Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa7c3d95 by security tracker role at 2023-10-09T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-5461 (A vulnerability was found in Delta Electronics WPLSoft 2.51. It
has be ...)
+ TODO: check
+CVE-2023-5460 (A vulnerability was found in Delta Electronics WPLSoft up to
2.51 and ...)
+ TODO: check
+CVE-2023-5459 (A vulnerability has been found in Delta Electronics DVP32ES2
PLC 1.48 ...)
+ TODO: check
+CVE-2023-5365 (HP LIFE Android Mobile application is potentially vulnerable to
escala ...)
+ TODO: check
+CVE-2023-5333 (Mattermost fails to deduplicate input IDs allowing asimple user
to cau ...)
+ TODO: check
+CVE-2023-5331 (Mattermost fails to properly check the creator of an attached
file whe ...)
+ TODO: check
+CVE-2023-5330 (Mattermost fails toenforce a limit for the size of the cache
entry for ...)
+ TODO: check
+CVE-2023-5103 (Improper Restriction of Rendered UI Layers or Frames in RDT400
in SICK ...)
+ TODO: check
+CVE-2023-5102 (Insufficient Control Flow Management in RDT400 in SICK APU
allows an u ...)
+ TODO: check
+CVE-2023-5101 (Files or Directories Accessible to External Parties in RDT400
in SICK ...)
+ TODO: check
+CVE-2023-5100 (Cleartext Transmission of Sensitive Information in RDT400 in
SICK APU ...)
+ TODO: check
+CVE-2023-45613 (In JetBrains Ktor before 2.3.5 server certificates were not
verified)
+ TODO: check
+CVE-2023-45612 (In JetBrains Ktor before 2.3.5 default configuration of
ContentNegotia ...)
+ TODO: check
+CVE-2023-45248 (Local privilege escalation due to DLL hijacking vulnerability.
The fol ...)
+ TODO: check
+CVE-2023-45247 (Sensitive information disclosure and manipulation due to
missing autho ...)
+ TODO: check
+CVE-2023-44993 (Cross-Site Request Forgery (CSRF) vulnerability in
QuantumCloud AI Cha ...)
+ TODO: check
+CVE-2023-44821 (Buffer Overflow vulnerability in gifsicle v.1.92 allows a
remote attac ...)
+ TODO: check
+CVE-2023-44812 (Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8
allows a ...)
+ TODO: check
+CVE-2023-44811 (Cross Site Request Forgery (CSRF) vulnerability in MooSocial
v.3.1.8 a ...)
+ TODO: check
+CVE-2023-44473 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Tran Table ...)
+ TODO: check
+CVE-2023-44467 (langchain_experimental 0.0.14 allows an attacker to bypass the
CVE-202 ...)
+ TODO: check
+CVE-2023-44400 (Uptime Kuma is a self-hosted monitoring tool. Prior to version
1.23.3, ...)
+ TODO: check
+CVE-2023-44393 (Piwigo is an open source photo gallery application. Prior to
version 1 ...)
+ TODO: check
+CVE-2023-44392 (Garden provides automation for Kubernetes development and
testing. Pri ...)
+ TODO: check
+CVE-2023-44378 (gnark is a zk-SNARK library that offers a high-level API to
design cir ...)
+ TODO: check
+CVE-2023-44260 (Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel
Nurges, ...)
+ TODO: check
+CVE-2023-44246 (Cross-Site Request Forgery (CSRF) vulnerability in Matias s
Shockingly ...)
+ TODO: check
+CVE-2023-44240 (Cross-Site Request Forgery (CSRF) vulnerability in Peter
Butler Timthu ...)
+ TODO: check
+CVE-2023-44238 (Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling
Remove ...)
+ TODO: check
+CVE-2023-44237 (Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay
WP Site ...)
+ TODO: check
+CVE-2023-44236 (Cross-Site Request Forgery (CSRF) vulnerability in Devnath
verma WP Ca ...)
+ TODO: check
+CVE-2023-44232 (Cross-Site Request Forgery (CSRF) vulnerability in Huseyin
Berberoglu ...)
+ TODO: check
+CVE-2023-44231 (Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan
Contact ...)
+ TODO: check
+CVE-2023-43700 (Missing Authorization in RDT400 in SICK APU allows an
unprivileged rem ...)
+ TODO: check
+CVE-2023-43699 (Improper Restriction of Excessive Authentication Attempts in
RDT400 in ...)
+ TODO: check
+CVE-2023-43698 (Improper Neutralization of Input During Web Page Generation
(\u2019Cro ...)
+ TODO: check
+CVE-2023-43697 (Modification of Assumed-Immutable Data (MAID) in RDT400 in
SICK APU al ...)
+ TODO: check
+CVE-2023-43696 (Improper Access Control in SICK APU allows an unprivileged
remote atta ...)
+ TODO: check
+CVE-2023-43643 (AntiSamy is a library for performing fast, configurable
cleansing of H ...)
+ TODO: check
+CVE-2023-42455 (Wazuh is a security detection, visibility, and compliance open
source ...)
+ TODO: check
+CVE-2023-41672 (Cross-Site Request Forgery (CSRF) vulnerability in R\xe9mi
Leclercq Hi ...)
+ TODO: check
+CVE-2023-41670 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel
(in per ...)
+ TODO: check
+CVE-2023-41669 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live
News plu ...)
+ TODO: check
+CVE-2023-41668 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster
plugin <=1 ...)
+ TODO: check
+CVE-2023-41667 (Cross-Site Request Forgery (CSRF) vulnerability in Ulf
Benjaminsson WP ...)
+ TODO: check
+CVE-2023-41660 (Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro
WP Synchr ...)
+ TODO: check
+CVE-2023-41047 (OctoPrint is a web interface for 3D printers. OctoPrint
versions up un ...)
+ TODO: check
+CVE-2023-3589 (A Cross-Site Request Forgery (CSRF) vulnerability affecting
Teamwork C ...)
+ TODO: check
+CVE-2023-39189 (A flaw was found in the Netfilter subsystem in the Linux
kernel. The n ...)
+ TODO: check
+CVE-2023-36820 (Micronaut Security is a security solution for applications.
Prior to v ...)
+ TODO: check
CVE-2023-43641
- libcue <unfixed>
NOTE:
https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj
@@ -483,19 +583,19 @@ CVE-2023-3038 (SQL injection vulnerability in HelpDezk
Community affecting versi
NOT-FOR-US: HelpDezk Community
CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community
affecting v ...)
NOT-FOR-US: HelpDezk Community
-CVE-2023-39194 [net: xfrm: Fix xfrm_address_filter OOB read]
+CVE-2023-39194 (A flaw was found in the XFRM subsystem in the Linux kernel.
The specif ...)
- linux 6.4.13-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.197-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1492/
NOTE:
https://git.kernel.org/linus/dfa73c17d55b921e1d4e154976de35317e43a93a (6.5-rc7)
-CVE-2023-39193 [netfilter: xt_sctp: validate the flag_info count]
+CVE-2023-39193 (A flaw was found in the Netfilter subsystem in the Linux
kernel. The s ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1491/
NOTE:
https://git.kernel.org/linus/e99476497687ef9e850748fe6d232264f30bc8f9 (6.6-rc1)
-CVE-2023-39192 [netfilter: xt_u32: validate user space input]
+CVE-2023-39192 (A flaw was found in the Netfilter subsystem in the Linux
kernel. The x ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -20752,8 +20852,8 @@ CVE-2023-30912
RESERVED
CVE-2023-30911
RESERVED
-CVE-2023-30910
- RESERVED
+CVE-2023-30910 (HPE MSA Controller prior to versionIN210R004 could be remotely
exploit ...)
+ TODO: check
CVE-2023-30909 (A remote authentication bypass issue exists in some OneView
APIs.)
NOT-FOR-US: HPE
CVE-2023-30908 (A remote authentication bypass issue exists in a OneView API.)
@@ -36292,8 +36392,8 @@ CVE-2023-25824 (Mod_gnutls is a TLS module for Apache
HTTPD based on GnuTLS. Ver
NOTE:
https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec
(mod_gnutls/0.12.1)
CVE-2023-25823 (Gradio is an open-source Python library to build machine
learning and ...)
NOT-FOR-US: Gradio
-CVE-2023-25822
- RESERVED
+CVE-2023-25822 (ReportPortal is an AI-powered test automation platform. Prior
to versi ...)
+ TODO: check
CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions
24.0.4 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
@@ -68757,8 +68857,8 @@ CVE-2022-3433 (The aeson library is not safe to use to
consume untrusted JSON in
NOTE:
https://github.com/haskell/aeson/commit/582a844d8028f62e409048a4caae187b27e8e697
(v2.0.1.0)
CVE-2022-3432 (A potential vulnerability in a driver used during manufacturing
proces ...)
NOT-FOR-US: Lenovo
-CVE-2022-3431
- RESERVED
+CVE-2022-3431 (A potential vulnerability in a driver used during manufacturing
proces ...)
+ TODO: check
CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some
consumer Len ...)
NOT-FOR-US: Lenovo
CVE-2022-42493 (Several OS command injection vulnerabilities exist in the m2m
binary o ...)
@@ -86544,8 +86644,8 @@ CVE-2022-35951 (Redis is an in-memory database that
persists on disk. Versions 7
[bullseye] - redis <not-affected> (Vulnerable code not present)
[buster] - redis <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/redis/redis/commit/fa6815e14ea5adff93c5cd7be513c02a7c6e3f2a
(7.0.5)
-CVE-2022-35950
- RESERVED
+CVE-2022-35950 (OroCommerce is an open-source Business to Business Commerce
applicatio ...)
+ TODO: check
CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for
Node.js.`undici ...)
- node-undici 5.8.2+dfsg1+~cs18.9.18.1-1
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa7c3d95606f8cc1fc4141f93b873dd3c10b10a3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa7c3d95606f8cc1fc4141f93b873dd3c10b10a3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
