[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 26 Dec 2023 00:12:06 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
75cf9b25 by security tracker role at 2023-12-26T08:11:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,77 @@
-CVE-2023-51782 [net/rose: Fix Use-After-Free in rose_ioctl]
+CVE-2023-7111 (A vulnerability, which was classified as critical, was found in 
code-p ...)
+       TODO: check
+CVE-2023-7110 (A vulnerability, which was classified as critical, has been 
found in c ...)
+       TODO: check
+CVE-2023-7109 (A vulnerability classified as critical was found in 
code-projects Libr ...)
+       TODO: check
+CVE-2023-7108 (A vulnerability classified as problematic has been found in 
code-proje ...)
+       TODO: check
+CVE-2023-7107 (A vulnerability was found in code-projects E-Commerce Website 
1.0. It  ...)
+       TODO: check
+CVE-2023-7106 (A vulnerability was found in code-projects E-Commerce Website 
1.0. It  ...)
+       TODO: check
+CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website 
1.0. It  ...)
+       TODO: check
+CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and 
classifie ...)
+       TODO: check
+CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to 
cause a ...)
+       TODO: check
+CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes 
allows bypa ...)
+       TODO: check
+CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer 
over-read  ...)
+       TODO: check
+CVE-2023-51654 (Improper link resolution before file access ('Link Following') 
issue e ...)
+       TODO: check
+CVE-2023-51363 (VR-S1000 firmware Ver. 2.37 and earlier allows a 
network-adjacent unau ...)
+       TODO: check
+CVE-2023-50658 (The jose2go component before 1.6.0 for Go allows attackers to 
cause a  ...)
+       TODO: check
+CVE-2023-50339 (Stored cross-site scripting vulnerability exists in the User 
Managemen ...)
+       TODO: check
+CVE-2023-50332 (Improper authorization vulnerability exists in the User 
Management (/a ...)
+       TODO: check
+CVE-2023-50297 (Open redirect vulnerability in PowerCMS (6 Series, 5 Series, 
and 4 Ser ...)
+       TODO: check
+CVE-2023-50294 (The App Settings (/admin/app) page in GROWI versions prior to 
v6.0.6 s ...)
+       TODO: check
+CVE-2023-50175 (Stored cross-site scripting vulnerability exists in the App 
Settings ( ...)
+       TODO: check
+CVE-2023-49807 (Stored cross-site scripting vulnerability when processing the 
MathJax  ...)
+       TODO: check
+CVE-2023-49779 (Stored cross-site scripting vulnerability exists in the anchor 
tag of  ...)
+       TODO: check
+CVE-2023-49598 (Stored cross-site scripting vulnerability exists in the event 
handlers ...)
+       TODO: check
+CVE-2023-49119 (Stored cross-site scripting vulnerability via the img tags 
exists in G ...)
+       TODO: check
+CVE-2023-49117 (PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored 
cross-si ...)
+       TODO: check
+CVE-2023-47215 (Stored cross-site scripting vulnerability which is exploiting 
a behavi ...)
+       TODO: check
+CVE-2023-46711 (VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded 
cryptographi ...)
+       TODO: check
+CVE-2023-46699 (Cross-site request forgery (CSRF) vulnerability exists in the 
User set ...)
+       TODO: check
+CVE-2023-46681 (Improper neutralization of argument delimiters in a command 
('Argument ...)
+       TODO: check
+CVE-2023-45741 (VR-S1000 firmware Ver. 2.37 and earlier allows an attacker 
with access ...)
+       TODO: check
+CVE-2023-45740 (Stored cross-site scripting vulnerability when processing 
profile imag ...)
+       TODO: check
+CVE-2023-45737 (Stored cross-site scripting vulnerability exists in the App 
Settings ( ...)
+       TODO: check
+CVE-2023-42436 (Stored cross-site scripting vulnerability exists in the 
presentation f ...)
+       TODO: check
+CVE-2023-51782 (An issue was discovered in the Linux kernel before 6.6.8. 
rose_ioctl i ...)
        - linux 6.6.8-1
        NOTE: 
https://git.kernel.org/linus/810c38a369a0a0ce625b5c12169abce1dd9ccd53 (6.7-rc6)
-CVE-2023-51781 [appletalk: Fix Use-After-Free in atalk_ioctl]
+CVE-2023-51781 (An issue was discovered in the Linux kernel before 6.6.8. 
atalk_ioctl  ...)
        - linux 6.6.8-1
        NOTE: 
https://git.kernel.org/linus/189ff16722ee36ced4d2a2469d4ab65a8fee4198 (6.7-rc6)
-CVE-2023-51780 [atm: Fix Use-After-Free in do_vcc_ioctl]
+CVE-2023-51780 (An issue was discovered in the Linux kernel before 6.6.8. 
do_vcc_ioctl ...)
        - linux 6.6.8-1
        NOTE: 
https://git.kernel.org/linus/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 (6.7-rc6)
-CVE-2023-51779 [Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg]
+CVE-2023-51779 (bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux 
kernel th ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/2e07e8348ea454615e268222ae3fc240421be768 (6.7-rc7)
 CVE-2023-49337 (Concrete CMS before 9.2.3 allows Stored XSS on the Admin 
Dashboard via ...)
@@ -1289,7 +1353,7 @@ CVE-2023-5348 (The Product Catalog Mode For WooCommerce 
WordPress plugin before
 CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin 
before ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur 
if a us ...)
-       {DSA-5586-1}
+       {DSA-5586-1 DLA-3694-1}
        - openssh 1:9.6p1-1
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
        NOTE: 
https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
 (V_9_6_P1)
@@ -1368,7 +1432,7 @@ CVE-2023-32725 (The website configured in the URL widget 
will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API 
server in Bo ...)
        NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, 
found in O ...)
-       {DSA-5588-1 DSA-5586-1}
+       {DSA-5588-1 DSA-5586-1 DLA-3694-1}
        - dropbear <unfixed> (bug #1059001)
        - erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
        [bookworm] - erlang <no-dsa> (Minor issue)
@@ -6826,7 +6890,7 @@ CVE-2023-38322 (An issue was discovered in OpenNDS 
Captive Portal before version
        - opennds <unfixed> (bug #1059451)
        NOTE: 
https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
        NOTE: 
https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9
 (v10.1.2)
-CVE-2023-38321
+CVE-2023-38321 (OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and 
other p ...)
        - opennds <unfixed>
        NOTE: 
https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
 CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before 
version 10.1. ...)
@@ -42480,8 +42544,8 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el 
in Org Mode through 9.6.1
        NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced 
binary packages
        NOTE: making an empty dependency package only thus considered fixed 
exceptionally in
        NOTE: that version.
-CVE-2023-28616
-       RESERVED
+CVE-2023-28616 (An issue was discovered in Stormshield Network Security (SNS) 
before 4 ...)
+       TODO: check
 CVE-2023-28615
        RESERVED
 CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command 
Injectio ...)
@@ -47250,8 +47314,8 @@ CVE-2023-27152 (DECISO OPNsense 23.1 does not impose 
rate limits for authenticat
        NOT-FOR-US: DECISO OPNsense
 CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection 
vulnerabilit ...)
        NOT-FOR-US: openCRX
-CVE-2023-27150
-       RESERVED
+CVE-2023-27150 (openCRX 5.2.0 was discovered to contain a cross-site scripting 
(XSS) v ...)
+       TODO: check
 CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in 
Enhancesoft osTic ...)
        NOT-FOR-US: Enhancesoft osTicket
 CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin 
panel i ...)
@@ -160169,6 +160233,7 @@ CVE-2021-41616 (Apache DB DdlUtils 1.0 included a 
BinaryObjectsHelper that was i
 CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input 
During  ...)
        NOT-FOR-US: btcpayserver
 CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain 
non-default c ...)
+       {DLA-3694-1}
        - openssh 1:8.7p1-1 (bug #995130)
        [bullseye] - openssh 1:8.4p1-5+deb11u3
        [stretch] - openssh <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75cf9b25c2b47f3a5689cc9c0f87cd309e551a6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75cf9b25c2b47f3a5689cc9c0f87cd309e551a6d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to