[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 8 20:12:36 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8821073c by security tracker role at 2023-12-08T20:12:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2023-6622 (A null pointer dereference vulnerability was found in nft_dynset_init( ...)
+	TODO: check
+CVE-2023-6619 (A vulnerability was found in SourceCodester Simple Student Attendance  ...)
+	TODO: check
+CVE-2023-6618 (A vulnerability was found in SourceCodester Simple Student Attendance  ...)
+	TODO: check
+CVE-2023-6617 (A vulnerability was found in SourceCodester Simple Student Attendance  ...)
+	TODO: check
+CVE-2023-6616 (A vulnerability was found in SourceCodester Simple Student Attendance  ...)
+	TODO: check
+CVE-2023-6615 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-6614 (A vulnerability classified as problematic was found in Typecho 1.2.1.  ...)
+	TODO: check
+CVE-2023-6613 (A vulnerability classified as problematic has been found in Typecho 1. ...)
+	TODO: check
+CVE-2023-6612 (A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. I ...)
+	TODO: check
+CVE-2023-6611 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has been de ...)
+	TODO: check
+CVE-2023-6610 (An out-of-bounds read vulnerability was found in smb2_dump_detail in f ...)
+	TODO: check
+CVE-2023-6609 (A vulnerability was found in osCommerce 4. It has been classified as p ...)
+	TODO: check
+CVE-2023-6608 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified  ...)
+	TODO: check
+CVE-2023-6607 (A vulnerability has been found in Tongda OA 2017 up to 11.10 and class ...)
+	TODO: check
+CVE-2023-6606 (An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb ...)
+	TODO: check
+CVE-2023-6507 (An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ...)
+	TODO: check
+CVE-2023-6245 (The Candid library causes a Denial of Service while  parsing a special ...)
+	TODO: check
+CVE-2023-6146 (A Qualys web application was found to have a stored XSS vulnerability  ...)
+	TODO: check
+CVE-2023-49788 (Collabora Online is a collaborative online office suite based on Libre ...)
+	TODO: check
+CVE-2023-49782 (Collabora Online is a collaborative online office suite based on Libre ...)
+	TODO: check
+CVE-2023-49487 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...)
+	TODO: check
+CVE-2023-49486 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...)
+	TODO: check
+CVE-2023-49485 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...)
+	TODO: check
+CVE-2023-49484 (Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (X ...)
+	TODO: check
+CVE-2023-49444 (An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attacke ...)
+	TODO: check
+CVE-2023-49443 (DoraCMS v2.1.8 was discovered to re-use the same code for verification ...)
+	TODO: check
+CVE-2023-49007 (In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-bas ...)
+	TODO: check
+CVE-2023-48423 (In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bou ...)
+	TODO: check
+CVE-2023-48422 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...)
+	TODO: check
+CVE-2023-48421 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...)
+	TODO: check
+CVE-2023-48420 (there is a possible use after free due to a race condition. This could ...)
+	TODO: check
+CVE-2023-48416 (In multiple locations, there is a possible null dereference due to a m ...)
+	TODO: check
+CVE-2023-48415 (In Init of protocolembmsadapter.cpp, there is a possible out of bounds ...)
+	TODO: check
+CVE-2023-48414 (In the Pixel Camera Driver, there is a possible use after free due to  ...)
+	TODO: check
+CVE-2023-48413 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...)
+	TODO: check
+CVE-2023-48412 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...)
+	TODO: check
+CVE-2023-48411 (In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapt ...)
+	TODO: check
+CVE-2023-48410 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...)
+	TODO: check
+CVE-2023-48409 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...)
+	TODO: check
+CVE-2023-48408 (In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is ...)
+	TODO: check
+CVE-2023-48407 (there is a possible DCK won't be deleted after factory reset due to a  ...)
+	TODO: check
+CVE-2023-48406 (there is a possible permanent DoS or way for the modem to boot unverif ...)
+	TODO: check
+CVE-2023-48405 (there is a possible way for the secure world to write to NS memory due ...)
+	TODO: check
+CVE-2023-48404 (In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.c ...)
+	TODO: check
+CVE-2023-48403 (In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of  ...)
+	TODO: check
+CVE-2023-48402 (In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing p ...)
+	TODO: check
+CVE-2023-48401 (In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible ou ...)
+	TODO: check
+CVE-2023-48399 (In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, th ...)
+	TODO: check
+CVE-2023-48398 (In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnet ...)
+	TODO: check
+CVE-2023-48397 (In Init of protocolcalladapter.cpp, there is a possible out of bounds  ...)
+	TODO: check
+CVE-2023-47565 (An OS command injection vulnerability has been found to affect legacy  ...)
+	TODO: check
+CVE-2023-46499 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...)
+	TODO: check
+CVE-2023-46498 (An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote  ...)
+	TODO: check
+CVE-2023-46497 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...)
+	TODO: check
+CVE-2023-46496 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...)
+	TODO: check
+CVE-2023-46495 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...)
+	TODO: check
+CVE-2023-46494 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...)
+	TODO: check
+CVE-2023-46493 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...)
+	TODO: check
+CVE-2023-46157 (File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest p ...)
+	TODO: check
+CVE-2023-32975 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2023-32968 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
 CVE-2023-6599 (Missing Standardized Error Handling Mechanism in GitHub repository mic ...)
 	NOT-FOR-US: microweber
 CVE-2023-6581 (A vulnerability has been found in D-Link DAR-7000 up to 20231126 and c ...)
@@ -26753,7 +26875,7 @@ CVE-2023-2414 (The Online Booking & Scheduling Calendar for WordPress by vcita p
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2402 (The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-3164 (A heap out-of-bounds read flaw was found in builtin.c in the gawk pack ...)
+CVE-2023-3164 (A heap-buffer-overflow vulnerability was found in LibTIFF, in extractI ...)
 	- tiff <unfixed> (unimportant)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/542
 	NOTE: Crash in CLI tool, no security impact
@@ -54753,8 +54875,8 @@ CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerabil
 	NOT-FOR-US: Microsoft
 CVE-2023-23373 (An OS command injection vulnerability has been reported to affect QUSB ...)
 	NOT-FOR-US: QNAP
-CVE-2023-23372
-	RESERVED
+CVE-2023-23372 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
 CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...)
 	NOT-FOR-US: QNAP
 CVE-2023-23370 (An insufficiently protected credentials vulnerability has been reporte ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8821073ce348996f49b73ce47b73a9778fc2867d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8821073ce348996f49b73ce47b73a9778fc2867d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231208/3d9301b0/attachment.htm>

More information about the debian-security-tracker-commits mailing list