[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 16 08:12:21 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
819c6a77 by security tracker role at 2023-12-16T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2023-6849 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been  ...)
+	TODO: check
+CVE-2023-6848 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been  ...)
+	TODO: check
+CVE-2023-50728 (octokit/webhooks is a GitHub webhook events toolset for Node.js. Start ...)
+	TODO: check
+CVE-2023-50469 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discov ...)
+	TODO: check
+CVE-2023-50266 (Bazarr manages and downloads subtitles. In version 1.2.4, the proxy me ...)
+	TODO: check
+CVE-2023-50265 (Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swagg ...)
+	TODO: check
+CVE-2023-50264 (Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contain ...)
+	TODO: check
+CVE-2023-4020 (An unvalidated input in a library function responsible for communicati ...)
+	TODO: check
+CVE-2023-39340 (A vulnerability exists on all versions of Ivanti Connect Secure below  ...)
+	TODO: check
+CVE-2023-31813
+	REJECTED
 CVE-2023-6839 (Due to improper error handling, a REST API resource could expose a ser ...)
 	NOT-FOR-US: WSO2
 CVE-2023-6838 (Reflected XSS vulnerability can be exploited by tampering a request pa ...)
@@ -2329,6 +2349,7 @@ CVE-2023-48123 (An issue in Netgate pfSense Plus v.23.05.1 and before and pfSens
 CVE-2023-46773 (Permission management vulnerability in the PMS module. Successful expl ...)
 	NOT-FOR-US: Huawei
 CVE-2023-46751 (An issue was discovered in the function gdev_prn_open_printer_seekable ...)
+	{DSA-5578-1}
 	- ghostscript 10.02.1~dfsg-1
 	[bullseye] - ghostscript <not-affected> (Vulnerable code introduced later)
 	[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -42861,8 +42882,8 @@ CVE-2023-28024
 	RESERVED
 CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI Softwar ...)
 	NOT-FOR-US: HCL
-CVE-2023-28022
-	RESERVED
+CVE-2023-28022 (HCL Connections is vulnerable to an information disclosure vulnerabili ...)
+	TODO: check
 CVE-2023-28021 (The BigFix WebUI uses weak cipher suites.)
 	NOT-FOR-US: HCL
 CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows malicious use ...)
@@ -45049,8 +45070,8 @@ CVE-2023-27319
 	RESERVED
 CVE-2023-27318
 	RESERVED
-CVE-2023-27317
-	RESERVED
+CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a ...)
+	TODO: check
 CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a  vulnerabilit ...)
 	NOT-FOR-US: NetApp
 CVE-2023-27315 (SnapGathers versions prior to 4.9 are susceptible to a vulnerability   ...)
@@ -133132,8 +133153,8 @@ CVE-2022-24353 (This vulnerability allows network-adjacent attackers to execute
 	NOT-FOR-US: TP-Link
 CVE-2022-24352 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	NOT-FOR-US: TP-Link
-CVE-2022-24351
-	RESERVED
+CVE-2022-24351 (TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5. ...)
+	TODO: check
 CVE-2022-24350 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...)
 	NOT-FOR-US: Insyde
 CVE-2022-24349 (An authenticated user can create a link with reflected XSS payload for ...)
@@ -154033,14 +154054,14 @@ CVE-2021-42799
 	RESERVED
 CVE-2021-42798
 	RESERVED
-CVE-2021-42797
-	RESERVED
-CVE-2021-42796
-	RESERVED
+CVE-2021-42797 (Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Stud ...)
+	TODO: check
+CVE-2021-42796 (An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly In ...)
+	TODO: check
 CVE-2021-42795
 	RESERVED
-CVE-2021-42794
-	RESERVED
+CVE-2021-42794 (An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) v ...)
+	TODO: check
 CVE-2021-42793
 	REJECTED
 CVE-2021-42792
@@ -249269,12 +249290,12 @@ CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files, causi
 	NOTE: https://github.com/radareorg/radare2/issues/17431
 CVE-2020-17486
 	RESERVED
-CVE-2020-17485
-	RESERVED
-CVE-2020-17484
-	RESERVED
-CVE-2020-17483
-	RESERVED
+CVE-2020-17485 (A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker a ...)
+	TODO: check
+CVE-2020-17484 (An Open Redirection vulnerability exists in Uffizio's GPS Tracker all  ...)
+	TODO: check
+CVE-2020-17483 (An improper access control vulnerability exists in Uffizio's GPS Track ...)
+	TODO: check
 CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1  ...)
 	- pdns 4.3.1-1 (bug #970737)
 	[buster] - pdns 4.1.6-3+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819c6a77ba94854c3865643d22f7b14751521fab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819c6a77ba94854c3865643d22f7b14751521fab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231216/c7f7fdf5/attachment.htm>

More information about the debian-security-tracker-commits mailing list