[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 12 20:11:55 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e56672f by security tracker role at 2023-12-12T20:11:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,97 @@
+CVE-2023-6687 (An issue was discovered by Elastic whereby Elastic Agent would log a r ...)
+ TODO: check
+CVE-2023-50247 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...)
+ TODO: check
+CVE-2023-49923 (An issue was discovered by Elastic whereby the Documents API of App Se ...)
+ TODO: check
+CVE-2023-49922 (An issue was discovered by Elastic whereby Beats and Elastic Agent wou ...)
+ TODO: check
+CVE-2023-49279 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...)
+ TODO: check
+CVE-2023-49278 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...)
+ TODO: check
+CVE-2023-49274 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...)
+ TODO: check
+CVE-2023-49273 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...)
+ TODO: check
+CVE-2023-49089 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...)
+ TODO: check
+CVE-2023-48313 (Umbraco is an ASP.NET content management system (CMS). Starting in 10 ...)
+ TODO: check
+CVE-2023-48227 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...)
+ TODO: check
+CVE-2023-43364 (main.py in Searchor before 2.4.2 uses eval on CLI input, which may cau ...)
+ TODO: check
+CVE-2023-41337 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In ...)
+ TODO: check
+CVE-2023-38694 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...)
+ TODO: check
+CVE-2023-36696 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2023-36391 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...)
+ TODO: check
+CVE-2023-36020 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-36019 (Microsoft Power Platform Connector Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36012 (DHCP Server Service Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36011 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36010 (Microsoft Defender Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36009 (Microsoft Word Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36006 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2023-36005 (Windows Telephony Server Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36004 (Windows DPAPI (Data Protection Application Programming Interface) Spoo ...)
+ TODO: check
+CVE-2023-36003 (XAML Diagnostics Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-35644 (Windows Sysmain Service Elevation of Privilege)
+ TODO: check
+CVE-2023-35643 (DHCP Server Service Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-35642 (Internet Connection Sharing (ICS) Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-35641 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35639 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35638 (DHCP Server Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-35636 (Microsoft Outlook Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-35635 (Windows Kernel Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-35634 (Windows Bluetooth Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35633 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-35632 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ TODO: check
+CVE-2023-35631 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-35630 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35629 (Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35628 (Windows MSHTML Platform Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35625 (Azure Machine Learning Compute Instance for SDK Users Information Disc ...)
+ TODO: check
+CVE-2023-35624 (Azure Connected Machine Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-35622 (Windows DNS Spoofing Vulnerability)
+ TODO: check
+CVE-2023-35621 (Microsoft Dynamics 365 Finance and Operations Denial of Service Vulner ...)
+ TODO: check
+CVE-2023-35619 (Microsoft Outlook for Mac Spoofing Vulnerability)
+ TODO: check
+CVE-2023-34064 (Workspace ONE Launcher contains a Privilege Escalation Vulnerability.A ...)
+ TODO: check
CVE-2023-6727 (Mattermost fails to perform correct authorization checks when creating ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop Manager 20 ...)
@@ -10293,7 +10387,7 @@ CVE-2023-5218 (Use after free in Site Isolation in Google Chrome prior to 118.0.
{DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4421
+CVE-2023-4421 (The NSS code used for checking PKCS#1 v1.5 was leaking information use ...)
{DLA-3634-1}
- nss 2:3.61-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1651411
@@ -31673,8 +31767,8 @@ CVE-2023-31050
RESERVED
CVE-2023-31049
RESERVED
-CVE-2023-31048
- RESERVED
+CVE-2023-31048 (The OPC UA .NET Standard Reference Server before 1.4.371.86. places se ...)
+ TODO: check
CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...)
{DLA-3415-1}
- python-django 3:3.2.19-1 (bug #1035467)
@@ -39416,8 +39510,8 @@ CVE-2023-28606 (js/event-graph.js in MISP before 2.4.169 allows XSS via event-gr
NOT-FOR-US: MISP
CVE-2023-28605
RESERVED
-CVE-2023-28604
- RESERVED
+CVE-2023-28604 (The fluid_components (aka Fluid Components) extension before 3.5.0 for ...)
+ TODO: check
CVE-2023-1484 (A vulnerability was found in xzjie cms up to 1.0.3 and classified as c ...)
NOT-FOR-US: xzjie cms
CVE-2023-1483 (A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and cl ...)
@@ -39856,8 +39950,8 @@ CVE-2023-28468 (An issue was discovered in FvbServicesRuntimeDxe in Insyde Insyd
NOT-FOR-US: Insyde InsydeH2O
CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...)
NOT-FOR-US: MyBB
-CVE-2023-28465
- RESERVED
+CVE-2023-28465 (The package-decompression feature in HL7 (Health Level 7) FHIR Core Li ...)
+ TODO: check
CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel throu ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/03/28/2
@@ -44640,8 +44734,8 @@ CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 al
NOT-FOR-US: Varisicte
CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows attacker ...)
NOT-FOR-US: quectel
-CVE-2023-26920
- RESERVED
+CVE-2023-26920 (fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.)
+ TODO: check
CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...)
NOT-FOR-US: delight-nashorn-sandbox
CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...)
@@ -62897,8 +62991,8 @@ CVE-2023-21742 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21741 (Microsoft Office Visio Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-21740
- RESERVED
+CVE-2023-21740 (Windows Media Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-21739 (Windows Bluetooth Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21738 (Microsoft Office Visio Remote Code Execution Vulnerability)
@@ -72812,8 +72906,8 @@ CVE-2022-44545
RESERVED
CVE-2022-44544 (Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04. ...)
- mahara <removed>
-CVE-2022-44543
- RESERVED
+CVE-2022-44543 (The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before ...)
+ TODO: check
CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl Storabl ...)
NOT-FOR-US: lesspipe (not the same as lesspipe contained in src:less)
CVE-2022-44541
@@ -75354,8 +75448,8 @@ CVE-2023-20277
RESERVED
CVE-2023-20276
RESERVED
-CVE-2023-20275
- RESERVED
+CVE-2023-20275 (A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Se ...)
+ TODO: check
CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics PHP Agent ...)
NOT-FOR-US: Cisco
CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
@@ -250578,7 +250672,7 @@ CVE-2020-16214 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03,
NOT-FOR-US: Philips
CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2020-16212 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+CVE-2020-16212 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...)
NOT-FOR-US: Philips
CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out- ...)
NOT-FOR-US: Advantech WebAccess
@@ -267316,8 +267410,8 @@ CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-prem
NOT-FOR-US: Octopus Deploy
CVE-2020-10677
RESERVED
-CVE-2020-10676
- RESERVED
+CVE-2020-10676 (In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly ap ...)
+ TODO: check
CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...)
- golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373)
[buster] - golang-github-buger-jsonparser <postponed> (Limited support, minor issue)
@@ -360872,8 +360966,8 @@ CVE-2018-16155
RESERVED
CVE-2018-16154
RESERVED
-CVE-2018-16153
- RESERVED
+CVE-2018-16153 (An issue was discovered in Apereo Opencast 4.x through 10.x before 10. ...)
+ TODO: check
CVE-2018-16152 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp pl ...)
{DSA-4305-1 DLA-1522-1}
- strongswan 5.7.0-1
@@ -489213,8 +489307,8 @@ CVE-2015-8318 (Heap-based buffer overflow in the HIFI driver in Huawei P8 smartp
NOT-FOR-US: Huawei
CVE-2015-8315 (The ms package before 0.7.1 for Node.js allows attackers to cause a de ...)
- node-ms <not-affected> (Fixed before initial upload to Debian)
-CVE-2015-8314
- RESERVED
+CVE-2015-8314 (The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies fo ...)
+ TODO: check
CVE-2015-8313 (GnuTLS incorrectly validates the first byte of padding in CBC modes)
{DSA-3408-1 DLA-364-1}
- gnutls28 <not-affected> (Vulnerable code not present)
@@ -506946,8 +507040,8 @@ CVE-2015-2180 (The DBMail driver in the Password plugin in Roundcube before 1.1.
NOTE: http://trac.roundcube.net/ticket/1490261
NOTE: http://advisories.mageia.org/MGASA-2015-0400.html
NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html
-CVE-2015-2179
- RESERVED
+CVE-2015-2179 (The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to di ...)
+ TODO: check
CVE-2015-2178
REJECTED
CVE-2015-2177 (Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a d ...)
@@ -551031,8 +551125,8 @@ CVE-2013-2515
RESERVED
CVE-2013-2514
RESERVED
-CVE-2013-2513
- RESERVED
+CVE-2013-2513 (The flash_tool gem through 0.6.0 for Ruby allows command execution via ...)
+ TODO: check
CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...)
NOT-FOR-US: Ruby ftpd gem
CVE-2013-2511
@@ -604728,8 +604822,8 @@ CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in stri
- ruby1.9 <removed> (bug #572817)
- ruby1.8 <not-affected>
NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
-CVE-2009-4123
- RESERVED
+CVE-2009-4123 (The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate ...)
+ TODO: check
CVE-2009-4122
RESERVED
CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CM ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e56672f7126bbd0cbf5b5edd174481cc7bdd03f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e56672f7126bbd0cbf5b5edd174481cc7bdd03f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231212/f8ed63ab/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list