...)
+       TODO: check
+CVE-2023-47190 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-47181 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Mart ...)
+       TODO: check
+CVE-2023-47107 (PILOS is an open source front-end for BigBlueButton servers 
with a bui ...)
+       TODO: check
+CVE-2023-46774 (Vulnerability of uncaught exceptions in the NFC module. 
Successful exp ...)
+       TODO: check
+CVE-2023-46772 (Vulnerability of parameters being out of the value range in 
the QMI se ...)
+       TODO: check
+CVE-2023-46771 (Security vulnerability in the face unlock module. Successful 
exploitat ...)
+       TODO: check
+CVE-2023-46767 (Out-of-bounds write vulnerability in the kernel driver module. 
Success ...)
+       TODO: check
+CVE-2023-46766 (Out-of-bounds write vulnerability in the kernel driver module. 
Success ...)
+       TODO: check
+CVE-2023-46765 (Vulnerability of uncaught exceptions in the NFC module. 
Successful exp ...)
+       TODO: check
+CVE-2023-46764 (Unauthorized startup vulnerability of background apps. 
Successful expl ...)
+       TODO: check
+CVE-2023-46763 (Vulnerability of background app permission management in the 
framework ...)
+       TODO: check
+CVE-2023-46762 (Out-of-bounds write vulnerability in the kernel driver module. 
Success ...)
+       TODO: check
+CVE-2023-46761 (Out-of-bounds write vulnerability in the kernel driver module. 
Success ...)
+       TODO: check
+CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. 
Success ...)
+       TODO: check
+CVE-2023-46759 (Permission control vulnerability in the call module. 
Successful exploi ...)
+       TODO: check
+CVE-2023-46758 (The multi-screen interaction module has a vulnerability in 
permission  ...)
+       TODO: check
+CVE-2023-46757 (Keep-alive vulnerability in the sticky broadcast mechanism. 
Successful ...)
+       TODO: check
+CVE-2023-46756 (Permission control vulnerability in the window management 
module. Succ ...)
+       TODO: check
+CVE-2023-46755 (Vulnerability of input parameters being not strictly verified 
in the i ...)
+       TODO: check
+CVE-2023-46643 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
GARY JEZ ...)
+       TODO: check
+CVE-2023-46642 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in sahu ...)
+       TODO: check
+CVE-2023-46640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-46627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Ashish A ...)
+       TODO: check
+CVE-2023-46626 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
FLOWFACT ...)
+       TODO: check
+CVE-2023-46621 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Enej Baj ...)
+       TODO: check
+CVE-2023-46613 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-45849 (An arbitrary code execution which results in privilege 
escalation was  ...)
+       TODO: check
+CVE-2023-45319 (In Helix Core versions prior to 2023.2, an unauthenticated 
remote Deni ...)
+       TODO: check
+CVE-2023-45140 (The Bastion provides authentication, authorization, 
traceability and a ...)
+       TODO: check
+CVE-2023-44098 (Vulnerability of missing encryption in the card management 
module. Suc ...)
+       TODO: check
+CVE-2023-3282 (A local privilege escalation (PE) vulnerability in the Palo 
Alto Netwo ...)
+       TODO: check
+CVE-2023-39913 (Deserialization of Untrusted Data, Improper Input Validation 
vulnerabi ...)
+       TODO: check
+CVE-2023-35767 (In Helix Core versions prior to 2023.2, an unauthenticated 
remote Deni ...)
+       TODO: check
+CVE-2023-32298 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Kathy Da ...)
+       TODO: check
+CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful 
exploita ...)
+       TODO: check
 CVE-2023-47248
        - apache-arrow <itp> (bug #970021)
 CVE-2023-40114
@@ -132,7 +232,7 @@ CVE-2023-5998 (Out-of-bounds Read in GitHub repository 
gpac/gpac prior to 2.3.0-
        [buster] - gpac <end-of-life> (EOL in buster LTS)
        NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
        NOTE: 
https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e
-CVE-2023-5996
+CVE-2023-5996 (Use after free in WebAudio in Google Chrome prior to 
119.0.6045.123 al ...)
        - chromium 119.0.6045.123-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to 
Cross-Site Reque ...)
@@ -3474,6 +3574,7 @@ CVE-2023-45145 (Redis is an in-memory database that 
persists on disk. On startup
        NOTE: 
https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 
(unstable)
        NOTE: 
https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc 
(7.0.14)
 CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino 
development.  ...)
+       {DLA-3649-1}
        NOT-FOR-US: Arduino Create Agent
 CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino 
development.  ...)
        NOT-FOR-US: Arduino Create Agent
@@ -3841,7 +3942,7 @@ CVE-2023-5595 (Denial of Service in GitHub repository 
gpac/gpac prior to 2.3.0-D
        NOTE: 
https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1
 CVE-2023-5575 (Improper access control in the permission inheritance in 
Devolutions S ...)
        NOT-FOR-US: Devolutions Server
-CVE-2023-5561 (The Popup Builder WordPress plugin through 4.1.15 does not 
sanitise an ...)
+CVE-2023-5561 (WordPress does not properly restrict which user fields are 
searchable  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as 
sending e-ma ...)
        NOT-FOR-US: OTRS
@@ -10138,10 +10239,12 @@ CVE-2023-39654 (abupy up to v0.4.0 was discovered to 
contain a SQL injection vul
 CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation 
WebClient v. ...)
        NOT-FOR-US: IceWarp
 CVE-2023-39516 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv
        NOTE: 
https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
 CVE-2023-39515 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
        NOTE: 
https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
@@ -10152,6 +10255,7 @@ CVE-2023-39514 (Cacti is an open source operational 
monitoring and fault managem
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
        NOTE: 
https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
 CVE-2023-39513 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        [bookworm] - cacti 1.2.24+ds1-1+deb12u1
        [bullseye] - cacti <not-affected> (Vulnerable code not present)
@@ -10176,21 +10280,25 @@ CVE-2023-39366 (Cacti is an open source operational 
monitoring and fault managem
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
        NOTE: 
https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009
 CVE-2023-39365 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1499/
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1500/
        NOTE: 
https://github.com/cacti/cacti/commit/f775c115e9d6e4b6a326eee682af8afebc43f20e
 CVE-2023-39364 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x
        NOTE: 
https://github.com/Cacti/cacti/commit/05bf9dd89d056c7de9591396d92b25ddf140c0da
 CVE-2023-39362 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
        NOTE: 
https://github.com/cacti/cacti/commit/cb9ab92f2580fc6cb9b64ce129655fb15e35d056
        NOTE: 
https://github.com/Cacti/cacti/commit/ca5a66ceace19a565cae61b484064a06c7b0c3c1
 CVE-2023-39361 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg
        NOTE: 
https://github.com/cacti/cacti/commit/4246aee6310846d0e106bd05279e54fff3765822
@@ -10199,6 +10307,7 @@ CVE-2023-39360 (Cacti is an open source operational 
monitoring and fault managem
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
        NOTE: 
https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2
 CVE-2023-39359 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h
        NOTE: 
https://github.com/cacti/cacti/commit/7459ff57abcd97ab8bc7a19de9e308ca62c17d38
@@ -10208,6 +10317,7 @@ CVE-2023-39358 (Cacti is an open source operational 
monitoring and fault managem
        NOTE: 
https://github.com/cacti/cacti/commit/318c377180039b22970f1f6636aa586d3b84c44d
        NOTE: 
https://github.com/cacti/cacti/commit/58a2df17c94fda1cdae74613153524ad1a6aae82
 CVE-2023-39357 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       {DSA-5550-1}
        - cacti 1.2.25+ds1-1
        NOTE: 
https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg
        NOTE: 
https://github.com/cacti/cacti/commit/21f6b5c9238b3e8c83f2c9295374d96eb104f21d
@@ -40782,8 +40892,8 @@ CVE-2023-26223
        RESERVED
 CVE-2023-26222
        RESERVED
-CVE-2023-26221
-       RESERVED
+CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s 
Spotfire An ...)
+       TODO: check
 CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s 
Spotfire Analy ...)
        NOT-FOR-US: TIBCO
 CVE-2023-26219 (The Hawk Console and Hawk Agent components of TIBCO Software 
Inc.'s TI ...)
@@ -48355,7 +48465,8 @@ CVE-2023-23769
        RESERVED
 CVE-2023-23768
        RESERVED
-CVE-2023-23767 (Incorrect Permission Assignment for Critical Resource in 
GitHub Enterp ...)
+CVE-2023-23767
+       REJECTED
        NOT-FOR-US: Github Enterprise Server
 CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub 
Enterpr ...)
        NOT-FOR-US: Github Enterprise Server



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a0b3a4bd50c3d33d56a03f3512d6a27f82879ec

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a0b3a4bd50c3d33d56a03f3512d6a27f82879ec
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to