[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 15 08:13:54 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78267e04 by security tracker role at 2023-12-15T08:13:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-6832 (Business Logic Errors in GitHub repository microweber/microweber prior ...)
+ TODO: check
+CVE-2023-6831 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...)
+ TODO: check
+CVE-2023-6827 (The Essential Real Estate plugin for WordPress is vulnerable to arbitr ...)
+ TODO: check
+CVE-2023-6826 (The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads ...)
+ TODO: check
+CVE-2023-50715 (Home Assistant is open source home automation software. Prior to versi ...)
+ TODO: check
+CVE-2023-4489 (The first S0 encryption key is generated with an uninitialized PRNG in ...)
+ TODO: check
+CVE-2023-48379 (Softnext Mail SQR Expert is an email management platform, it has inade ...)
+ TODO: check
+CVE-2023-48378 (Softnext Mail SQR Expert has a path traversal vulnerability within its ...)
+ TODO: check
+CVE-2023-48376 (SmartStar Software CWS is a web-based integration platform, its file u ...)
+ TODO: check
+CVE-2023-48375 (SmartStar Software CWS is a web-based integration platform, it has a v ...)
+ TODO: check
+CVE-2023-48374 (SmartStar Software CWS is a web-base integration platform, it has a vu ...)
+ TODO: check
+CVE-2023-48373 (ITPison OMICARD EDM has a path traversal vulnerability within its para ...)
+ TODO: check
+CVE-2023-48372 (ITPison OMICARD EDM 's SMS-related function has insufficient validatio ...)
+ TODO: check
+CVE-2023-48371 (ITPison OMICARD EDM\u2019s file uploading function does not restrict u ...)
+ TODO: check
+CVE-2023-48050 (SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biom ...)
+ TODO: check
+CVE-2023-48049 (A SQL injection vulnerability in Cybrosys Techno Solutions Website Blo ...)
+ TODO: check
+CVE-2023-42183 (lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post- ...)
+ TODO: check
+CVE-2023-40954 (A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress ...)
+ TODO: check
+CVE-2023-36878 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
+ TODO: check
CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...)
NOT-FOR-US: WhatsUp Gold
CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
@@ -255,32 +293,32 @@ CVE-2023-6680
- gitlab <not-affected> (Specific to EE)
CVE-2023-6564
- gitlab <not-affected> (Specific to EE)
-CVE-2023-49347
+CVE-2023-49347 (Temporary data passed between application components by Budgie Extras ...)
- budgie-extras 1.7.1-1
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e (v1.7.1)
-CVE-2023-49346
+CVE-2023-49346 (Temporary data passed between application components by Budgie Extras ...)
- budgie-extras 1.7.1-1
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/0092025ef25b48c287a75946c0ee797d3c142760 (v1.7.1)
-CVE-2023-49345
+CVE-2023-49345 (Temporary data passed between application components by Budgie Extras ...)
- budgie-extras 1.7.1-1
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e (v1.7.1)
-CVE-2023-49344
+CVE-2023-49344 (Temporary data passed between application components by Budgie Extras ...)
- budgie-extras 1.7.1-1
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/11b02011ad2f6d46485b292713af09f7314843a5 (v1.7.1)
-CVE-2023-49343
+CVE-2023-49343 (Temporary data passed between application components by Budgie Extras ...)
- budgie-extras 1.7.1-1
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/e75c94af249191bdbd33eebf7a62d4234a0d8be5 (v1.7.1)
-CVE-2023-49342
+CVE-2023-49342 (Temporary data passed between application components by Budgie Extras ...)
- budgie-extras 1.7.1-1
NOTE: https://bugs.launchpad.net/bugs/2044373
NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1
@@ -605,27 +643,27 @@ CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in T
- tinyxml <unfixed>
NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
TODO: check details and embedded copies once assessment for tinyxml done
-CVE-2023-6707
+CVE-2023-6707 (Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed ...)
{DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6706
+CVE-2023-6706 (Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allow ...)
{DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6705
+CVE-2023-6705 (Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allo ...)
{DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6704
+CVE-2023-6704 (Use after free in libavif in Google Chrome prior to 120.0.6099.109 all ...)
{DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6703
+CVE-2023-6703 (Use after free in Blink in Google Chrome prior to 120.0.6099.109 allow ...)
{DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6702
+CVE-2023-6702 (Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed ...)
{DSA-5577-1}
- chromium 120.0.6099.109-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -4221,7 +4259,7 @@ CVE-2023-42770 (Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated us
NOT-FOR-US: Red Lion
CVE-2023-40151 (When user authentication is not enabled the shell can execute commands ...)
NOT-FOR-US: Red Lion
-CVE-2023-6134
+CVE-2023-6134 (A flaw was found in Keycloak that prevents certain schemes in redirect ...)
NOT-FOR-US: Keycloak
CVE-2023-5764 (A template injection flaw was found in Ansible where a user's controll ...)
- ansible-core <unfixed> (bug #1057427)
@@ -55966,8 +56004,8 @@ CVE-2023-0250 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulne
NOT-FOR-US: Delta Electronics
CVE-2023-0249 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...)
NOT-FOR-US: Delta Electronics
-CVE-2023-0248
- RESERVED
+CVE-2023-0248 (An attacker with physical access to the Kantech Gen1 ioSmart card read ...)
+ TODO: check
CVE-2023-0247 (Uncontrolled Search Path Element in GitHub repository bits-and-blooms/ ...)
NOT-FOR-US: bits-and-blooms/bloom
CVE-2023-0246 (A vulnerability, which was classified as problematic, was found in ear ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78267e04259c65fbc01c32cc4711364b9285b336
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78267e04259c65fbc01c32cc4711364b9285b336
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231215/0e32de95/attachment.htm>
More information about the debian-security-tracker-commits
mailing list