[Git][security-tracker-team/security-tracker][master] new mattermost issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9aa0b18e by Moritz Muehlenhoff at 2023-12-12T16:57:19+01:00
new mattermost issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2023-6727 (Mattermost fails to perform correct authorization checks when creating ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop Manager 20 ...)
 	TODO: check
 CVE-2023-6547 (Mattermost fails to validate team membership when a user attempts to a ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-6193 (quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unb ...)
 	TODO: check
 CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation fault vi ...)
@@ -21,9 +21,9 @@ CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Unde
 CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the ...)
 	TODO: check
 CVE-2023-49874 (Mattermost fails to check whether a user is a guest when updating the  ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-49809 (Mattermost fails to handle a null request body in the /add endpoint, a ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI ...)
 	TODO: check
 CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS ...)
@@ -33,7 +33,7 @@ CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G)
 CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...)
 	TODO: check
 CVE-2023-49607 (Mattermost fails to validate the type of the "reminder" body request p ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-49563 (Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allow ...)
 	TODO: check
 CVE-2023-49143 (Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC- ...)
@@ -53,7 +53,7 @@ CVE-2023-48428 (A vulnerability has been identified in SINEC INS (All versions <
 CVE-2023-48427 (A vulnerability has been identified in SINEC INS (All versions < V1.0  ...)
 	TODO: check
 CVE-2023-46701 (Mattermost fails to perform authorization checks in the  /plugins/play ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-46456 (In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inj ...)
 	TODO: check
 CVE-2023-46455 (In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to wr ...)
@@ -73,9 +73,9 @@ CVE-2023-46281 (A vulnerability has been identified in Opcenter Quality (All ver
 CVE-2023-46156 (Affected devices improperly handle specially crafted packets sent to p ...)
 	TODO: check
 CVE-2023-45847 (Mattermost fails to to check the length when setting the title in a ru ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-45316 (Mattermost fails to validate if a relative path is passed in /plugins/ ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2023-41963 (Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC- ...)
 	TODO: check
 CVE-2023-41623 (Emlog version pro2.1.14 was discovered to contain a SQL injection vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aa0b18ef13a4633b266d6ca9ee02e8fd40cebac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aa0b18ef13a4633b266d6ca9ee02e8fd40cebac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231212/7bc97ee1/attachment.htm>