[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 19 20:13:08 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0fa853b6 by security tracker role at 2023-12-19T20:12:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,110 +1,202 @@
-CVE-2023-50762
+CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student Manage ...)
+ TODO: check
+CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon ...)
+ TODO: check
+CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's Perform ...)
+ TODO: check
+CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou Life a ...)
+ TODO: check
+CVE-2023-6730 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...)
+ TODO: check
+CVE-2023-6711 (Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 th ...)
+ TODO: check
+CVE-2023-6280 (An XXE (XML External Entity) vulnerability has been detected in 52Nort ...)
+ TODO: check
+CVE-2023-50376 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-50272 (A potential security vulnerability has been identified in HPE Integrat ...)
+ TODO: check
+CVE-2023-49706 (Defective request context handling in Self Service in LinOTP 3.x befor ...)
+ TODO: check
+CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer ve ...)
+ TODO: check
+CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version ...)
+ TODO: check
+CVE-2023-46804 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46803 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46266 (An attacker can send a specially crafted request which could lead to l ...)
+ TODO: check
+CVE-2023-46265 (An unauthenticated could abuse a XXE vulnerability in the Smart Device ...)
+ TODO: check
+CVE-2023-46264 (An unrestricted upload of file with dangerous type vulnerability exist ...)
+ TODO: check
+CVE-2023-46263 (An unrestricted upload of file with dangerous type vulnerability exist ...)
+ TODO: check
+CVE-2023-46262 (An unauthenticated attacked could send a specifically crafted web requ ...)
+ TODO: check
+CVE-2023-46261 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46260 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46259 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46258 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46257 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46225 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46224 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46223 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46222 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46221 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46220 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46217 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-46216 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-45105 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
+ TODO: check
+CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-44983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-43870 (When installing the Net2 software a root certificate is installed into ...)
+ TODO: check
+CVE-2023-43826 (Apache Guacamole 1.5.3 and older do not consistently ensure that value ...)
+ TODO: check
+CVE-2023-41727 (An attacker sending specially crafted data packets to the Mobile Devic ...)
+ TODO: check
+CVE-2023-41648 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
+ TODO: check
+CVE-2023-40602 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...)
+ TODO: check
+CVE-2023-38481 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+ TODO: check
+CVE-2023-38478 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+ TODO: check
+CVE-2023-37390 (Deserialization of Untrusted Data vulnerability in Themesflat Themesfl ...)
+ TODO: check
+CVE-2023-34382 (Deserialization of Untrusted Data vulnerability in weDevs Dokan \u2013 ...)
+ TODO: check
+CVE-2023-34027 (Deserialization of Untrusted Data vulnerability in Rajnish Arora Recen ...)
+ TODO: check
+CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4 and cla ...)
+ TODO: check
+CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally signed text ...)
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762
-CVE-2023-50761
+CVE-2023-50761 (The signature of a digitally signed S/MIME email message may optionall ...)
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
-CVE-2023-6862
+CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`. This iss ...)
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
-CVE-2023-6873
+CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs showed e ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873
-CVE-2023-6864
+CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
-CVE-2023-6863
+CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially undefined beha ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863
-CVE-2023-6872
+CVE-2023-6872 (Browser tab titles were being leaked by GNOME to system logs. This cou ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6872
-CVE-2023-6871
+CVE-2023-6871 (Under certain conditions, Firefox did not display a warning when a use ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6871
-CVE-2023-6870
+CVE-2023-6870 (Applications which spawn a Toast notification in a background thread m ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6870
-CVE-2023-6869
+CVE-2023-6869 (A `<dialog>` element could have been manipulated to paint content o ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6869
-CVE-2023-6868
+CVE-2023-6868 (In some instances, the user-agent would allow push requests which lack ...)
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
-CVE-2023-6861
+CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
-CVE-2023-6867
+CVE-2023-6867 (The timing of a button click causing a popup to disappear was approxim ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
-CVE-2023-6860
+CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860
-CVE-2023-6866
+CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling. This ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
-CVE-2023-6859
+CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
-CVE-2023-6858
+CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
-CVE-2023-6857
+CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
-CVE-2023-6865
+CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialized dat ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
-CVE-2023-6856
+CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856
-CVE-2023-6135
+CVE-2023-6135 (Multiple NSS NIST curves were susceptible to a side-channel attack kno ...)
- nss <unfixed>
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6135
-CVE-2023-49734
+CVE-2023-49734 (An authenticated Gamma user has the ability to create a dashboard and ...)
NOT-FOR-US: Apache Superset
-CVE-2023-49736
+CVE-2023-49736 (A where_in JINJA macro allows users to specify a quote, which combined ...)
NOT-FOR-US: Apache Superset
-CVE-2023-46104
+CVE-2023-46104 (Uncontrolled resource consumption can be triggered by authenticated at ...)
NOT-FOR-US: Apache Superset
CVE-2023-XXXX [RUSTSEC-2023-0074]
- rust-zerocopy <unfixed>
@@ -41222,8 +41314,8 @@ CVE-2023-1516 (RoboDK versions 5.5.3 and prior contain an insecure permission a
NOT-FOR-US: RoboDK
CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2023-1514
- RESERVED
+CVE-2023-1514 (A vulnerability exists in the component RTU500 Scripting interface. Wh ...)
+ TODO: check
CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
@@ -50021,8 +50113,8 @@ CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution
NOT-FOR-US: Ruckus Wireless Admin
CVE-2023-25716 (Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25715
- RESERVED
+CVE-2023-25715 (Missing Authorization vulnerability in GamiPress GamiPress \u2013 The ...)
+ TODO: check
CVE-2023-25714
RESERVED
CVE-2023-25713 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...)
@@ -206226,8 +206318,8 @@ CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version
NOT-FOR-US: fastify-static
CVE-2021-22963 (A redirect vulnerability in the fastify-static module version < 4.2.4 ...)
NOT-FOR-US: fastify-static
-CVE-2021-22962
- RESERVED
+CVE-2021-22962 (An attacker can send a specially crafted request which could lead to l ...)
+ TODO: check
CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...)
NOT-FOR-US: GlassWire
CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extens ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fa853b64001bc85083758cd69a09177a6ab2675
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fa853b64001bc85083758cd69a09177a6ab2675
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231219/0dbc27ab/attachment.htm>
More information about the debian-security-tracker-commits
mailing list