Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 25b5fc8f by security tracker role at 2023-12-14T08:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,81 @@ +CVE-2023-6775 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...) + TODO: check +CVE-2023-6407 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check +CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...) + TODO: check +CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019 ...) + TODO: check +CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior to vers ...) + TODO: check +CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows before ...) + TODO: check +CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (A ...) + TODO: check +CVE-2023-50442 (Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be m ...) + TODO: check +CVE-2023-50440 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...) + TODO: check +CVE-2023-50439 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...) + TODO: check +CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ...) + TODO: check +CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...) + TODO: check +CVE-2023-50248 (CKAN is an open-source data management system for powering data hubs a ...) + TODO: check +CVE-2023-50246 (jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ...) + TODO: check +CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...) + TODO: check +CVE-2023-49877 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...) + TODO: check +CVE-2023-49646 (Improper authentication in some Zoom clients before version 5.16.5 may ...) + TODO: check +CVE-2023-48702 (Jellyfin is a system for managing and streaming media. Prior to versio ...) + TODO: check +CVE-2023-48085 (Nagios XI before version 5.11.3 was discovered to contain a remote cod ...) + TODO: check +CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a SQL inject ...) + TODO: check +CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...) + TODO: check +CVE-2023-47623 (Scrypted is a home video integration and automation platform. In versi ...) + TODO: check +CVE-2023-47620 (Scrypted is a home video integration and automation platform. In versi ...) + TODO: check +CVE-2023-47619 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...) + TODO: check +CVE-2023-45184 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) + TODO: check +CVE-2023-45174 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to ...) + TODO: check +CVE-2023-45170 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) + TODO: check +CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) + TODO: check +CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before wa ...) + TODO: check +CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for ...) + TODO: check +CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom SDKs for i ...) + TODO: check +CVE-2023-43583 (Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for ...) + TODO: check +CVE-2023-43042 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...) + TODO: check +CVE-2023-41720 (A vulnerability exists on all versions of Ivanti Connect Secure below ...) + TODO: check +CVE-2023-41719 (A vulnerability exists on all versions of Ivanti Connect Secure below ...) + TODO: check +CVE-2023-41621 (A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro ...) + TODO: check +CVE-2023-41618 (Emlog Pro v2.1.14 was discovered to contain a reflective cross-site sc ...) + TODO: check +CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in Common Serv ...) + TODO: check +CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows atta ...) + TODO: check CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659] - python-cryptography <unfixed> NOTE: https://github.com/pyca/cryptography/issues/9785 @@ -10,27 +88,27 @@ CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API - incomp NOTE: https://people.redhat.com/~hkario/marvin/ NOTE: https://github.com/openssl/openssl/pull/13817 NOTE: CVE is for incomplete fix of CVE-2020-25657 -CVE-2023-49934 [SQL Injection] +CVE-2023-49934 (An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injecti ...) - slurm-wlm <not-affected> (Vulnerable code introduced in 23.11 series) - slurm-llnl <not-affected> (Vulnerable code introduced in 23.11 series) NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html -CVE-2023-49933 [Slurm Protocol Message Extension] +CVE-2023-49933 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) - slurm-wlm <unfixed> - slurm-llnl <removed> NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html -CVE-2023-49937 [Slurm Protocol Double Free] +CVE-2023-49937 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) - slurm-wlm <unfixed> - slurm-llnl <removed> NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html -CVE-2023-49936 [Slurm NULL Pointer Dereference] +CVE-2023-49936 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) - slurm-wlm <unfixed> - slurm-llnl <removed> NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html -CVE-2023-49938 [Slurm Arbitrary File Overwrite] +CVE-2023-49938 (An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is ...) - slurm-wlm <unfixed> - slurm-llnl <removed> NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html -CVE-2023-49935 [Slurmd Message Integrity Bypass] +CVE-2023-49935 (An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is ...) - slurm-wlm <unfixed> [bookworm] - slurm-wlm <not-affected> (Vulnerable code introduced later) [bullseye] - slurm-wlm <not-affected> (Vulnerable code introduced later) @@ -225,21 +303,27 @@ CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neu CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...) TODO: check CVE-2023-6707 + {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-6706 + {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-6705 + {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-6704 + {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-6703 + {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-6702 + {DSA-5577-1} - chromium 120.0.6099.109-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.) @@ -8248,7 +8332,7 @@ CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based appli CVE-2023-46119 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Parse Server CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API ...) - {DSA-5571-1} + {DSA-5571-1 DLA-3687-1} - rabbitmq-server 3.10.8-3 (bug #1056723) NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/9708 @@ -11058,7 +11142,7 @@ CVE-2023-36590 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36589 (Microsoft Message Queuing Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-36585 (Active Template Library Denial of Service Vulnerability) +CVE-2023-36585 (Windows upnphost.dll Denial of Service Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36584 (Windows Mark of the Web Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft @@ -36976,8 +37060,8 @@ CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. " NOTE: https://github.com/golang/go/issues/59722 NOTE: https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9) NOTE: https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4) -CVE-2023-1904 - RESERVED +CVE-2023-1904 (In affected versions of Octopus Server it is possible for the OpenID c ...) + TODO: check CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...) NOT-FOR-US: SAP CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global reference to ...) @@ -48914,26 +48998,26 @@ CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31 [buster] - git <no-dsa> (Minor issue) NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9) -CVE-2023-25651 - RESERVED -CVE-2023-25650 - RESERVED +CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile internetprod ...) + TODO: check +CVE-2023-25650 (There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Sin ...) + TODO: check CVE-2023-25649 (There is a command injection vulnerability in a mobile internet produc ...) NOT-FOR-US: ZTE -CVE-2023-25648 - RESERVED +CVE-2023-25648 (There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI ...) + TODO: check CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...) NOT-FOR-US: ZTE CVE-2023-25646 RESERVED CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...) NOT-FOR-US: ZTE -CVE-2023-25644 - RESERVED -CVE-2023-25643 - RESERVED -CVE-2023-25642 - RESERVED +CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile internet ...) + TODO: check +CVE-2023-25643 (There is a command injection vulnerability in some ZTE mobile internet ...) + TODO: check +CVE-2023-25642 (There is a buffer overflow vulnerability in some ZTEmobile internetpro ...) + TODO: check CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...) - ampache <removed> CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) @@ -63311,8 +63395,8 @@ CVE-2023-21753 (Event Tracing for Windows Information Disclosure Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21752 (Windows Backup Service Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-21751 - RESERVED +CVE-2023-21751 (Azure DevOps Server Spoofing Vulnerability) + TODO: check CVE-2023-21750 (Windows Kernel Elevation of Privilege Vulnerability) NOT-FOR-US: Microsoft CVE-2023-21749 (Windows Kernel Elevation of Privilege Vulnerability) @@ -76669,8 +76753,8 @@ CVE-2022-43845 RESERVED CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is v ...) NOT-FOR-US: IBM -CVE-2022-43843 - RESERVED +CVE-2022-43843 (IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected c ...) + TODO: check CVE-2022-43842 RESERVED CVE-2022-43841 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25b5fc8fe84025a9680db80804a9bc2a2638aa2d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25b5fc8fe84025a9680db80804a9bc2a2638aa2d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits