[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 06 Dec 2023 00:12:19 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
52ceeeff by security tracker role at 2023-12-06T08:12:00+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,16 +1,42 @@
-CVE-2023-6512
+CVE-2023-6527 (The Email Subscription Popup plugin for WordPress is vulnerable 
to Ref ...)
+       TODO: check
+CVE-2023-5970 (Improper authentication in the SMA100 SSL-VPN virtual office 
portal al ...)
+       TODO: check
+CVE-2023-49897 (An OS command injection vulnerability exists in AE1021PE 
firmware vers ...)
+       TODO: check
+CVE-2023-49297 (PyDrive2 is a wrapper library of google-api-python-client that 
simplif ...)
+       TODO: check
+CVE-2023-49283 (microsoft-graph-core the Microsoft Graph Library for PHP. The 
Microsof ...)
+       TODO: check
+CVE-2023-49282 (msgraph-sdk-php is the Microsoft Graph Library for PHP. The 
Microsoft  ...)
+       TODO: check
+CVE-2023-48940 (A stored cross-site scripting (XSS) vulnerability in 
/admin.php of Dai ...)
+       TODO: check
+CVE-2023-48930 (xinhu xinhuoa 2.2.1 contains a File upload vulnerability.)
+       TODO: check
+CVE-2023-48849 (Ruijie EG Series Routers version EG_3.0(1)B11P216 and before 
allows un ...)
+       TODO: check
+CVE-2023-46736 (EspoCRM is an Open Source CRM (Customer Relationship 
Management) softw ...)
+       TODO: check
+CVE-2023-44221 (Improper neutralization of special elements in the SMA100 
SSL-VPN mana ...)
+       TODO: check
+CVE-2023-41268 (Improper input validation vulnerability in Samsung Open Source 
Escargo ...)
+       TODO: check
+CVE-2023-40053 (A vulnerability has been identified within Serv-U 15.4 that 
allows an  ...)
+       TODO: check
+CVE-2023-6512 (Inappropriate implementation in Web Browser UI in Google Chrome 
prior  ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6511
+CVE-2023-6511 (Inappropriate implementation in Autofill in Google Chrome prior 
to 120 ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6510
+CVE-2023-6510 (Use after free in Media Capture in Google Chrome prior to 
120.0.6099.6 ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6509
+CVE-2023-6509 (Use after free in Side Panel Search in Google Chrome prior to 
120.0.60 ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6508
+CVE-2023-6508 (Use after free in Media Stream in Google Chrome prior to 
120.0.6099.62 ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-39326 [net/http: limit chunked data overhead]
@@ -24375,7 +24401,7 @@ CVE-2023-32339 (IBM Business Automation Workflow is 
vulnerable to cross-site scr
        NOT-FOR-US: IBM
 CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate 
uploaded  ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-2861 [9pfs: prevent opening special files]
+CVE-2023-2861 (A flaw was found in the 9p passthrough filesystem (9pfs) 
implementatio ...)
        - qemu 1:8.0.3+dfsg-1
        [bookworm] - qemu 1:7.2+dfsg-7+deb12u1
        [bullseye] - qemu <ignored> (Minor issue)
@@ -37273,10 +37299,10 @@ CVE-2023-28878
        RESERVED
 CVE-2023-28877 (The VTEX apps-graphql@2.x GraphQL API module does not properly 
restric ...)
        NOT-FOR-US: VTEX apps-graphql@2.x GraphQL API module
-CVE-2023-28876
-       RESERVED
-CVE-2023-28875
-       RESERVED
+CVE-2023-28876 (A Broken Access Control issue in comments to uploaded files in 
Filerun ...)
+       TODO: check
+CVE-2023-28875 (A Stored XSS issue in shared files download terms in Filerun 
Update 20 ...)
+       TODO: check
 CVE-2023-28874
        RESERVED
 CVE-2023-28873
@@ -38773,7 +38799,7 @@ CVE-2023-28474 (Concrete CMS (previously concrete5) 
before 9.2 is vulnerable to
        NOT-FOR-US: Concrete CMS
 CVE-2023-28473 (Concrete CMS (previously concrete5) before 9.2 is vulnerable 
to possib ...)
        NOT-FOR-US: Concrete CMS
-CVE-2023-28472 (Concrete CMS (previously concrete5) before 9.2 does not have 
Secure an ...)
+CVE-2023-28472 (Concrete CMS (previously concrete5) versions 8.5.12 and below, 
and 9.0 ...)
        NOT-FOR-US: Concrete CMS
 CVE-2023-28471 (Concrete CMS (previously concrete5) before 9.2 is vulnerable 
to Stored ...)
        NOT-FOR-US: Concrete CMS
@@ -45587,8 +45613,8 @@ CVE-2023-26156 (Versions of the package chromedriver 
before 119.0.1 are vulnerab
        NOT-FOR-US: chromedriver Node.js module
 CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to 
Command Inject ...)
        NOT-FOR-US: node-qpdf
-CVE-2023-26154
-       RESERVED
+CVE-2023-26154 (Versions of the package pubnub before 7.4.0; all versions of 
the packa ...)
+       TODO: check
 CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are 
vulnerable to Co ...)
        NOT-FOR-US: geokit-rails
 CVE-2023-26152 (All versions of the package static-server are vulnerable to 
Directory  ...)
@@ -50668,8 +50694,8 @@ CVE-2023-24549 (A vulnerability has been identified in 
Solid Edge SE2022 (All ve
        NOT-FOR-US: Siemens
 CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN 
configured, malfor ...)
        NOT-FOR-US: Arista
-CVE-2023-24547
-       RESERVED
+CVE-2023-24547 (On affected platforms running Arista MOS, the configuration of 
a BGP p ...)
+       TODO: check
 CVE-2023-24546 (On affected versions of the CloudVision Portal improper access 
control ...)
        NOT-FOR-US: Arista
 CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the 
Software ...)
@@ -57334,12 +57360,12 @@ CVE-2023-22526
        RESERVED
 CVE-2023-22525
        RESERVED
-CVE-2023-22524
-       RESERVED
-CVE-2023-22523
-       RESERVED
-CVE-2023-22522
-       RESERVED
+CVE-2023-22524 (Certain versions of the Atlassian Companion App for MacOS were 
affecte ...)
+       TODO: check
+CVE-2023-22523 (This vulnerability, if exploited, allows an attacker to 
perform privil ...)
+       TODO: check
+CVE-2023-22522 (This Template Injection vulnerability allows an authenticated 
attacker ...)
+       TODO: check
 CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability 
was intro ...)
        NOT-FOR-US: Crowd Data Center and Server
 CVE-2023-22520
@@ -191631,8 +191657,8 @@ CVE-2021-27797 (Brocade Fabric OS before Brocade 
Fabric OS v8.2.1c, v8.1.2h, and
        NOT-FOR-US: Brocade
 CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade 
Fabric OS ...)
        NOT-FOR-US: Brocade
-CVE-2021-27795
-       RESERVED
+CVE-2021-27795 (Brocade Fabric OS (FOS) hardware  platforms running any 
version of Bro ...)
+       TODO: check
 CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade 
Fabric OS v ...)
        NOT-FOR-US: Brocade Fabric OS
 CVE-2021-27793 (ntermittent authorization failure in aaa tacacs+ with Brocade 
Fabric O ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ceeeffeebd95de4064ef5bcb67c5b342a65ba2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52ceeeffeebd95de4064ef5bcb67c5b342a65ba2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to