Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 21a3006c by security tracker role at 2023-12-12T15:15:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,87 @@ +CVE-2023-6727 (Mattermost fails to perform correct authorization checks when creating ...) + TODO: check +CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop Manager 20 ...) + TODO: check +CVE-2023-6547 (Mattermost fails to validate team membership when a user attempts to a ...) + TODO: check +CVE-2023-6193 (quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unb ...) + TODO: check +CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation fault vi ...) + TODO: check +CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). ...) + TODO: check +CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point Exceptio ...) + TODO: check +CVE-2023-49993 (Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the ...) + TODO: check +CVE-2023-49992 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow v ...) + TODO: check +CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow ...) + TODO: check +CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the ...) + TODO: check +CVE-2023-49874 (Mattermost fails to check whether a user is a guest when updating the ...) + TODO: check +CVE-2023-49809 (Mattermost fails to handle a null request body in the /add endpoint, a ...) + TODO: check +CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI ...) + TODO: check +CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS ...) + TODO: check +CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...) + TODO: check +CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...) + TODO: check +CVE-2023-49607 (Mattermost fails to validate the type of the "reminder" body request p ...) + TODO: check +CVE-2023-49563 (Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allow ...) + TODO: check +CVE-2023-49143 (Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC- ...) + TODO: check +CVE-2023-49140 (Denial-of-service (DoS) vulnerability exists in commplex-link service ...) + TODO: check +CVE-2023-48677 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) + TODO: check +CVE-2023-48431 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + TODO: check +CVE-2023-48430 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + TODO: check +CVE-2023-48429 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + TODO: check +CVE-2023-48428 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + TODO: check +CVE-2023-48427 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + TODO: check +CVE-2023-46701 (Mattermost fails to perform authorization checks in the /plugins/play ...) + TODO: check +CVE-2023-46456 (In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inj ...) + TODO: check +CVE-2023-46455 (In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to wr ...) + TODO: check +CVE-2023-46454 (In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to i ...) + TODO: check +CVE-2023-46285 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + TODO: check +CVE-2023-46284 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + TODO: check +CVE-2023-46283 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + TODO: check +CVE-2023-46282 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + TODO: check +CVE-2023-46281 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + TODO: check +CVE-2023-46156 (Affected devices improperly handle specially crafted packets sent to p ...) + TODO: check +CVE-2023-45847 (Mattermost fails to to check the length when setting the title in a ru ...) + TODO: check +CVE-2023-45316 (Mattermost fails to validate if a relative path is passed in /plugins/ ...) + TODO: check +CVE-2023-41963 (Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC- ...) + TODO: check +CVE-2023-41623 (Emlog version pro2.1.14 was discovered to contain a SQL injection vuln ...) + TODO: check +CVE-2023-38380 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...) + TODO: check CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template Engine ...) NOT-FOR-US: mlflow CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for Android, ...) @@ -4357,21 +4441,21 @@ CVE-2023-45585 (An insertion of sensitive information into log file vulnerabilit NOT-FOR-US: FortiGuard CVE-2023-45582 (An improper restriction of excessive authentication attempts vulnerabi ...) NOT-FOR-US: FortiGuard -CVE-2023-44374 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...) +CVE-2023-44374 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) NOT-FOR-US: Siemens -CVE-2023-44373 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...) +CVE-2023-44373 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) NOT-FOR-US: Siemens -CVE-2023-44322 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...) +CVE-2023-44322 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) NOT-FOR-US: Siemens -CVE-2023-44321 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...) +CVE-2023-44321 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) NOT-FOR-US: Siemens -CVE-2023-44320 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...) +CVE-2023-44320 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) NOT-FOR-US: Siemens -CVE-2023-44319 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...) +CVE-2023-44319 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) NOT-FOR-US: Siemens -CVE-2023-44318 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...) +CVE-2023-44318 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) NOT-FOR-US: Siemens -CVE-2023-44317 (A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All ...) +CVE-2023-44317 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) NOT-FOR-US: Siemens CVE-2023-44248 (An improper access control vulnerability [CWE-284] inFortiEDRCollector ...) NOT-FOR-US: FortiGuard @@ -14340,7 +14424,7 @@ CVE-2023-36472 (Strapi is an open-source headless content management system. Pri NOT-FOR-US: Strapi CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow ...) NOT-FOR-US: Dell -CVE-2023-4958 +CVE-2023-4958 (In Red Hat Advanced Cluster Security (RHACS), it was found that some s ...) NOT-FOR-US: StackRox CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital Yepas all ...) NOT-FOR-US: Yepas Digital Yepas @@ -30948,7 +31032,7 @@ CVE-2023-31251 CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file paths in ...) - drupal7 <removed> NOTE: https://www.drupal.org/sa-core-2023-005 -CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) +CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2023-31237 RESERVED @@ -32002,7 +32086,7 @@ CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service ( NOT-FOR-US: HPE CVE-2023-30902 (A privilege escalation vulnerability in the Trend Micro Apex One and A ...) NOT-FOR-US: Trend Micro -CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) +CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) NOT-FOR-US: Siemens CVE-2023-30900 (A vulnerability has been identified in Xpedition Layout Browser (All v ...) NOT-FOR-US: Siemens @@ -62993,10 +63077,10 @@ CVE-2023-21675 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft -CVE-2022-47375 - RESERVED -CVE-2022-47374 - RESERVED +CVE-2022-47375 (A vulnerability has been identified in SIMATICPC-Station Plus (All ver ...) + TODO: check +CVE-2022-47374 (A vulnerability has been identified in SIMATICPC-Station Plus (All ver ...) + TODO: check CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of Module Libra ...) NOT-FOR-US: Pandora FMS CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event section ...) @@ -66859,8 +66943,8 @@ CVE-2022-46143 (Affected devices do not check the TFTP blocksize correctly. This NOT-FOR-US: Siemens CVE-2022-46142 (Affected devices store the CLI user passwords encrypted in flash memor ...) NOT-FOR-US: Siemens -CVE-2022-46141 - RESERVED +CVE-2022-46141 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (Al ...) + TODO: check CVE-2022-46140 (Affected devices use a weak encryption scheme to encrypt the debug zip ...) NOT-FOR-US: Siemens CVE-2022-44620 (Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1 ...) @@ -79345,8 +79429,8 @@ CVE-2022-42786 (Multiple W&T Products of the ComServer Series are prone to an XS NOT-FOR-US: Wiesemann & Theis GmbH products CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an authenti ...) NOT-FOR-US: Wiesemann & Theis GmbH products -CVE-2022-42784 - RESERVED +CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (All versions >= ...) + TODO: check CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb prior to ...) - rdiffweb <itp> (bug #969974) CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) @@ -96703,11 +96787,11 @@ CVE-2022-2507 (In affected versions of Octopus Deploy it is possible to render u NOT-FOR-US: Octopus Deploy CVE-2022-2506 RESERVED -CVE-2022-36363 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) +CVE-2022-36363 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) NOT-FOR-US: LOGO! -CVE-2022-36362 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) +CVE-2022-36362 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) NOT-FOR-US: LOGO! -CVE-2022-36361 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) +CVE-2022-36361 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) NOT-FOR-US: LOGO! CVE-2022-36360 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: LOGO! @@ -155845,9 +155929,9 @@ CVE-2021-42019 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM NOT-FOR-US: Siemens CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) NOT-FOR-US: Siemens -CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM i800 (All versions < ...) +CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, ...) NOT-FOR-US: Siemens -CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM i800 (All versions < ...) +CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, ...) NOT-FOR-US: Siemens CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...) NOT-FOR-US: Siemens @@ -220710,8 +220794,8 @@ CVE-2020-28371 (An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10- NOT-FOR-US: ReadyTalk Avian CVE-2020-28370 RESERVED -CVE-2020-28369 - RESERVED +CVE-2020-28369 (In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7 ...) + TODO: check CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sensitive ...) {DSA-4804-1} - xen 4.14.0+80-gd101b417b7-1 @@ -230794,7 +230878,7 @@ CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration C NOT-FOR-US: Siemens CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) NOT-FOR-US: Siemens -CVE-2020-25236 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) +CVE-2020-25236 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) NOT-FOR-US: Siemens CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens @@ -260453,14 +260537,14 @@ CVE-2020-12617 RESERVED CVE-2020-12616 RESERVED -CVE-2020-12615 - RESERVED -CVE-2020-12614 - RESERVED +CVE-2020-12615 (An issue was discovered in BeyondTrust Privilege Management for Window ...) + TODO: check +CVE-2020-12614 (An issue was discovered in BeyondTrust Privilege Management for Window ...) + TODO: check CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management for Window ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows -CVE-2020-12612 - RESERVED +CVE-2020-12612 (An issue was discovered in BeyondTrust Privilege Management for Window ...) + TODO: check CVE-2020-12611 RESERVED CVE-2020-12610 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21a3006c997f1cfc82070b9450a0eefd49f23ce4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21a3006c997f1cfc82070b9450a0eefd49f23ce4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits