[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 31 21:12:39 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9aee9f01 by security tracker role at 2023-08-31T20:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...)
+	TODO: check
+CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...)
+	TODO: check
+CVE-2023-4681 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...)
+	TODO: check
+CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.)
+	TODO: check
+CVE-2023-41748 (Remote command execution due to improper input validation. The followi ...)
+	TODO: check
+CVE-2023-41747 (Sensitive information disclosure due to improper input validation. The ...)
+	TODO: check
+CVE-2023-41746 (Remote command execution due to improper input validation. The followi ...)
+	TODO: check
+CVE-2023-41745 (Sensitive information disclosure due to excessive collection of system ...)
+	TODO: check
+CVE-2023-41744 (Local privilege escalation due to unrestricted loading of unsigned lib ...)
+	TODO: check
+CVE-2023-41743 (Local privilege escalation due to insecure driver communication port p ...)
+	TODO: check
+CVE-2023-41742 (Excessive attack surface due to binding to an unrestricted IP address. ...)
+	TODO: check
+CVE-2023-41741 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+	TODO: check
+CVE-2023-41740 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+	TODO: check
+CVE-2023-41739 (Uncontrolled resource consumption vulnerability in File Functionality  ...)
+	TODO: check
+CVE-2023-41738 (Improper neutralization of special elements used in an OS command ('OS ...)
+	TODO: check
+CVE-2023-41717 (Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and ...)
+	TODO: check
+CVE-2023-41642 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the E ...)
+	TODO: check
+CVE-2023-41640 (An improper error handling vulnerability in the component ErroreNonGes ...)
+	TODO: check
+CVE-2023-41638 (An arbitrary file upload vulnerability in the Gestione Documentale mod ...)
+	TODO: check
+CVE-2023-41637 (An arbitrary file upload vulnerability in the Carica immagine function ...)
+	TODO: check
+CVE-2023-41636 (A SQL injection vulnerability in the Data Richiesta dal parameter of G ...)
+	TODO: check
+CVE-2023-41635 (A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.a ...)
+	TODO: check
+CVE-2023-41045 (Graylog is a free and open log management platform. Graylog makes use  ...)
+	TODO: check
+CVE-2023-41044 (Graylog is a free and open log management platform. A partial path tra ...)
+	TODO: check
+CVE-2023-41034 (Eclipse Leshan is a device management server and client Java implement ...)
+	TODO: check
+CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+	TODO: check
+CVE-2023-39355 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+	TODO: check
+CVE-2023-39354 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+	TODO: check
+CVE-2023-39351 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+	TODO: check
+CVE-2023-39350 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+	TODO: check
+CVE-2023-34392 (A Missing Authentication for Critical Function vulnerability in the Sc ...)
+	TODO: check
+CVE-2023-34391 (Insecure Inherited Permissions vulnerability in Schweitzer Engineering ...)
+	TODO: check
+CVE-2023-33835 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a  ...)
+	TODO: check
+CVE-2023-33834 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a  ...)
+	TODO: check
+CVE-2023-33833 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensiti ...)
+	TODO: check
 CVE-2023-4655 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...)
 	NOT-FOR-US: icms2
 CVE-2023-4654 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
@@ -292,6 +362,7 @@ CVE-2023-4611 (A use-after-free flaw was found in mm/mempolicy.c in the memory m
 CVE-2023-4481
 	NOT-FOR-US: Juniper
 CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 ...)
+	{DSA-5487-1}
 	- chromium 116.0.5845.140-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...)
@@ -6122,7 +6193,8 @@ CVE-2023-36832 (An Improper Handling of Exceptional Conditions vulnerability in
 	NOT-FOR-US: Juniper
 CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions vulnerability  ...)
 	NOT-FOR-US: Juniper
-CVE-2023-36119 (File upload vulnerability in PHPGurukul Online Security Guards Hiring  ...)
+CVE-2023-36119
+	REJECTED
 	NOT-FOR-US: PHPGurukul Online Security Guards Hiring System
 CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible way to se ...)
 	NOT-FOR-US: Android
@@ -14458,24 +14530,24 @@ CVE-2023-31177
 	RESERVED
 CVE-2023-31176
 	RESERVED
-CVE-2023-31175
-	RESERVED
-CVE-2023-31174
-	RESERVED
-CVE-2023-31173
-	RESERVED
-CVE-2023-31172
-	RESERVED
-CVE-2023-31171
-	RESERVED
-CVE-2023-31170
-	RESERVED
-CVE-2023-31169
-	RESERVED
-CVE-2023-31168
-	RESERVED
-CVE-2023-31167
-	RESERVED
+CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the Schweitz ...)
+	TODO: check
+CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer En ...)
+	TODO: check
+CVE-2023-31173 (Use of Hard-coded Credentials vulnerability in Schweitzer Engineering  ...)
+	TODO: check
+CVE-2023-31172 (An Incomplete Filtering of Special Elements vulnerability in the Schwe ...)
+	TODO: check
+CVE-2023-31171 (An Improper Neutralization of Special Elements used in an SQL Command  ...)
+	TODO: check
+CVE-2023-31170 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...)
+	TODO: check
+CVE-2023-31169 (An Improper Handling of Unicode Encoding vulnerability in the Schweitz ...)
+	TODO: check
+CVE-2023-31168 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...)
+	TODO: check
+CVE-2023-31167 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
 CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory ('Path  ...)
 	NOT-FOR-US: Schweitzer Engineering Laboratories
 CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
@@ -21704,8 +21776,8 @@ CVE-2023-28803
 	RESERVED
 CVE-2023-28802
 	RESERVED
-CVE-2023-28801
-	RESERVED
+CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...)
+	TODO: check
 CVE-2023-28800 (When using local accounts for administration, the redirect url paramet ...)
 	NOT-FOR-US: Zscaler
 CVE-2023-28799 (A URL parameter during login flow was vulnerable to injection. An atta ...)
@@ -47457,10 +47529,10 @@ CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities th
 	NOTE: https://lists.debian.org/debian-lts/2023/06/msg00051.html
 CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
 	NOT-FOR-US: Apache Zeppelin
-CVE-2022-46869
-	RESERVED
-CVE-2022-46868
-	RESERVED
+CVE-2022-46869 (Local privilege escalation during installation due to improper soft li ...)
+	TODO: check
+CVE-2022-46868 (Local privilege escalation during recovery due to improper soft link h ...)
+	TODO: check
 CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...)
@@ -51738,8 +51810,8 @@ CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are a
 	NOT-FOR-US: Acronis
 CVE-2022-45452 (Local privilege escalation due to insecure folder permissions. The fol ...)
 	NOT-FOR-US: Acronis
-CVE-2022-45451
-	RESERVED
+CVE-2022-45451 (Local privilege escalation due to insecure driver communication port p ...)
+	TODO: check
 CVE-2022-45450 (Sensitive information disclosure and manipulation due to improper auth ...)
 	NOT-FOR-US: Acronis
 CVE-2022-45449
@@ -55456,8 +55528,7 @@ CVE-2023-20902
 	RESERVED
 CVE-2023-20901
 	RESERVED
-CVE-2023-20900
-	RESERVED
+CVE-2023-20900 (VMware Tools contains a SAML token signature bypass vulnerability.A ma ...)
 	- open-vm-tools <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1
 	NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
@@ -66528,7 +66599,7 @@ CVE-2022-41311 (A stored cross-site scripting vulnerability exists in the web ap
 CVE-2022-40691 (An information disclosure vulnerability exists in the web application  ...)
 	NOT-FOR-US: Moxa
 CVE-2022-40214
-	RESERVED
+	REJECTED
 CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...)
 	- gitlab 15.10.8+ds1-2
 CVE-2022-3264



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aee9f01ba6ef3f1ae5ade180922ac08051d19bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aee9f01ba6ef3f1ae5ade180922ac08051d19bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230831/06706332/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list