[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 14 20:15:44 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6b2269f9 by security tracker role at 2023-12-14T20:15:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,231 @@
+CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...)
+ TODO: check
+CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
+CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow)
+ TODO: check
+CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow)
+ TODO: check
+CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3)
+ TODO: check
+CVE-2023-6563 (An unconstrained memory consumption vulnerability was discovered in Ke ...)
+ TODO: check
+CVE-2023-6545 (The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to ...)
+ TODO: check
+CVE-2023-6368 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...)
+ TODO: check
+CVE-2023-6367 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...)
+ TODO: check
+CVE-2023-6366 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...)
+ TODO: check
+CVE-2023-6365 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...)
+ TODO: check
+CVE-2023-6364 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...)
+ TODO: check
+CVE-2023-5769 (A vulnerability exists in the webserver that affects the RTU500 serie ...)
+ TODO: check
+CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...)
+ TODO: check
+CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other JavaScr ...)
+ TODO: check
+CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to version 3.11.7 ...)
+ TODO: check
+CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UT ...)
+ TODO: check
+CVE-2023-50565 (A cross-site scripting (XSS) vulnerability in the component /logs/dopo ...)
+ TODO: check
+CVE-2023-50564 (An arbitrary file upload vulnerability in the component /inc/modules_i ...)
+ TODO: check
+CVE-2023-50563 (Semcms v4.8 was discovered to contain a SQL injection vulnerability vi ...)
+ TODO: check
+CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...)
+ TODO: check
+CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...)
+ TODO: check
+CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50370 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50369 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50368 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...)
+ TODO: check
+CVE-2023-50137 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the sit ...)
+ TODO: check
+CVE-2023-50102 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2023-50101 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label ...)
+ TODO: check
+CVE-2023-50100 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carous ...)
+ TODO: check
+CVE-2023-50073 (EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability ...)
+ TODO: check
+CVE-2023-50017 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-50011 (PopojiCMS version 2.0.1 is vulnerable to remote command execution in t ...)
+ TODO: check
+CVE-2023-4694 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...)
+ TODO: check
+CVE-2023-49860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49847 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49842 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49828 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49786 (Asterisk is an open source private branch exchange and telephony toolk ...)
+ TODO: check
+CVE-2023-49771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
+ TODO: check
+CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.)
+ TODO: check
+CVE-2023-49707 (SQLi vulnerability in S5 Register module for Joomla.)
+ TODO: check
+CVE-2023-49294 (Asterisk is an open source private branch exchange and telephony toolk ...)
+ TODO: check
+CVE-2023-49195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49173 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49172 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49168 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49157 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49152 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49151 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48925 (SQL injection vulnerability in Buy Addons bavideotab before version 1. ...)
+ TODO: check
+CVE-2023-48780 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48676 (Sensitive information disclosure and manipulation due to missing autho ...)
+ TODO: check
+CVE-2023-48671 (Dell vApp Manager, versions prior to 9.2.4.x contain an information di ...)
+ TODO: check
+CVE-2023-48668 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...)
+ TODO: check
+CVE-2023-48667 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...)
+ TODO: check
+CVE-2023-48665 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...)
+ TODO: check
+CVE-2023-48664 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...)
+ TODO: check
+CVE-2023-48663 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...)
+ TODO: check
+CVE-2023-48662 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...)
+ TODO: check
+CVE-2023-48661 (Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file ...)
+ TODO: check
+CVE-2023-48660 (Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file ...)
+ TODO: check
+CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an Imprope ...)
+ TODO: check
+CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the response to ...)
+ TODO: check
+CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ...)
+ TODO: check
+CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version 1.1.13, a ...)
+ TODO: check
+CVE-2023-46144 (A download of code without integrity check vulnerability in PLCnext pr ...)
+ TODO: check
+CVE-2023-46143 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...)
+ TODO: check
+CVE-2023-46142 (A incorrect permission assignment for critical resource vulnerability ...)
+ TODO: check
+CVE-2023-46141 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
+CVE-2023-45894 (The Remote Application Server in Parallels RAS before 19.2.23975 does ...)
+ TODO: check
+CVE-2023-45185 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...)
+ TODO: check
+CVE-2023-45182 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...)
+ TODO: check
+CVE-2023-44286 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...)
+ TODO: check
+CVE-2023-44285 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...)
+ TODO: check
+CVE-2023-44284 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...)
+ TODO: check
+CVE-2023-44279 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...)
+ TODO: check
+CVE-2023-44278 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...)
+ TODO: check
+CVE-2023-44277 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...)
+ TODO: check
+CVE-2023-42801 (Moonlight-common-c contains the core GameStream client code shared bet ...)
+ TODO: check
+CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code shared bet ...)
+ TODO: check
+CVE-2023-42799 (Moonlight-common-c contains the core GameStream client code shared bet ...)
+ TODO: check
+CVE-2023-41151 (An uncaught exception issue discovered in Softing OPC UA C++ SDK befor ...)
+ TODO: check
+CVE-2023-40659 (A reflected XSS vulnerability was discovered in the Easy Quick Contact ...)
+ TODO: check
+CVE-2023-40658 (A reflected XSS vulnerability was discovered in the Clicky Analytics D ...)
+ TODO: check
+CVE-2023-40657 (A reflected XSS vulnerability was discovered in the Joomdoc component ...)
+ TODO: check
+CVE-2023-40656 (A reflected XSS vulnerability was discovered in the Quickform componen ...)
+ TODO: check
+CVE-2023-40655 (A reflected XSS vulnerability was discovered in the Proforms Basic com ...)
+ TODO: check
+CVE-2023-40630 (Unauthenticated LFI/SSRF in JCDashboards component for Joomla.)
+ TODO: check
+CVE-2023-40629 (SQLi vulnerability in LMS Lite component for Joomla.)
+ TODO: check
+CVE-2023-40628 (A reflected XSS vulnerability was discovered in the Extplorer componen ...)
+ TODO: check
+CVE-2023-40627 (A reflected XSS vulnerability was discovered in the LivingWord compone ...)
+ TODO: check
+CVE-2023-37457 (Asterisk is an open source private branch exchange and telephony toolk ...)
+ TODO: check
CVE-2023-3904
- gitlab <not-affected> (Specific to EE)
CVE-2023-3511
@@ -1157,6 +1385,7 @@ CVE-2023-35618 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management security ...)
NOT-FOR-US: Dell
CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral ...)
+ {DLA-3689-1}
- bluez <unfixed> (bug #1057914)
NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
NOTE: The fix for CVE-2020-0556 allows to set manually the "ClassicBondedOnly"
@@ -3024,6 +3253,7 @@ CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection
CVE-2023-48042 (Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing fi ...)
NOT-FOR-US: Amazzing Filter for Prestashop
CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...)
+ {DLA-3688-1}
- haproxy 2.6.15-1
NOTE: https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html
NOTE: https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6 (v2.9-dev3)
@@ -27169,7 +27399,7 @@ CVE-2023-32753 (OMICARD EDM\u2019s file uploading function does not restrict upl
NOT-FOR-US: OMICARD
CVE-2023-32752 (L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000\u2019s file uploa ...)
NOT-FOR-US: L7 Networks InstantScan
-CVE-2023-32028 (Microsoft OLE DB Remote Code Execution Vulnerability)
+CVE-2023-32028 (Microsoft SQL OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-32027 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
@@ -49172,8 +49402,8 @@ CVE-2023-0759 (Privilege Chaining in GitHub repository cockpit-hq/cockpit prior
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and classified a ...)
NOT-FOR-US: glorylion JFinalOA
-CVE-2023-0757
- RESERVED
+CVE-2023-0757 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ TODO: check
CVE-2022-4904 (A flaw was found in the c-ares package. The ares_set_sortlist is missi ...)
{DLA-3323-1}
- c-ares 1.18.1-2 (bug #1031525)
@@ -51172,7 +51402,7 @@ CVE-2023-24924 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code E
NOT-FOR-US: Microsoft
CVE-2023-24923 (Microsoft OneDrive for Android Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-24922 (Microsoft Dynamics 365 Information Disclosure Vulnerability)
+CVE-2023-24922 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2023-24921 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
NOT-FOR-US: Microsoft
@@ -69926,8 +70156,8 @@ CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwar
NOT-FOR-US: WordPress plugin
CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45365
- RESERVED
+CVE-2022-45365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup B ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2269f9280bb0510c7433b5ee44e61a46e97af8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2269f9280bb0510c7433b5ee44e61a46e97af8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231214/b9c0f887/attachment.htm>
More information about the debian-security-tracker-commits
mailing list