Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 62de7bcd by security tracker role at 2023-12-31T08:11:37+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,25 @@ +CVE-2023-52286 (Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attack ...) + TODO: check +CVE-2023-52284 (Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or ...) + TODO: check +CVE-2023-52277 (Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of se ...) + TODO: check +CVE-2023-52275 (Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden ...) + TODO: check +CVE-2023-52269 (MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message ...) + TODO: check +CVE-2023-52267 (ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-rea ...) + TODO: check +CVE-2023-52266 (ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after ...) + TODO: check +CVE-2023-52265 (IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATC ...) + TODO: check +CVE-2023-52264 (The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees al ...) + TODO: check +CVE-2021-46901 (examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5 ...) + TODO: check +CVE-2021-46900 (Sympa before 6.2.62 relies on a cookie parameter for certain security ...) + TODO: check CVE-2023-7192 [netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()] - linux 6.1.20-1 [bullseye] - linux 5.10.178-1 @@ -743,7 +765,7 @@ CVE-2023-34198 (In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 befor CVE-2023-7102 (Use of a Third Party library produced a vulnerability in Barracuda Net ...) NOT-FOR-US: Barracuda (its use of Spreadsheet::ParseExcel, cf. CVE-2023-7102) CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing ...) - {DSA-5592-1} + {DSA-5592-1 DLA-3702-1} - libspreadsheet-parseexcel-perl 0.6500-4 (bug #1059450) NOTE: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc @@ -3494,6 +3516,7 @@ CVE-2023-43813 (GLPI is a free asset and IT management software package. Startin CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutraliz ...) NOT-FOR-US: Dasan Networks W-Web CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...) + {DLA-3701-1} - tinyxml <unfixed> (bug #1059315) NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities NOTE: Debian (non upstream) patch: https://salsa.debian.org/debian/tinyxml/-/raw/2366e1f23d059d4c20c43c54176b6bd78d6a83fc/debian/patches/CVE-2023-34194.patch @@ -5585,7 +5608,7 @@ CVE-2023-4518 (A vulnerability exists in the input validation of the GOOSE mess NOT-FOR-US: Hitachi CVE-2023-49371 (RuoYi up to v4.6 was discovered to contain a SQL injection vulnerabili ...) NOT-FOR-US: RuoYi -CVE-2023-48893 (SQL injection vulnerability in Senayan Library Management Systems Slim ...) +CVE-2023-48893 (SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows adm ...) NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian CVE-2023-48842 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) NOT-FOR-US: D-Link @@ -23845,7 +23868,8 @@ CVE-2023-36865 (Microsoft Office Visio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...) NOT-FOR-US: WordPress plugin -CVE-2023-36546 (An issue in PEStudio v.9.52 allows a remote attacker to execute arbitr ...) +CVE-2023-36546 + REJECTED NOT-FOR-US: PEStudio CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop Client ...) NOT-FOR-US: Zoom View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62de7bcde170232f025bc8c23e8a90b70bbe50d7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62de7bcde170232f025bc8c23e8a90b70bbe50d7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits