Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51eee720 by security tracker role at 2023-12-12T08:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,165 @@
+CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
+ TODO: check
+CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for
Android, ...)
+ TODO: check
+CVE-2023-5536 (A feature in LXD (LP#1829071), affects the default
configuration of Ub ...)
+ TODO: check
+CVE-2023-50424 (SAPBTPSecurity Services Integration Library ([Golang]
github.com/sap/c ...)
+ TODO: check
+CVE-2023-50423 (SAPBTPSecurity Services Integration Library
([Python]sap-xssec) - vers ...)
+ TODO: check
+CVE-2023-50422 (SAPBTPSecurity Services Integration Library ([Java]
cloud-security-ser ...)
+ TODO: check
+CVE-2023-50245 (OpenEXR-viewer is a viewer for OpenEXR files with detailed
metadata pr ...)
+ TODO: check
+CVE-2023-49805 (Uptime Kuma is an easy-to-use self-hosted monitoring tool.
Prior to ve ...)
+ TODO: check
+CVE-2023-49804 (Uptime Kuma is an easy-to-use self-hosted monitoring tool.
Prior to ve ...)
+ TODO: check
+CVE-2023-49803 (@koa/cors npm provides Cross-Origin Resource Sharing (CORS)
for koa, a ...)
+ TODO: check
+CVE-2023-49802 (The LinkedCustomFields plugin for MantisBT allows users to
link values ...)
+ TODO: check
+CVE-2023-49796 (MindsDB connects artificial intelligence models to real time
data. Ver ...)
+ TODO: check
+CVE-2023-49587 (SAP Solution Manager - version 720, allows an authorized
attacker to e ...)
+ TODO: check
+CVE-2023-49584 (SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI
755, SAP ...)
+ TODO: check
+CVE-2023-49583 (SAPBTPSecurity Services Integration Library ([Node.js]
@sap/xssec - ve ...)
+ TODO: check
+CVE-2023-49581 (SAP GUI for WindowsandSAP GUI for Javaallow an unauthenticated
attacke ...)
+ TODO: check
+CVE-2023-49580 (SAP GUI for WindowsandSAP GUI for Java - versions SAP_BASIS
755, SAP_B ...)
+ TODO: check
+CVE-2023-49578 (SAP Cloud Connector - version 2.0, allows an authenticated
user with l ...)
+ TODO: check
+CVE-2023-49577 (The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100,
SAP_HRCIE 6 ...)
+ TODO: check
+CVE-2023-49494 (DedeCMS v5.7.111 was discovered to contain a reflective
cross-site scr ...)
+ TODO: check
+CVE-2023-49490 (XunRuiCMS v4.5.5 was discovered to contain a reflective
cross-site scr ...)
+ TODO: check
+CVE-2023-49488 (A cross-site scripting (XSS) vulnerability in Openfiler ESA
v2.99.1 al ...)
+ TODO: check
+CVE-2023-49058 (SAP Master Data Governance File Upload applicationallows an
attacker t ...)
+ TODO: check
+CVE-2023-48642 (Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an
authenticate ...)
+ TODO: check
+CVE-2023-48641 (Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains
an insecu ...)
+ TODO: check
+CVE-2023-45292 (When using the default implementation of Verify to check a
Captcha, ve ...)
+ TODO: check
+CVE-2023-42932 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-42927 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-42926 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42924 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-42923 (This issue was addressed through improved state management.
This issue ...)
+ TODO: check
+CVE-2023-42922 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2023-42919 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-42914 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-42912 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42911 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42910 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42909 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42908 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42907 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42906 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42905 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42904 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42903 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42902 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42901 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2023-42900 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-42899 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-42898 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-42897 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-42894 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2023-42891 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
+CVE-2023-42890 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-42886 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2023-42884 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2023-42883 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-42882 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-42874 (This issue was addressed with improved state management. This
issue is ...)
+ TODO: check
+CVE-2023-42481 (In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005,
HY_COM2105, ...)
+ TODO: check
+CVE-2023-42479 (An unauthenticated attacker can embed a hidden access to a
Biller Dire ...)
+ TODO: check
+CVE-2023-42478 (SAP Business ObjectsBusiness Intelligence Platform is
vulnerable to st ...)
+ TODO: check
+CVE-2023-42476 (SAP Business Objects Web Intelligence - version 420, allows
an authen ...)
+ TODO: check
+CVE-2023-41120 (An issue was discovered in EnterpriseDB Postgres Advanced
Server (EPAS ...)
+ TODO: check
+CVE-2023-41119 (An issue was discovered in EnterpriseDB Postgres Advanced
Server (EPAS ...)
+ TODO: check
+CVE-2023-41118 (An issue was discovered in EnterpriseDB Postgres Advanced
Server (EPAS ...)
+ TODO: check
+CVE-2023-41117 (An issue was discovered in EnterpriseDB Postgres Advanced
Server (EPAS ...)
+ TODO: check
+CVE-2023-41116 (An issue was discovered in EnterpriseDB Postgres Advanced
Server (EPAS ...)
+ TODO: check
+CVE-2023-41115 (An issue was discovered in EnterpriseDB Postgres Advanced
Server (EPAS ...)
+ TODO: check
+CVE-2023-41114 (An issue was discovered in EnterpriseDB Postgres Advanced
Server (EPAS ...)
+ TODO: check
+CVE-2023-41113 (An issue was discovered in EnterpriseDB Postgres Advanced
Server (EPAS ...)
+ TODO: check
+CVE-2023-40446 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-36654 (Directory traversal in the log-download REST API endpoint in
ProLion C ...)
+ TODO: check
+CVE-2023-36652 (A SQL Injection in the users searching REST API endpoint in
ProLion Cr ...)
+ TODO: check
+CVE-2023-36651 (Hidden and hard-coded credentials in ProLion CryptoSpike
3.0.15P2 allo ...)
+ TODO: check
+CVE-2023-36650 (A missing integrity check in the update system in ProLion
CryptoSpike ...)
+ TODO: check
+CVE-2023-36649 (Insertion of sensitive information in the centralized
(Grafana) loggin ...)
+ TODO: check
+CVE-2023-36648 (Missing authentication in the internal data streaming system
in ProLio ...)
+ TODO: check
+CVE-2023-36647 (A hard-coded cryptographic private key used to sign JWT
authentication ...)
+ TODO: check
+CVE-2023-36646 (Incorrect user role checking in multiple REST API endpoints in
ProLion ...)
+ TODO: check
+CVE-2022-48616 (A Huawei data communication product has a command injection
vulnerabil ...)
+ TODO: check
+CVE-2022-48615 (An improper access control vulnerability exists in a Huawei
datacom pr ...)
+ TODO: check
CVE-2023-XXXX [RCE vulnerability in WP_HTML_Token class]
- wordpress <unfixed>
[bookworm] - wordpress <not-affected> (Vulnerable code not present)
@@ -711,7 +873,7 @@ CVE-2023-46218 (This flaw allows a malicious HTTP server to
set "super cookies"
NOTE: Introduced by:
https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465
(curl-7_46_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb
(curl-8_5_0)
NOTE: https://curl.se/docs/CVE-2023-46218.html
-CVE-2023-46219 [curl: HSTS long file name clears contents]
+CVE-2023-46219 (When saving HSTS data to an excessively long file name, curl
could end ...)
- curl 8.5.0-1 (bug #1057645)
[bullseye] - curl <ignored> (curl is not built with HSTS support)
NOTE: Introduced by:
https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f
(curl-7_84_0)
@@ -1650,6 +1812,7 @@ CVE-2023-43453 (An issue in TOTOLINK X6000R
V9.4.0cu.652_B20230116 and V9.4.0cu.
CVE-2023-43089 (Dell Rugged Control Center, version prior to 4.7, contains
insufficien ...)
NOT-FOR-US: Dell
CVE-2023-42917 (A memory corruption vulnerability was addressed with improved
locking. ...)
+ {DSA-5575-1}
- webkit2gtk 2.42.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.3-1
@@ -1657,6 +1820,7 @@ CVE-2023-42917 (A memory corruption vulnerability was
addressed with improved lo
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be
sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2023-0011.html
CVE-2023-42916 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ {DSA-5575-1}
- webkit2gtk 2.42.3-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.3-1
@@ -197897,8 +198061,8 @@ CVE-2021-3189 (The slashify package 1.0.0 for Node.js
allows open-redirect attac
NOT-FOR-US: Node slashify
CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email
parameter, an ...)
- phplist <itp> (bug #612288)
-CVE-2021-3187
- RESERVED
+CVE-2021-3187 (An issue was discovered in BeyondTrust Privilege Management for
Mac be ...)
+ TODO: check
CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html
Wifi S ...)
NOT-FOR-US: Tenda AC5
CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5,
6.1.x throug ...)
@@ -260293,8 +260457,8 @@ CVE-2020-12615
RESERVED
CVE-2020-12614
RESERVED
-CVE-2020-12613
- RESERVED
+CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
+ TODO: check
CVE-2020-12612
RESERVED
CVE-2020-12611
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eee7202a4bc25573c0bdfb0adf55fccc04a291
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51eee7202a4bc25573c0bdfb0adf55fccc04a291
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
