[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 26 08:11:51 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
75cf9b25 by security tracker role at 2023-12-26T08:11:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,77 @@
-CVE-2023-51782 [net/rose: Fix Use-After-Free in rose_ioctl]
+CVE-2023-7111 (A vulnerability, which was classified as critical, was found in code-p ...)
+ TODO: check
+CVE-2023-7110 (A vulnerability, which was classified as critical, has been found in c ...)
+ TODO: check
+CVE-2023-7109 (A vulnerability classified as critical was found in code-projects Libr ...)
+ TODO: check
+CVE-2023-7108 (A vulnerability classified as problematic has been found in code-proje ...)
+ TODO: check
+CVE-2023-7107 (A vulnerability was found in code-projects E-Commerce Website 1.0. It ...)
+ TODO: check
+CVE-2023-7106 (A vulnerability was found in code-projects E-Commerce Website 1.0. It ...)
+ TODO: check
+CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website 1.0. It ...)
+ TODO: check
+CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie ...)
+ TODO: check
+CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to cause a ...)
+ TODO: check
+CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypa ...)
+ TODO: check
+CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer over-read ...)
+ TODO: check
+CVE-2023-51654 (Improper link resolution before file access ('Link Following') issue e ...)
+ TODO: check
+CVE-2023-51363 (VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unau ...)
+ TODO: check
+CVE-2023-50658 (The jose2go component before 1.6.0 for Go allows attackers to cause a ...)
+ TODO: check
+CVE-2023-50339 (Stored cross-site scripting vulnerability exists in the User Managemen ...)
+ TODO: check
+CVE-2023-50332 (Improper authorization vulnerability exists in the User Management (/a ...)
+ TODO: check
+CVE-2023-50297 (Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Ser ...)
+ TODO: check
+CVE-2023-50294 (The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 s ...)
+ TODO: check
+CVE-2023-50175 (Stored cross-site scripting vulnerability exists in the App Settings ( ...)
+ TODO: check
+CVE-2023-49807 (Stored cross-site scripting vulnerability when processing the MathJax ...)
+ TODO: check
+CVE-2023-49779 (Stored cross-site scripting vulnerability exists in the anchor tag of ...)
+ TODO: check
+CVE-2023-49598 (Stored cross-site scripting vulnerability exists in the event handlers ...)
+ TODO: check
+CVE-2023-49119 (Stored cross-site scripting vulnerability via the img tags exists in G ...)
+ TODO: check
+CVE-2023-49117 (PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-si ...)
+ TODO: check
+CVE-2023-47215 (Stored cross-site scripting vulnerability which is exploiting a behavi ...)
+ TODO: check
+CVE-2023-46711 (VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographi ...)
+ TODO: check
+CVE-2023-46699 (Cross-site request forgery (CSRF) vulnerability exists in the User set ...)
+ TODO: check
+CVE-2023-46681 (Improper neutralization of argument delimiters in a command ('Argument ...)
+ TODO: check
+CVE-2023-45741 (VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access ...)
+ TODO: check
+CVE-2023-45740 (Stored cross-site scripting vulnerability when processing profile imag ...)
+ TODO: check
+CVE-2023-45737 (Stored cross-site scripting vulnerability exists in the App Settings ( ...)
+ TODO: check
+CVE-2023-42436 (Stored cross-site scripting vulnerability exists in the presentation f ...)
+ TODO: check
+CVE-2023-51782 (An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl i ...)
- linux 6.6.8-1
NOTE: https://git.kernel.org/linus/810c38a369a0a0ce625b5c12169abce1dd9ccd53 (6.7-rc6)
-CVE-2023-51781 [appletalk: Fix Use-After-Free in atalk_ioctl]
+CVE-2023-51781 (An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl ...)
- linux 6.6.8-1
NOTE: https://git.kernel.org/linus/189ff16722ee36ced4d2a2469d4ab65a8fee4198 (6.7-rc6)
-CVE-2023-51780 [atm: Fix Use-After-Free in do_vcc_ioctl]
+CVE-2023-51780 (An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl ...)
- linux 6.6.8-1
NOTE: https://git.kernel.org/linus/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3 (6.7-rc6)
-CVE-2023-51779 [Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg]
+CVE-2023-51779 (bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel th ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/2e07e8348ea454615e268222ae3fc240421be768 (6.7-rc7)
CVE-2023-49337 (Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via ...)
@@ -1289,7 +1353,7 @@ CVE-2023-5348 (The Product Catalog Mode For WooCommerce WordPress plugin before
CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin before ...)
NOT-FOR-US: WordPress plugin
CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur if a us ...)
- {DSA-5586-1}
+ {DSA-5586-1 DLA-3694-1}
- openssh 1:9.6p1-1
NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
NOTE: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1)
@@ -1368,7 +1432,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
NOT-FOR-US: Bosch
CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
- {DSA-5588-1 DSA-5586-1}
+ {DSA-5588-1 DSA-5586-1 DLA-3694-1}
- dropbear <unfixed> (bug #1059001)
- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
[bookworm] - erlang <no-dsa> (Minor issue)
@@ -6826,7 +6890,7 @@ CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version
- opennds <unfixed> (bug #1059451)
NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
NOTE: https://github.com/openNDS/openNDS/commit/cd4004fc3cf79c0f2bc0ee98db30d225d0b79bc9 (v10.1.2)
-CVE-2023-38321
+CVE-2023-38321 (OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other p ...)
- opennds <unfixed>
NOTE: https://source.sierrawireless.com/-/media/support_downloads/security-bulletins/pdf/swi-psa-2023-006-r3.ashx
CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
@@ -42480,8 +42544,8 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1
NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages
NOTE: making an empty dependency package only thus considered fixed exceptionally in
NOTE: that version.
-CVE-2023-28616
- RESERVED
+CVE-2023-28616 (An issue was discovered in Stormshield Network Security (SNS) before 4 ...)
+ TODO: check
CVE-2023-28615
RESERVED
CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injectio ...)
@@ -47250,8 +47314,8 @@ CVE-2023-27152 (DECISO OPNsense 23.1 does not impose rate limits for authenticat
NOT-FOR-US: DECISO OPNsense
CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection vulnerabilit ...)
NOT-FOR-US: openCRX
-CVE-2023-27150
- RESERVED
+CVE-2023-27150 (openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) v ...)
+ TODO: check
CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...)
NOT-FOR-US: Enhancesoft osTicket
CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin panel i ...)
@@ -160169,6 +160233,7 @@ CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was i
CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During ...)
NOT-FOR-US: btcpayserver
CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...)
+ {DLA-3694-1}
- openssh 1:8.7p1-1 (bug #995130)
[bullseye] - openssh 1:8.4p1-5+deb11u3
[stretch] - openssh <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75cf9b25c2b47f3a5689cc9c0f87cd309e551a6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75cf9b25c2b47f3a5689cc9c0f87cd309e551a6d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231226/620596ed/attachment.htm>
More information about the debian-security-tracker-commits
mailing list