[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 28 08:11:48 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1023a8b7 by security tracker role at 2023-12-28T08:11:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-7124 (A vulnerability, which was classified as problematic, was found in cod ...)
+ TODO: check
+CVE-2023-7123 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-6879 (Increasing the resolution of video frames, while performing a multi-th ...)
+ TODO: check
+CVE-2023-51084 (hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ...)
+ TODO: check
+CVE-2023-51080 (The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discover ...)
+ TODO: check
+CVE-2023-51079 (A TimeOut error exists in the ParseTools.subCompileExpression method i ...)
+ TODO: check
+CVE-2023-51075 (hutool-core v5.8.23 was discovered to contain an infinite loop in the ...)
+ TODO: check
+CVE-2023-51074 (json-path v2.8.0 was discovered to contain a stack overflow via the Cr ...)
+ TODO: check
+CVE-2023-51010 (An issue in the export component AdSdkH5Activity of com.sdjictec.qdmet ...)
+ TODO: check
+CVE-2023-51006 (An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 a ...)
+ TODO: check
+CVE-2023-50692 (File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to ...)
+ TODO: check
+CVE-2023-50445 (Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT ...)
+ TODO: check
+CVE-2023-50038 (There is an arbitrary file upload vulnerability in the background of t ...)
+ TODO: check
+CVE-2023-49469 (Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, ...)
+ TODO: check
+CVE-2023-49230 (An issue was discovered in Peplink Balance Two before 8.4.0. A missing ...)
+ TODO: check
+CVE-2023-49229 (An issue was discovered in Peplink Balance Two before 8.4.0. A missing ...)
+ TODO: check
+CVE-2023-49228 (An issue was discovered in Peplink Balance Two before 8.4.0. Console p ...)
+ TODO: check
+CVE-2023-49003 (An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker ...)
+ TODO: check
+CVE-2023-49002 (An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer ...)
+ TODO: check
+CVE-2023-49001 (An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker ...)
+ TODO: check
+CVE-2023-49000 (An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an att ...)
+ TODO: check
+CVE-2023-47883 (The com.altamirano.fabricio.tvbrowser TV browser application through 4 ...)
+ TODO: check
+CVE-2023-47882 (The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9 ...)
+ TODO: check
+CVE-2023-46989 (SQL Injection vulnerability in the Innovadeluxe Quick Order module for ...)
+ TODO: check
+CVE-2023-46919 (Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlo ...)
+ TODO: check
+CVE-2023-46918 (Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1- ...)
+ TODO: check
+CVE-2023-45702 (An HCL UrbanCode Deploy Agent installed as a Windows service in a non- ...)
+ TODO: check
+CVE-2023-45701 (HCL Launch could allow a remote attacker to obtain sensitive informati ...)
+ TODO: check
+CVE-2023-43955 (The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Androi ...)
+ TODO: check
+CVE-2023-43481 (An issue in Shenzhen TCL Browser TV Web BrowseHere (aka com.tcl.browse ...)
+ TODO: check
+CVE-2023-34829 (Incorrect access control in TP-Link Tapo before v3.1.315 allows attack ...)
+ TODO: check
CVE-2023-7116 (A vulnerability, which was classified as critical, has been found in W ...)
NOT-FOR-US: WeiYe-Jing datax-web
CVE-2023-6531
@@ -11616,6 +11678,7 @@ CVE-2023-5625 (A regression was introduced in the Red Hat build of python-eventl
- python-eventlet <not-affected> (Red Hat-specific regression)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2244717
CVE-2023-39333
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1054892)
[bullseye] - nodejs <not-affected> (Only affects 18.x and later)
[buster] - nodejs <not-affected> (Only affects 18.x and later)
@@ -12433,6 +12496,7 @@ CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow vulnerab
CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow vulnerability ...)
NOT-FOR-US: SonicOS
CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resource aga ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1054892)
[bullseye] - nodejs <not-affected> (Only affects 18.x and later)
[buster] - nodejs <not-affected> (Only affects 18.x and later)
@@ -22771,6 +22835,7 @@ CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might all
CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol might allow ...)
NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol
CVE-2023-32559 (A privilege escalation vulnerability exists in the experimental policy ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1050739)
[bullseye] - nodejs <ignored> (Only affects experimental policy manifests)
[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
@@ -22781,6 +22846,7 @@ CVE-2023-32558 (The use of the deprecated API `process.binding()` can bypass the
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558
CVE-2023-32006 (The use of `module.constructor.createRequire()` can bypass the policy ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1050739)
[bullseye] - nodejs <ignored> (Only affects experimental policy manifests)
[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
@@ -22797,6 +22863,7 @@ CVE-2023-32003 (`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsmkdtemp-and-fsmkdtempsync-are-missing-getvalidatedpath-checks-lowcve-2023-32003
CVE-2023-32002 (The use of `Module._load()` can bypass the policy mechanism and requir ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1050739)
[bullseye] - nodejs <ignored> (Only affects experimental policy manifests)
[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
@@ -36433,12 +36500,14 @@ CVE-2023-30592
CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attacker ...)
NOT-FOR-US: NodeBB
CVE-2023-30590 (The generateKeys() API function returned from crypto.createDiffieHellm ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
[bullseye] - nodejs <ignored> (Minor issue, only updates documentation to clarify an API)
[buster] - nodejs <postponed> (minor issue - Inconsistency Between Implementation and Documented Design)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#diffiehellman-do-not-generate-keys-after-setting-a-private-key-medium-cve-2023-30590
NOTE: Fixed by: https://github.com/nodejs/node/commit/1a5c9284ebce5cd71cf7a3c29759a748c373ac85 (v16.x)
CVE-2023-30589 (The llhttp parser in the http module in Node v20.2.0 does not strictly ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
[bullseye] - nodejs <no-dsa> (Minor issue, too intrusive to backport)
[buster] - nodejs <not-affected> (llhttp dependency/embedding introduced in 12.x)
@@ -36448,6 +36517,7 @@ CVE-2023-30589 (The llhttp parser in the http module in Node v20.2.0 does not st
NOTE: https://github.com/advisories/GHSA-cggh-pq45-6h9x
NOTE: Fixed by: https://github.com/nodejs/node/commit/e42ff4b0180f4e0f5712364dd6ea015559640152 (v16.x)
CVE-2023-30588 (When an invalid public key is used to create an x509 certificate using ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
[bullseye] - nodejs <not-affected> (Vulnerable code not present)
[buster] - nodejs <not-affected> (X509Certificate API introduced later)
@@ -36477,6 +36547,7 @@ CVE-2023-30582
- nodejs <not-affected> (Vulnerable code introduced in 20.x)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#fswatchfile-bypass-in-experimental-permission-model-medium-cve-2023-30582
CVE-2023-30581 (The use of __proto__ in process.mainModule.__proto__.require() can byp ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
[bullseye] - nodejs <ignored> (Only affects experimental policy manifests)
[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
@@ -56896,11 +56967,12 @@ CVE-2023-0408
CVE-2023-0407
RESERVED
CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. <19.6.1, <18 ...)
- {DSA-5395-1 DLA-3344-1}
+ {DSA-5589-1 DSA-5395-1 DLA-3344-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1031834)
NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920
NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1
CVE-2023-23919 (A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16 ...)
+ {DSA-5589-1}
- nodejs 18.13.0+dfsg1-1.1 (bug #1031834)
[bullseye] - nodejs <not-affected> (X509Certificate API introduced in v15.6.0)
[buster] - nodejs <not-affected> (X509Certificate API introduced in v15.6.0)
@@ -56908,6 +56980,7 @@ CVE-2023-23919 (A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.
NOTE: https://hackerone.com/reports/1808596
NOTE: https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029
CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14 ...)
+ {DSA-5589-1}
- nodejs 18.19.0+dfsg-2 (bug #1031834)
[bullseye] - nodejs <not-affected> (Permissions policy introduced in v16.x)
[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
@@ -151068,9 +151141,9 @@ CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43890 (Windows AppX Installer Spoofing Vulnerability)
+CVE-2021-43890 (<p>We have investigated reports of a spoofing vulnerability in AppX in ...)
NOT-FOR-US: Microsoft
-CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43888 (Microsoft Defender for IoT Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
@@ -151084,7 +151157,7 @@ CVE-2021-43884
RESERVED
CVE-2021-43883 (Windows Installer Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43881
RESERVED
@@ -151096,7 +151169,7 @@ CVE-2021-43878
RESERVED
CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability)
NOT-FOR-US: .NET core
-CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability.)
+CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -154898,7 +154971,7 @@ CVE-2021-43244 (Windows Kernel Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43243 (VP9 Video Extensions Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43241
RESERVED
@@ -154910,9 +154983,9 @@ CVE-2021-43238 (Windows Remote Access Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43237 (Windows Setup Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43234 (Windows Fax Service Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -154920,15 +154993,15 @@ CVE-2021-43233 (Remote Desktop Client Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43232 (Windows Event Tracing Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43228 (SymCrypt Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43226 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -154938,7 +155011,7 @@ CVE-2021-43224 (Windows Common Log File System Driver Information Disclosure Vul
NOT-FOR-US: Microsoft
CVE-2021-43223 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
NOT-FOR-US: Microsoft
-CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -154950,7 +155023,7 @@ CVE-2021-43218
RESERVED
CVE-2021-43217 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2021-43216 (Microsoft Local Security Authority Server (lsasrv) Information Disclos ...)
+CVE-2021-43216 (Microsoft Local Security Authority (LSA) Server Information Disclosure ...)
NOT-FOR-US: Microsoft
CVE-2021-43215 (iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Ex ...)
NOT-FOR-US: Microsoft
@@ -158560,7 +158633,7 @@ CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42321 (Microsoft Exchange Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42319 (Visual Studio Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -158570,19 +158643,19 @@ CVE-2021-42317
RESERVED
CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42312 (Microsoft Defender for IOT Elevation of Privilege Vulnerability)
+CVE-2021-42312 (Microsoft Defender for IoT Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
NOT-FOR-US: Microsoft
@@ -158612,7 +158685,7 @@ CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42295 (Visual Basic for Applications Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine Eleva ...)
NOT-FOR-US: Microsoft
@@ -160992,7 +161065,7 @@ CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique
NOT-FOR-US: Microsoft
CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...)
NOT-FOR-US: Microsoft
-CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-41364
RESERVED
@@ -161002,7 +161075,7 @@ CVE-2021-41362
RESERVED
CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-41359
RESERVED
@@ -163409,9 +163482,9 @@ CVE-2021-40455 (Windows Installer Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2021-40451
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1023a8b75256a37689dab41899990d0e58b22d86
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1023a8b75256a37689dab41899990d0e58b22d86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231228/5e5468ec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list