Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
21a3006c by security tracker role at 2023-12-12T15:15:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2023-6727 (Mattermost fails to perform correct authorization checks when
creating ...)
+ TODO: check
+CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop
Manager 20 ...)
+ TODO: check
+CVE-2023-6547 (Mattermost fails to validate team membership when a user
attempts to a ...)
+ TODO: check
+CVE-2023-6193 (quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable
to unb ...)
+ TODO: check
+CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation
fault vi ...)
+ TODO: check
+CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting
(XSS). ...)
+ TODO: check
+CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point
Exceptio ...)
+ TODO: check
+CVE-2023-49993 (Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow
via the ...)
+ TODO: check
+CVE-2023-49992 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer
Overflow v ...)
+ TODO: check
+CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer
Underflow ...)
+ TODO: check
+CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow
via the ...)
+ TODO: check
+CVE-2023-49874 (Mattermost fails to check whether a user is a guest when
updating the ...)
+ TODO: check
+CVE-2023-49809 (Mattermost fails to handle a null request body in the /add
endpoint, a ...)
+ TODO: check
+CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS
service of HMI ...)
+ TODO: check
+CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2,
WRC-X3000GS ...)
+ TODO: check
+CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (Al ...)
+ TODO: check
+CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU (Al ...)
+ TODO: check
+CVE-2023-49607 (Mattermost fails to validate the type of the "reminder" body
request p ...)
+ TODO: check
+CVE-2023-49563 (Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro
v.1.1 allow ...)
+ TODO: check
+CVE-2023-49143 (Denial-of-service (DoS) vulnerability exists in rfe service of
HMI GC- ...)
+ TODO: check
+CVE-2023-49140 (Denial-of-service (DoS) vulnerability exists in commplex-link
service ...)
+ TODO: check
+CVE-2023-48677 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
+ TODO: check
+CVE-2023-48431 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2023-48430 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2023-48429 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2023-48428 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2023-48427 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
+ TODO: check
+CVE-2023-46701 (Mattermost fails to perform authorization checks in the
/plugins/play ...)
+ TODO: check
+CVE-2023-46456 (In GL.iNET GL-AR300M routers with firmware 3.216 it is
possible to inj ...)
+ TODO: check
+CVE-2023-46455 (In GL.iNET GL-AR300M routers with firmware v4.3.7 it is
possible to wr ...)
+ TODO: check
+CVE-2023-46454 (In GL.iNET GL-AR300M routers with firmware v4.3.7, it is
possible to i ...)
+ TODO: check
+CVE-2023-46285 (A vulnerability has been identified in Opcenter Quality (All
versions) ...)
+ TODO: check
+CVE-2023-46284 (A vulnerability has been identified in Opcenter Quality (All
versions) ...)
+ TODO: check
+CVE-2023-46283 (A vulnerability has been identified in Opcenter Quality (All
versions) ...)
+ TODO: check
+CVE-2023-46282 (A vulnerability has been identified in Opcenter Quality (All
versions) ...)
+ TODO: check
+CVE-2023-46281 (A vulnerability has been identified in Opcenter Quality (All
versions) ...)
+ TODO: check
+CVE-2023-46156 (Affected devices improperly handle specially crafted packets
sent to p ...)
+ TODO: check
+CVE-2023-45847 (Mattermost fails to to check the length when setting the title
in a ru ...)
+ TODO: check
+CVE-2023-45316 (Mattermost fails to validate if a relative path is passed in
/plugins/ ...)
+ TODO: check
+CVE-2023-41963 (Denial-of-service (DoS) vulnerability exists in FTP service of
HMI GC- ...)
+ TODO: check
+CVE-2023-41623 (Emlog version pro2.1.14 was discovered to contain a SQL
injection vuln ...)
+ TODO: check
+CVE-2023-38380 (A vulnerability has been identified in SIMATIC CP 1242-7 V2
(incl. SIP ...)
+ TODO: check
CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
NOT-FOR-US: mlflow
CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for
Android, ...)
@@ -4357,21 +4441,21 @@ CVE-2023-45585 (An insertion of sensitive information
into log file vulnerabilit
NOT-FOR-US: FortiGuard
CVE-2023-45582 (An improper restriction of excessive authentication attempts
vulnerabi ...)
NOT-FOR-US: FortiGuard
-CVE-2023-44374 (A vulnerability has been identified in SCALANCE XB205-3 (SC,
PN) (All ...)
+CVE-2023-44374 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44373 (A vulnerability has been identified in SCALANCE XB205-3 (SC,
PN) (All ...)
+CVE-2023-44373 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44322 (A vulnerability has been identified in SCALANCE XB205-3 (SC,
PN) (All ...)
+CVE-2023-44322 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44321 (A vulnerability has been identified in SCALANCE XB205-3 (SC,
PN) (All ...)
+CVE-2023-44321 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44320 (A vulnerability has been identified in SCALANCE XB205-3 (SC,
PN) (All ...)
+CVE-2023-44320 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44319 (A vulnerability has been identified in SCALANCE XB205-3 (SC,
PN) (All ...)
+CVE-2023-44319 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44318 (A vulnerability has been identified in SCALANCE XB205-3 (SC,
PN) (All ...)
+CVE-2023-44318 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
-CVE-2023-44317 (A vulnerability has been identified in SCALANCE XB205-3 (SC,
PN) (All ...)
+CVE-2023-44317 (A vulnerability has been identified in RUGGEDCOM RM1224
LTE(4G) EU, RU ...)
NOT-FOR-US: Siemens
CVE-2023-44248 (An improper access control vulnerability [CWE-284]
inFortiEDRCollector ...)
NOT-FOR-US: FortiGuard
@@ -14340,7 +14424,7 @@ CVE-2023-36472 (Strapi is an open-source headless
content management system. Pri
NOT-FOR-US: Strapi
CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer
overflow ...)
NOT-FOR-US: Dell
-CVE-2023-4958
+CVE-2023-4958 (In Red Hat Advanced Cluster Security (RHACS), it was found that
some s ...)
NOT-FOR-US: StackRox
CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital
Yepas all ...)
NOT-FOR-US: Yepas Digital Yepas
@@ -30948,7 +31032,7 @@ CVE-2023-31251
CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file
paths in ...)
- drupal7 <removed>
NOTE: https://www.drupal.org/sa-core-2023-005
-CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q200
family ( ...)
+CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
CVE-2023-31237
RESERVED
@@ -32002,7 +32086,7 @@ CVE-2023-30903 (HP-UX could be exploited locally to
create a Denial of Service (
NOT-FOR-US: HPE
CVE-2023-30902 (A privilege escalation vulnerability in the Trend Micro Apex
One and A ...)
NOT-FOR-US: Trend Micro
-CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200
family ( ...)
+CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
CVE-2023-30900 (A vulnerability has been identified in Xpedition Layout
Browser (All v ...)
NOT-FOR-US: Siemens
@@ -62993,10 +63077,10 @@ CVE-2023-21675 (Windows Kernel Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of
Privilege Vu ...)
NOT-FOR-US: Microsoft
-CVE-2022-47375
- RESERVED
-CVE-2022-47374
- RESERVED
+CVE-2022-47375 (A vulnerability has been identified in SIMATICPC-Station Plus
(All ver ...)
+ TODO: check
+CVE-2022-47374 (A vulnerability has been identified in SIMATICPC-Station Plus
(All ver ...)
+ TODO: check
CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of
Module Libra ...)
NOT-FOR-US: Pandora FMS
CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event
section ...)
@@ -66859,8 +66943,8 @@ CVE-2022-46143 (Affected devices do not check the TFTP
blocksize correctly. This
NOT-FOR-US: Siemens
CVE-2022-46142 (Affected devices store the CLI user passwords encrypted in
flash memor ...)
NOT-FOR-US: Siemens
-CVE-2022-46141
- RESERVED
+CVE-2022-46141 (A vulnerability has been identified in SIMATIC STEP 7 (TIA
Portal) (Al ...)
+ TODO: check
CVE-2022-46140 (Affected devices use a weak encryption scheme to encrypt the
debug zip ...)
NOT-FOR-US: Siemens
CVE-2022-44620 (Improper authentication vulnerability in
UDR-JA1604/UDR-JA1608/UDR-JA1 ...)
@@ -79345,8 +79429,8 @@ CVE-2022-42786 (Multiple W&T Products of the ComServer
Series are prone to an XS
NOT-FOR-US: Wiesemann & Theis GmbH products
CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an
authenti ...)
NOT-FOR-US: Wiesemann & Theis GmbH products
-CVE-2022-42784
- RESERVED
+CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (All
versions >= ...)
+ TODO: check
CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb
prior to ...)
- rdiffweb <itp> (bug #969974)
CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub
reposit ...)
@@ -96703,11 +96787,11 @@ CVE-2022-2507 (In affected versions of Octopus Deploy
it is possible to render u
NOT-FOR-US: Octopus Deploy
CVE-2022-2506
RESERVED
-CVE-2022-36363 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
+CVE-2022-36363 (A vulnerability has been identified in LOGO! 12/24RCE (All
versions), ...)
NOT-FOR-US: LOGO!
-CVE-2022-36362 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
+CVE-2022-36362 (A vulnerability has been identified in LOGO! 12/24RCE (All
versions), ...)
NOT-FOR-US: LOGO!
-CVE-2022-36361 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
+CVE-2022-36361 (A vulnerability has been identified in LOGO! 12/24RCE (All
versions), ...)
NOT-FOR-US: LOGO!
CVE-2022-36360 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
NOT-FOR-US: LOGO!
@@ -155845,9 +155929,9 @@ CVE-2021-42019 (A vulnerability has been identified
in RUGGEDCOM i800, RUGGEDCOM
NOT-FOR-US: Siemens
CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
-CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM i800 (All
versions < ...)
+CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i801, ...)
NOT-FOR-US: Siemens
-CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM i800 (All
versions < ...)
+CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM i800,
RUGGEDCOM i801, ...)
NOT-FOR-US: Siemens
CVE-2021-42015 (A vulnerability has been identified in Mendix Applications
using Mendi ...)
NOT-FOR-US: Siemens
@@ -220710,8 +220794,8 @@ CVE-2020-28371 (An issue was discovered in ReadyTalk
Avian 1.2.0 before 2020-10-
NOT-FOR-US: ReadyTalk Avian
CVE-2020-28370
RESERVED
-CVE-2020-28369
- RESERVED
+CVE-2020-28369 (In BeyondTrust Privilege Management for Windows (aka PMfW)
through 5.7 ...)
+ TODO: check
CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain
sensitive ...)
{DSA-4804-1}
- xen 4.14.0+80-gd101b417b7-1
@@ -230794,7 +230878,7 @@ CVE-2020-25238 (A vulnerability has been identified
in PCS neo (Administration C
NOT-FOR-US: Siemens
CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions
< V1.0 ...)
NOT-FOR-US: Siemens
-CVE-2020-25236 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
+CVE-2020-25236 (A vulnerability has been identified in LOGO! 12/24RCE (All
versions), ...)
NOT-FOR-US: Siemens
CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl.
SIPLUS varian ...)
NOT-FOR-US: Siemens
@@ -260453,14 +260537,14 @@ CVE-2020-12617
RESERVED
CVE-2020-12616
RESERVED
-CVE-2020-12615
- RESERVED
-CVE-2020-12614
- RESERVED
+CVE-2020-12615 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
+ TODO: check
+CVE-2020-12614 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
+ TODO: check
CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
NOT-FOR-US: BeyondTrust Privilege Management for Windows
-CVE-2020-12612
- RESERVED
+CVE-2020-12612 (An issue was discovered in BeyondTrust Privilege Management
for Window ...)
+ TODO: check
CVE-2020-12611
RESERVED
CVE-2020-12610
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21a3006c997f1cfc82070b9450a0eefd49f23ce4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21a3006c997f1cfc82070b9450a0eefd49f23ce4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
