Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cea084e2 by security tracker role at 2023-11-21T20:11:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2023-6235 (An uncontrolled search path element vulnerability has been
found in th ...)
+ TODO: check
+CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs
showed e ...)
+ TODO: check
+CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox 115.4, and
Thunderb ...)
+ TODO: check
+CVE-2023-6211 (If an attacker needed a user to load an insecure http: page and
knew t ...)
+ TODO: check
+CVE-2023-6210 (When an https: web page created a pop-up from a "javascript:"
URL, tha ...)
+ TODO: check
+CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly
parsed, and ...)
+ TODO: check
+CVE-2023-6208 (When using X11, text selected by the page using the Selection
API was ...)
+ TODO: check
+CVE-2023-6207 (Ownership mismanagement led to a use-after-free in
ReadableByteStreams ...)
+ TODO: check
+CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the
length ...)
+ TODO: check
+CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had
already ...)
+ TODO: check
+CVE-2023-6204 (On some systems\u2014depending on the graphics settings and
drivers\u2 ...)
+ TODO: check
+CVE-2023-5776 (The Post Meta Data Manager plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting
3DDashboar ...)
+ TODO: check
+CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities\xc2affecting
3DSwym ...)
+ TODO: check
+CVE-2023-5055 (Possible variant of CVE-2021-3434 in function
le_ecred_reconf_req.)
+ TODO: check
+CVE-2023-49061 (An attacker could have performed HTML template injection via
Reader Mo ...)
+ TODO: check
+CVE-2023-49060 (An attacker could have accessed internal pages or data by
ex-filtratin ...)
+ TODO: check
+CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version
1.14.0, d ...)
+ TODO: check
+CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a
remote atta ...)
+ TODO: check
+CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software
applicat ...)
+ TODO: check
+CVE-2023-46377
+ REJECTED
CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the
server. ...)
NOT-FOR-US: bookstack
CVE-2023-6178 (An arbitrary file write vulnerability exists where an
authenticated at ...)
@@ -88,7 +130,7 @@ CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not
have CSRF check in p
NOT-FOR-US: WooHoo Newspaper Magazine theme
CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not
sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4799 (The Magic Embeds WordPress plugin through 3.0.10 does not
validate and ...)
+CVE-2023-4799 (The Magic Embeds WordPress plugin before 3.1.2 does not
validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth`
applicati ...)
TODO: check
@@ -958,6 +1000,7 @@ CVE-2023-35080 (A vulnerability has been identified in the
Ivanti Secure Access
CVE-2023-34060 (VMware Cloud Director Appliance contains an authentication
bypass vuln ...)
NOT-FOR-US: VMware
CVE-2023-44444 [GIMP PSP File Parsing Off-By-One Remote Code Execution
Vulnerability]
+ {DLA-3659-1}
- gimp 2.10.36-1 (bug #1055984)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
NOTE:
https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
@@ -974,6 +1017,7 @@ CVE-2023-44443 [GIMP PSP File Parsing Integer Overflow
Remote Code Execution Vul
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10072 (restricted)
NOTE: Introduced by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/bf66a07d207bc09f222e56c398760478a3a057fa
(GIMP_2_10_22)
CVE-2023-44442 [GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability]
+ {DLA-3659-1}
- gimp 2.10.36-1 (bug #1055984)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1594/
NOTE:
https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
@@ -35115,8 +35159,8 @@ CVE-2023-28804 (An Improper Verification of
Cryptographic Signature vulnerabilit
NOT-FOR-US: Zscaler Client Connector
CVE-2023-28803 (An authentication bypass by spoofing of a device with a
synthetic IP a ...)
NOT-FOR-US: Zscaler Client Connector
-CVE-2023-28802
- RESERVED
+CVE-2023-28802 (An Improper Validation of Integrity Check Value in Zscaler
Client Conn ...)
+ TODO: check
CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the
SAML authen ...)
NOT-FOR-US: Zscaler
CVE-2023-28800 (When using local accounts for administration, the redirect url
paramet ...)
@@ -54899,8 +54943,8 @@ CVE-2023-22523
RESERVED
CVE-2023-22522
RESERVED
-CVE-2023-22521
- RESERVED
+CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
+ TODO: check
CVE-2023-22520
RESERVED
CVE-2023-22519
@@ -54909,8 +54953,8 @@ CVE-2023-22518 (All versions of Confluence Data Center
and Server are affected b
NOT-FOR-US: Atlassian
CVE-2023-22517
RESERVED
-CVE-2023-22516
- RESERVED
+CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability
was intro ...)
+ TODO: check
CVE-2023-22515 (Atlassian has been made aware of an issue reported by a
handful of cus ...)
NOT-FOR-US: Atlassian
CVE-2023-22514
@@ -71818,12 +71862,12 @@ CVE-2023-20276
RESERVED
CVE-2023-20275
RESERVED
-CVE-2023-20274
- RESERVED
+CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics
PHP Agent ...)
+ TODO: check
CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
NOT-FOR-US: Cisco
-CVE-2023-20272
- RESERVED
+CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
CVE-2023-20271
RESERVED
CVE-2023-20270 (A vulnerability in the interaction between the Server Message
Block (S ...)
@@ -71836,8 +71880,8 @@ CVE-2023-20267 (A vulnerability in the IP geolocation
rules of Snort 3 could all
NOT-FOR-US: Cisco
CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified
Communicat ...)
NOT-FOR-US: Cisco
-CVE-2023-20265
- RESERVED
+CVE-2023-20265 (A vulnerability in the web-based management interface of a
small subse ...)
+ TODO: check
CVE-2023-20264 (A vulnerability in the implementation of Security Assertion
Markup Lan ...)
NOT-FOR-US: Cisco
CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco
HyperFl ...)
@@ -71955,8 +71999,8 @@ CVE-2023-20210 (A vulnerability in Cisco BroadWorks
could allow an authenticated
NOT-FOR-US: Cisco
CVE-2023-20209 (A vulnerability in the web-based management interface of Cisco
Express ...)
NOT-FOR-US: Cisco
-CVE-2023-20208
- RESERVED
+CVE-2023-20208 (A vulnerability in the web-based management interface of Cisco
ISE cou ...)
+ TODO: check
CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo
Authentication P ...)
NOT-FOR-US: Cisco
CVE-2023-20206 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -111148,6 +111192,7 @@ CVE-2022-30069
CVE-2022-30068
RESERVED
CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow.
Through a ...)
+ {DLA-3659-1}
- gimp 2.10.32-1 (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/8120
NOTE:
https://gitlab.gnome.org/GNOME/gimp/-/commit/4f99f1fcfd892ead19831b5adcd38a99d71214b6
(master)
@@ -161606,8 +161651,8 @@ CVE-2021-38407 (Delta Electronics DIALink versions
1.2.4.0 and prior is vulnerab
NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks
proper va ...)
NOT-FOR-US: Delta Electronic
-CVE-2021-38405
- RESERVED
+CVE-2021-38405 (The Datalogics APDFL library used in affected products is
vulnerable t ...)
+ TODO: check
CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks
proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is
vulnerable to ...)
@@ -189786,12 +189831,12 @@ CVE-2021-27506 (The ClamAV Engine (version 0.103.1
and below) component embedded
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-27505 (mySCADA myPRO versions prior to 8.20.0 does not restrict
unauthorized ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2021-27504
- RESERVED
+CVE-2021-27504 (Texas Instruments devices running FREERTOS, malloc returns a
valid po ...)
+ TODO: check
CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed
mylife Cloud: ...)
NOT-FOR-US: Ypsomed
-CVE-2021-27502
- RESERVED
+CVE-2021-27502 (Texas Instruments TI-RTOS, when configured to use HeapMem
heap(default ...)
+ TODO: check
CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow
certain c ...)
NOT-FOR-US: Philips Vue PACS
CVE-2021-27500 (A specifically crafted packet sent by an attacker to
EIPStackGroup OpE ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cea084e2636e5caf3b16d89eb56efda870dd8baf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cea084e2636e5caf3b16d89eb56efda870dd8baf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
