[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 13 Dec 2023 00:12:23 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
38d8ca9a by security tracker role at 2023-12-13T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,66 @@
-CVE-2023-6710
+CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 
2.9.2.)
+       TODO: check
+CVE-2023-50263 (Nautobot is a Network Source of Truth and Network Automation 
Platform  ...)
+       TODO: check
+CVE-2023-50252 (php-svg-lib is an SVG file parsing / rendering library. Prior 
to versi ...)
+       TODO: check
+CVE-2023-50251 (php-svg-lib is an SVG file parsing / rendering library. Prior 
to versi ...)
+       TODO: check
+CVE-2023-48791 (An improper neutralization of special elements used in a 
command ('Com ...)
+       TODO: check
+CVE-2023-48782 (A improper neutralization of special elements used in an os 
command (' ...)
+       TODO: check
+CVE-2023-48225 (Laf is a cloud development platform. Prior to version 
1.0.0-beta.13, t ...)
+       TODO: check
+CVE-2023-47579 (Relyum RELY-PCIe 22.2.1 devices suffer from a system group 
misconfigur ...)
+       TODO: check
+CVE-2023-47578 (Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are 
susceptible to ...)
+       TODO: check
+CVE-2023-47577 (An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 
23.1.0 all ...)
+       TODO: check
+CVE-2023-47576 (An issue was discovered in Relyum RELY-PCIe 22.2.1 and 
RELY-REC 23.1.0 ...)
+       TODO: check
+CVE-2023-47575 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and 
RELY-REC 23.1.0 ...)
+       TODO: check
+CVE-2023-47574 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and 
RELY-REC 23.1.0 ...)
+       TODO: check
+CVE-2023-47573 (An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The 
authorizat ...)
+       TODO: check
+CVE-2023-47536 (An improper access control vulnerability [CWE-284] in FortiOS 
version  ...)
+       TODO: check
+CVE-2023-46713 (An improper output neutralization for logs in Fortinet 
FortiWeb 6.2.0  ...)
+       TODO: check
+CVE-2023-46675 (An issue was discovered by Elastic whereby sensitive 
information may b ...)
+       TODO: check
+CVE-2023-45864 (A race condition issue discovered in Samsung Mobile Processor 
Exynos 9 ...)
+       TODO: check
+CVE-2023-45801 (Improper Authentication vulnerability in Nadatel DVR allows 
Informatio ...)
+       TODO: check
+CVE-2023-45800 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-45725 (Design document functions which receive a user http request 
object may ...)
+       TODO: check
+CVE-2023-45587 (An improper neutralization of input during web page generation 
('cross ...)
+       TODO: check
+CVE-2023-43122 (Samsung Mobile Processor and Wearable Processor (Exynos 980, 
850, 1080 ...)
+       TODO: check
+CVE-2023-42483 (A TOCTOU race condition in Samsung Mobile Processor Exynos 
9820, Exyno ...)
+       TODO: check
+CVE-2023-41844 (A improper neutralization of input during web page generation 
('cross- ...)
+       TODO: check
+CVE-2023-41678 (A double free in Fortinet FortiOS versions 7.0.0 through 
7.0.5, FortiP ...)
+       TODO: check
+CVE-2023-41673 (An improper authorization vulnerability [CWE-285] in Fortinet 
FortiADC ...)
+       TODO: check
+CVE-2023-40716 (An improper neutralization of special elements used in an OS 
command v ...)
+       TODO: check
+CVE-2023-3517 (Hitachi Vantara Pentaho Data Integration & Analytics versions 
before 9 ...)
+       TODO: check
+CVE-2023-36639 (A use of externally-controlled format string in Fortinet 
FortiProxy ve ...)
+       TODO: check
+CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. 
This i ...)
        - libapache2-mod-cluster <itp> (bug #731410)
-CVE-2023-5379
+CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that 
exceeds ...)
        - undertow <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099
        TODO: check, insufficient information for Debian specific assessment
@@ -2913,7 +2973,7 @@ CVE-2023-47038 [Write past buffer end via illegal 
user-defined Unicode property]
        NOTE: Fixed by: 
https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 
(v5.36.2)
        NOTE: Fixed by: 
https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664 
(v5.38.1)
        NOTE: Fixed by: 
https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 
(bleed)
-CVE-2023-46671
+CVE-2023-46671 (An issue was discovered by Elastic whereby sensitive 
information may b ...)
        - kibana <itp> (bug #700337)
 CVE-2023-6293 (Prototype Pollution in GitHub repository 
robinbuschmann/sequelize-type ...)
        NOT-FOR-US: sequelize-typescript
@@ -3517,7 +3577,7 @@ CVE-2023-40151 (When user authentication is not enabled 
the shell can execute co
        NOT-FOR-US: Red Lion
 CVE-2023-6134
        NOT-FOR-US: Keycloak
-CVE-2023-5764 [internal templating can cause unsafe variables to lose their 
unsafe designation]
+CVE-2023-5764 (A template injection flaw was found in Ansible where a user's 
controll ...)
        - ansible-core <unfixed> (bug #1057427)
        - ansible 5.4.0-1
        [bullseye] - ansible <no-dsa> (Minor issue)
@@ -4546,7 +4606,7 @@ CVE-2023-47384 (MP4Box GPAC 
v2.3-DEV-rev617-g671976fcc-master was discovered to
        [bullseye] - gpac <ignored> (Minor issue)
        [buster] - gpac <end-of-life> (EOL in Buster LTS)
        NOTE: https://github.com/gpac/gpac/issues/2672
-CVE-2023-47262 (In Abbott ID NOW before 7.1, settings can be modified via 
physical acc ...)
+CVE-2023-47262 (The startup process and device configurations of the Abbott ID 
NOW dev ...)
        NOT-FOR-US: Abbott ID NOW
 CVE-2023-47127 (TYPO3 is an open source PHP based web content management 
system releas ...)
        NOT-FOR-US: Typo3
@@ -8001,13 +8061,15 @@ CVE-2023-31581 (Dromara Sureness before v1.0.8 was 
discovered to use a hardcoded
        NOT-FOR-US: Dromara Sureness
 CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key 
without any  ...)
        NOT-FOR-US: light-oauth2
-CVE-2023-6478 [Out-of-bounds memory read in RRChangeOutputProperty and 
RRChangeProviderProperty]
+CVE-2023-6478 (A flaw was found in xorg-server. A specially crafted request to 
RRChan ...)
+       {DSA-5576-1 DLA-3686-1}
        - xorg-server <unfixed>
        - xwayland <unfixed>
        [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be 
running as root)
        NOTE: 
https://lists.x.org/archives/xorg-announce/2023-December/003435.html
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
-CVE-2023-6377 [Out-of-bounds memory write in XKB button actions]
+CVE-2023-6377 (A flaw was found in xorg-server. Querying or changing XKB 
button actio ...)
+       {DSA-5576-1 DLA-3686-1}
        - xorg-server <unfixed>
        - xwayland <unfixed>
        [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -122459,8 +122521,8 @@ CVE-2022-27490 (A exposure of sensitive information 
to an unauthorized actor in
        NOT-FOR-US: Fortinet
 CVE-2022-27489 (A improper neutralization of special elements used in an os 
command (' ...)
        NOT-FOR-US: Fortinet
-CVE-2022-27488
-       RESERVED
+CVE-2022-27488 (A cross-site request forgery (CSRF) in Fortinet 
FortiVoiceEnterprise v ...)
+       TODO: check
 CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox 
version 4.2.0 ...)
        NOT-FOR-US: Fortinet
 CVE-2022-27486
@@ -250667,7 +250729,7 @@ CVE-2020-16230 (All version of Ewon Flexy and Cosy 
prior to 14.1 use wildcards s
        NOT-FOR-US: HMS Networks
 CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. 
Process ...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
+CVE-2020-16228 (In Patient Information Center iX (PICiX) Versions C.02 and 
C.03,  Perf ...)
        NOT-FOR-US: Philips
 CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An 
improper input  ...)
        NOT-FOR-US: Delta Electronics
@@ -250675,27 +250737,27 @@ CVE-2020-16226 (Multiple Mitsubishi Electric 
products are vulnerable to imperson
        NOT-FOR-US: Mitsubishi
 CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A 
write-what-where ...)
        NOT-FOR-US: Delta Electronics
-CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
+CVE-2020-16224 (In Patient Information Center iX (PICiX) Versions C.02, C.03, 
the  sof ...)
        NOT-FOR-US: Philips
 CVE-2020-16223 (Delta Electronics TPEditor Versions 1.97 and prior. A 
heap-based buffe ...)
        NOT-FOR-US: Delta Electronics
-CVE-2020-16222 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
+CVE-2020-16222 (In Patient Information Center iX (PICiX) Version B.02, C.02, 
C.03, and ...)
        NOT-FOR-US: Philips
 CVE-2020-16221 (Delta Electronics TPEditor Versions 1.97 and prior. A 
stack-based buff ...)
        NOT-FOR-US: Delta Electronics
-CVE-2020-16220 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
+CVE-2020-16220 (In Patient Information Center iX (PICiX) Versions C.02, C.03,  
Perform ...)
        NOT-FOR-US: Philips
 CVE-2020-16219 (Delta Electronics TPEditor Versions 1.97 and prior. An 
out-of-bounds r ...)
        NOT-FOR-US: Delta Electronics
-CVE-2020-16218 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
+CVE-2020-16218 (In Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, th ...)
        NOT-FOR-US: Philips
 CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. 
A doubl ...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2020-16216 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
+CVE-2020-16216 (In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, 
MX750,  ...)
        NOT-FOR-US: Philips
 CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. 
Process ...)
        NOT-FOR-US: Advantech WebAccess
-CVE-2020-16214 (Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, Perfo ...)
+CVE-2020-16214 (In Patient Information Center iX (PICiX) Versions B.02, C.02, 
C.03, th ...)
        NOT-FOR-US: Philips
 CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. 
Process ...)
        NOT-FOR-US: Advantech WebAccess



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d8ca9aeb4d9b95f03793dacb826d06b49d9664

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d8ca9aeb4d9b95f03793dacb826d06b49d9664
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to