[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38d8ca9a by security tracker role at 2023-12-13T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,66 @@
-CVE-2023-6710
+CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.)
+	TODO: check
+CVE-2023-50263 (Nautobot is a Network Source of Truth and Network Automation Platform  ...)
+	TODO: check
+CVE-2023-50252 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...)
+	TODO: check
+CVE-2023-50251 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...)
+	TODO: check
+CVE-2023-48791 (An improper neutralization of special elements used in a command ('Com ...)
+	TODO: check
+CVE-2023-48782 (A improper neutralization of special elements used in an os command (' ...)
+	TODO: check
+CVE-2023-48225 (Laf is a cloud development platform. Prior to version 1.0.0-beta.13, t ...)
+	TODO: check
+CVE-2023-47579 (Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfigur ...)
+	TODO: check
+CVE-2023-47578 (Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to ...)
+	TODO: check
+CVE-2023-47577 (An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 all ...)
+	TODO: check
+CVE-2023-47576 (An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...)
+	TODO: check
+CVE-2023-47575 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...)
+	TODO: check
+CVE-2023-47574 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...)
+	TODO: check
+CVE-2023-47573 (An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorizat ...)
+	TODO: check
+CVE-2023-47536 (An improper access control vulnerability [CWE-284] in FortiOS version  ...)
+	TODO: check
+CVE-2023-46713 (An improper output neutralization for logs in Fortinet FortiWeb 6.2.0  ...)
+	TODO: check
+CVE-2023-46675 (An issue was discovered by Elastic whereby sensitive information may b ...)
+	TODO: check
+CVE-2023-45864 (A race condition issue discovered in Samsung Mobile Processor Exynos 9 ...)
+	TODO: check
+CVE-2023-45801 (Improper Authentication vulnerability in Nadatel DVR allows Informatio ...)
+	TODO: check
+CVE-2023-45800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-45725 (Design document functions which receive a user http request object may ...)
+	TODO: check
+CVE-2023-45587 (An improper neutralization of input during web page generation ('cross ...)
+	TODO: check
+CVE-2023-43122 (Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080 ...)
+	TODO: check
+CVE-2023-42483 (A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exyno ...)
+	TODO: check
+CVE-2023-41844 (A improper neutralization of input during web page generation ('cross- ...)
+	TODO: check
+CVE-2023-41678 (A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiP ...)
+	TODO: check
+CVE-2023-41673 (An improper authorization vulnerability [CWE-285] in Fortinet FortiADC ...)
+	TODO: check
+CVE-2023-40716 (An improper neutralization of special elements used in an OS command v ...)
+	TODO: check
+CVE-2023-3517 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 9 ...)
+	TODO: check
+CVE-2023-36639 (A use of externally-controlled format string in Fortinet FortiProxy ve ...)
+	TODO: check
+CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. This i ...)
 	- libapache2-mod-cluster <itp> (bug #731410)
-CVE-2023-5379
+CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that exceeds ...)
 	- undertow <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099
 	TODO: check, insufficient information for Debian specific assessment
@@ -2913,7 +2973,7 @@ CVE-2023-47038 [Write past buffer end via illegal user-defined Unicode property]
 	NOTE: Fixed by: https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 (v5.36.2)
 	NOTE: Fixed by: https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664 (v5.38.1)
 	NOTE: Fixed by: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 (bleed)
-CVE-2023-46671
+CVE-2023-46671 (An issue was discovered by Elastic whereby sensitive information may b ...)
 	- kibana <itp> (bug #700337)
 CVE-2023-6293 (Prototype Pollution in GitHub repository robinbuschmann/sequelize-type ...)
 	NOT-FOR-US: sequelize-typescript
@@ -3517,7 +3577,7 @@ CVE-2023-40151 (When user authentication is not enabled the shell can execute co
 	NOT-FOR-US: Red Lion
 CVE-2023-6134
 	NOT-FOR-US: Keycloak
-CVE-2023-5764 [internal templating can cause unsafe variables to lose their unsafe designation]
+CVE-2023-5764 (A template injection flaw was found in Ansible where a user's controll ...)
 	- ansible-core <unfixed> (bug #1057427)
 	- ansible 5.4.0-1
 	[bullseye] - ansible <no-dsa> (Minor issue)
@@ -4546,7 +4606,7 @@ CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to
 	[bullseye] - gpac <ignored> (Minor issue)
 	[buster] - gpac <end-of-life> (EOL in Buster LTS)
 	NOTE: https://github.com/gpac/gpac/issues/2672
-CVE-2023-47262 (In Abbott ID NOW before 7.1, settings can be modified via physical acc ...)
+CVE-2023-47262 (The startup process and device configurations of the Abbott ID NOW dev ...)
 	NOT-FOR-US: Abbott ID NOW
 CVE-2023-47127 (TYPO3 is an open source PHP based web content management system releas ...)
 	NOT-FOR-US: Typo3
@@ -8001,13 +8061,15 @@ CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded
 	NOT-FOR-US: Dromara Sureness
 CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any  ...)
 	NOT-FOR-US: light-oauth2
-CVE-2023-6478 [Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty]
+CVE-2023-6478 (A flaw was found in xorg-server. A specially crafted request to RRChan ...)
+	{DSA-5576-1 DLA-3686-1}
 	- xorg-server <unfixed>
 	- xwayland <unfixed>
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
 	NOTE: https://lists.x.org/archives/xorg-announce/2023-December/003435.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
-CVE-2023-6377 [Out-of-bounds memory write in XKB button actions]
+CVE-2023-6377 (A flaw was found in xorg-server. Querying or changing XKB button actio ...)
+	{DSA-5576-1 DLA-3686-1}
 	- xorg-server <unfixed>
 	- xwayland <unfixed>
 	[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
@@ -122459,8 +122521,8 @@ CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor in
 	NOT-FOR-US: Fortinet
 CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...)
 	NOT-FOR-US: Fortinet
-CVE-2022-27488
-	RESERVED
+CVE-2022-27488 (A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise v ...)
+	TODO: check
 CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-27486
@@ -250667,7 +250729,7 @@ CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards s
 	NOT-FOR-US: HMS Networks
 CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
 	NOT-FOR-US: Advantech WebAccess
-CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+CVE-2020-16228 (In Patient Information Center iX (PICiX) Versions C.02 and C.03,  Perf ...)
 	NOT-FOR-US: Philips
 CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input  ...)
 	NOT-FOR-US: Delta Electronics
@@ -250675,27 +250737,27 @@ CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to imperson
 	NOT-FOR-US: Mitsubishi
 CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...)
 	NOT-FOR-US: Delta Electronics
-CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+CVE-2020-16224 (In Patient Information Center iX (PICiX) Versions C.02, C.03, the  sof ...)
 	NOT-FOR-US: Philips
 CVE-2020-16223 (Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffe ...)
 	NOT-FOR-US: Delta Electronics
-CVE-2020-16222 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+CVE-2020-16222 (In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and ...)
 	NOT-FOR-US: Philips
 CVE-2020-16221 (Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buff ...)
 	NOT-FOR-US: Delta Electronics
-CVE-2020-16220 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+CVE-2020-16220 (In Patient Information Center iX (PICiX) Versions C.02, C.03,  Perform ...)
 	NOT-FOR-US: Philips
 CVE-2020-16219 (Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds r ...)
 	NOT-FOR-US: Delta Electronics
-CVE-2020-16218 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+CVE-2020-16218 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...)
 	NOT-FOR-US: Philips
 CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A doubl ...)
 	NOT-FOR-US: Advantech WebAccess
-CVE-2020-16216 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+CVE-2020-16216 (In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750,  ...)
 	NOT-FOR-US: Philips
 CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
 	NOT-FOR-US: Advantech WebAccess
-CVE-2020-16214 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+CVE-2020-16214 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...)
 	NOT-FOR-US: Philips
 CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
 	NOT-FOR-US: Advantech WebAccess



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d8ca9aeb4d9b95f03793dacb826d06b49d9664

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38d8ca9aeb4d9b95f03793dacb826d06b49d9664
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231213/e265bb68/attachment-0001.htm>