[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Nov 5 20:12:32 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d3b1d9b by security tracker role at 2023-11-05T20:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-47260 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails ...)
+	TODO: check
+CVE-2023-47259 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile ...)
+	TODO: check
+CVE-2023-47258 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown  ...)
+	TODO: check
+CVE-2023-47249 (In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayTy ...)
+	TODO: check
+CVE-2023-46981 (SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote atta ...)
+	TODO: check
+CVE-2023-46964 (Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation  ...)
+	TODO: check
+CVE-2023-46963 (An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learni ...)
+	TODO: check
+CVE-2023-46382 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...)
+	TODO: check
+CVE-2023-46381 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...)
+	TODO: check
+CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...)
+	TODO: check
+CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL injection vulner ...)
+	TODO: check
 CVE-2023-XXXX [cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download]
 	- roundcube 1.6.5+dfsg-1 (bug #1055421)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a (1.6.5)
@@ -3196,6 +3218,7 @@ CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution S
 	NOTE: https://github.com/eProsima/Fast-DDS/pull/3824
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb
 CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	{DSA-5549-1}
 	- trafficserver 9.2.3+ds-1 (bug #1054427)
 	NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
 	NOTE: https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0 (8.1.9)
@@ -4647,7 +4670,7 @@ CVE-2023-3961 (A path traversal vulnerability was identified in Samba when proce
 	NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
 	NOTE: In scope for continued Samba support
 CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...)
-	{DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
+	{DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
 	- tomcat9 9.0.70-2
 	- tomcat10 10.1.14-1
 	- trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427)
@@ -13397,7 +13420,7 @@ CVE-2023-37856 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior
 CVE-2023-37855 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
 	NOT-FOR-US: PHOENIX
 CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software Foundation  ...)
-	{DLA-3595-1}
+	{DSA-5549-1 DLA-3595-1}
 	- trafficserver 9.2.2+ds-1 (bug #1043430)
 	NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
 CVE-2023-2905 (Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ...)
@@ -55260,7 +55283,7 @@ CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border Controller
 CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
 	NOT-FOR-US: Oracle
 CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of ...)
-	{DSA-5537-1 DLA-3636-1}
+	{DSA-5548-1 DSA-5537-1 DLA-3636-1}
 	- openjdk-8 8u392-ga-1
 	- openjdk-11 11.0.21+9-1
 	- openjdk-17 17.0.9+9-1
@@ -55388,6 +55411,7 @@ CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edi
 CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.32-1
 CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+	{DSA-5548-1}
 	- openjdk-17 17.0.9+9-1
 	- openjdk-21 21.0.1+12-1
 CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has  ...)
@@ -57253,7 +57277,7 @@ CVE-2022-47187 (There is a file upload XSS vulnerability in Generex CS141 below
 CVE-2022-47186 (There is an unrestricted upload of file vulnerability in Generex CS141 ...)
 	NOT-FOR-US: Generex CS141
 CVE-2022-47185 (Improper input validation vulnerability on the range header in Apache  ...)
-	{DLA-3595-1}
+	{DSA-5549-1 DLA-3595-1}
 	- trafficserver 9.2.2+ds-1 (bug #1043430)
 	NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
 	NOTE: https://github.com/apache/trafficserver/issues/9265



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d3b1d9b39f73642baef7422cd712551418220ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d3b1d9b39f73642baef7422cd712551418220ba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231105/a65619b3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list