[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 8 20:11:51 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a0b3a4b by security tracker role at 2023-11-08T20:11:41+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...)
+ TODO: check
+CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain ...)
+ TODO: check
+CVE-2023-5941 (In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeB ...)
+ TODO: check
+CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext Fortify ScanC ...)
+ TODO: check
+CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (inpu ...)
+ TODO: check
+CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...)
+ TODO: check
+CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin for GP ...)
+ TODO: check
+CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestran ...)
+ TODO: check
+CVE-2023-47379 (Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Script ...)
+ TODO: check
+CVE-2023-47231 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47229 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...)
+ TODO: check
+CVE-2023-47227 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...)
+ TODO: check
+CVE-2023-47226 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...)
+ TODO: check
+CVE-2023-47223 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP M ...)
+ TODO: check
+CVE-2023-47190 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47181 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...)
+ TODO: check
+CVE-2023-47107 (PILOS is an open source front-end for BigBlueButton servers with a bui ...)
+ TODO: check
+CVE-2023-46774 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...)
+ TODO: check
+CVE-2023-46772 (Vulnerability of parameters being out of the value range in the QMI se ...)
+ TODO: check
+CVE-2023-46771 (Security vulnerability in the face unlock module. Successful exploitat ...)
+ TODO: check
+CVE-2023-46767 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
+ TODO: check
+CVE-2023-46766 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
+ TODO: check
+CVE-2023-46765 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...)
+ TODO: check
+CVE-2023-46764 (Unauthorized startup vulnerability of background apps. Successful expl ...)
+ TODO: check
+CVE-2023-46763 (Vulnerability of background app permission management in the framework ...)
+ TODO: check
+CVE-2023-46762 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
+ TODO: check
+CVE-2023-46761 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
+ TODO: check
+CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. Success ...)
+ TODO: check
+CVE-2023-46759 (Permission control vulnerability in the call module. Successful exploi ...)
+ TODO: check
+CVE-2023-46758 (The multi-screen interaction module has a vulnerability in permission ...)
+ TODO: check
+CVE-2023-46757 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...)
+ TODO: check
+CVE-2023-46756 (Permission control vulnerability in the window management module. Succ ...)
+ TODO: check
+CVE-2023-46755 (Vulnerability of input parameters being not strictly verified in the i ...)
+ TODO: check
+CVE-2023-46643 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZ ...)
+ TODO: check
+CVE-2023-46642 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahu ...)
+ TODO: check
+CVE-2023-46640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-46627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish A ...)
+ TODO: check
+CVE-2023-46626 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT ...)
+ TODO: check
+CVE-2023-46621 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Baj ...)
+ TODO: check
+CVE-2023-46613 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45849 (An arbitrary code execution which results in privilege escalation was ...)
+ TODO: check
+CVE-2023-45319 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...)
+ TODO: check
+CVE-2023-45140 (The Bastion provides authentication, authorization, traceability and a ...)
+ TODO: check
+CVE-2023-44098 (Vulnerability of missing encryption in the card management module. Suc ...)
+ TODO: check
+CVE-2023-3282 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...)
+ TODO: check
+CVE-2023-39913 (Deserialization of Untrusted Data, Improper Input Validation vulnerabi ...)
+ TODO: check
+CVE-2023-35767 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...)
+ TODO: check
+CVE-2023-32298 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Da ...)
+ TODO: check
+CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful exploita ...)
+ TODO: check
CVE-2023-47248
- apache-arrow <itp> (bug #970021)
CVE-2023-40114
@@ -132,7 +232,7 @@ CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-
[buster] - gpac <end-of-life> (EOL in buster LTS)
NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113
NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e
-CVE-2023-5996
+CVE-2023-5996 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 al ...)
- chromium 119.0.6045.123-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...)
@@ -3474,6 +3574,7 @@ CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup
NOTE: https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 (unstable)
NOTE: https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc (7.0.14)
CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino development. ...)
+ {DLA-3649-1}
NOT-FOR-US: Arduino Create Agent
CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino development. ...)
NOT-FOR-US: Arduino Create Agent
@@ -3841,7 +3942,7 @@ CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-D
NOTE: https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1
CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...)
NOT-FOR-US: Devolutions Server
-CVE-2023-5561 (The Popup Builder WordPress plugin through 4.1.15 does not sanitise an ...)
+CVE-2023-5561 (WordPress does not properly restrict which user fields are searchable ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as sending e-ma ...)
NOT-FOR-US: OTRS
@@ -10138,10 +10239,12 @@ CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vul
CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...)
NOT-FOR-US: IceWarp
CVE-2023-39516 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv
NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
CVE-2023-39515 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
@@ -10152,6 +10255,7 @@ CVE-2023-39514 (Cacti is an open source operational monitoring and fault managem
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e
CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
[bookworm] - cacti 1.2.24+ds1-1+deb12u1
[bullseye] - cacti <not-affected> (Vulnerable code not present)
@@ -10176,21 +10280,25 @@ CVE-2023-39366 (Cacti is an open source operational monitoring and fault managem
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009
CVE-2023-39365 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1499/
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1500/
NOTE: https://github.com/cacti/cacti/commit/f775c115e9d6e4b6a326eee682af8afebc43f20e
CVE-2023-39364 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x
NOTE: https://github.com/Cacti/cacti/commit/05bf9dd89d056c7de9591396d92b25ddf140c0da
CVE-2023-39362 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
NOTE: https://github.com/cacti/cacti/commit/cb9ab92f2580fc6cb9b64ce129655fb15e35d056
NOTE: https://github.com/Cacti/cacti/commit/ca5a66ceace19a565cae61b484064a06c7b0c3c1
CVE-2023-39361 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg
NOTE: https://github.com/cacti/cacti/commit/4246aee6310846d0e106bd05279e54fff3765822
@@ -10199,6 +10307,7 @@ CVE-2023-39360 (Cacti is an open source operational monitoring and fault managem
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4
NOTE: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2
CVE-2023-39359 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h
NOTE: https://github.com/cacti/cacti/commit/7459ff57abcd97ab8bc7a19de9e308ca62c17d38
@@ -10208,6 +10317,7 @@ CVE-2023-39358 (Cacti is an open source operational monitoring and fault managem
NOTE: https://github.com/cacti/cacti/commit/318c377180039b22970f1f6636aa586d3b84c44d
NOTE: https://github.com/cacti/cacti/commit/58a2df17c94fda1cdae74613153524ad1a6aae82
CVE-2023-39357 (Cacti is an open source operational monitoring and fault management fr ...)
+ {DSA-5550-1}
- cacti 1.2.25+ds1-1
NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg
NOTE: https://github.com/cacti/cacti/commit/21f6b5c9238b3e8c83f2c9295374d96eb104f21d
@@ -40782,8 +40892,8 @@ CVE-2023-26223
RESERVED
CVE-2023-26222
RESERVED
-CVE-2023-26221
- RESERVED
+CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire An ...)
+ TODO: check
CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analy ...)
NOT-FOR-US: TIBCO
CVE-2023-26219 (The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TI ...)
@@ -48355,7 +48465,8 @@ CVE-2023-23769
RESERVED
CVE-2023-23768
RESERVED
-CVE-2023-23767 (Incorrect Permission Assignment for Critical Resource in GitHub Enterp ...)
+CVE-2023-23767
+ REJECTED
NOT-FOR-US: Github Enterprise Server
CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: Github Enterprise Server
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a0b3a4bd50c3d33d56a03f3512d6a27f82879ec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a0b3a4bd50c3d33d56a03f3512d6a27f82879ec
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231108/08df00bd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list