Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ccd3aa07 by security tracker role at 2023-11-06T20:43:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,111 @@
+CVE-2023-5969 (Mattermost fails to properly sanitize the request
to/api/v4/redirect_l ...)
+ TODO: check
+CVE-2023-5968 (Mattermost fails to properly sanitize the user object when
updating th ...)
+ TODO: check
+CVE-2023-5967 (Mattermost fails to properly validate requests to the Calls
plugin, al ...)
+ TODO: check
+CVE-2023-5964 (The 1E-Exchange-DisplayMessageinstruction that is part of the
End-User ...)
+ TODO: check
+CVE-2023-5963 (An issue has been discovered in GitLab EE with Advanced Search
affecti ...)
+ TODO: check
+CVE-2023-5950 (Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a
reflected ...)
+ TODO: check
+CVE-2023-5823 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft
TK Googl ...)
+ TODO: check
+CVE-2023-5777 (Weintek EasyBuilder Pro contains a vulnerability that, even
when the p ...)
+ TODO: check
+CVE-2023-5771 (Proofpoint Enterprise Protection contains a stored XSS
vulnerability i ...)
+ TODO: check
+CVE-2023-5719 (The Crimson 3.2 Windows-based configuration tool allows users
with adm ...)
+ TODO: check
+CVE-2023-4996 (Netskope was made aware of a security vulnerability in its
NSClient pr ...)
+ TODO: check
+CVE-2023-4535 (An out-of-bounds read vulnerability was found in OpenSC
packages withi ...)
+ TODO: check
+CVE-2023-47186 (Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP
Kadence ...)
+ TODO: check
+CVE-2023-47185 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
gVectors Te ...)
+ TODO: check
+CVE-2023-47184 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prop ...)
+ TODO: check
+CVE-2023-47182 (Cross-Site Request Forgery (CSRF) leading to a Stored
Cross-Site Scrip ...)
+ TODO: check
+CVE-2023-47177 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Yaki ...)
+ TODO: check
+CVE-2023-46824 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Om A ...)
+ TODO: check
+CVE-2023-46823 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-46822 (Unauth. Reflected Cross-Site Scripting') vulnerability in
Visser Labs ...)
+ TODO: check
+CVE-2023-46821 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-46783 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-46782 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2023-46781 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg
Current ...)
+ TODO: check
+CVE-2023-46780 (Cross-Site Request Forgery (CSRF) vulnerability in Alter
plugin <=1.0 ...)
+ TODO: check
+CVE-2023-46779 (Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe
plugin < ...)
+ TODO: check
+CVE-2023-46778 (Cross-Site Request Forgery (CSRF) vulnerability in
TheFreeWindows Auto ...)
+ TODO: check
+CVE-2023-46777 (Cross-Site Request Forgery (CSRF) vulnerability in Custom
Login Page | ...)
+ TODO: check
+CVE-2023-46776 (Cross-Site Request Forgery (CSRF) vulnerability in Serena
Villa Auto E ...)
+ TODO: check
+CVE-2023-46775 (Cross-Site Request Forgery (CSRF) vulnerability in Djo
Original texts ...)
+ TODO: check
+CVE-2023-46732 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2023-46731 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS,
FTP, and ...)
+ TODO: check
+CVE-2023-46254 (capsule-proxy is a reverse proxy for Capsule kubernetes
multi-tenancy ...)
+ TODO: check
+CVE-2023-46251 (MyBB is a free and open source forum software. Custom MyCode
(BBCode) ...)
+ TODO: check
+CVE-2023-46084 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-45830 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-45827 (Dot diver is a lightweight, powerful, and dependency-free
TypeScript u ...)
+ TODO: check
+CVE-2023-45657 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-45163 (The 1E-Exchange-CommandLinePing instruction that is part of
the Networ ...)
+ TODO: check
+CVE-2023-45161 (The 1E-Exchange-URLResponseTime instruction that is part of
the Networ ...)
+ TODO: check
+CVE-2023-45074 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-45069 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-45055 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-45046 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-45001 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-44398 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
+ TODO: check
+CVE-2023-41685 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-41378 (In certain conditions for Calico Typha (v3.26.2, v3.25.1 and
below), a ...)
+ TODO: check
+CVE-2023-40661 (Several memory vulnerabilities were identified within the
OpenSC packa ...)
+ TODO: check
+CVE-2023-40660 (A flaw was found in OpenSC packages that allow a potential PIN
bypass. ...)
+ TODO: check
+CVE-2023-40609 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-39345 (strapi is an open-source headless CMS. Versions prior to
4.13.1 did no ...)
+ TODO: check
+CVE-2023-35911 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in
Mitsub ...)
NOT-FOR-US: Mitsubishi
CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
@@ -534,19 +642,19 @@ CVE-2023-33226 (The Network Configuration Manager was
susceptible to a Directory
CVE-2023-46695 (An issue was discovered in Django 3.2 before 3.2.23, 4.1
before 4.1.13 ...)
- python-django <not-affected> (Only an issue on windows)
NOTE:
https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
-CVE-2023-5831
+CVE-2023-5831 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2023-4700
+CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all
versions from ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-5600
- gitlab <not-affected> (Specific to EE)
-CVE-2023-3246
+CVE-2023-3246 (An issue has been discovered in GitLab EE/CE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2023-3909
+CVE-2023-3909 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2023-5825
+CVE-2023-5825 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
-CVE-2023-3399
+CVE-2023-3399 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <unfixed>
CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository
pkp/pkp-lib p ...)
NOT-FOR-US: pkp-lib
@@ -844,7 +952,7 @@ CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in
GitHub repository microweb
NOT-FOR-US: microweber
CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring
Framework fo ...)
NOT-FOR-US: Thorn SFTP gateway
-CVE-2023-46502 (An issue in OpenCRX v.5.2.2 allows a remote attacker to
execute arbitr ...)
+CVE-2023-46502 (An issue in openCRX v.5.2.2 allows a remote attacker to read
internal ...)
NOT-FOR-US: OpenCRX
CVE-2023-46478 (An issue in minCal v.1.0.0 allows a remote attacker to execute
arbitra ...)
NOT-FOR-US: minCal
@@ -1502,7 +1610,7 @@ CVE-2023-45872
CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's
Linux K ...)
- linux 6.5.10-1
NOTE:
https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7)
-CVE-2023-5678 [Excessive time spent in DH check / generation with large Q
parameter value]
+CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or
checking e ...)
- openssl <unfixed>
[bookworm] - openssl <no-dsa> (Minor issue; can be fixed along with
future update)
[bullseye] - openssl <no-dsa> (Minor issue; can be fixed along with
future update)
@@ -2582,7 +2690,7 @@ CVE-2023-34045 (VMware Fusion(13.x prior to 13.5)contains
a local privilege esca
NOT-FOR-US: VMware
CVE-2023-34044 (VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior
to 13.5) ...)
NOT-FOR-US: VMware
-CVE-2023-5090 [x86: KVM: SVM: always update the x2avic msr interception]
+CVE-2023-5090 (A flaw was found in KVM. An improper check in
svm_set_x2apic_msr_inter ...)
- linux 6.5.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -8438,7 +8546,7 @@ CVE-2023-38205 (Adobe ColdFusion versions 2018u18 (and
earlier), 2021u8 (and ear
NOT-FOR-US: Adobe
CVE-2023-38204 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and
earlier) ...)
NOT-FOR-US: Adobe
-CVE-2023-4910
+CVE-2023-4910 (A flaw was found In 3Scale Admin Portal. If a user logs out
from the p ...)
NOT-FOR-US: 3scale-admin-portal
CVE-2023-38039 (When curl retrieves an HTTP response, it stores the incoming
headers s ...)
- curl 8.3.0-1
@@ -28420,14 +28528,16 @@ CVE-2023-30081
RESERVED
CVE-2023-30080
RESERVED
-CVE-2023-30079 (A stack overflow vulnerability exists in function read_file in
atlibec ...)
+CVE-2023-30079
+ REJECTED
- libeconf 0.5.2+dfsg1-1
[bookworm] - libeconf <no-dsa> (Minor issue)
[bullseye] - libeconf <no-dsa> (Minor issue)
NOTE: https://github.com/openSUSE/libeconf/issues/177
NOTE:
https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19
(v0.5.2)
NOTE: Duplicate of CVE-2023-22652
-CVE-2023-30078 (A stack overflow vulnerability exists in function
econf_writeFile in f ...)
+CVE-2023-30078
+ REJECTED
- libeconf 0.5.2+dfsg1-1
[bookworm] - libeconf <no-dsa> (Minor issue)
[bullseye] - libeconf <no-dsa> (Minor issue)
@@ -32620,8 +32730,8 @@ CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Ig
NOT-FOR-US: WordPress plugin
CVE-2023-28749
RESERVED
-CVE-2023-28748
- RESERVED
+CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-28747
RESERVED
CVE-2023-28735
@@ -36514,8 +36624,8 @@ CVE-2023-27607
RESERVED
CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad
Hossain WP R ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27605
- RESERVED
+CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab 15.10.8+ds1-2
CVE-2023-27604 (Apache Airflow Sqoop Provider, versions before 4.0.0, is
affected by a ...)
@@ -48004,8 +48114,8 @@ CVE-2023-23704 (Cross-Site Request Forgery (CSRF)
vulnerability in Pixelgrade Co
NOT-FOR-US: WordPress plugin
CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23702
- RESERVED
+CVE-2023-23702 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Pixe ...)
+ TODO: check
CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23700
@@ -52316,10 +52426,10 @@ CVE-2022-48195 (An issue was discovered in Mellium
mellium.im/sasl before 0.3.1.
NOT-FOR-US: Mellium
CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote
authenticated ...)
NOT-FOR-US: TP-Link
-CVE-2022-48193
- RESERVED
-CVE-2022-48192
- RESERVED
+CVE-2022-48193 (Weak ciphers in Softing smartLink SW-HT before 1.30 are
enabled during ...)
+ TODO: check
+CVE-2022-48192 (Cross-site Scripting vulnerability in Softing smartLink SW-HT
before 1 ...)
+ TODO: check
CVE-2022-48191 (A vulnerability exists in Trend Micro Maximum Security 2022
(17.7) whe ...)
NOT-FOR-US: Trend Micro
CVE-2021-46870
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccd3aa073ebc262987f4387996a0551cae95ca31
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ccd3aa073ebc262987f4387996a0551cae95ca31
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
