Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
125a6507 by security tracker role at 2023-11-29T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-49092 (RustCrypto/RSA is a portable RSA implementation in pure Rust.
Due to a ...)
+ TODO: check
+CVE-2023-48193 (Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0
allows ...)
+ TODO: check
+CVE-2023-47462 (Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215
and befor ...)
+ TODO: check
+CVE-2023-46944 (An issue in GitKraken GitLens before v.14.0.0 allows an
attacker to ex ...)
+ TODO: check
+CVE-2023-46887 (In Dreamer CMS before 4.0.1, the backend attachment management
office ...)
+ TODO: check
+CVE-2023-46886 (Dreamer CMS before version 4.0.1 is vulnerable to Directory
Traversal. ...)
+ TODO: check
+CVE-2023-45484 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was
discovered to con ...)
+ TODO: check
+CVE-2023-45483 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was
discovered to con ...)
+ TODO: check
+CVE-2023-45482 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was
discovered to con ...)
+ TODO: check
+CVE-2023-45481 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was
discovered to con ...)
+ TODO: check
+CVE-2023-45480 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was
discovered to con ...)
+ TODO: check
+CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was
discovered to con ...)
+ TODO: check
CVE-2023-6351
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1568,9 +1592,9 @@ CVE-2023-48204 (An issue in PublicCMS v.4.0.202302.e
allows a remote attacker to
NOT-FOR-US: PublicCMS
CVE-2023-48200 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a
local att ...)
- grocy <itp> (bug #969056)
-CVE-2023-48199 (An issue in Grocy v.4.0.3 allows a local attacker to execute
arbitrary ...)
+CVE-2023-48199 (HTML Injection vulnerability in the 'manageApiKeys' component
in Grocy ...)
- grocy <itp> (bug #969056)
-CVE-2023-48198 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a
local att ...)
+CVE-2023-48198 (A Cross-Site Scripting (XSS) vulnerability in the 'product
description ...)
- grocy <itp> (bug #969056)
CVE-2023-48197 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a
local att ...)
- grocy <itp> (bug #969056)
@@ -10122,7 +10146,7 @@ CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read
Information Disclosure Vu
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-44446 [MXF demuxer use-after-free]
- {DSA-5565-1}
+ {DSA-5565-1 DLA-3673-1}
- gst-plugins-bad1.0 1.22.7-1 (bug #1056101)
- gst-plugins-bad0.10 <removed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0010.html
@@ -35052,19 +35076,19 @@ CVE-2023-29068 (A maliciously crafted file consumed
through pskernel.dll file co
NOT-FOR-US: Autodesk
CVE-2023-29067 (A maliciously crafted X_B file when parsed through
Autodesk\xae AutoCA ...)
NOT-FOR-US: Autodesk
-CVE-2023-29066
- RESERVED
-CVE-2023-29065
- RESERVED
-CVE-2023-29064
- RESERVED
-CVE-2023-29063
- RESERVED
-CVE-2023-29062
- RESERVED
-CVE-2023-29061
- RESERVED
-CVE-2023-29060 (The FACSChorus\xe2\u201e\xa2 workstation operating system does
not res ...)
+CVE-2023-29066 (The FACSChorus software does not properly assign data access
privilege ...)
+ TODO: check
+CVE-2023-29065 (The FACSChorus software database can be accessed directly with
the pri ...)
+ TODO: check
+CVE-2023-29064 (The FACSChorus software contains sensitive information stored
in plain ...)
+ TODO: check
+CVE-2023-29063 (The FACSChorus workstation does not prevent physical access to
its PCI ...)
+ TODO: check
+CVE-2023-29062 (The Operating System hosting the FACSChorus application is
configured ...)
+ TODO: check
+CVE-2023-29061 (There is no BIOS password on the FACSChorus workstation. A
threat acto ...)
+ TODO: check
+CVE-2023-29060 (The FACSChorus workstation operating system does not restrict
what dev ...)
NOT-FOR-US: facschorus
CVE-2023-1764 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X
10.9.5 ...)
NOT-FOR-US: Canon
@@ -50070,8 +50094,8 @@ CVE-2023-24296
RESERVED
CVE-2023-24295 (A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0
allows at ...)
NOT-FOR-US: SoftMaker Software GmbH FlexiPDF
-CVE-2023-24294
- RESERVED
+CVE-2023-24294 (Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was
discovered to ...)
+ TODO: check
CVE-2023-24293
RESERVED
CVE-2023-24292
@@ -52926,10 +52950,10 @@ CVE-2023-23327 (An Information Disclosure
vulnerability exists in AvantFAX 3.3.7
NOT-FOR-US: AvantFAX
CVE-2023-23326 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
AvantFAX 3 ...)
NOT-FOR-US: AvantFAX
-CVE-2023-23325
- RESERVED
-CVE-2023-23324
- RESERVED
+CVE-2023-23325 (Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was
discovered to co ...)
+ TODO: check
+CVE-2023-23324 (Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was
discovered to co ...)
+ TODO: check
CVE-2023-23323
RESERVED
CVE-2023-23322
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/125a6507bda8ba709f67b97161f50e88f119a5dd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/125a6507bda8ba709f67b97161f50e88f119a5dd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
