[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 25 21:12:39 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9cf37587 by security tracker role at 2023-08-25T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,136 @@
-CVE-2023-40217
+CVE-2023-4534 (A vulnerability, which was classified as problematic, was found in Neo ...)
+ TODO: check
+CVE-2023-4520 (The FV Flowplayer Video Player plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2023-4508 (A user able to control file input to Gerbv, between versions 2.4.0 and ...)
+ TODO: check
+CVE-2023-4478 (Mattermost fails to restrict which parameters' values it takes from th ...)
+ TODO: check
+CVE-2023-41250 (In JetBrains TeamCity before 2023.05.3 reflected XSS was possible duri ...)
+ TODO: check
+CVE-2023-41249 (In JetBrains TeamCity before 2023.05.3 reflected XSS was possible duri ...)
+ TODO: check
+CVE-2023-41248 (In JetBrains TeamCity before 2023.05.3 stored XSS was possible during ...)
+ TODO: check
+CVE-2023-41173 (AdGuard DNS before 2.2 allows remote attackers to cause a denial of se ...)
+ TODO: check
+CVE-2023-41167 (@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by c ...)
+ TODO: check
+CVE-2023-40915 (Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detec ...)
+ TODO: check
+CVE-2023-40802 (The get_parentControl_list_Info function does not verify the parameter ...)
+ TODO: check
+CVE-2023-40801 (The sub_451784 function does not validate the parameters entered by th ...)
+ TODO: check
+CVE-2023-40800 (The compare_parentcontrol_time function does not authenticate user inp ...)
+ TODO: check
+CVE-2023-40799 (Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_4 ...)
+ TODO: check
+CVE-2023-40798 (In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanPar ...)
+ TODO: check
+CVE-2023-40797 (In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not valida ...)
+ TODO: check
+CVE-2023-40796 (Phicomm k2 v22.6.529.216 is vulnerable to command injection.)
+ TODO: check
+CVE-2023-40599 (Regular expression Denial-of-Service (ReDoS) exists in multiple add-on ...)
+ TODO: check
+CVE-2023-40580 (Freighter is a Stellar chrome extension. It may be possible for a mali ...)
+ TODO: check
+CVE-2023-40579 (OpenFGA is an authorization/permission engine built for developers and ...)
+ TODO: check
+CVE-2023-40577 (Alertmanager handles alerts sent by client applications such as the Pr ...)
+ TODO: check
+CVE-2023-40570 (Datasette is an open source multi-tool for exploring and publishing da ...)
+ TODO: check
+CVE-2023-40568
+ REJECTED
+CVE-2023-40530 (Improper authorization in handler for custom URL scheme issue in 'Skyl ...)
+ TODO: check
+CVE-2023-40182 (Silverware Games is a premium social network where people can play gam ...)
+ TODO: check
+CVE-2023-40179 (Silverware Games is a premium social network where people can play gam ...)
+ TODO: check
+CVE-2023-40036 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
+ TODO: check
+CVE-2023-40031 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
+ TODO: check
+CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and compiles the pr ...)
+ TODO: check
+CVE-2023-40022 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ TODO: check
+CVE-2023-40017 (GeoNode is an open source platform that facilitates the creation, shar ...)
+ TODO: check
+CVE-2023-3425 (Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 ...)
+ TODO: check
+CVE-2023-3406 (Path Traversal issue in M-Files Classic Web versions below 23.6.12695. ...)
+ TODO: check
+CVE-2023-39742 (giflib v5.2.1 was discovered to contain a segmentation fault via the c ...)
+ TODO: check
+CVE-2023-39707 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...)
+ TODO: check
+CVE-2023-39700 (IceWarp Mail Server v10.4.5 was discovered to contain a reflected cros ...)
+ TODO: check
+CVE-2023-39699 (IceWarp Mail Server v10.4.5 was discovered to contain a local file inc ...)
+ TODO: check
+CVE-2023-39600 (IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
+CVE-2023-39521 (Tuleap is an open source suite to improve management of software devel ...)
+ TODO: check
+CVE-2023-39519 (Cloud Explorer Lite is an open source cloud management platform. Prior ...)
+ TODO: check
+CVE-2023-38974 (A stored cross-site scripting (XSS) vulnerability in the Edit Category ...)
+ TODO: check
+CVE-2023-38973 (A stored cross-site scripting (XSS) vulnerability in the Add Tag funct ...)
+ TODO: check
+CVE-2023-38508 (Tuleap is an open source suite to improve management of software devel ...)
+ TODO: check
+CVE-2023-38201 (A flaw was found in the Keylime registrar that could allow a bypass of ...)
+ TODO: check
+CVE-2023-37469 (CasaOS is an open-source personal cloud system. Prior to version 0.4.4 ...)
+ TODO: check
+CVE-2023-37249 (Infoblox NIOS through 8.5.1 has a faulty component that accepts malici ...)
+ TODO: check
+CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacke ...)
+ TODO: check
+CVE-2023-36198 (Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows ...)
+ TODO: check
+CVE-2023-32797 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
+ TODO: check
+CVE-2023-32757 (e-Excellence U-Office Force file uploading function does not restrict ...)
+ TODO: check
+CVE-2023-32756 (e-Excellence U-Office Force has a path traversal vulnerability within ...)
+ TODO: check
+CVE-2023-32755 (e-Excellence U-Office Force generates an error message in webiste serv ...)
+ TODO: check
+CVE-2023-32678 (Zulip is an open-source team collaboration tool with topic-based threa ...)
+ TODO: check
+CVE-2023-32603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...)
+ TODO: check
+CVE-2023-32598 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jo ...)
+ TODO: check
+CVE-2023-32596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolf ...)
+ TODO: check
+CVE-2023-32595 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pala ...)
+ TODO: check
+CVE-2023-32591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Clou ...)
+ TODO: check
+CVE-2023-32584 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John ...)
+ TODO: check
+CVE-2023-32577 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji ...)
+ TODO: check
+CVE-2023-32576 (Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Pla ...)
+ TODO: check
+CVE-2023-32575 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...)
+ TODO: check
+CVE-2023-32518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Ooga ...)
+ TODO: check
+CVE-2023-32079 (Netmaker makes networks with WireGuard. A Mass assignment vulnerabilit ...)
+ TODO: check
+CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct Object Refe ...)
+ TODO: check
+CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0 ...)
+ TODO: check
+CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...)
- python3.12 <unfixed>
- python3.11 3.11.5-1
- python3.10 3.10.13-1
@@ -590,18 +722,23 @@ CVE-2023-4433 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-
CVE-2023-4432 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-4431 (Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5 ...)
+ {DSA-5483-1}
- chromium 116.0.5845.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4430 (Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allo ...)
+ {DSA-5483-1}
- chromium 116.0.5845.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4429 (Use after free in Loader in Google Chrome prior to 116.0.5845.110 allo ...)
+ {DSA-5483-1}
- chromium 116.0.5845.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4428 (Out of bounds memory access in CSS in Google Chrome prior to 116.0.584 ...)
+ {DSA-5483-1}
- chromium 116.0.5845.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4427 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...)
+ {DSA-5483-1}
- chromium 116.0.5845.110-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to version ...)
@@ -1342,9 +1479,9 @@ CVE-2023-3263 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or
NOT-FOR-US: Trellix
CVE-2023-3262 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...)
NOT-FOR-US: Trellix
-CVE-2023-3261 (When adding a remote backup location, an authenticated user can pass a ...)
+CVE-2023-3261 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...)
NOT-FOR-US: Trellix
-CVE-2023-3260 (When adding a remote backup location, an authenticated user can pass a ...)
+CVE-2023-3260 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...)
NOT-FOR-US: Trellix
CVE-2023-3259 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...)
NOT-FOR-US: Trellix
@@ -29282,8 +29419,8 @@ CVE-2023-25983
RESERVED
CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25981
- RESERVED
+CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-25980
RESERVED
CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...)
@@ -29664,8 +29801,8 @@ CVE-2023-25850
RESERVED
CVE-2023-25849
RESERVED
-CVE-2023-25848
- RESERVED
+CVE-2023-25848 (ArcGIS Enterprise Server versions 11.0 and below have an information d ...)
+ TODO: check
CVE-2023-25847
RESERVED
CVE-2023-25846
@@ -30554,8 +30691,8 @@ CVE-2023-25651
RESERVED
CVE-2023-25650
RESERVED
-CVE-2023-25649
- RESERVED
+CVE-2023-25649 (There is a command injection vulnerability in a mobile internet produc ...)
+ TODO: check
CVE-2023-25648
RESERVED
CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...)
@@ -33431,10 +33568,10 @@ CVE-2023-24623 (Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent
NOT-FOR-US: Paranoidhttp
CVE-2023-24622 (isInList in the safeurl-python package before 1.2 for Python has an in ...)
NOT-FOR-US: safeurl-python
-CVE-2023-24621
- RESERVED
-CVE-2023-24620
- RESERVED
+CVE-2023-24621 (An issue was discovered in Esoteric YamlBeans through 1.15. It allows ...)
+ TODO: check
+CVE-2023-24620 (An issue was discovered in Esoteric YamlBeans through 1.15. A crafted ...)
+ TODO: check
CVE-2023-24619 (Redpanda before 22.3.12 discloses cleartext AWS credentials. The impor ...)
NOT-FOR-US: Redpanda
CVE-2023-24618
@@ -34401,8 +34538,8 @@ CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24394
- RESERVED
+CVE-2023-24394 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
CVE-2023-24393 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
@@ -39378,7 +39515,7 @@ CVE-2023-22817
RESERVED
CVE-2023-22816 (A post-authentication remote command injection vulnerability in a CGI ...)
NOT-FOR-US: Western Digital
-CVE-2023-22815 (Post-authentication remote command injection vulnerabilities in Wester ...)
+CVE-2023-22815 (Post-authentication remote command injection vulnerability in Western ...)
NOT-FOR-US: Western Digital
CVE-2023-22814 (An authentication bypass issue via spoofing was discovered in the toke ...)
NOT-FOR-US: Western Digital
@@ -45159,8 +45296,7 @@ CVE-2022-4454 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: m0ver bible-online
CVE-2022-4453 (The 3D FlipBook WordPress plugin through 1.13.2 does not validate or e ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4452
- RESERVED
+CVE-2022-4452 (Insufficient data validation in crosvm in Google Chrome prior to 107.0 ...)
NOT-FOR-US: Android
CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not validate an ...)
NOT-FOR-US: WordPress plugin
@@ -174175,8 +174311,8 @@ CVE-2021-27934
RESERVED
CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php Description fie ...)
NOT-FOR-US: pfSense
-CVE-2021-27932
- RESERVED
+CVE-2021-27932 (Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 ...)
+ TODO: check
CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...)
NOT-FOR-US: LumisXP (aka Lumis Experience Platform)
CVE-2021-27930 (Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which ...)
@@ -245625,8 +245761,8 @@ CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that
NOTE: https://github.com/wolfSSL/wolfssl/pull/2894/
CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...)
NOT-FOR-US: Open Upload
-CVE-2020-11711
- RESERVED
+CVE-2020-11711 (An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored ...)
+ TODO: check
CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...)
NOT-FOR-US: docker-kong
CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...)
@@ -293505,10 +293641,10 @@ CVE-2019-13691 (Insufficient validation of untrusted input in navigation in Goog
{DSA-4562-1}
- chromium 78.0.3904.87-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2019-13690
- RESERVED
-CVE-2019-13689
- RESERVED
+CVE-2019-13690 (Inappropriate implementation in OS in Google Chrome on ChromeOS prior ...)
+ TODO: check
+CVE-2019-13689 (Inappropriate implementation in OS in Google Chrome on ChromeOS prior ...)
+ TODO: check
CVE-2019-13688 (Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cf37587960a02262511c38f3f58b4744d9ceb04
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9cf37587960a02262511c38f3f58b4744d9ceb04
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230825/479bcc57/attachment.htm>
More information about the debian-security-tracker-commits
mailing list