[Git][security-tracker-team/security-tracker][master] automatic update

Sat, 09 Dec 2023 00:12:24 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cc8ff646 by security tracker role at 2023-12-09T08:12:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-6394 (A flaw was found in Quarkus. This issue occurs when receiving a 
reques ...)
+       TODO: check
+CVE-2023-6337 (HashiCorp Vault and Vault Enterprise 1.12.0 and newer are 
vulnerable t ...)
+       TODO: check
+CVE-2023-6120 (The Welcart e-Commerce plugin for WordPress is vulnerable to 
Directory ...)
+       TODO: check
+CVE-2023-5756 (The Digital Publications by Supsystic plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2023-49800 (`nuxt-api-party` is an open source module to proxy API 
requests. The l ...)
+       TODO: check
+CVE-2023-49799 (`nuxt-api-party` is an open source module to proxy API 
requests. nuxt- ...)
+       TODO: check
+CVE-2023-49798 (OpenZeppelin Contracts is a library for smart contract 
development. A  ...)
+       TODO: check
+CVE-2023-49797 (PyInstaller bundles a Python application and all its 
dependencies into ...)
+       TODO: check
+CVE-2023-48311 (dockerspawner is a tool to spawn JupyterHub single user 
servers in Doc ...)
+       TODO: check
+CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user 
credentials in bro ...)
+       TODO: check
+CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to 
cause a ...)
+       TODO: check
+CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek 
Vigor167 versi ...)
+       TODO: check
+CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 
2.3-DEV-rev617-g671 ...)
+       TODO: check
 CVE-2023-6622 (A null pointer dereference vulnerability was found in 
nft_dynset_init( ...)
        - linux <unfixed>
        [bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -454,7 +480,7 @@ CVE-2023-41106 (An issue was discovered in Zimbra 
Collaboration (ZCS) before 10.
        NOT-FOR-US: Zimbra
 CVE-2023-40238 (A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde 
InsydeH2O w ...)
        NOT-FOR-US: Insyde
-CVE-2023-6560 [io_uring out of boundary memory access in __io_uaddr_map()]
+CVE-2023-6560 (An out-of-bounds memory access flaw was found in the io_uring 
SQ/CQ ri ...)
        - linux <unfixed>
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -566,18 +592,23 @@ CVE-2023-41268 (Improper input validation vulnerability 
in Samsung Open Source E
 CVE-2023-40053 (A vulnerability has been identified within Serv-U 15.4 that 
allows an  ...)
        NOT-FOR-US: SolarWinds
 CVE-2023-6512 (Inappropriate implementation in Web Browser UI in Google Chrome 
prior  ...)
+       {DSA-5573-1}
        - chromium 120.0.6099.71-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-6511 (Inappropriate implementation in Autofill in Google Chrome prior 
to 120 ...)
+       {DSA-5573-1}
        - chromium 120.0.6099.71-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-6510 (Use after free in Media Capture in Google Chrome prior to 
120.0.6099.6 ...)
+       {DSA-5573-1}
        - chromium 120.0.6099.71-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-6509 (Use after free in Side Panel Search in Google Chrome prior to 
120.0.60 ...)
+       {DSA-5573-1}
        - chromium 120.0.6099.71-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-6508 (Use after free in Media Stream in Google Chrome prior to 
120.0.6099.62 ...)
+       {DSA-5573-1}
        - chromium 120.0.6099.71-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-39326 (A malicious HTTP sender can use chunk extensions to cause a 
receiver r ...)
@@ -20234,7 +20265,7 @@ CVE-2023-4104 (An invalid Polkit Authentication check 
and missing authentication
        NOTE: 
https://github.com/mozilla-mobile/mozilla-vpn-client/commit/6933a07164cd69636889403c959ac2c2b115e0f6
 CVE-2023-3971 (An HTML injection flaw was found in Controller in the user 
interface s ...)
        NOT-FOR-US: Red Hat Ansible Automation Controller
-CVE-2023-34320 [arm: Guests can trigger a deadlock on Cortex-A77]
+CVE-2023-34320 (Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 
1508412 where ...)
        - xen 4.17.2-1
        [bookworm] - xen <no-dsa> (Will be fixed via point release)
        [bullseye] - xen <end-of-life> (EOLed in Bullseye)
@@ -37875,20 +37906,20 @@ CVE-2023-28876 (A Broken Access Control issue in 
comments to uploaded files in F
        NOT-FOR-US: Filerun
 CVE-2023-28875 (A Stored XSS issue in shared files download terms in Filerun 
Update 20 ...)
        NOT-FOR-US: Filerun
-CVE-2023-28874
-       RESERVED
-CVE-2023-28873
-       RESERVED
+CVE-2023-28874 (The next parameter in the /accounts/login endpoint of Seafile 
9.0.6 al ...)
+       TODO: check
+CVE-2023-28873 (An XSS issue in wiki and discussion pages in Seafile 9.0.6 
allows atta ...)
+       TODO: check
 CVE-2023-28872
        RESERVED
-CVE-2023-28871
-       RESERVED
-CVE-2023-28870
-       RESERVED
-CVE-2023-28869
-       RESERVED
-CVE-2023-28868
-       RESERVED
+CVE-2023-28871 (Support Assistant in NCP Secure Enterprise Client before 12.22 
allows  ...)
+       TODO: check
+CVE-2023-28870 (Insecure File Permissions in Support Assistant in NCP Secure 
Enterpris ...)
+       TODO: check
+CVE-2023-28869 (Support Assistant in NCP Secure Enterprise Client before 12.22 
allows  ...)
+       TODO: check
+CVE-2023-28868 (Support Assistant in NCP Secure Enterprise Client before 12.22 
allows  ...)
+       TODO: check
 CVE-2023-28867 (In GraphQL Java (aka graphql-java) before 20.1, an attacker 
can send a ...)
        NOT-FOR-US: graphql-java
 CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c 
allows out ...)
@@ -39112,16 +39143,16 @@ CVE-2023-28529 (IBM InfoSphere Information Server 
11.7 is vulnerable to stored c
        NOT-FOR-US: IBM
 CVE-2023-28528 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a 
non-privileged local ...)
        NOT-FOR-US: IBM
-CVE-2023-28527
-       RESERVED
-CVE-2023-28526
-       RESERVED
+CVE-2023-28527 (IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable 
to a hea ...)
+       TODO: check
+CVE-2023-28526 (IBM Informix Dynamic Server 12.10 and 14.10 archecker is 
vulnerable to ...)
+       TODO: check
 CVE-2023-28525
        RESERVED
 CVE-2023-28524
        RESERVED
-CVE-2023-28523
-       RESERVED
+CVE-2023-28523 (IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is 
vulnerable to  ...)
+       TODO: check
 CVE-2023-28522 (IBM API Connect V10 could allow an authenticated user to 
perform actio ...)
        NOT-FOR-US: IBM
 CVE-2023-28521
@@ -228781,8 +228812,8 @@ CVE-2020-25837 (Sensitive information disclosure 
vulnerability in Micro Focus Se
        NOT-FOR-US: Micro Focus
 CVE-2020-25836
        RESERVED
-CVE-2020-25835
-       RESERVED
+CVE-2020-25835 (A potential vulnerability has been identified in Micro Focus 
ArcSight  ...)
+       TODO: check
 CVE-2020-25834 (Cross-Site Scripting vulnerability on Micro Focus ArcSight 
Logger prod ...)
        NOT-FOR-US: Micro Focus
 CVE-2020-25833 (Persistent cross-Site Scripting vulnerability on Micro Focus 
IDOL prod ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc8ff646a883bce340c9f279932012ab8fb31503

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc8ff646a883bce340c9f279932012ab8fb31503
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to