[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 3 08:12:21 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d7d3cf93 by security tracker role at 2023-11-03T08:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-5948 (Improper Authorization in GitHub repository teamamaze/amazefileutiliti ...)
+ TODO: check
+CVE-2023-5763 (In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower t ...)
+ TODO: check
+CVE-2023-46958 (An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrar ...)
+ TODO: check
+CVE-2023-46954 (SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1 ...)
+ TODO: check
+CVE-2023-46817 (An issue was discovered in phpFox before 4.8.14. The url request param ...)
+ TODO: check
+CVE-2023-46517
+ REJECTED
+CVE-2023-46352 (In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook ...)
+ TODO: check
+CVE-2023-46176 (IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated ...)
+ TODO: check
+CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a Denial of Ser ...)
+ TODO: check
+CVE-2023-43982 (Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovere ...)
+ TODO: check
+CVE-2023-43194 (Submitty before v22.06.00 is vulnerable to Incorrect Access Control. A ...)
+ TODO: check
+CVE-2023-43018 (IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operatio ...)
+ TODO: check
+CVE-2023-42299 (Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a ...)
+ TODO: check
+CVE-2023-42029 (IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi ...)
+ TODO: check
+CVE-2023-42027 (IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi ...)
+ TODO: check
+CVE-2023-41357 (Galaxy Software Services Corporation Vitals ESP is an online knowledge ...)
+ TODO: check
+CVE-2023-41356 (NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function ...)
+ TODO: check
+CVE-2023-41355 (Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability ...)
+ TODO: check
+CVE-2023-41354 (Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP ...)
+ TODO: check
+CVE-2023-41353 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password r ...)
+ TODO: check
+CVE-2023-41352 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient fi ...)
+ TODO: check
+CVE-2023-41351 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication ...)
+ TODO: check
+CVE-2023-41350 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient me ...)
+ TODO: check
+CVE-2023-41348 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...)
+ TODO: check
+CVE-2023-41347 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...)
+ TODO: check
+CVE-2023-41346 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...)
+ TODO: check
+CVE-2023-41345 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...)
+ TODO: check
+CVE-2023-41344 (NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function ...)
+ TODO: check
+CVE-2023-41343 (Rogic No-Code Database Builder's file uploading function has insuffici ...)
+ TODO: check
+CVE-2023-39284 (An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with k ...)
+ TODO: check
+CVE-2023-39283 (An SMM memory corruption vulnerability in the SMM driver (SMRAM write) ...)
+ TODO: check
+CVE-2023-39057 (An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to ...)
+ TODO: check
+CVE-2023-39054 (An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to ...)
+ TODO: check
+CVE-2023-39053 (An information leak in Hattoriya v13.6.1 allows attackers to obtain th ...)
+ TODO: check
+CVE-2023-39051 (An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 ...)
+ TODO: check
+CVE-2023-39050 (An information leak in Daiky-value.Fukueten v13.6.1 allows attackers t ...)
+ TODO: check
+CVE-2023-39048 (An information leak in Tokudaya.honten v13.6.1 allows attackers to obt ...)
+ TODO: check
+CVE-2023-39047 (An information leak in shouzu sweets oz v13.6.1 allows attackers to ob ...)
+ TODO: check
+CVE-2023-39042 (An information leak in Gyouza-newhushimi v13.6.1 allows attackers to o ...)
+ TODO: check
+CVE-2023-38965 (Lost and Found Information System 1.0 allows account takeover via user ...)
+ TODO: check
+CVE-2023-36621 (An issue was discovered in the Boomerang Parental Control application ...)
+ TODO: check
+CVE-2023-36620 (An issue was discovered in the Boomerang Parental Control application ...)
+ TODO: check
+CVE-2023-36034 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36029 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36022 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-35896 (IBM Content Navigator 3.0.13 is vulnerable to server-side request forg ...)
+ TODO: check
+CVE-2023-34261 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identi ...)
+ TODO: check
+CVE-2023-34260 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a deni ...)
+ TODO: check
+CVE-2023-34259 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmde ...)
+ TODO: check
+CVE-2023-31579 (Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cry ...)
+ TODO: check
CVE-2023-5930 (A vulnerability was found in Campcodes Simple Student Information Syst ...)
NOT-FOR-US: Campcodes Simple Student Information System
CVE-2023-5929 (A vulnerability was found in Campcodes Simple Student Information Syst ...)
@@ -159,6 +259,7 @@ CVE-2023-44025 (SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 an
CVE-2023-39281 (A stack buffer overflow vulnerability discovered in AsfSecureBootDxe i ...)
NOT-FOR-US: Insyde InsydeH2O
CVE-2023-5849 (Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allow ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5847 (Under certain conditions, a low privileged attacker could load a speci ...)
@@ -361,39 +462,51 @@ CVE-2023-2622 (Authenticated clients can read arbitrary files on the MAIN Comput
CVE-2023-2621 (The McFeeder server (distributed as part of SSW package), is susceptib ...)
NOT-FOR-US: Hitachi
CVE-2023-5859 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5858 (Inappropriate implementation in WebApp Provider in Google Chrome prior ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5857 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5856 (Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5855 (Use after free in Reading Mode in Google Chrome prior to 119.0.6045.10 ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5854 (Use after free in Profiles in Google Chrome prior to 119.0.6045.105 al ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5853 (Incorrect security UI in Downloads in Google Chrome prior to 119.0.604 ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5852 (Use after free in Printing in Google Chrome prior to 119.0.6045.105 al ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5851 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5850 (Incorrect security UI in Downloads in Google Chrome prior to 119.0.604 ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5482 (Insufficient data validation in USB in Google Chrome prior to 119.0.60 ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5480 (Inappropriate implementation in Payments in Google Chrome prior to 119 ...)
+ {DSA-5546-1}
- chromium 119.0.6045.105-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5873 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -1992,23 +2105,23 @@ CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper Validat
NOTE: https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3
NOTE: https://megamansec.github.io/Squid-Security-Audit/ssl-bufferunderread.html
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3
-CVE-2023-46848 [SQUID-2023:5 Denial of Service in FTP]
+CVE-2023-46848 (Squid is vulnerable to Denial of Service, where a remote attacker can ...)
- squid <unfixed> (bug #1055251)
[bullseye] - squid <not-affected> (Vulnerable code not present)
[buster] - squid <not-affected> (Vulnerable code not present)
- squid3 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
-CVE-2023-46847 [SQUID-2023:3 Denial of Service in HTTP Digest Authentication]
+CVE-2023-46847 (Squid is vulnerable to a Denial of Service, where a remote attacker c ...)
- squid <unfixed> (bug #1055250)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
NOTE: https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3
NOTE: https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
-CVE-2023-5824 [SQUID-2023:2 Multiple issues in HTTP response caching]
+CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP and HTTPS ...)
- squid <unfixed> (bug #1055249)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
-CVE-2023-46846 [SQUID-2023:1 Request/Response smuggling in HTTP/1.1 and ICAP]
+CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...)
- squid <unfixed> (bug #1054537)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
@@ -2588,12 +2701,12 @@ CVE-2023-35126 (An out-of-bounds write vulnerability exists within the parsers f
NOT-FOR-US: Ichitaro
CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream parsing fun ...)
NOT-FOR-US: Ichitaro
-CVE-2023-45024
+CVE-2023-45024 (Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information ...)
{DSA-5541-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5)
-CVE-2023-41260
+CVE-2023-41260 (Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 ...)
{DSA-5542-1 DSA-5541-1 DLA-3642-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
- request-tracker4 4.4.7+dfsg-1 (bug #1054516)
@@ -2601,7 +2714,7 @@ CVE-2023-41260
NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7
NOTE: https://github.com/bestpractical/rt/commit/33e9203bf2a61e20f8b8e682d57f55cb7a995967 (rt-4.4.7)
-CVE-2023-41259
+CVE-2023-41259 (Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 ...)
{DSA-5542-1 DSA-5541-1 DLA-3642-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
- request-tracker4 4.4.7+dfsg-1 (bug #1054516)
@@ -3348,7 +3461,7 @@ CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Thi
NOT-FOR-US: IBM
CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...)
NOT-FOR-US: IBM
-CVE-2023-41914
+CVE-2023-41914 (SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allow ...)
{DSA-5529-1}
- slurm-wlm 23.02.6-1
[bullseye] - slurm-wlm <postponed> (Very intrusive patch and upstream does not release patches for unsupported versions)
@@ -4382,7 +4495,7 @@ CVE-2023-34985 (A improper neutralization of special elements used in an os comm
NOT-FOR-US: Fortinet
CVE-2023-33301 (An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7 ...)
NOT-FOR-US: Fortinet
-CVE-2023-42670 [Samba AD DC Busy RPC multiple listener DoS]
+CVE-2023-42670 (A flaw was found in Samba. It is susceptible to a vulnerability where ...)
{DSA-5525-1}
- samba 2:4.19.1+dfsg-1
[bullseye] - samba <not-affected> (Vulnerable code not present)
@@ -4394,7 +4507,7 @@ CVE-2023-42669 ["rpcecho" development server allows Denial of Service via sleep(
[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
[buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
NOTE: https://www.samba.org/samba/security/CVE-2023-42669.html
-CVE-2023-4091 [SMB clients can truncate files with read-only permissions]
+CVE-2023-4091 (A vulnerability was discovered in Samba, where the flaw allows SMB cli ...)
{DSA-5525-1}
- samba 2:4.19.1+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-4091.html
@@ -4526,11 +4639,11 @@ CVE-2023-41365 (SAP Business One (B1i) - version 10.0, allows an authorized atta
NOT-FOR-US: SAP
CVE-2023-40310 (SAP PowerDesignerClient- version 16.7, does not sufficiently validate ...)
NOT-FOR-US: SAP
-CVE-2023-45360
+CVE-2023-45360 (An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1. ...)
{DSA-5520-1}
- mediawiki 1:1.39.5-1
NOTE: https://phabricator.wikimedia.org/T340221
-CVE-2023-45362
+CVE-2023-45362 (An issue was discovered in DifferenceEngine.php in MediaWiki before 1. ...)
{DSA-5520-1}
- mediawiki 1:1.39.5-1
NOTE: https://phabricator.wikimedia.org/T341529
@@ -5985,7 +6098,7 @@ CVE-2023-43740 (Online Book Store Project v1.0 is vulnerable to an Insecure File
NOT-FOR-US: Online Book Store Project
CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not validate t ...)
NOT-FOR-US: Online Book Store Project
-CVE-2023-43665 [Denial-of-service possibility in django.utils.text.Truncator]
+CVE-2023-43665 (In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, ...)
- python-django 3:4.2.6-1 (bug #1053475)
[bookworm] - python-django <postponed> (Minor issue, fix along in future update)
[bullseye] - python-django <postponed> (Minor issue, fix along in future update)
@@ -9588,7 +9701,7 @@ CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPress th ...)
NOT-FOR-US: WordPress theme
-CVE-2023-41164
+CVE-2023-41164 (In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, ...)
{DLA-3558-1}
- python-django 3:3.2.21-1 (bug #1051226)
[bookworm] - python-django <postponed> (Minor issue, fix along in future update)
@@ -25008,8 +25121,7 @@ CVE-2023-40481
[bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point release)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
-CVE-2023-31102
- RESERVED
+CVE-2023-31102 (7-Zip through 22.01 on Linux allows an integer underflow and code exec ...)
- 7zip 23.01+dfsg-1
[bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point release)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
@@ -33125,8 +33237,7 @@ CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate t
NOT-FOR-US: WordPress plugin
CVE-2023-1477 (Improper Authentication vulnerability in HYPR Keycloak Authenticator E ...)
NOT-FOR-US: HYPR Keycloak Authenticator Extension
-CVE-2023-1476
- RESERVED
+CVE-2023-1476 (A use-after-free flaw was found in the Linux kernel\u2019s mm/mremap m ...)
NOT-FOR-US: RedHat specific incomplete Linux kpatch incomplete fix for CVE-2022-41222
CVE-2023-1475 (A vulnerability, which was classified as critical, has been found in S ...)
NOT-FOR-US: SourceCodester Canteen Management System
@@ -35601,8 +35712,7 @@ CVE-2023-1195 (A use-after-free flaw was found in reconn_set_ipaddr_from_hostnam
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/153695d36ead0ccc4d0256953c751cabf673e621 (6.1-rc3)
-CVE-2023-1194
- RESERVED
+CVE-2023-1194 (An out-of-bounds (OOB) memory read flaw was found in parse_lease_state ...)
- linux 6.3.11-1
[bookworm] - linux 6.1.37-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -210731,7 +210841,7 @@ CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via a
NOT-FOR-US: Zyxel
CVE-2020-29298
RESERVED
-CVE-2020-29297 (Multiple SQL Injection vulnerabilies in tourist5 Online-food-ordering- ...)
+CVE-2020-29297 (Multiple SQL Injection vulnerabilities in tourist5 Online-food-orderin ...)
NOT-FOR-US: tourist5
CVE-2020-29296
RESERVED
@@ -214115,8 +214225,7 @@ CVE-2020-28409 (The server in Dundas BI through 8.0.0.1001 allows XSS via additi
NOT-FOR-US: Dundas BI
CVE-2020-28408 (The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML labe ...)
NOT-FOR-US: Dundas BI
-CVE-2020-28407
- RESERVED
+CVE-2020-28407 (In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be ...)
- swtpm <not-affected> (Fixed before initial upload to the archive)
CVE-2020-28406 (An improper authorization vulnerability exists in Star Practice Manage ...)
NOT-FOR-US: Star Practice Management Web
@@ -430400,8 +430509,7 @@ CVE-2017-7254
RESERVED
CVE-2017-7253 (Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: ...)
NOT-FOR-US: Dahua IP Camera devices
-CVE-2017-7252 [Incorrect bcrypt computation]
- RESERVED
+CVE-2017-7252 (bcrypt password hashing in Botan before 2.1.0 does not correctly handl ...)
- botan1.10 <not-affected> (Introduced in 1.11.0)
NOTE: Bug introduced in 1.11.0, fixed in 2.1.0.
CVE-2017-7251 (A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7d3cf931ae82787e2f716aa54466d953b54d277
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7d3cf931ae82787e2f716aa54466d953b54d277
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231103/44fadcbb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list