Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8213b5fe by security tracker role at 2023-11-23T20:11:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,54 @@
-CVE-2023-43123
+CVE-2023-6118 (: Path Traversal: '/../filedir' vulnerability in Neutron IP
Camera all ...)
+ TODO: check
+CVE-2023-5972 (A null pointer dereference flaw was found in the nft_inner.c
functiona ...)
+ TODO: check
+CVE-2023-4677 (Cron log backup files contain administrator session IDs. It is
trivial ...)
+ TODO: check
+CVE-2023-4595 (An information exposure vulnerability has been found, the
exploitation ...)
+ TODO: check
+CVE-2023-4594 (Stored XSS vulnerability. This vulnerability could allow an
attacker t ...)
+ TODO: check
+CVE-2023-4593 (Path traversal vulnerability whose exploitation could allow an
authent ...)
+ TODO: check
+CVE-2023-4406 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was
character ...)
+ TODO: check
+CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a
possible b ...)
+ TODO: check
+CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pando ...)
+ TODO: check
+CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41810 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41808 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
+ TODO: check
+CVE-2023-41807 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
+ TODO: check
+CVE-2023-41806 (Improper Privilege Management vulnerability in Pandora FMS on
all allo ...)
+ TODO: check
+CVE-2023-41792 (Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS
on all ...)
+ TODO: check
+CVE-2023-41791 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41790 (Uncontrolled Search Path Element vulnerability in Pandora FMS
on all a ...)
+ TODO: check
+CVE-2023-41789 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41788 (Unrestricted Upload of File with Dangerous Type vulnerability
in Pando ...)
+ TODO: check
+CVE-2023-41787 (Uncontrolled Search Path Element vulnerability in Pandora FMS
on all a ...)
+ TODO: check
+CVE-2023-41786 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-3631 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-3377 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-33202 (Bouncy Castle for Java before 1.73 contains a potential Denial
of Serv ...)
+ TODO: check
+CVE-2023-43123 (On unix-like systems, the temporary directory is shared
between all us ...)
NOT-FOR-US: Apache Storm
CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via
an SVG do ...)
NOT-FOR-US: dom-sanitizer
@@ -1748,6 +1798,7 @@ CVE-2023-22327 (Out-of-bounds write in firmware for some
Intel(R) FPGA products
CVE-2023-5528 (A security issue was discovered in Kubernetes where a user that
can cr ...)
- kubernetes <not-affected> (Windows-specific)
CVE-2023-23583 (Sequence of processor instructions leads to unexpected
behavior for so ...)
+ {DSA-5563-1}
- intel-microcode 3.20231114.1 (bug #1055962)
[buster] - intel-microcode <postponed> (Wait for exposure in unstable)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
@@ -35551,10 +35602,10 @@ CVE-2023-28815
RESERVED
CVE-2023-28814
RESERVED
-CVE-2023-28813
- RESERVED
-CVE-2023-28812
- RESERVED
+CVE-2023-28813 (An attacker could exploit a vulnerability by sending crafted
messages ...)
+ TODO: check
+CVE-2023-28812 (There is a buffer overflow vulnerability in a web browser
plug-in coul ...)
+ TODO: check
CVE-2023-28811 (There is a buffer overflow in the password recovery feature of
Hikvisi ...)
NOT-FOR-US: hikvison
CVE-2023-28810 (Some access control/intercom products have unauthorized
modification o ...)
@@ -70909,10 +70960,10 @@ CVE-2022-44013 (An issue was discovered in Simmeth
Lieferantenmanager before 5.6
NOT-FOR-US: Simmeth Lieferantenmanager
CVE-2022-44012 (An issue was discovered in
/DS/LM_API/api/SelectionService/InsertQuery ...)
NOT-FOR-US: Simmeth Lieferantenmanager
-CVE-2022-44011
- RESERVED
-CVE-2022-44010
- RESERVED
+CVE-2022-44011 (An issue was discovered in ClickHouse before 22.9.1.2603. An
authentic ...)
+ TODO: check
+CVE-2022-44010 (An issue was discovered in ClickHouse before 22.9.1.2603. An
attacker ...)
+ TODO: check
CVE-2022-44009 (Improper access control in Key-Value RBAC in StackStorm
version 3.7.0 ...)
NOT-FOR-US: StackStorm
CVE-2022-44008 (An issue was discovered in BACKCLICK Professional 5.9.63. Due
to impro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8213b5fe516b81853e91e5f830df7cc2117f6cea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8213b5fe516b81853e91e5f830df7cc2117f6cea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
