[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 2 20:11:51 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
37a67cbf by security tracker role at 2023-11-02T20:11:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2023-5930 (A vulnerability was found in Campcodes Simple Student Information Syst ...)
+ TODO: check
+CVE-2023-5929 (A vulnerability was found in Campcodes Simple Student Information Syst ...)
+ TODO: check
+CVE-2023-5928 (A vulnerability was found in Campcodes Simple Student Information Syst ...)
+ TODO: check
+CVE-2023-5927 (A vulnerability has been found in Campcodes Simple Student Information ...)
+ TODO: check
+CVE-2023-5926 (A vulnerability, which was classified as critical, was found in Campco ...)
+ TODO: check
+CVE-2023-5925 (A vulnerability, which was classified as critical, has been found in C ...)
+ TODO: check
+CVE-2023-5924 (A vulnerability classified as critical was found in Campcodes Simple S ...)
+ TODO: check
+CVE-2023-5923 (A vulnerability classified as critical has been found in Campcodes Sim ...)
+ TODO: check
+CVE-2023-5920 (Mattermost Desktop for MacOS fails to utilize the secure keyboard inpu ...)
+ TODO: check
+CVE-2023-5919 (A vulnerability was found in SourceCodester Company Website CMS 1.0 an ...)
+ TODO: check
+CVE-2023-5918 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-5917 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-5916 (A vulnerability classified as critical has been found in Lissy93 Dashy ...)
+ TODO: check
+CVE-2023-5876 (Mattermost fails to properly validate a RegExp built off the server UR ...)
+ TODO: check
+CVE-2023-5875 (Mattermost Desktop fails to correctlyhandle permissions or prompt the ...)
+ TODO: check
+CVE-2023-5860 (The Icons Font Loader plugin for WordPress is vulnerable to arbitrary ...)
+ TODO: check
+CVE-2023-5846 (Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulne ...)
+ TODO: check
+CVE-2023-5606 (The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting ...)
+ TODO: check
+CVE-2023-5035 (A vulnerability has been identified in PT-G503 Series firmware version ...)
+ TODO: check
+CVE-2023-4217 (A vulnerability has been identified in PT-G503 Series versions prior t ...)
+ TODO: check
+CVE-2023-46925 (Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2023-46725 (FoodCoopShop is open source software for food coops and local shops. V ...)
+ TODO: check
+CVE-2023-46475 (A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 1 ...)
+ TODO: check
+CVE-2023-45347 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45346 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45345 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45344 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45343 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45342 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45341 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45340 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45339 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45338 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45337 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45336 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45335 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45334 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45333 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45332 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45331 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45330 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45329 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45328 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45327 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45326 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45325 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45324 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-45323 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...)
+ TODO: check
+CVE-2023-43336 (Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and ...)
+ TODO: check
+CVE-2023-43193 (Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). ...)
+ TODO: check
+CVE-2023-43087 (Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper hand ...)
+ TODO: check
+CVE-2023-43076 (Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-servi ...)
+ TODO: check
+CVE-2023-42802 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
CVE-2023-XXXX [VLC: OOW in MMS URL parsing]
- vlc 3.0.20-1
NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
@@ -4919,7 +5025,7 @@ CVE-2023-3430
NOTE: https://github.com/OpenImageIO/oiio/issues/3840
NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841
NOTE: https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0)
-CVE-2023-38473 [Reachable assertion in avahi_alternative_host_name]
+CVE-2023-38473 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
- avahi <unfixed> (bug #1054880)
[bookworm] - avahi <no-dsa> (Minor issue)
[bullseye] - avahi <no-dsa> (Minor issue)
@@ -4927,7 +5033,7 @@ CVE-2023-38473 [Reachable assertion in avahi_alternative_host_name]
NOTE: https://github.com/lathiat/avahi/issues/451
NOTE: https://github.com/lathiat/avahi/pull/486
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
-CVE-2023-38472 [Reachable assertion in avahi_rdata_parse]
+CVE-2023-38472 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
- avahi <unfixed> (bug #1054879)
[bookworm] - avahi <no-dsa> (Minor issue)
[bullseye] - avahi <no-dsa> (Minor issue)
@@ -4935,7 +5041,7 @@ CVE-2023-38472 [Reachable assertion in avahi_rdata_parse]
NOTE: https://github.com/lathiat/avahi/issues/452
NOTE: https://github.com/lathiat/avahi/pull/490
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
-CVE-2023-38471 [Reachable assertion in dbus_set_host_name]
+CVE-2023-38471 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
- avahi <unfixed> (bug #1054878)
[bookworm] - avahi <no-dsa> (Minor issue)
[bullseye] - avahi <no-dsa> (Minor issue)
@@ -4944,7 +5050,7 @@ CVE-2023-38471 [Reachable assertion in dbus_set_host_name]
NOTE: https://github.com/lathiat/avahi/pull/494
NOTE: https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
-CVE-2023-38470 [Reachable assertion in avahi_escape_label]
+CVE-2023-38470 (A vulnerability was found in Avahi. A reachable assertion exists in th ...)
- avahi <unfixed> (bug #1054877)
[bookworm] - avahi <no-dsa> (Minor issue)
[bullseye] - avahi <no-dsa> (Minor issue)
@@ -4953,7 +5059,7 @@ CVE-2023-38470 [Reachable assertion in avahi_escape_label]
NOTE: https://github.com/lathiat/avahi/pull/457
NOTE: https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c
NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4
-CVE-2023-38469 [Reachable assertion in avahi_dns_packet_append_record]
+CVE-2023-38469 (A vulnerability was found in Avahi, where a reachable assertion exists ...)
- avahi <unfixed> (bug #1054876)
[bookworm] - avahi <no-dsa> (Minor issue; can be mitigated by setting disable-user-service-publishing to yes)
[bullseye] - avahi <no-dsa> (Minor issue; can be mitigated by setting disable-user-service-publishing to yes)
@@ -7334,6 +7440,7 @@ CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software Vers
CVE-2023-40930 (Skyworth 3.0 OS is vulnerable to Directory Traversal.)
NOT-FOR-US: Skyworth
CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untr ...)
+ {DLA-3644-1}
- phppgadmin <unfixed> (bug #1053004)
NOTE: https://github.com/phppgadmin/phppgadmin/issues/174
NOTE: https://github.com/hestiacp/phppgadmin/pull/4
@@ -20708,7 +20815,7 @@ CVE-2023-2414 (The Online Booking & Scheduling Calendar for WordPress by vcita p
NOT-FOR-US: WordPress plugin
CVE-2023-2402 (The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPre ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-3164
+CVE-2023-3164 (A heap out-of-bounds read flaw was found in builtin.c in the gawk pack ...)
- tiff <unfixed> (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/542
NOTE: Crash in CLI tool, no security impact
@@ -25091,21 +25198,17 @@ CVE-2023-31029
RESERVED
CVE-2023-31028
RESERVED
-CVE-2023-31027
- RESERVED
+CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability that al ...)
NOT-FOR-US: NVIDIA
-CVE-2023-31026
- RESERVED
+CVE-2023-31026 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...)
NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
CVE-2023-31025
RESERVED
CVE-2023-31024
RESERVED
-CVE-2023-31023
- RESERVED
+CVE-2023-31023 (NVIDIA Display Driver for Windows contains a vulnerability where an at ...)
NOT-FOR-US: NVIDIA
-CVE-2023-31022
- RESERVED
+CVE-2023-31022 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1055136)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
@@ -25130,23 +25233,17 @@ CVE-2023-31022
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1055137)
[buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5491
-CVE-2023-31021
- RESERVED
+CVE-2023-31021 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...)
NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
-CVE-2023-31020
- RESERVED
+CVE-2023-31020 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
NOT-FOR-US: NVIDIA
-CVE-2023-31019
- RESERVED
+CVE-2023-31019 (NVIDIA GPU Display Driver for Windows contains a vulnerability in wksS ...)
NOT-FOR-US: NVIDIA
-CVE-2023-31018
- RESERVED
+CVE-2023-31018 (NVIDIA GPU Driver for Windows and Linux contains a vulnerability in th ...)
NOT-FOR-US: NVIDIA (vGPU not packaged in Debian)
-CVE-2023-31017
- RESERVED
+CVE-2023-31017 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...)
NOT-FOR-US: NVIDIA
-CVE-2023-31016
- RESERVED
+CVE-2023-31016 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...)
NOT-FOR-US: NVIDIA
CVE-2023-31015 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...)
NOT-FOR-US: NVIDIA DGX H100 BMC
@@ -31043,16 +31140,16 @@ CVE-2023-29049
RESERVED
CVE-2023-29048
RESERVED
-CVE-2023-29047
- RESERVED
-CVE-2023-29046
- RESERVED
-CVE-2023-29045
- RESERVED
-CVE-2023-29044
- RESERVED
-CVE-2023-29043
- RESERVED
+CVE-2023-29047 (Imageconverter API endpoints provided methods that were not sufficient ...)
+ TODO: check
+CVE-2023-29046 (Connections to external data sources, like e-mail autoconfiguration, w ...)
+ TODO: check
+CVE-2023-29045 (Documents operations, in this case "drawing", could be manipulated to ...)
+ TODO: check
+CVE-2023-29044 (Documents operations could be manipulated to contain invalid data type ...)
+ TODO: check
+CVE-2023-29043 (Presentations may contain references to images, which are user-control ...)
+ TODO: check
CVE-2023-29042
REJECTED
CVE-2023-29041
@@ -39216,16 +39313,16 @@ CVE-2023-26458 (An information disclosure vulnerability exists in SAP Landscape
NOT-FOR-US: SAP
CVE-2023-26457 (SAP Content Server - version 7.53, does not sufficiently encode user-c ...)
NOT-FOR-US: SAP
-CVE-2023-26456
- RESERVED
-CVE-2023-26455
- RESERVED
-CVE-2023-26454
- RESERVED
-CVE-2023-26453
- RESERVED
-CVE-2023-26452
- RESERVED
+CVE-2023-26456 (Users were able to set an arbitrary "product name" for OX Guard. The c ...)
+ TODO: check
+CVE-2023-26455 (RMI was not requiring authentication when calling ChronosRMIService:se ...)
+ TODO: check
+CVE-2023-26454 (Requests to fetch image metadata could be abused to include SQL querie ...)
+ TODO: check
+CVE-2023-26453 (Requests to cache an image could be abused to include SQL queries that ...)
+ TODO: check
+CVE-2023-26452 (Requests to cache an image and return its metadata could be abused to ...)
+ TODO: check
CVE-2023-26451 (Functions with insufficient randomness were used to generate authoriza ...)
NOT-FOR-US: OX App Suite
CVE-2023-26450 (The "OX Count" web service did not specify a media-type when processin ...)
@@ -44198,8 +44295,7 @@ CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not san
NOT-FOR-US: WordPress plugin
CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2. ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4900
- RESERVED
+CVE-2022-4900 (A vulnerability was found in PHP where setting the environment variabl ...)
- php8.2 <not-affected> (Fixed before initial upload)
- php7.4 <removed>
[bullseye] - php7.4 <postponed> (Minor issue, fix along in future update)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37a67cbfc26d4d36c07c9e796bb70ab264f28b90
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37a67cbfc26d4d36c07c9e796bb70ab264f28b90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231102/cd44f040/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list