Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b0444ba by security tracker role at 2024-01-02T20:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,44 @@
-CVE-2023-6693 [virtio-net: stack buffer overflow in virtio_net_flush_tx()]
+CVE-2024-0193 (A use-after-free flaw was found in the netfilter subsystem of
the Linu ...)
+ TODO: check
+CVE-2024-0192 (A vulnerability was found in RRJ Nueva Ecija Engineer Online
Portal 1. ...)
+ TODO: check
+CVE-2024-0191 (A vulnerability was found in RRJ Nueva Ecija Engineer Online
Portal 1. ...)
+ TODO: check
+CVE-2024-0190 (A vulnerability was found in RRJ Nueva Ecija Engineer Online
Portal 1. ...)
+ TODO: check
+CVE-2024-0189 (A vulnerability has been found in RRJ Nueva Ecija Engineer
Online Port ...)
+ TODO: check
+CVE-2024-0188 (A vulnerability, which was classified as problematic, was found
in RRJ ...)
+ TODO: check
+CVE-2023-6752
+ REJECTED
+CVE-2023-6436 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2023-51652 (OWASP AntiSamy .NET is a library for performing cleansing of
HTML comi ...)
+ TODO: check
+CVE-2023-50711 (vmm-sys-util is a collection of modules that provides helpers
and util ...)
+ TODO: check
+CVE-2023-50333 (Mattermost fails to update the permissions of the current
session for ...)
+ TODO: check
+CVE-2023-4280 (An unvalidated input in Silicon Labs TrustZone implementation
in v4.3. ...)
+ TODO: check
+CVE-2023-49794 (KernelSU is a Kernel-based root solution for Android devices.
In versi ...)
+ TODO: check
+CVE-2023-48732 (Mattermost fails to scope the WebSocket response around
notified users ...)
+ TODO: check
+CVE-2023-48721
+ REJECTED
+CVE-2023-48419 (An attacker in the wifi vicinity of a target Google Home can
spy on th ...)
+ TODO: check
+CVE-2023-47858 (Mattermost fails to properly verify the permissions needed for
viewing ...)
+ TODO: check
+CVE-2018-25097 (A vulnerability, which was classified as problematic, was
found in Acu ...)
+ TODO: check
+CVE-2017-20188 (A vulnerability has been found in Zimbra zm-ajax up to 8.8.1
and class ...)
+ TODO: check
+CVE-2015-10128 (A vulnerability was found in rt-prettyphoto Plugin up to 1.2
on WordPr ...)
+ TODO: check
+CVE-2023-6693 (A stack based buffer overflow was found in the virtio-net
device of QE ...)
- qemu 1:8.2.0+ds-3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254580
NOTE: Introduced by:
https://gitlab.com/qemu-project/qemu/-/commit/e22f0603fb2fc274920a9e3a1d1306260b9a4cc4
(v5.1.0-rc0)
@@ -216,7 +256,7 @@ CVE-2021-46900 (Sympa before 6.2.62 relies on a cookie
parameter for certain sec
[bullseye] - sympa <no-dsa> (Minor issue)
NOTE: https://www.sympa.community/security/2021-001.html
NOTE: https://github.com/sympa-community/sympa/issues/1091
-CVE-2023-7192 [netfilter: ctnetlink: fix possible refcount leak in
ctnetlink_create_conntrack()]
+CVE-2023-7192 (A memory leak problem was found in ctnetlink_create_conntrack
in net/n ...)
- linux 6.1.20-1
[bullseye] - linux 5.10.178-1
[buster] - linux 4.19.282-1
@@ -735,7 +775,7 @@ CVE-2023-34829 (Incorrect access control in TP-Link Tapo
before v3.1.315 allows
CVE-2023-7116 (A vulnerability, which was classified as critical, has been
found in W ...)
NOT-FOR-US: WeiYe-Jing datax-web
CVE-2023-6531
- {DSA-5593-1}
+ {DSA-5594-1 DSA-5593-1}
- linux 6.6.8-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/705318a99a138c29a512a72c3e0043b3cd7f55f4 (6.7-rc5)
@@ -938,15 +978,15 @@ CVE-2023-45737 (Stored cross-site scripting vulnerability
exists in the App Sett
CVE-2023-42436 (Stored cross-site scripting vulnerability exists in the
presentation f ...)
NOT-FOR-US: GROWI
CVE-2023-51782 (An issue was discovered in the Linux kernel before 6.6.8.
rose_ioctl i ...)
- {DSA-5593-1}
+ {DSA-5594-1 DSA-5593-1}
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/810c38a369a0a0ce625b5c12169abce1dd9ccd53 (6.7-rc6)
CVE-2023-51781 (An issue was discovered in the Linux kernel before 6.6.8.
atalk_ioctl ...)
- {DSA-5593-1}
+ {DSA-5594-1 DSA-5593-1}
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/189ff16722ee36ced4d2a2469d4ab65a8fee4198 (6.7-rc6)
CVE-2023-51780 (An issue was discovered in the Linux kernel before 6.6.8.
do_vcc_ioctl ...)
- {DSA-5593-1}
+ {DSA-5594-1 DSA-5593-1}
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 (6.7-rc6)
CVE-2023-51779 (bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux
kernel th ...)
@@ -1349,31 +1389,41 @@ CVE-2023-51380 (An incorrect authorization
vulnerability was identified in GitHu
NOT-FOR-US: GitHub Enterprise Server
CVE-2023-51379 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
NOT-FOR-US: GitHub Enterprise Server
-CVE-2023-49690 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49690
+ REJECTED
NOT-FOR-US: Job Portal
CVE-2023-49689 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
NOT-FOR-US: Job Portal
CVE-2023-49688 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
NOT-FOR-US: Job Portal
-CVE-2023-49687 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49687
+ REJECTED
NOT-FOR-US: Job Portal
-CVE-2023-49686 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49686
+ REJECTED
NOT-FOR-US: Job Portal
-CVE-2023-49685 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49685
+ REJECTED
NOT-FOR-US: Job Portal
-CVE-2023-49684 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49684
+ REJECTED
NOT-FOR-US: Job Portal
-CVE-2023-49683 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49683
+ REJECTED
NOT-FOR-US: Job Portal
-CVE-2023-49682 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49682
+ REJECTED
NOT-FOR-US: Job Portal
CVE-2023-49681 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
NOT-FOR-US: Job Portal
-CVE-2023-49680 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49680
+ REJECTED
NOT-FOR-US: Job Portal
-CVE-2023-49679 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49679
+ REJECTED
NOT-FOR-US: Job Portal
-CVE-2023-49678 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
+CVE-2023-49678
+ REJECTED
NOT-FOR-US: Job Portal
CVE-2023-49677 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL
Injectio ...)
NOT-FOR-US: Job Portal
@@ -1385,29 +1435,35 @@ CVE-2023-49084 (Cacti is a robust performance and fault
management framework and
- cacti 1.2.26+ds1-1 (bug #1059254)
NOTE:
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
NOTE:
https://github.com/Cacti/cacti/commit/58a980f335980ab57659420053d89d4e721ae3fc
-CVE-2023-48723 (Student Result Management System v1.0 is vulnerable to
multiple Unauth ...)
+CVE-2023-48723
+ REJECTED
NOT-FOR-US: Student Result Management System
CVE-2023-48722 (Student Result Management System v1.0 is vulnerable to
multiple Unauth ...)
NOT-FOR-US: Student Result Management System
CVE-2023-48720 (Student Result Management System v1.0 is vulnerable to
multiple Unauth ...)
NOT-FOR-US: Student Result Management System
-CVE-2023-48719 (Student Result Management System v1.0 is vulnerable to
multiple Unauth ...)
+CVE-2023-48719
+ REJECTED
NOT-FOR-US: Student Result Management System
CVE-2023-48718 (Student Result Management System v1.0 is vulnerable to
multiple Unauth ...)
NOT-FOR-US: Student Result Management System
-CVE-2023-48717 (Student Result Management System v1.0 is vulnerable to
multiple Unauth ...)
+CVE-2023-48717
+ REJECTED
NOT-FOR-US: Student Result Management System
CVE-2023-48716 (Student Result Management System v1.0 is vulnerable to
multiple Unauth ...)
NOT-FOR-US: Student Result Management System
-CVE-2023-48690 (Railway Reservation System v1.0 is vulnerable to multiple
Unauthentica ...)
+CVE-2023-48690
+ REJECTED
NOT-FOR-US: Railway Reservation System
CVE-2023-48689 (Railway Reservation System v1.0 is vulnerable to multiple
Unauthentica ...)
NOT-FOR-US: Railway Reservation System
-CVE-2023-48688 (Railway Reservation System v1.0 is vulnerable to multiple
Unauthentica ...)
+CVE-2023-48688
+ REJECTED
NOT-FOR-US: Railway Reservation System
CVE-2023-48687 (Railway Reservation System v1.0 is vulnerable to multiple
Unauthentica ...)
NOT-FOR-US: Railway Reservation System
-CVE-2023-48686 (Railway Reservation System v1.0 is vulnerable to multiple
Unauthentica ...)
+CVE-2023-48686
+ REJECTED
NOT-FOR-US: Railway Reservation System
CVE-2023-48685 (Railway Reservation System v1.0 is vulnerable to multiple
Unauthentica ...)
NOT-FOR-US: Railway Reservation System
@@ -1571,17 +1627,23 @@ CVE-2023-47191 (Authorization Bypass Through
User-Controlled Key vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-46791 (Online Matrimonial Project v1.0 is vulnerable to multiple
Unauthentica ...)
NOT-FOR-US: Online Matrimonial Project
-CVE-2023-45127 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+CVE-2023-45127
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45126 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+CVE-2023-45126
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45125 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+CVE-2023-45125
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45124 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+CVE-2023-45124
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45123 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+CVE-2023-45123
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45122 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
+CVE-2023-45122
+ REJECTED
NOT-FOR-US: Online Examination System
CVE-2023-45121 (Online Examination System v1.0 is vulnerable to multiple
Authenticated ...)
NOT-FOR-US: Online Examination System
@@ -1923,11 +1985,12 @@ CVE-2023-6945 (A vulnerability has been found in
SourceCodester Online Student M
CVE-2023-6944
NOT-FOR-US: Red Hat Developer Hub (RHDH)
CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp
compon ...)
+ {DSA-5594-1}
- linux 6.6.8-1
[bookworm] - linux 6.1.66-1
NOTE:
https://git.kernel.org/linus/e2b706c691905fe78468c361aaabc719d0a496f1 (6.7-rc4)
CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's
Perform ...)
- {DSA-5593-1}
+ {DSA-5594-1 DSA-5593-1}
- linux 6.6.8-1
NOTE:
https://git.kernel.org/linus/382c27f4ed28f803b1f1473ac2d8db0afc795a1b (6.7-rc5)
CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou
Life a ...)
@@ -2236,7 +2299,7 @@ CVE-2023-6920
CVE-2023-6911 (Multiple WSO2 products have been identified as vulnerable due
to impro ...)
NOT-FOR-US: WSO2
CVE-2023-6817 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
- {DSA-5593-1}
+ {DSA-5594-1 DSA-5593-1}
- linux 6.6.8-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/317eb9685095678f2c9f5a8189de698c5354316a (6.7-rc5)
@@ -7906,6 +7969,7 @@ CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to
4.0.10 allows denial of
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-28.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19369
CVE-2023-6121 (An out-of-bounds read vulnerability was found in the
NVMe-oF/TCP subsy ...)
+ {DSA-5594-1}
- linux 6.6.8-1
[bookworm] - linux 6.1.64-1
NOTE:
https://lore.kernel.org/linux-nvme/b58a2dc6-cc8f-4d19-9efe-e1d5b4505...@nvidia.com/T/
@@ -9613,15 +9677,18 @@ CVE-2023-46769 (Use-After-Free (UAF) vulnerability in
the dubai module. Success
NOT-FOR-US: Huawei
CVE-2023-46768 (Multi-thread vulnerability in the idmap module. Successful
exploitatio ...)
NOT-FOR-US: Huawei
-CVE-2023-46680 (Online Job Portal v1.0 is vulnerable to multiple
Unauthenticated SQL I ...)
+CVE-2023-46680
+ REJECTED
NOT-FOR-US: Online Job Portal
CVE-2023-46679 (Online Job Portal v1.0 is vulnerable to multiple
Unauthenticated SQL I ...)
NOT-FOR-US: Online Job Portal
-CVE-2023-46678 (Online Job Portal v1.0 is vulnerable to multiple
Unauthenticated SQL I ...)
+CVE-2023-46678
+ REJECTED
NOT-FOR-US: Online Job Portal
CVE-2023-46677 (Online Job Portal v1.0 is vulnerable to multiple
Unauthenticated SQL I ...)
NOT-FOR-US: Online Job Portal
-CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple
Unauthenticated SQL I ...)
+CVE-2023-46676
+ REJECTED
NOT-FOR-US: Online Job Portal
CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0
allows an at ...)
NOT-FOR-US: timetec AWDMS
@@ -10378,27 +10445,34 @@ CVE-2023-45341 (Online Food Ordering System v1.0 is
vulnerable to multiple Unaut
NOT-FOR-US: Online Food Ordering System
CVE-2023-45340 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45339 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
+CVE-2023-45339
+ REJECTED
NOT-FOR-US: Online Food Ordering System
CVE-2023-45338 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45337 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
+CVE-2023-45337
+ REJECTED
NOT-FOR-US: Online Food Ordering System
CVE-2023-45336 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45335 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
+CVE-2023-45335
+ REJECTED
NOT-FOR-US: Online Food Ordering System
CVE-2023-45334 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45333 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
+CVE-2023-45333
+ REJECTED
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45332 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
+CVE-2023-45332
+ REJECTED
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45331 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
+CVE-2023-45331
+ REJECTED
NOT-FOR-US: Online Food Ordering System
CVE-2023-45330 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45329 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
+CVE-2023-45329
+ REJECTED
NOT-FOR-US: Online Food Ordering System
CVE-2023-45328 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
@@ -10408,7 +10482,8 @@ CVE-2023-45326 (Online Food Ordering System v1.0 is
vulnerable to multiple Unaut
NOT-FOR-US: Online Food Ordering System
CVE-2023-45325 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
-CVE-2023-45324 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
+CVE-2023-45324
+ REJECTED
NOT-FOR-US: Online Food Ordering System
CVE-2023-45323 (Online Food Ordering System v1.0 is vulnerable to multiple
Unauthentic ...)
NOT-FOR-US: Online Food Ordering System
@@ -10451,11 +10526,14 @@ CVE-2023-45202 (Online Examination System v1.0 is
vulnerable to multiple Open Re
NOT-FOR-US: Online Examination System
CVE-2023-45201 (Online Examination System v1.0 is vulnerable to multiple Open
Redirect ...)
NOT-FOR-US: Online Examination System
-CVE-2023-45114 (Online Examination System v1.0 is vulnerable to multiple
Unauthenticat ...)
+CVE-2023-45114
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45113 (Online Examination System v1.0 is vulnerable to multiple
Unauthenticat ...)
+CVE-2023-45113
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45112 (Online Examination System v1.0 is vulnerable to multiple
Unauthenticat ...)
+CVE-2023-45112
+ REJECTED
NOT-FOR-US: Online Examination System
CVE-2023-45111 (Online Examination System v1.0 is vulnerable to multiple
Unauthenticat ...)
NOT-FOR-US: Online Examination System
@@ -10463,15 +10541,19 @@ CVE-2023-45019 (Online Bus Booking System v1.0 is
vulnerable to multiple Unauthe
NOT-FOR-US: Online Examination System
CVE-2023-45018 (Online Bus Booking System v1.0 is vulnerable to multiple
Unauthenticat ...)
NOT-FOR-US: Online Examination System
-CVE-2023-45017 (Online Bus Booking System v1.0 is vulnerable to multiple
Unauthenticat ...)
+CVE-2023-45017
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45016 (Online Bus Booking System v1.0 is vulnerable to multiple
Unauthenticat ...)
+CVE-2023-45016
+ REJECTED
NOT-FOR-US: Online Examination System
CVE-2023-45015 (Online Bus Booking System v1.0 is vulnerable to multiple
Unauthenticat ...)
NOT-FOR-US: Online Examination System
-CVE-2023-45014 (Online Bus Booking System v1.0 is vulnerable to multiple
Unauthenticat ...)
+CVE-2023-45014
+ REJECTED
NOT-FOR-US: Online Examination System
-CVE-2023-45013 (Online Bus Booking System v1.0 is vulnerable to multiple
Unauthenticat ...)
+CVE-2023-45013
+ REJECTED
NOT-FOR-US: Online Examination System
CVE-2023-45012 (Online Bus Booking System v1.0 is vulnerable to multiple
Unauthenticat ...)
NOT-FOR-US: Online Examination System
@@ -10643,7 +10725,8 @@ CVE-2023-5515 (The responses for web queries with
certain parameters disclose in
NOT-FOR-US: Hitachi
CVE-2023-5514 (The response messages received from the eSOMS report generation
using ...)
NOT-FOR-US: Hitachi
-CVE-2023-5306 (Online Blood Donation Management System v1.0 is vulnerable to
multiple ...)
+CVE-2023-5306
+ REJECTED
NOT-FOR-US: Online Blood Donation Management System
CVE-2023-4198 (Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows
an unaut ...)
- dolibarr <removed>
@@ -10669,11 +10752,13 @@ CVE-2023-46378 (Stored Cross Site Scripting (XSS)
vulnerability in MiniCMS 1.1.1
NOT-FOR-US: MiniCMS
CVE-2023-46278 (Uncontrolled resource consumption vulnerability in Cybozu
Remote Servi ...)
NOT-FOR-US: Cybozu
-CVE-2023-44486 (Online Blood Donation Management System v1.0 is vulnerable to
multiple ...)
+CVE-2023-44486
+ REJECTED
NOT-FOR-US: Online Blood Donation Management System
-CVE-2023-44485 (Online Blood Donation Management System v1.0 is vulnerable to
multiple ...)
+CVE-2023-44485
+ REJECTED
NOT-FOR-US: Online Blood Donation Management System
-CVE-2023-44484 (Online Blood Donation Management System v1.0 is vulnerable to
multiple ...)
+CVE-2023-44484 (Online Blood Donation Management System v1.0 is vulnerable to
a Stored ...)
NOT-FOR-US: Online Blood Donation Management System
CVE-2023-43295 (Cross Site Request Forgery vulnerability in Click Studios (SA)
Pty Ltd ...)
NOT-FOR-US: Click Studios (SA) Pty Ltd Passwordstate
@@ -11084,6 +11169,7 @@ CVE-2023-5837 (A vulnerability classified as
problematic was found in AlexanderL
CVE-2023-5836 (A vulnerability was found in SourceCodester Task Reminder
System 1.0. ...)
NOT-FOR-US: SourceCodester Task Reminder System
CVE-2023-46862 (An issue was discovered in the Linux kernel through 6.5.9.
During a ra ...)
+ {DSA-5594-1}
- linux 6.5.10-1
[bookworm] - linux 6.1.64-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -11276,9 +11362,11 @@ CVE-2023-46246 (Vim is an improved version of the good
old UNIX editor Vi. Heap-
NOTE: https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
NOTE:
https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
(v9.0.2068)
NOTE: Crash in CLI tool, no security impact
-CVE-2023-44377 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+CVE-2023-44377
+ REJECTED
NOT-FOR-US: Online Art Gallery
-CVE-2023-44376 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+CVE-2023-44376
+ REJECTED
NOT-FOR-US: Online Art Gallery
CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder
System 1.0. ...)
NOT-FOR-US: SourceCodester Task Reminder System
@@ -11332,19 +11420,24 @@ CVE-2023-45499 (VinChin Backup & Recovery v5.0.*,
v6.0.*, v6.7.*, and v7.0.* was
NOT-FOR-US: VinChin Backup & Recovery
CVE-2023-45498 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.*
was disco ...)
NOT-FOR-US: VinChin Backup & Recovery
-CVE-2023-44375 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+CVE-2023-44375
+ REJECTED
NOT-FOR-US: Online Art Gallery
-CVE-2023-44268 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+CVE-2023-44268
+ REJECTED
NOT-FOR-US: Online Art Gallery
CVE-2023-44220 (SonicWall NetExtender Windows (32-bit and 64-bit) client
10.2.336 and ...)
NOT-FOR-US: SonicWall
CVE-2023-44219 (A local privilege escalation vulnerability in SonicWall
Directory Serv ...)
NOT-FOR-US: SonicWall
-CVE-2023-44162 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+CVE-2023-44162
+ REJECTED
NOT-FOR-US: Online Art Gallery
-CVE-2023-43738 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+CVE-2023-43738
+ REJECTED
NOT-FOR-US: Online Art Gallery
-CVE-2023-43737 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+CVE-2023-43737
+ REJECTED
NOT-FOR-US: Online Art Gallery
CVE-2023-43352 (An issue in CMSmadesimple v.2.2.18 allows a local attacker to
execute ...)
NOT-FOR-US: CMSmadesimple
@@ -11374,6 +11467,7 @@ CVE-2023-33559 (A local file inclusion vulnerability
via the lang parameter in O
CVE-2023-33558 (An information disclosure vulnerability in the component
users-grid-da ...)
NOT-FOR-US: OcoMon
CVE-2023-46813 (An issue was discovered in the Linux kernel before 6.5.9,
exploitable ...)
+ {DSA-5594-1}
- linux 6.5.10-1
[bookworm] - linux 6.1.64-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -11569,6 +11663,7 @@ CVE-2023-45872
- qt6-svg <not-affected> (Doesn't affect any version uploaded to
unstable)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2246067
CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's
Linux K ...)
+ {DSA-5594-1}
- linux 6.5.10-1
[bookworm] - linux 6.1.64-1
NOTE:
https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7)
@@ -12423,6 +12518,7 @@ CVE-2023-46846 (SQUID is vulnerable to HTTP request
smuggling, caused by chunked
- squid3 <removed>
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
CVE-2023-5178 (A use-after-free vulnerability was found in
drivers/nvme/target/tcp.c` ...)
+ {DSA-5594-1}
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -13758,6 +13854,7 @@ CVE-2023-45871 (An issue was discovered in
drivers/net/ethernet/intel/igb/igb_ma
[bullseye] - linux 5.10.197-1
NOTE:
https://git.kernel.org/linus/bb5ed01cd2428cd25b1c88a3a9cba87055eb289f (6.6-rc1)
CVE-2023-45863 (An issue was discovered in lib/kobject.c in the Linux kernel
before 6. ...)
+ {DSA-5594-1}
- linux 6.1.20-1
NOTE:
https://git.kernel.org/linus/3bb2a01caa813d3a1845d378bbe4169ef280d394 (6.3-rc1)
CVE-2023-45862 (An issue was discovered in drivers/usb/storage/ene_ub6250.c
for the EN ...)
@@ -14932,6 +15029,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of
service (server resource
NOTE: - apache2: https://chaos.social/@icing/111210915918780532
NOTE: - lighttpd:
https://www.openwall.com/lists/oss-security/2023/10/13/9
CVE-2023-34324 [linux/xen: Possible deadlock in Linux kernel event handling]
+ {DSA-5594-1}
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE: https://xenbits.xen.org/xsa/advisory-441.html
@@ -17276,6 +17374,7 @@ CVE-2023-43040 [Improperly verified POST keys]
NOTE: https://github.com/ceph/ceph/pull/53714
NOTE: Fixed by:
https://github.com/ceph/ceph/commit/100d81aa060f061271499f1fa28dbdc06de443fd
(main)
CVE-2023-5197 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
+ {DSA-5594-1}
- linux 6.5.6-1
[bookworm] - linux 6.1.64-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -30588,6 +30687,7 @@ CVE-2023-35828 (An issue was discovered in the Linux
kernel before 6.3.2. A use-
NOTE: USB_RENESAS_USB3 not enabled in Debian
NOTE: Only "exploitable" by removing the module which needs root
privileges
CVE-2023-35827 (An issue was discovered in the Linux kernel through 6.3.8. A
use-after ...)
+ {DSA-5594-1}
- linux 6.5.8-1
[bookworm] - linux 6.1.64-1
NOTE:
https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1%40huawei.com/T/
@@ -49946,6 +50046,7 @@ CVE-2023-25779
CVE-2023-25777
RESERVED
CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller
RDMA drive ...)
+ {DSA-5594-1}
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
NOTE:
https://git.kernel.org/linus/bb6d73d9add68ad270888db327514384dfa44958
@@ -94239,8 +94340,8 @@ CVE-2022-38774 (An issue was discovered in the
quarantine feature of Elastic End
NOT-FOR-US: Elastic Endpoint Security
CVE-2022-38773 (Affected devices do not contain an Immutable Root of Trust in
Hardware ...)
NOT-FOR-US: Siemens
-CVE-2022-3010
- RESERVED
+CVE-2022-3010 (The Priva TopControl Suite containspredictable credentials for
the SSH ...)
+ TODO: check
CVE-2022-3009
RESERVED
CVE-2022-3008 (The tinygltf library uses the C library function wordexp() to
perform ...)
@@ -148328,6 +148429,7 @@ CVE-2021-44881 (D-Link device DIR_882
DIR_882_FW1.30B06_Hotfix_02 was discovered
CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882
DIR_882 ...)
NOT-FOR-US: D-Link
CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before
5.16.3, ...)
+ {DSA-5594-1}
- linux 5.16.7-1
[stretch] - linux <ignored> (Minor issue; f2fs is not supportable)
NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b0444ba063f7daf0fdc367f9ed75b8a2e8fb130
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b0444ba063f7daf0fdc367f9ed75b8a2e8fb130
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
