Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
04525b33 by security tracker role at 2023-11-30T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,294 @@
-CVE-2023-49620
+CVE-2023-6439 (A vulnerability classified as problematic was found in ZenTao
PMS 18.8 ...)
+ TODO: check
+CVE-2023-6438 (A vulnerability classified as problematic has been found in
IceCMS 2.0 ...)
+ TODO: check
+CVE-2023-6435 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6434 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6433 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6432 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6431 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6430 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6429 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6428 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6427 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6426 (A vulnerability has been discovered in BigProf Online Invoicing
System ...)
+ TODO: check
+CVE-2023-6425 (A vulnerability has been discovered in BigProf Online Clinic
Managemen ...)
+ TODO: check
+CVE-2023-6424 (A vulnerability has been discovered in BigProf Online Clinic
Managemen ...)
+ TODO: check
+CVE-2023-6423 (A vulnerability has been discovered in BigProf Online Clinic
Managemen ...)
+ TODO: check
+CVE-2023-6422 (A vulnerability has been discovered in BigProf Online Clinic
Managemen ...)
+ TODO: check
+CVE-2023-6420 (A vulnerability has been reported in Voovi Social Networking
Script ve ...)
+ TODO: check
+CVE-2023-6419 (A vulnerability has been reported in Voovi Social Networking
Script ve ...)
+ TODO: check
+CVE-2023-6418 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6417 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6416 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6415 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6414 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6413 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6412 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6411 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6410 (A vulnerability has been reported in Voovi Social Networking
Script th ...)
+ TODO: check
+CVE-2023-6402 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
+ TODO: check
+CVE-2023-6401 (A vulnerability classified as problematic was found in
NotePad++ up to ...)
+ TODO: check
+CVE-2023-6376 (Henschen & Associates court document management software does
not suff ...)
+ TODO: check
+CVE-2023-6375 (Tyler Technologies Court Case Management Plus may store backups
in a l ...)
+ TODO: check
+CVE-2023-6360 (The 'My Calendar' WordPress Plugin, version < 3.4.22 is
affected by an ...)
+ TODO: check
+CVE-2023-6354 (Tyler Technologies Magistrate Court Case Management Plus allows
an una ...)
+ TODO: check
+CVE-2023-6353 (Tyler Technologies Civil and Criminal Electronic Filing allows
an unau ...)
+ TODO: check
+CVE-2023-6352 (The default configuration of Aquaforest TIFF Server allows
access to a ...)
+ TODO: check
+CVE-2023-6344 (Tyler Technologies Court Case Management Plus allows a remote,
unauthe ...)
+ TODO: check
+CVE-2023-6343 (Tyler Technologies Court Case Management Plus allows a remote,
unauthe ...)
+ TODO: check
+CVE-2023-6342 (Tyler Technologies Court Case Management Plus allows a remote
attacker ...)
+ TODO: check
+CVE-2023-6341 (Catalis (previously Icon Software) CMS360 allows a remote,
unauthentic ...)
+ TODO: check
+CVE-2023-6137 (Cross-Site Request Forgery (CSRF) vulnerability in finnj
Frontier Post ...)
+ TODO: check
+CVE-2023-6136 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-6071 (An Improper Neutralization of Special Elements used in a
command vulne ...)
+ TODO: check
+CVE-2023-6027 (A critical flaw has been identified in elijaa/phpmemcachedadmin
affect ...)
+ TODO: check
+CVE-2023-6026 (A Path traversal vulnerability has been reported in
elijaa/phpmemcache ...)
+ TODO: check
+CVE-2023-5966 (An authenticated privileged attacker could upload a specially
crafted ...)
+ TODO: check
+CVE-2023-5965 (An authenticated privileged attacker could upload a specially
crafted ...)
+ TODO: check
+CVE-2023-5803 (Cross-Site Request Forgery (CSRF) vulnerability in Business
Directory ...)
+ TODO: check
+CVE-2023-4770 (An uncontrolled search path element vulnerability has been
found on 4D ...)
+ TODO: check
+CVE-2023-48964 (Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via
/goform/W ...)
+ TODO: check
+CVE-2023-48963 (Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via
/goform/w ...)
+ TODO: check
+CVE-2023-48914 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-48913 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-48912 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-48812 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48811 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48810 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48808 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48807 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48806 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48805 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48804 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48803 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48802 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file,
sub_4119A0 ...)
+ TODO: check
+CVE-2023-48754 (Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal
Delete Po ...)
+ TODO: check
+CVE-2023-48752 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48749 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48748 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48746 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48744 (Cross-Site Request Forgery (CSRF) vulnerability in Offshore
Web Master ...)
+ TODO: check
+CVE-2023-48743 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48742 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-48737 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48336 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48334 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT
League Table ...)
+ TODO: check
+CVE-2023-48333 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-48331 (Cross-Site Request Forgery (CSRF) vulnerability in Stormhill
Media MyB ...)
+ TODO: check
+CVE-2023-48330 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand
Bulk Co ...)
+ TODO: check
+CVE-2023-48329 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48328 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely
WordPress G ...)
+ TODO: check
+CVE-2023-48326 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48323 (Cross-Site Request Forgery (CSRF) vulnerability in Awesome
Support Tea ...)
+ TODO: check
+CVE-2023-48322 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48321 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48320 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48317 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48289 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48284 (Cross-Site Request Forgery (CSRF) vulnerability in WebToffee
Decorator ...)
+ TODO: check
+CVE-2023-48283 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers
Simple ...)
+ TODO: check
+CVE-2023-48282 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea
Landonio Tax ...)
+ TODO: check
+CVE-2023-48281 (Cross-Site Request Forgery (CSRF) vulnerability in Super Blog
Me Broke ...)
+ TODO: check
+CVE-2023-48279 (Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite
Solutio ...)
+ TODO: check
+CVE-2023-48278 (Cross-Site Request Forgery (CSRF) vulnerability in Nitin
Rathod WP For ...)
+ TODO: check
+CVE-2023-48272 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47877 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47876 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47875 (Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters
allows ...)
+ TODO: check
+CVE-2023-47872 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47870 (Cross-Site Request Forgery (CSRF), Missing Authorization
vulnerability ...)
+ TODO: check
+CVE-2023-47854 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47853 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47851 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47850 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47848 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47844 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47827 (Incorrect Authorization vulnerability in NicheAddons Events
Addon for ...)
+ TODO: check
+CVE-2023-47777 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47645 (Cross-Site Request Forgery (CSRF) vulnerability in
RegistrationMagic R ...)
+ TODO: check
+CVE-2023-47521 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-46820 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-46086 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-45834 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-45609 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-45066 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-45050 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-44150 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-44143 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41735 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-41136 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41128 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-41127 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-40680 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-40674 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-40662 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-40600 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-40211 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-39921 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-38474 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-38400 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-37972 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-37890 (Missing Authorization vulnerability in WPOmnia KB Support
\u2013 WordP ...)
+ TODO: check
+CVE-2023-37868 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-37867 (Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in Yet ...)
+ TODO: check
+CVE-2023-36685 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm
Force US ...)
+ TODO: check
+CVE-2023-36682 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm
Force US ...)
+ TODO: check
+CVE-2023-36523 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-36507 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-34390 (An input validation vulnerability in the Schweitzer
Engineering Labora ...)
+ TODO: check
+CVE-2023-34389 (An allocation of resources without limits or throttling
vulnerability ...)
+ TODO: check
+CVE-2023-34388 (AnImproper Authentication vulnerability in the Schweitzer
Engineering ...)
+ TODO: check
+CVE-2023-34030 (Cross-Site Request Forgery (CSRF) vulnerability in Really
Simple Plugi ...)
+ TODO: check
+CVE-2023-34018 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-33333 (Cross-Site Request Forgery (CSRF) vulnerability in Really
Simple Plugi ...)
+ TODO: check
+CVE-2023-32291 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49620 (Before DolphinScheduler version 3.1.0, the login user could
delete UDF ...)
NOT-FOR-US: Apache DolphinScheduler
-CVE-2023-49733
+CVE-2023-49733 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: Apache Cocoon
CVE-2023-5772 (The Debug Log Manager plugin for WordPress is vulnerable to
Cross-Site ...)
NOT-FOR-US: WordPress plugin
@@ -168,21 +456,27 @@ CVE-2023-45480 (Tenda AC10 version
US_AC10V4.0si_V16.03.10.13_cn was discovered
CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was
discovered to con ...)
NOT-FOR-US: Tenda
CVE-2023-6351 (Use after free in libavif in Google Chrome prior to
119.0.6045.199 all ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6350 (Use after free in libavif in Google Chrome prior to
119.0.6045.199 all ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6348 (Type Confusion in Spellcheck in Google Chrome prior to
119.0.6045.199 ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6347 (Use after free in Mojo in Google Chrome prior to 119.0.6045.199
allowe ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6346 (Use after free in WebAudio in Google Chrome prior to
119.0.6045.199 al ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6345 (Integer overflow in Skia in Google Chrome prior to
119.0.6045.199 allo ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6359 (A Cross-Site Scripting (XSS) vulnerability has been found in
Alumne LM ...)
@@ -1000,7 +1294,7 @@ CVE-2023-6213 (Memory safety bugs present in Firefox 119.
Some of these bugs sho
- firefox 120.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213
CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox ESR 115.4,
and Thun ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1014,7 +1308,7 @@ CVE-2023-6210 (When an https: web page created a pop-up
from a "javascript:" URL
- firefox 120.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6210
CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly
parsed, and ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1022,7 +1316,7 @@ CVE-2023-6209 (Relative URLs starting with three slashes
were incorrectly parsed
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6209
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6209
CVE-2023-6208 (When using X11, text selected by the page using the Selection
API was ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1030,7 +1324,7 @@ CVE-2023-6208 (When using X11, text selected by the page
using the Selection API
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6208
CVE-2023-6207 (Ownership mismanagement led to a use-after-free in
ReadableByteStreams ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1038,7 +1332,7 @@ CVE-2023-6207 (Ownership mismanagement led to a
use-after-free in ReadableByteSt
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6207
CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the
length ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1046,7 +1340,7 @@ CVE-2023-6206 (The black fade animation when exiting
fullscreen is roughly the l
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206
CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had
already ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1054,7 +1348,7 @@ CVE-2023-6205 (It was possible to cause the use of a
MessagePort after it had al
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205
CVE-2023-6204 (On some systems\u2014depending on the graphics settings and
drivers\u2 ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1754,12 +2048,14 @@ CVE-2023-47674 (Missing authentication for critical
function vulnerability in Fi
CVE-2023-47638
REJECTED
CVE-2023-43887 (Libde265 v1.0.12 was discovered to contain multiple buffer
overflows v ...)
+ {DLA-3676-1}
- libde265 1.0.13-1
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/418
NOTE:
https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133
(v1.0.13)
CVE-2023-47471 (Buffer Overflow vulnerability in strukturag libde265 v1.10.12
allows a ...)
+ {DLA-3676-1}
- libde265 1.0.13-1 (bug #1056187)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
@@ -2079,7 +2375,7 @@ CVE-2023-44442 [GIMP PSD File Parsing Heap-based Buffer
Overflow Remote Code Exe
NOTE:
https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d
(GIMP_2_10_36)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10101 (restricted)
CVE-2023-44441 [GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code
Execution Vulnerability]
- {DSA-5564-1}
+ {DSA-5564-1 DLA-3677-1}
- gimp 2.10.36-1 (bug #1055984)
[buster] - gimp <not-affected> (DDS plugin added in 2.10.10)
- gimp-dds <removed>
@@ -8400,7 +8696,7 @@ CVE-2023-36429 (Microsoft Dynamics 365 (On-Premises)
Information Disclosure Vuln
NOT-FOR-US: Microsoft
CVE-2023-36420 (Microsoft ODBC Driver for SQL Server Remote Code Execution
Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler Elevation of
Privilege ...)
+CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation
of Privi ...)
NOT-FOR-US: Microsoft
CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -12474,7 +12770,7 @@ CVE-2023-38161 (Windows GDI Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38160 (Windows TCP/IP Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-38156 (Azure HDInsight Apache Ambari Elevation of Privilege
Vulnerability)
+CVE-2023-38156 (Azure HDInsight Apache Ambari JDBC Injection Elevation of
Privilege Vu ...)
NOT-FOR-US: Microsoft
CVE-2023-38155 (Azure DevOps Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -14632,11 +14928,13 @@ CVE-2023-41362 (MyBB before 1.8.36 allows Code
Injection by users with certain h
CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP
protocol. In ...)
- node-openpgp <itp> (bug #787774)
CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the
lookup_seque ...)
+ {DLA-3675-1}
- zbar <unfixed> (bug #1051724)
NOTE: https://hackmd.io/@cspl/H1PxPAUnn
NOTE: https://github.com/mchehab/zbar/issues/263
NOTE: 0.23.92-9 upload adds patch to avoid exploitation, but no
upstream fix exists yet.
CVE-2023-40889 (A heap-based buffer overflow exists in the
qr_reader_match_centers fun ...)
+ {DLA-3675-1}
- zbar <unfixed> (bug #1051724)
NOTE: https://hackmd.io/@cspl/B1ZkFZv23
NOTE: https://github.com/mchehab/zbar/issues/263
@@ -28936,10 +29234,10 @@ CVE-2023-31179 (AgilePoint NX v8.0 SU2.2 & SU2.3 -
Path traversal -Vulnerability
NOT-FOR-US: AgilePoint
CVE-2023-31178 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Arbitrary File
DeleteVulnerabi ...)
NOT-FOR-US: AgilePoint
-CVE-2023-31177
- RESERVED
-CVE-2023-31176
- RESERVED
+CVE-2023-31177 (An Improper Neutralization of Input During Web Page Generation
('Cross ...)
+ TODO: check
+CVE-2023-31176 (An Insufficient Entropy vulnerability in the Schweitzer
Engineering La ...)
+ TODO: check
CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the
Schweitz ...)
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the
Schweitzer En ...)
@@ -29097,14 +29395,14 @@ CVE-2023-2269 (A denial of service problem was found,
due to a possible recursiv
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view
all sto ...)
NOT-FOR-US: Plane
-CVE-2023-2267
- RESERVED
-CVE-2023-2266
- RESERVED
-CVE-2023-2265
- RESERVED
-CVE-2023-2264
- RESERVED
+CVE-2023-2267 (An Improper Input Validation vulnerability in Schweitzer
Engineering L ...)
+ TODO: check
+CVE-2023-2266 (AnImproper neutralization of input during web page generation
in the S ...)
+ TODO: check
+CVE-2023-2265 (AnImproper Restriction of Rendered UI Layers or Frames in the
Schweitz ...)
+ TODO: check
+CVE-2023-2264 (An improper input validation vulnerability in the Schweitzer
Engineeri ...)
+ TODO: check
CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series
A is v ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-2262 (A buffer overflow vulnerability exists in the Rockwell
Automation sele ...)
@@ -41878,12 +42176,14 @@ CVE-2023-27105 (A vulnerability in the Wi-Fi file
transfer module of Shanling M5
CVE-2023-27104
RESERVED
CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer
overflow via ...)
+ {DLA-3676-1}
- libde265 1.0.12-1 (bug #1033257)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/394
NOTE:
https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995
(v1.0.12)
CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation
violation vi ...)
+ {DLA-3676-1}
- libde265 1.0.12-1 (bug #1033257)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
@@ -43191,8 +43491,8 @@ CVE-2023-26535 (Cross-Site Request Forgery (CSRF)
vulnerability in WPPOOL Sheets
NOT-FOR-US: WordPress plugin
CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in OneW ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26533
- RESERVED
+CVE-2023-26533 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2023-26532 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress
Themes ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26531 (Cross-Site Request Forgery (CSRF) vulnerability in
\u95ea\u7535\u535a ...)
@@ -47843,8 +48143,8 @@ CVE-2023-25059 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm
Force Sc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25057
- RESERVED
+CVE-2023-25057 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix
Feed The ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit
Agarwal Google ...)
@@ -67646,8 +67946,7 @@ CVE-2022-45136 (Apache Jena SDB 3.17.0 and earlier is
vulnerable to a JDBC Deser
- apache-jena 4.5.0-1 (bug #1024738)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/14/5
NOTE: The SDB module was removed after 3.17.0, marking 4.5.0 as fixed:
https://jena.apache.org/documentation/archive/sdb/
-CVE-2022-45135
- RESERVED
+CVE-2022-45135 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Apache Cocoon
CVE-2022-43668 (Typora versions prior to 1.4.4 fails to properly neutralize
JavaScript ...)
NOT-FOR-US: Typora
@@ -166912,8 +167211,8 @@ CVE-2021-36808 (A local attacker could bypass the app
password using a race cond
NOT-FOR-US: Sophos
CVE-2021-36807 (An authenticated user could potentially execute code via an
SQLi vulne ...)
NOT-FOR-US: Sophos
-CVE-2021-36806
- RESERVED
+CVE-2021-36806 (A reflected XSS vulnerability allows an open redirect when the
victim ...)
+ TODO: check
CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in
helper_wfe_arm.)
NOT-FOR-US: Unicorn Engine
CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow
in decode ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04525b332aea5cbd55aad776464bc7e104d1068e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04525b332aea5cbd55aad776464bc7e104d1068e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
