[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 6 20:12:27 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
14535fca by security tracker role at 2023-12-06T20:12:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-6514 (The Bluetooth module of some Huawei Smart Screen products has an ident ...)
+ TODO: check
+CVE-2023-6459 (Mattermost is grouping calls inthe /metrics endpoint by id and reports ...)
+ TODO: check
+CVE-2023-6458 (Mattermost webapp fails to validateroute parameters in/<TEAM_NAME>/cha ...)
+ TODO: check
+CVE-2023-6393 (A flaw was found in the Quarkus Cache Runtime. When request processing ...)
+ TODO: check
+CVE-2023-6288 (Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on mac ...)
+ TODO: check
+CVE-2023-6273 (Permission management vulnerability in the module for disabling Sound ...)
+ TODO: check
+CVE-2023-49248 (Vulnerability of unauthorized file access in the Settings app. Success ...)
+ TODO: check
+CVE-2023-49247 (Permission verification vulnerability in distributed scenarios. Succes ...)
+ TODO: check
+CVE-2023-49246 (Unauthorized access vulnerability in the card management module. Succe ...)
+ TODO: check
+CVE-2023-49245 (Unauthorized access vulnerability in the Huawei Share module. Successf ...)
+ TODO: check
+CVE-2023-49244 (Permission management vulnerability in the multi-user module. Successf ...)
+ TODO: check
+CVE-2023-49243 (Vulnerability of unauthorized access to email attachments in the email ...)
+ TODO: check
+CVE-2023-49242 (Free broadcast vulnerability in the running management module. Success ...)
+ TODO: check
+CVE-2023-49241 (API permission control vulnerability in the network management module. ...)
+ TODO: check
+CVE-2023-49240 (Unauthorized access vulnerability in the launcher module. Successful e ...)
+ TODO: check
+CVE-2023-49239 (Unauthorized access vulnerability in the card management module. Succe ...)
+ TODO: check
+CVE-2023-49096 (Jellyfin is a Free Software Media System for managing and streaming me ...)
+ TODO: check
+CVE-2023-48859 (TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authenticatio ...)
+ TODO: check
+CVE-2023-48123 (An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v ...)
+ TODO: check
+CVE-2023-46773 (Permission management vulnerability in the PMS module. Successful expl ...)
+ TODO: check
+CVE-2023-46751 (An issue was discovered in the function gdev_prn_open_printer_seekable ...)
+ TODO: check
+CVE-2023-46688 (Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows ...)
+ TODO: check
+CVE-2023-45210 (Pleasanter 1.3.47.0 and earlier contains an improper access control vu ...)
+ TODO: check
+CVE-2023-44113 (Vulnerability of missing permission verification for APIs in the Desig ...)
+ TODO: check
+CVE-2023-44099 (Vulnerability of data verification errors in the kernel module. Succes ...)
+ TODO: check
+CVE-2023-39539 (AMI AptioV contains a vulnerability in BIOS where a User may cause an ...)
+ TODO: check
+CVE-2023-39538 (AMI AptioV contains a vulnerability in BIOS where a User may cause an ...)
+ TODO: check
+CVE-2023-36655 (The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Activ ...)
+ TODO: check
+CVE-2023-34439 (Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting ...)
+ TODO: check
+CVE-2023-32268 (Exposure of Proxy Administrator Credentials An authenticated administ ...)
+ TODO: check
CVE-2023-46218 [curl: cookie mixed case PSL bypass]
- curl <unfixed> (bug #1057646)
NOTE: Introduced by: https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465 (curl-7_46_0)
@@ -53,7 +113,7 @@ CVE-2023-6509 (Use after free in Side Panel Search in Google Chrome prior to 120
CVE-2023-6508 (Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-39326 [net/http: limit chunked data overhead]
+CVE-2023-39326 (A malicious HTTP sender can use chunk extensions to cause a receiver r ...)
- golang-1.21 1.21.5-1
- golang-1.20 1.20.12-1
- golang-1.19 <removed>
@@ -64,7 +124,7 @@ CVE-2023-39326 [net/http: limit chunked data overhead]
NOTE: https://go.dev/issue/64433
NOTE: https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)
NOTE: https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)
-CVE-2023-45285 [cmd/go: go get may unexpectedly fallback to insecure git]
+CVE-2023-45285 (Using go get to fetch a module with the ".git" suffix may unexpectedly ...)
- golang-1.21 1.21.5-1
- golang-1.20 1.20.12-1
- golang-1.19 <removed>
@@ -154,7 +214,7 @@ CVE-2023-44298 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BI
NOT-FOR-US: Dell
CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...)
NOT-FOR-US: Dell
-CVE-2023-43628 (An integer overflow vulnerability exists in the NTRIP Stream Parsing f ...)
+CVE-2023-43628 (An integer underflow vulnerability exists in the NTRIP Stream Parsing ...)
- gpsd <unfixed>
[bookworm] - gpsd <no-dsa> (Minor issue)
[bullseye] - gpsd <no-dsa> (Minor issue)
@@ -2841,7 +2901,7 @@ CVE-2023-6022 (An attacker is able to steal secrets and potentially gain remote
NOT-FOR-US: Prefect
CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file on the ...)
NOT-FOR-US: Ray's log API endpoint
-CVE-2023-6019 (A command injection exists in Ray's cpu_profile URL parameter allowing ...)
+CVE-2023-6019 (A command injection existed in Ray's cpu_profile URL parameter allowin ...)
NOT-FOR-US: Ray
CVE-2023-6018 (An attacker can overwrite any file on the server hosting MLflow withou ...)
NOT-FOR-US: mlflow
@@ -37580,7 +37640,7 @@ CVE-2023-28821 (Concrete CMS (previously concrete5) before 9.1 did not have a ra
NOT-FOR-US: Concrete CMS
CVE-2023-28820 (Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-28819 (Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored ...)
+CVE-2023-28819 (Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 t ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28818 (An issue was discovered in Veritas NetBackup IT Analytics 11 before 11 ...)
NOT-FOR-US: Veritas
@@ -38827,15 +38887,15 @@ CVE-2023-28479 (An issue was discovered in Tigergraph Enterprise 3.7.0. The Tige
NOT-FOR-US: Tigergraph Enterprise
CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Bu ...)
NOT-FOR-US: TP-Link
-CVE-2023-28477 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored ...)
+CVE-2023-28477 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28476 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-28475 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflec ...)
+CVE-2023-28475 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and ver ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28474 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-28473 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to possib ...)
+CVE-2023-28473 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...)
NOT-FOR-US: Concrete CMS
CVE-2023-28472 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...)
NOT-FOR-US: Concrete CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14535fca899593371284daf6e4bd55e4f444a6d2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14535fca899593371284daf6e4bd55e4f444a6d2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231206/7274d1ec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list