[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 14 08:13:37 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
25b5fc8f by security tracker role at 2023-12-14T08:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,81 @@
+CVE-2023-6775 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...)
+ TODO: check
+CVE-2023-6407 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...)
+ TODO: check
+CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019 ...)
+ TODO: check
+CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior to vers ...)
+ TODO: check
+CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows before ...)
+ TODO: check
+CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (A ...)
+ TODO: check
+CVE-2023-50442 (Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be m ...)
+ TODO: check
+CVE-2023-50440 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...)
+ TODO: check
+CVE-2023-50439 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...)
+ TODO: check
+CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ...)
+ TODO: check
+CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...)
+ TODO: check
+CVE-2023-50248 (CKAN is an open-source data management system for powering data hubs a ...)
+ TODO: check
+CVE-2023-50246 (jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ...)
+ TODO: check
+CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...)
+ TODO: check
+CVE-2023-49877 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...)
+ TODO: check
+CVE-2023-49646 (Improper authentication in some Zoom clients before version 5.16.5 may ...)
+ TODO: check
+CVE-2023-48702 (Jellyfin is a system for managing and streaming media. Prior to versio ...)
+ TODO: check
+CVE-2023-48085 (Nagios XI before version 5.11.3 was discovered to contain a remote cod ...)
+ TODO: check
+CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a SQL inject ...)
+ TODO: check
+CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...)
+ TODO: check
+CVE-2023-47623 (Scrypted is a home video integration and automation platform. In versi ...)
+ TODO: check
+CVE-2023-47620 (Scrypted is a home video integration and automation platform. In versi ...)
+ TODO: check
+CVE-2023-47619 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...)
+ TODO: check
+CVE-2023-45184 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...)
+ TODO: check
+CVE-2023-45174 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to ...)
+ TODO: check
+CVE-2023-45170 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...)
+ TODO: check
+CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...)
+ TODO: check
+CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before wa ...)
+ TODO: check
+CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for ...)
+ TODO: check
+CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom SDKs for i ...)
+ TODO: check
+CVE-2023-43583 (Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for ...)
+ TODO: check
+CVE-2023-43042 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...)
+ TODO: check
+CVE-2023-41720 (A vulnerability exists on all versions of Ivanti Connect Secure below ...)
+ TODO: check
+CVE-2023-41719 (A vulnerability exists on all versions of Ivanti Connect Secure below ...)
+ TODO: check
+CVE-2023-41621 (A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro ...)
+ TODO: check
+CVE-2023-41618 (Emlog Pro v2.1.14 was discovered to contain a reflective cross-site sc ...)
+ TODO: check
+CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in Common Serv ...)
+ TODO: check
+CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows atta ...)
+ TODO: check
CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659]
- python-cryptography <unfixed>
NOTE: https://github.com/pyca/cryptography/issues/9785
@@ -10,27 +88,27 @@ CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API - incomp
NOTE: https://people.redhat.com/~hkario/marvin/
NOTE: https://github.com/openssl/openssl/pull/13817
NOTE: CVE is for incomplete fix of CVE-2020-25657
-CVE-2023-49934 [SQL Injection]
+CVE-2023-49934 (An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injecti ...)
- slurm-wlm <not-affected> (Vulnerable code introduced in 23.11 series)
- slurm-llnl <not-affected> (Vulnerable code introduced in 23.11 series)
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
-CVE-2023-49933 [Slurm Protocol Message Extension]
+CVE-2023-49933 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...)
- slurm-wlm <unfixed>
- slurm-llnl <removed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
-CVE-2023-49937 [Slurm Protocol Double Free]
+CVE-2023-49937 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...)
- slurm-wlm <unfixed>
- slurm-llnl <removed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
-CVE-2023-49936 [Slurm NULL Pointer Dereference]
+CVE-2023-49936 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...)
- slurm-wlm <unfixed>
- slurm-llnl <removed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
-CVE-2023-49938 [Slurm Arbitrary File Overwrite]
+CVE-2023-49938 (An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is ...)
- slurm-wlm <unfixed>
- slurm-llnl <removed>
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
-CVE-2023-49935 [Slurmd Message Integrity Bypass]
+CVE-2023-49935 (An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is ...)
- slurm-wlm <unfixed>
[bookworm] - slurm-wlm <not-affected> (Vulnerable code introduced later)
[bullseye] - slurm-wlm <not-affected> (Vulnerable code introduced later)
@@ -225,21 +303,27 @@ CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neu
CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...)
TODO: check
CVE-2023-6707
+ {DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6706
+ {DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6705
+ {DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6704
+ {DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6703
+ {DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6702
+ {DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.)
@@ -8248,7 +8332,7 @@ CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based appli
CVE-2023-46119 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API ...)
- {DSA-5571-1}
+ {DSA-5571-1 DLA-3687-1}
- rabbitmq-server 3.10.8-3 (bug #1056723)
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg
NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/9708
@@ -11058,7 +11142,7 @@ CVE-2023-36590 (Microsoft Message Queuing Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36589 (Microsoft Message Queuing Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-36585 (Active Template Library Denial of Service Vulnerability)
+CVE-2023-36585 (Windows upnphost.dll Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-36584 (Windows Mark of the Web Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
@@ -36976,8 +37060,8 @@ CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "
NOTE: https://github.com/golang/go/issues/59722
NOTE: https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)
NOTE: https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)
-CVE-2023-1904
- RESERVED
+CVE-2023-1904 (In affected versions of Octopus Server it is possible for the OpenID c ...)
+ TODO: check
CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...)
NOT-FOR-US: SAP
CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global reference to ...)
@@ -48914,26 +48998,26 @@ CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31
[buster] - git <no-dsa> (Minor issue)
NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/
NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9)
-CVE-2023-25651
- RESERVED
-CVE-2023-25650
- RESERVED
+CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile internetprod ...)
+ TODO: check
+CVE-2023-25650 (There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Sin ...)
+ TODO: check
CVE-2023-25649 (There is a command injection vulnerability in a mobile internet produc ...)
NOT-FOR-US: ZTE
-CVE-2023-25648
- RESERVED
+CVE-2023-25648 (There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI ...)
+ TODO: check
CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...)
NOT-FOR-US: ZTE
CVE-2023-25646
RESERVED
CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...)
NOT-FOR-US: ZTE
-CVE-2023-25644
- RESERVED
-CVE-2023-25643
- RESERVED
-CVE-2023-25642
- RESERVED
+CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile internet ...)
+ TODO: check
+CVE-2023-25643 (There is a command injection vulnerability in some ZTE mobile internet ...)
+ TODO: check
+CVE-2023-25642 (There is a buffer overflow vulnerability in some ZTEmobile internetpro ...)
+ TODO: check
CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...)
- ampache <removed>
CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...)
@@ -63311,8 +63395,8 @@ CVE-2023-21753 (Event Tracing for Windows Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21752 (Windows Backup Service Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-21751
- RESERVED
+CVE-2023-21751 (Azure DevOps Server Spoofing Vulnerability)
+ TODO: check
CVE-2023-21750 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21749 (Windows Kernel Elevation of Privilege Vulnerability)
@@ -76669,8 +76753,8 @@ CVE-2022-43845
RESERVED
CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is v ...)
NOT-FOR-US: IBM
-CVE-2022-43843
- RESERVED
+CVE-2022-43843 (IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected c ...)
+ TODO: check
CVE-2022-43842
RESERVED
CVE-2022-43841
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25b5fc8fe84025a9680db80804a9bc2a2638aa2d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25b5fc8fe84025a9680db80804a9bc2a2638aa2d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231214/8e187e6f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list