[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 26 08:11:51 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75cf9b25 by security tracker role at 2023-12-26T08:11:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,77 @@
-CVE-2023-51782 [net/rose: Fix Use-After-Free in rose_ioctl]
+CVE-2023-7111 (A vulnerability, which was classified as critical, was found in code-p ...)
+	TODO: check
+CVE-2023-7110 (A vulnerability, which was classified as critical, has been found in c ...)
+	TODO: check
+CVE-2023-7109 (A vulnerability classified as critical was found in code-projects Libr ...)
+	TODO: check
+CVE-2023-7108 (A vulnerability classified as problematic has been found in code-proje ...)
+	TODO: check
+CVE-2023-7107 (A vulnerability was found in code-projects E-Commerce Website 1.0. It  ...)
+	TODO: check
+CVE-2023-7106 (A vulnerability was found in code-projects E-Commerce Website 1.0. It  ...)
+	TODO: check
+CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website 1.0. It  ...)
+	TODO: check
+CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie ...)
+	TODO: check
+CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to cause a ...)
+	TODO: check
+CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypa ...)
+	TODO: check
+CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer over-read  ...)
+	TODO: check
+CVE-2023-51654 (Improper link resolution before file access ('Link Following') issue e ...)
+	TODO: check
+CVE-2023-51363 (VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unau ...)
+	TODO: check
+CVE-2023-50658 (The jose2go component before 1.6.0 for Go allows attackers to cause a  ...)
+	TODO: check
+CVE-2023-50339 (Stored cross-site scripting vulnerability exists in the User Managemen ...)
+	TODO: check
+CVE-2023-50332 (Improper authorization vulnerability exists in the User Management (/a ...)
+	TODO: check
+CVE-2023-50297 (Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Ser ...)
+	TODO: check
+CVE-2023-50294 (The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 s ...)
+	TODO: check
+CVE-2023-50175 (Stored cross-site scripting vulnerability exists in the App Settings ( ...)
+	TODO: check
+CVE-2023-49807 (Stored cross-site scripting vulnerability when processing the MathJax  ...)
+	TODO: check
+CVE-2023-49779 (Stored cross-site scripting vulnerability exists in the anchor tag of  ...)
+	TODO: check
+CVE-2023-49598 (Stored cross-site scripting vulnerability exists in the event handlers ...)
+	TODO: check
+CVE-2023-49119 (Stored cross-site scripting vulnerability via the img tags exists in G ...)
+	TODO: check
+CVE-2023-49117 (PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-si ...)
+	TODO: check
+CVE-2023-47215 (Stored cross-site scripting vulnerability which is exploiting a behavi ...)
+	TODO: check
+CVE-2023-46711 (VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographi ...)
+	TODO: check
+CVE-2023-46699 (Cross-site request forgery (CSRF) vulnerability exists in the User set ...)
+	TODO: check
+CVE-2023-46681 (Improper neutralization of argument delimiters in a command ('Argument ...)
+	TODO: check
+CVE-2023-45741 (VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access ...)
+	TODO: check
+CVE-2023-45740 (Stored cross-site scripting vulnerability when processing profile imag ...)
+	TODO: check
+CVE-2023-45737 (Stored cross-site scripting vulnerability exists in the App Settings ( ...)
+	TODO: check
+CVE-2023-42436 (Stored cross-site scripting vulnerability exists in the presentation f ...)
+	TODO: check
+CVE-2023-51782 (An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl i ...)
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/810c38a369a0a0ce625b5c12169abce1dd9ccd53 (6.7-rc6)
-CVE-2023-51781 [appletalk: Fix Use-After-Free in atalk_ioctl]
+CVE-2023-51781 (An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl  ...)
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/189ff16722ee36ced4d2a2469d4ab65a8fee4198 (6.7-rc6)
-CVE-2023-51780 [atm: Fix Use-After-Free in do_vcc_ioctl]
+CVE-2023-51780 (An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl ...)
 	- linux 6.6.8-1
 	NOTE: https://git.kernel.org/linus/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 (6.7-rc6)
-CVE-2023-51779 [Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg]
+CVE-2023-51779 (bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel th ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/2e07e8348ea454615e268222ae3fc240421be768 (6.7-rc7)
 CVE-2023-49337 (Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via ...)
@@ -1289,7 +1353,7 @@ CVE-2023-5348 (The Product Catalog Mode For WooCommerce WordPress plugin before
 CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin before ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur if a us ...)
-	{DSA-5586-1}
+	{DSA-5586-1 DLA-3694-1}
 	- openssh 1:9.6p1-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
 	NOTE: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1)
@@ -1368,7 +1432,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
 	NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
-	{DSA-5588-1 DSA-5586-1}
+	{DSA-5588-1 DSA-5586-1 DLA-3694-1}
 	- dropbear <unfixed> (bug #1059001)
 	- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
 	[bookworm] - erlang <no-dsa> (Minor issue)
@@ -6826,7 +6890,7 @@ CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version
 	- opennds <unfixed> (bug #1059451)
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
 	NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
-CVE-2023-38321
+CVE-2023-38321 (OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other p ...)
 	- opennds <unfixed>
 	NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
 CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
@@ -42480,8 +42544,8 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1
 	NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages
 	NOTE: making an empty dependency package only thus considered fixed exceptionally in
 	NOTE: that version.
-CVE-2023-28616
-	RESERVED
+CVE-2023-28616 (An issue was discovered in Stormshield Network Security (SNS) before 4 ...)
+	TODO: check
 CVE-2023-28615
 	RESERVED
 CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injectio ...)
@@ -47250,8 +47314,8 @@ CVE-2023-27152 (DECISO OPNsense 23.1 does not impose rate limits for authenticat
 	NOT-FOR-US: DECISO OPNsense
 CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection vulnerabilit ...)
 	NOT-FOR-US: openCRX
-CVE-2023-27150
-	RESERVED
+CVE-2023-27150 (openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) v ...)
+	TODO: check
 CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...)
 	NOT-FOR-US: Enhancesoft osTicket
 CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin panel i ...)
@@ -160169,6 +160233,7 @@ CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was i
 CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During  ...)
 	NOT-FOR-US: btcpayserver
 CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...)
+	{DLA-3694-1}
 	- openssh 1:8.7p1-1 (bug #995130)
 	[bullseye] - openssh 1:8.4p1-5+deb11u3
 	[stretch] - openssh <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75cf9b25c2b47f3a5689cc9c0f87cd309e551a6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75cf9b25c2b47f3a5689cc9c0f87cd309e551a6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231226/620596ed/attachment.htm>


More information about the debian-security-tracker-commits mailing list