[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 19 20:13:08 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0fa853b6 by security tracker role at 2023-12-19T20:12:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,110 +1,202 @@
-CVE-2023-50762
+CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student Manage ...)
+	TODO: check
+CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon ...)
+	TODO: check
+CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's Perform ...)
+	TODO: check
+CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou Life a ...)
+	TODO: check
+CVE-2023-6730 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...)
+	TODO: check
+CVE-2023-6711 (Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 th ...)
+	TODO: check
+CVE-2023-6280 (An XXE (XML External Entity) vulnerability has been detected in 52Nort ...)
+	TODO: check
+CVE-2023-50376 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-50272 (A potential security vulnerability has been identified in HPE Integrat ...)
+	TODO: check
+CVE-2023-49706 (Defective request context handling in Self Service in LinOTP 3.x befor ...)
+	TODO: check
+CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer ve ...)
+	TODO: check
+CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version  ...)
+	TODO: check
+CVE-2023-46804 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46803 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46266 (An attacker can send a specially crafted request which could lead to l ...)
+	TODO: check
+CVE-2023-46265 (An unauthenticated could abuse a XXE vulnerability in the Smart Device ...)
+	TODO: check
+CVE-2023-46264 (An unrestricted upload of file with dangerous type vulnerability exist ...)
+	TODO: check
+CVE-2023-46263 (An unrestricted upload of file with dangerous type vulnerability exist ...)
+	TODO: check
+CVE-2023-46262 (An unauthenticated attacked could send a specifically crafted web requ ...)
+	TODO: check
+CVE-2023-46261 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46260 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46259 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46258 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46257 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46225 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46224 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46223 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46222 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46221 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46220 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46217 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-46216 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-45105 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
+	TODO: check
+CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2023-44983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2023-43870 (When installing the Net2 software a root certificate is installed into ...)
+	TODO: check
+CVE-2023-43826 (Apache Guacamole 1.5.3 and older do not consistently ensure that value ...)
+	TODO: check
+CVE-2023-41727 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+	TODO: check
+CVE-2023-41648 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
+	TODO: check
+CVE-2023-40602 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...)
+	TODO: check
+CVE-2023-38481 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+	TODO: check
+CVE-2023-38478 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+	TODO: check
+CVE-2023-37390 (Deserialization of Untrusted Data vulnerability in Themesflat Themesfl ...)
+	TODO: check
+CVE-2023-34382 (Deserialization of Untrusted Data vulnerability in weDevs Dokan \u2013 ...)
+	TODO: check
+CVE-2023-34027 (Deserialization of Untrusted Data vulnerability in Rajnish Arora Recen ...)
+	TODO: check
+CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4 and cla ...)
+	TODO: check
+CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally signed text ...)
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762
-CVE-2023-50761
+CVE-2023-50761 (The signature of a digitally signed S/MIME email message may optionall ...)
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
-CVE-2023-6862
+CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`.  This iss ...)
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
-CVE-2023-6873
+CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs showed e ...)
 	- firefox <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873
-CVE-2023-6864
+CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
-CVE-2023-6863
+CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially undefined beha ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863
-CVE-2023-6872
+CVE-2023-6872 (Browser tab titles were being leaked by GNOME to system logs. This cou ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6872
-CVE-2023-6871
+CVE-2023-6871 (Under certain conditions, Firefox did not display a warning when a use ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6871
-CVE-2023-6870
+CVE-2023-6870 (Applications which spawn a Toast notification in a background thread m ...)
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6870
-CVE-2023-6869
+CVE-2023-6869 (A `<dialog>` element could have been manipulated to paint content o ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6869
-CVE-2023-6868
+CVE-2023-6868 (In some instances, the user-agent would allow push requests which lack ...)
 	- firefox <not-affected> (Android-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
-CVE-2023-6861
+CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
-CVE-2023-6867
+CVE-2023-6867 (The timing of a button click causing a popup to disappear was approxim ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
-CVE-2023-6860
+CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860
-CVE-2023-6866
+CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling. This ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
-CVE-2023-6859
+CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
-CVE-2023-6858
+CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment`  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
-CVE-2023-6857
+CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
-CVE-2023-6865
+CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialized dat ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
-CVE-2023-6856
+CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856
-CVE-2023-6135
+CVE-2023-6135 (Multiple NSS NIST curves were susceptible to a side-channel attack kno ...)
 	- nss <unfixed>
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6135
-CVE-2023-49734
+CVE-2023-49734 (An authenticated Gamma user has the ability to create a dashboard and  ...)
 	NOT-FOR-US: Apache Superset
-CVE-2023-49736
+CVE-2023-49736 (A where_in JINJA macro allows users to specify a quote, which combined ...)
 	NOT-FOR-US: Apache Superset
-CVE-2023-46104
+CVE-2023-46104 (Uncontrolled resource consumption can be triggered by authenticated at ...)
 	NOT-FOR-US: Apache Superset
 CVE-2023-XXXX [RUSTSEC-2023-0074]
 	- rust-zerocopy <unfixed>
@@ -41222,8 +41314,8 @@ CVE-2023-1516 (RoboDK versions 5.5.3 and prior contain an insecure permission  a
 	NOT-FOR-US: RoboDK
 CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
 	NOT-FOR-US: pimcore
-CVE-2023-1514
-	RESERVED
+CVE-2023-1514 (A vulnerability exists in the component RTU500 Scripting interface. Wh ...)
+	TODO: check
 CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on  ...)
 	{DLA-3404-1 DLA-3403-1}
 	- linux 6.1.15-1
@@ -50021,8 +50113,8 @@ CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution
 	NOT-FOR-US: Ruckus Wireless Admin
 CVE-2023-25716 (Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25715
-	RESERVED
+CVE-2023-25715 (Missing Authorization vulnerability in GamiPress GamiPress \u2013 The  ...)
+	TODO: check
 CVE-2023-25714
 	RESERVED
 CVE-2023-25713 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...)
@@ -206226,8 +206318,8 @@ CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version
 	NOT-FOR-US: fastify-static
 CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2.4  ...)
 	NOT-FOR-US: fastify-static
-CVE-2021-22962
-	RESERVED
+CVE-2021-22962 (An attacker can send a specially crafted request which could lead to l ...)
+	TODO: check
 CVE-2021-22961 (A code injection vulnerability exists within the firewall software of  ...)
 	NOT-FOR-US: GlassWire
 CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extens ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fa853b64001bc85083758cd69a09177a6ab2675

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fa853b64001bc85083758cd69a09177a6ab2675
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/0dbc27ab/attachment.htm>


More information about the debian-security-tracker-commits mailing list