Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 38d8ca9a by security tracker role at 2023-12-13T08:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,6 +1,66 @@ -CVE-2023-6710 +CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.) + TODO: check +CVE-2023-50263 (Nautobot is a Network Source of Truth and Network Automation Platform ...) + TODO: check +CVE-2023-50252 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...) + TODO: check +CVE-2023-50251 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...) + TODO: check +CVE-2023-48791 (An improper neutralization of special elements used in a command ('Com ...) + TODO: check +CVE-2023-48782 (A improper neutralization of special elements used in an os command (' ...) + TODO: check +CVE-2023-48225 (Laf is a cloud development platform. Prior to version 1.0.0-beta.13, t ...) + TODO: check +CVE-2023-47579 (Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfigur ...) + TODO: check +CVE-2023-47578 (Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to ...) + TODO: check +CVE-2023-47577 (An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 all ...) + TODO: check +CVE-2023-47576 (An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) + TODO: check +CVE-2023-47575 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) + TODO: check +CVE-2023-47574 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) + TODO: check +CVE-2023-47573 (An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorizat ...) + TODO: check +CVE-2023-47536 (An improper access control vulnerability [CWE-284] in FortiOS version ...) + TODO: check +CVE-2023-46713 (An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 ...) + TODO: check +CVE-2023-46675 (An issue was discovered by Elastic whereby sensitive information may b ...) + TODO: check +CVE-2023-45864 (A race condition issue discovered in Samsung Mobile Processor Exynos 9 ...) + TODO: check +CVE-2023-45801 (Improper Authentication vulnerability in Nadatel DVR allows Informatio ...) + TODO: check +CVE-2023-45800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + TODO: check +CVE-2023-45725 (Design document functions which receive a user http request object may ...) + TODO: check +CVE-2023-45587 (An improper neutralization of input during web page generation ('cross ...) + TODO: check +CVE-2023-43122 (Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080 ...) + TODO: check +CVE-2023-42483 (A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exyno ...) + TODO: check +CVE-2023-41844 (A improper neutralization of input during web page generation ('cross- ...) + TODO: check +CVE-2023-41678 (A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiP ...) + TODO: check +CVE-2023-41673 (An improper authorization vulnerability [CWE-285] in Fortinet FortiADC ...) + TODO: check +CVE-2023-40716 (An improper neutralization of special elements used in an OS command v ...) + TODO: check +CVE-2023-3517 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 9 ...) + TODO: check +CVE-2023-36639 (A use of externally-controlled format string in Fortinet FortiProxy ve ...) + TODO: check +CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. This i ...) - libapache2-mod-cluster <itp> (bug #731410) -CVE-2023-5379 +CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that exceeds ...) - undertow <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099 TODO: check, insufficient information for Debian specific assessment @@ -2913,7 +2973,7 @@ CVE-2023-47038 [Write past buffer end via illegal user-defined Unicode property] NOTE: Fixed by: https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 (v5.36.2) NOTE: Fixed by: https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664 (v5.38.1) NOTE: Fixed by: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 (bleed) -CVE-2023-46671 +CVE-2023-46671 (An issue was discovered by Elastic whereby sensitive information may b ...) - kibana <itp> (bug #700337) CVE-2023-6293 (Prototype Pollution in GitHub repository robinbuschmann/sequelize-type ...) NOT-FOR-US: sequelize-typescript @@ -3517,7 +3577,7 @@ CVE-2023-40151 (When user authentication is not enabled the shell can execute co NOT-FOR-US: Red Lion CVE-2023-6134 NOT-FOR-US: Keycloak -CVE-2023-5764 [internal templating can cause unsafe variables to lose their unsafe designation] +CVE-2023-5764 (A template injection flaw was found in Ansible where a user's controll ...) - ansible-core <unfixed> (bug #1057427) - ansible 5.4.0-1 [bullseye] - ansible <no-dsa> (Minor issue) @@ -4546,7 +4606,7 @@ CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to [bullseye] - gpac <ignored> (Minor issue) [buster] - gpac <end-of-life> (EOL in Buster LTS) NOTE: https://github.com/gpac/gpac/issues/2672 -CVE-2023-47262 (In Abbott ID NOW before 7.1, settings can be modified via physical acc ...) +CVE-2023-47262 (The startup process and device configurations of the Abbott ID NOW dev ...) NOT-FOR-US: Abbott ID NOW CVE-2023-47127 (TYPO3 is an open source PHP based web content management system releas ...) NOT-FOR-US: Typo3 @@ -8001,13 +8061,15 @@ CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded NOT-FOR-US: Dromara Sureness CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any ...) NOT-FOR-US: light-oauth2 -CVE-2023-6478 [Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty] +CVE-2023-6478 (A flaw was found in xorg-server. A specially crafted request to RRChan ...) + {DSA-5576-1 DLA-3686-1} - xorg-server <unfixed> - xwayland <unfixed> [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root) NOTE: https://lists.x.org/archives/xorg-announce/2023-December/003435.html NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632 -CVE-2023-6377 [Out-of-bounds memory write in XKB button actions] +CVE-2023-6377 (A flaw was found in xorg-server. Querying or changing XKB button actio ...) + {DSA-5576-1 DLA-3686-1} - xorg-server <unfixed> - xwayland <unfixed> [bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root) @@ -122459,8 +122521,8 @@ CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor in NOT-FOR-US: Fortinet CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...) NOT-FOR-US: Fortinet -CVE-2022-27488 - RESERVED +CVE-2022-27488 (A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise v ...) + TODO: check CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...) NOT-FOR-US: Fortinet CVE-2022-27486 @@ -250667,7 +250729,7 @@ CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards s NOT-FOR-US: HMS Networks CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess -CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) +CVE-2020-16228 (In Patient Information Center iX (PICiX) Versions C.02 and C.03, Perf ...) NOT-FOR-US: Philips CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...) NOT-FOR-US: Delta Electronics @@ -250675,27 +250737,27 @@ CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to imperson NOT-FOR-US: Mitsubishi CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...) NOT-FOR-US: Delta Electronics -CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) +CVE-2020-16224 (In Patient Information Center iX (PICiX) Versions C.02, C.03, the sof ...) NOT-FOR-US: Philips CVE-2020-16223 (Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffe ...) NOT-FOR-US: Delta Electronics -CVE-2020-16222 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) +CVE-2020-16222 (In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and ...) NOT-FOR-US: Philips CVE-2020-16221 (Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buff ...) NOT-FOR-US: Delta Electronics -CVE-2020-16220 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) +CVE-2020-16220 (In Patient Information Center iX (PICiX) Versions C.02, C.03, Perform ...) NOT-FOR-US: Philips CVE-2020-16219 (Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds r ...) NOT-FOR-US: Delta Electronics -CVE-2020-16218 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) +CVE-2020-16218 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...) NOT-FOR-US: Philips CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A doubl ...) NOT-FOR-US: Advantech WebAccess -CVE-2020-16216 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) +CVE-2020-16216 (In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, ...) NOT-FOR-US: Philips CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess -CVE-2020-16214 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) +CVE-2020-16214 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...) NOT-FOR-US: Philips CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d8ca9aeb4d9b95f03793dacb826d06b49d9664 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d8ca9aeb4d9b95f03793dacb826d06b49d9664 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits