[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 22 08:11:46 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
faa9b05d by security tracker role at 2023-12-22T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2023-7059 (A vulnerability was found in SourceCodester School Visitor Log e-Book ...)
+ TODO: check
+CVE-2023-7058 (A vulnerability was found in SourceCodester Simple Student Attendance ...)
+ TODO: check
+CVE-2023-7057 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-7056 (A vulnerability classified as problematic was found in code-projects F ...)
+ TODO: check
+CVE-2023-7055 (A vulnerability classified as problematic has been found in PHPGurukul ...)
+ TODO: check
+CVE-2023-7054 (A vulnerability was found in PHPGurukul Online Notes Sharing System 1. ...)
+ TODO: check
+CVE-2023-7053 (A vulnerability was found in PHPGurukul Online Notes Sharing System 1. ...)
+ TODO: check
+CVE-2023-7052 (A vulnerability was found in PHPGurukul Online Notes Sharing System 1. ...)
+ TODO: check
+CVE-2023-7051 (A vulnerability was found in PHPGurukul Online Notes Sharing System 1. ...)
+ TODO: check
+CVE-2023-7050 (A vulnerability has been found in PHPGurukul Online Notes Sharing Syst ...)
+ TODO: check
+CVE-2023-6847 (An improper authentication vulnerability was identified in GitHub Ente ...)
+ TODO: check
+CVE-2023-6804 (Improper privilege management allowed arbitrary workflows to be commit ...)
+ TODO: check
+CVE-2023-6803 (A race condition in GitHub Enterprise Server allows an outside collabo ...)
+ TODO: check
+CVE-2023-6802 (An insertion of sensitive information into the log file in the audit l ...)
+ TODO: check
+CVE-2023-6746 (An insertion of sensitive information into log file vulnerability was ...)
+ TODO: check
+CVE-2023-6690 (A race condition in GitHub Enterprise Server allowed an existing admin ...)
+ TODO: check
+CVE-2023-51713 (make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of- ...)
+ TODO: check
+CVE-2023-51708 (Bentley eB System Management Console applications within Assetwise Int ...)
+ TODO: check
+CVE-2023-51707 (MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows r ...)
+ TODO: check
+CVE-2023-51704 (An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1. ...)
+ TODO: check
+CVE-2023-51380 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
+ TODO: check
+CVE-2023-51379 (An incorrect authorization vulnerability was identified in GitHub Ente ...)
+ TODO: check
+CVE-2023-49690 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49689 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49688 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49687 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49686 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49685 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49684 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49683 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49682 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49681 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49680 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49679 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49678 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49677 (Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injectio ...)
+ TODO: check
+CVE-2023-49086 (Cacti is a robust performance and fault management framework and a fro ...)
+ TODO: check
+CVE-2023-49084 (Cacti is a robust performance and fault management framework and a fro ...)
+ TODO: check
+CVE-2023-48723 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
+ TODO: check
+CVE-2023-48722 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
+ TODO: check
+CVE-2023-48720 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
+ TODO: check
+CVE-2023-48719 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
+ TODO: check
+CVE-2023-48718 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
+ TODO: check
+CVE-2023-48717 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
+ TODO: check
+CVE-2023-48716 (Student Result Management System v1.0 is vulnerable to multiple Unauth ...)
+ TODO: check
+CVE-2023-48690 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-48689 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-48688 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-48687 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-48686 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-48685 (Railway Reservation System v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-48308 (Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain ...)
+ TODO: check
+CVE-2023-48298 (ClickHouse\xae is an open-source column-oriented database management s ...)
+ TODO: check
+CVE-2023-46649 (A race condition in GitHub Enterprise Server was identified that could ...)
+ TODO: check
+CVE-2023-46648 (An insufficient entropy vulnerability was identified in GitHub Enterpr ...)
+ TODO: check
+CVE-2023-46647 (Improper privilege management in all versions of GitHub Enterprise Ser ...)
+ TODO: check
+CVE-2023-46646 (Improper access control in all versions of GitHub Enterprise Server al ...)
+ TODO: check
+CVE-2023-46645 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ TODO: check
+CVE-2023-41097 (An Observable Timing Discrepancy, Covert Timing Channel vulnerability ...)
+ TODO: check
+CVE-2023-37520 (UnauthenticatedStored Cross-Site Scripting (XSS) vulnerability identif ...)
+ TODO: check
+CVE-2023-37519 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This ...)
+ TODO: check
CVE-2023-42465 [Targeted Corruption of Register and Stack Variables]
- sudo 1.9.15p2-2
NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/9
@@ -189,7 +311,7 @@ CVE-2023-7026 (A vulnerability was found in Lightxun IPTV Gateway up to 20231208
NOT-FOR-US: Lightxun IPTV Gateway
CVE-2023-7025 (A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0. ...)
NOT-FOR-US: KylinSoft hedron-domain-hook
-CVE-2023-7024
+CVE-2023-7024 (Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.12 ...)
{DSA-5585-1}
- chromium 120.0.6099.129-1
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -3851,7 +3973,7 @@ CVE-2023-39248 (Dell OS10 Networking Switches running 10.5.2.x and above contain
NOT-FOR-US: Dell
CVE-2023-37572 (Softing OPC Suite version 5.25 and before has Incorrect Access Control ...)
NOT-FOR-US: Softing OPC Suite
-CVE-2023-35690 (There is elevation of privilege.)
+CVE-2023-35690 (In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code ...)
NOT-FOR-US: Android
CVE-2023-35668 (In visitUris of Notification.java, there is a possible way to display ...)
NOT-FOR-US: Android
@@ -46203,8 +46325,8 @@ CVE-2023-27320 (Sudo before 1.9.13p2 has a double free in the per-command chroot
NOTE: https://www.openwall.com/lists/oss-security/2023/02/28/1
NOTE: https://www.sudo.ws/security/advisories/double_free/
NOTE: https://github.com/sudo-project/sudo/commit/87ce69246869d9b9d69be278e29e0fc6a3cabdb9
-CVE-2023-27319
- RESERVED
+CVE-2023-27319 (ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerabili ...)
+ TODO: check
CVE-2023-27318
RESERVED
CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a ...)
@@ -53967,8 +54089,8 @@ CVE-2023-24611
RESERVED
CVE-2023-24610 (NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrar ...)
NOT-FOR-US: NOSH
-CVE-2023-24609
- RESERVED
+CVE-2023-24609 (Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subt ...)
+ TODO: check
CVE-2023-24608
RESERVED
CVE-2023-0573
@@ -63765,8 +63887,8 @@ CVE-2022-47534
RESERVED
CVE-2022-47533
RESERVED
-CVE-2022-47532
- RESERVED
+CVE-2022-47532 (FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?m ...)
+ TODO: check
CVE-2022-47531 (An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versi ...)
NOT-FOR-US: Ericsson Evolved Packet Gateway (EPG)
CVE-2022-47530
@@ -73701,11 +73823,11 @@ CVE-2022-3857 (A flaw was found in libpng 1.6.38. A crafted PNG image can lead t
NOTE: https://sourceforge.net/p/libpng/bugs/300/
CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-21403 (There is elevation of privilege.)
+CVE-2023-21403 (In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary co ...)
NOT-FOR-US: Android
-CVE-2023-21402 (There is elevation of privilege.)
+CVE-2023-21402 (In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds r ...)
NOT-FOR-US: Android
-CVE-2023-21401 (There is elevation of privilege.)
+CVE-2023-21401 (In DevmemIntChangeSparse of devicemem_server.c, there is a possible ou ...)
NOT-FOR-US: Android
CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...)
{DSA-5480-1 DLA-3623-1}
@@ -73992,7 +74114,7 @@ CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://source.android.com/docs/security/bulletin/2023-08-01
NOTE: https://git.kernel.org/linus/09cce60bddd6461a93a5bf434265a47827d1bc6f
-CVE-2023-21263 (There is elevation of privilege.)
+CVE-2023-21263 (In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds wri ...)
NOT-FOR-US: Android
CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...)
NOT-FOR-US: Android
@@ -74065,9 +74187,9 @@ CVE-2023-21230 (In onAccessPointChanged of AccessPointPreference.java, there is
NOT-FOR-US: Android
CVE-2023-21229 (In registerServiceLocked of ManagedServices.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2023-21228 (There is elevation of privilege.)
+CVE-2023-21228 (In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possib ...)
NOT-FOR-US: Android
-CVE-2023-21227 (There is information disclosure.)
+CVE-2023-21227 (In HTBLogKM of htbserver.c, there is a possible information disclosure ...)
NOT-FOR-US: Android
CVE-2023-21226 (In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a poss ...)
NOT-FOR-US: Android
@@ -74085,13 +74207,13 @@ CVE-2023-21220 (there is a possible use of unencrypted transport over cellular n
NOT-FOR-US: Android
CVE-2023-21219 (there is a possible use of unencrypted transport over cellular network ...)
NOT-FOR-US: Android
-CVE-2023-21218 (There is elevation of privilege.)
+CVE-2023-21218 (In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possib ...)
NOT-FOR-US: Android
-CVE-2023-21217 (There is elevation of privilege.)
+CVE-2023-21217 (In PMRWritePMPageList of TBD, there is a possible out of bounds write ...)
NOT-FOR-US: Android
-CVE-2023-21216 (There is elevation of privilege.)
+CVE-2023-21216 (In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possib ...)
NOT-FOR-US: Android
-CVE-2023-21215 (There is elevation of privilege.)
+CVE-2023-21215 (In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possibl ...)
NOT-FOR-US: Android
CVE-2023-21214 (In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible ou ...)
NOT-FOR-US: Android
@@ -74189,15 +74311,15 @@ CVE-2023-21168 (In convertCbYCrY of ColorConverter.cpp, there is a possible out
NOT-FOR-US: Android
CVE-2023-21167 (In setProfileName of DevicePolicyManagerService.java, there is a possi ...)
NOT-FOR-US: Android
-CVE-2023-21166 (There is elevation of privilege.)
+CVE-2023-21166 (In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code ...)
NOT-FOR-US: Android
CVE-2023-21165
RESERVED
-CVE-2023-21164 (There is elevation of privilege.)
+CVE-2023-21164 (In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrar ...)
NOT-FOR-US: Android
-CVE-2023-21163 (There is elevation of privilege.)
+CVE-2023-21163 (In PMR_ReadBytes of pmr.c, there is a possible arbitrary code executio ...)
NOT-FOR-US: Android
-CVE-2023-21162 (There is elevation of privilege.)
+CVE-2023-21162 (In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary co ...)
NOT-FOR-US: Android
CVE-2023-21161 (In Parse of simdata.cpp, there is a possible out of bounds write due t ...)
NOT-FOR-US: Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faa9b05d59e81dd4dbe40e83fb95dbf094877232
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faa9b05d59e81dd4dbe40e83fb95dbf094877232
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/170ba76a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list