Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b53a10f5 by security tracker role at 2023-12-21T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,159 @@
+CVE-2023-7047 (Inadequate validation of permissions when employing remote
tools and ...)
+ TODO: check
+CVE-2023-7042 (A null pointer dereference vulnerability was found in
ath10k_wmi_tlv_o ...)
+ TODO: check
+CVE-2023-7041 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2023-7040 (A vulnerability classified as problematic was found in codelyfe
Stupid ...)
+ TODO: check
+CVE-2023-7039 (A vulnerability classified as critical has been found in
Beijing Baich ...)
+ TODO: check
+CVE-2023-7038 (A vulnerability was found in automad up to 1.10.9. It has been
rated a ...)
+ TODO: check
+CVE-2023-7037 (A vulnerability was found in automad up to 1.10.9. It has been
declare ...)
+ TODO: check
+CVE-2023-7036 (A vulnerability was found in automad up to 1.10.9. It has been
classif ...)
+ TODO: check
+CVE-2023-7035 (A vulnerability was found in automad up to 1.10.9 and
classified as pr ...)
+ TODO: check
+CVE-2023-6546 (A race condition was found in the GSM 0710 tty multiplexor in
the Linu ...)
+ TODO: check
+CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-6122 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-5989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-5988 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-5594 (Improper validation of the server\u2019s certificate chain in
secure t ...)
+ TODO: check
+CVE-2023-51655 (In JetBrains IntelliJ IDEA before 2023.3.2 code execution was
possible ...)
+ TODO: check
+CVE-2023-51442 (Navidrome is an open source web-based music collection server
and stre ...)
+ TODO: check
+CVE-2023-51052 (S-CMS v5.0 was discovered to contain a SQL injection
vulnerability via ...)
+ TODO: check
+CVE-2023-51051 (S-CMS v5.0 was discovered to contain a SQL injection
vulnerability via ...)
+ TODO: check
+CVE-2023-51050 (S-CMS v5.0 was discovered to contain a SQL injection
vulnerability via ...)
+ TODO: check
+CVE-2023-51049 (S-CMS v5.0 was discovered to contain a SQL injection
vulnerability via ...)
+ TODO: check
+CVE-2023-51048 (S-CMS v5.0 was discovered to contain a SQL injection
vulnerability via ...)
+ TODO: check
+CVE-2023-50834 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50833 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50832 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50830 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50829 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50828 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50827 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50826 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50825 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50824 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50823 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50822 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50732 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2023-50724 (Resque (pronounced like "rescue") is a Redis-backed library
for creati ...)
+ TODO: check
+CVE-2023-50481 (An issue was discovered in blinksocks version 3.3.8, allows
remote att ...)
+ TODO: check
+CVE-2023-50477 (An issue was discovered in nos client version 0.6.6, allows
remote att ...)
+ TODO: check
+CVE-2023-50475 (An issue was discovered in bcoin-org bcoin version 2.2.0,
allows remot ...)
+ TODO: check
+CVE-2023-50473 (Cross-Site Scripting (XSS) vulnerability in bill-ahmed
qbit-matUI vers ...)
+ TODO: check
+CVE-2023-50377 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50119
+ REJECTED
+CVE-2023-4256 (Within tcpreplay's tcprewrite, a double free vulnerability has
been id ...)
+ TODO: check
+CVE-2023-4255 (An out-of-bounds write issue has been discovered in the
backspace hand ...)
+ TODO: check
+CVE-2023-49826 (Deserialization of Untrusted Data vulnerability in PenciDesign
Soledad ...)
+ TODO: check
+CVE-2023-49778 (Deserialization of Untrusted Data vulnerability in Hakan
Demiray Sayfa ...)
+ TODO: check
+CVE-2023-49765 (Authorization Bypass Through User-Controlled Key vulnerability
in Blaz ...)
+ TODO: check
+CVE-2023-49762 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-49162 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-48288 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-48116 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows
stored X ...)
+ TODO: check
+CVE-2023-48115 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows
stored D ...)
+ TODO: check
+CVE-2023-48114 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows
stored X ...)
+ TODO: check
+CVE-2023-47527 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47525 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47191 (Authorization Bypass Through User-Controlled Key vulnerability
in Kain ...)
+ TODO: check
+CVE-2023-46791 (Online Matrimonial Project v1.0 is vulnerable to multiple
Unauthentica ...)
+ TODO: check
+CVE-2023-45127 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45126 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45125 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45124 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45123 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45122 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45121 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45120 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45119 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45118 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45117 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45116 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-45115 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+ TODO: check
+CVE-2023-44482 (Leave Management System Project v1.0 is vulnerable to multiple
Authent ...)
+ TODO: check
+CVE-2023-44481 (Leave Management System Project v1.0 is vulnerable to multiple
Authent ...)
+ TODO: check
+CVE-2023-40058 (Sensitive data was added to our public-facing knowledgebase
that, if e ...)
+ TODO: check
+CVE-2023-32799 (Authorization Bypass Through User-Controlled Key vulnerability
in WooC ...)
+ TODO: check
+CVE-2023-32747 (Authorization Bypass Through User-Controlled Key vulnerability
in WooC ...)
+ TODO: check
+CVE-2023-32242 (Deserialization of Untrusted Data vulnerability in xtemos
WoodMart - M ...)
+ TODO: check
+CVE-2023-2487 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2023-XXXX [SMTP smuggling attack]
- postfix <unfixed> (bug #1059230)
NOTE:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
@@ -6,15 +162,15 @@ CVE-2023-XXXX [SMTP smuggling attack]
NOTE: postfix:
https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html
NOTE: postfix: Short-term Mitigation: smtpd_forbid_unauth_pipelining =
yes
TODO: track other major mailserver implementations
-CVE-2023-48291
+CVE-2023-48291 (Apache Airflow, in versions prior to 2.8.0, contains a
security vulner ...)
- airflow <itp> (bug #819700)
-CVE-2023-47265
+CVE-2023-47265 (Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS
vulnerab ...)
- airflow <itp> (bug #819700)
-CVE-2023-49920
+CVE-2023-49920 (Apache Airflow, version 2.7.0 through 2.7.3, has a
vulnerability that ...)
- airflow <itp> (bug #819700)
-CVE-2023-50783
+CVE-2023-50783 (Apache Airflow, versions before 2.8.0, is affected by a
vulnerability ...)
- airflow <itp> (bug #819700)
-CVE-2023-51656
+CVE-2023-51656 (Deserialization of Untrusted Data vulnerability in Apache
IoTDB.This i ...)
NOT-FOR-US: Apache IoTDB
CVE-2023-XXXX [RUSTSEC-2023-0075]
- rust-unsafe-libyaml <unfixed> (bug #1059234)
@@ -25,6 +181,7 @@ CVE-2023-7026 (A vulnerability was found in Lightxun IPTV
Gateway up to 20231208
CVE-2023-7025 (A vulnerability was found in KylinSoft hedron-domain-hook up to
3.8.0. ...)
NOT-FOR-US: KylinSoft hedron-domain-hook
CVE-2023-7024
+ {DSA-5585-1}
- chromium 120.0.6099.129-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-7023 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has
been ra ...)
@@ -397,22 +554,25 @@ CVE-2023-34027 (Deserialization of Untrusted Data
vulnerability in Rajnish Arora
CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4
and cla ...)
NOT-FOR-US: pedroetb tts-api
CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally
signed text ...)
+ {DSA-5582-1}
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762
CVE-2023-50761 (The signature of a digitally signed S/MIME email message may
optionall ...)
+ {DSA-5582-1}
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`.
This iss ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs
showed e ...)
+ {DSA-5582-1}
- firefox 121.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873
CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5,
and Thun ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -441,7 +601,7 @@ CVE-2023-6868 (In some instances, the user-agent would
allow push requests which
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a
heap buff ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -455,7 +615,7 @@ CVE-2023-6867 (The timing of a button click causing a popup
to disappear was app
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures
produced ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -466,7 +626,7 @@ CVE-2023-6866 (TypedArrays can be fallible and lacked
proper exception handling.
- firefox 121.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
CVE-2023-6859 (A use-after-free condition affected TLS socket creation when
under mem ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -474,7 +634,7 @@ CVE-2023-6859 (A use-after-free condition affected TLS
socket creation when unde
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in
`nsTextFragment` ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -482,7 +642,7 @@ CVE-2023-6858 (Firefox was susceptible to a heap buffer
overflow in `nsTextFragm
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer
passed to ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -496,7 +656,7 @@ CVE-2023-6865 (`EncryptingOutputStream` was susceptible to
exposing uninitialize
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a
heap buf ...)
- {DSA-5581-1}
+ {DSA-5582-1 DSA-5581-1}
- firefox 121.0-1
- firefox-esr 115.6.0esr-1
- thunderbird 1:115.6.0-1
@@ -2897,7 +3057,7 @@ CVE-2023-35618 (Microsoft Edge (Chromium-based) Elevation
of Privilege Vulnerabi
CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management
security ...)
NOT-FOR-US: Dell
CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated
Peripheral ...)
- {DLA-3689-1}
+ {DSA-5584-1 DLA-3689-1}
[experimental] - bluez 5.70-1.1~exp0
- bluez 5.70-1.1 (bug #1057914)
NOTE:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
@@ -15075,7 +15235,7 @@ CVE-2023-4129 (Dell Data Protection Central, version
19.9, contains an Inadequat
NOT-FOR-US: Dell
CVE-2023-4003 (One Identity Password Manager version 5.9.7.1 -An
unauthenticated atta ...)
NOT-FOR-US: One Identity Password Manager
-CVE-2023-2585
+CVE-2023-2585 (Keycloak's device authorization grant does not correctly
validate the ...)
NOT-FOR-US: Keycloak
CVE-2023-2422 (A flaw was found in Keycloak. A Keycloak server configured to
support ...)
NOT-FOR-US: Keycloak
@@ -42403,8 +42563,8 @@ CVE-2023-28423 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-28422 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability
in Mage ...)
NOT-FOR-US: WooCommerce plugin
-CVE-2023-28421
- RESERVED
+CVE-2023-28421 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2023-28420 (Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro
Custom ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28419 (Cross-Site Request Forgery (CSRF) vulnerability in Stranger
Studios Fo ...)
@@ -60086,8 +60246,8 @@ CVE-2023-22676
RESERVED
CVE-2023-22675
RESERVED
-CVE-2023-22674
- RESERVED
+CVE-2023-22674 (Missing Authorization, Cross-Site Request Forgery (CSRF)
vulnerability ...)
+ TODO: check
CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet
Website Mon ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22672 (Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe
vSlider Mul ...)
@@ -71720,8 +71880,8 @@ CVE-2022-45379 (Jenkins Script Security Plugin
1189.vb_a_b_7c8fd5fde and earlier
NOT-FOR-US: Jenkins Script Security Plugin
CVE-2022-45378 (In the default configuration of Apache SOAP, an
RPCRouterServlet is av ...)
NOT-FOR-US: Apache SOAP
-CVE-2022-45377
- RESERVED
+CVE-2022-45377 (Unrestricted Upload of File with Dangerous Type vulnerability
in Glen ...)
+ TODO: check
CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side
Cart Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b53a10f54b3672e758b79d1fc1f49161ff3668f0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b53a10f54b3672e758b79d1fc1f49161ff3668f0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
