[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 16 20:12:42 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0f335425 by security tracker role at 2023-11-16T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,191 @@
+CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API for ...)
+ TODO: check
+CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of serv ...)
+ TODO: check
+CVE-2023-6121 (An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsy ...)
+ TODO: check
+CVE-2023-6119 (An Improper Privilege Management vulnerability in Trellix GetSusp prio ...)
+ TODO: check
+CVE-2023-6038 (An attacker is able to read any file on the server hosting the H2O das ...)
+ TODO: check
+CVE-2023-6023 (An attacker can read any file on the filesystem on the server hosting ...)
+ TODO: check
+CVE-2023-6022 (An attacker is able to steal secrets and potentially gain remote code ...)
+ TODO: check
+CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file on the ...)
+ TODO: check
+CVE-2023-6019 (A command injection exists in Ray's cpu_profile URL parameter allowing ...)
+ TODO: check
+CVE-2023-6018 (An attacker can overwrite any file on the server hosting MLflow withou ...)
+ TODO: check
+CVE-2023-6017 (H2O included a reference to an S3 bucket that no longer existed allowi ...)
+ TODO: check
+CVE-2023-6016 (An attacker is able to gain remote code execution on a server hosting ...)
+ TODO: check
+CVE-2023-6015 (MLflow allowed arbitrary files to be PUT onto the server.)
+ TODO: check
+CVE-2023-6013 (H2O is vulnerable to stored XSS vulnerability which can lead to a Loca ...)
+ TODO: check
+CVE-2023-4771 (A Cross-Site scripting vulnerability has been found in CKSource CKEdit ...)
+ TODO: check
+CVE-2023-48134 (nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive I ...)
+ TODO: check
+CVE-2023-48056 (PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chai ...)
+ TODO: check
+CVE-2023-48055 (SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption ...)
+ TODO: check
+CVE-2023-48054 (Missing SSL certificate validation in localstack v2.3.2 allows attacke ...)
+ TODO: check
+CVE-2023-48053 (Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaini ...)
+ TODO: check
+CVE-2023-48052 (Missing SSL certificate validation in HTTPie v3.2.2 allows attackers t ...)
+ TODO: check
+CVE-2023-47514 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrence ...)
+ TODO: check
+CVE-2023-47512 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity ...)
+ TODO: check
+CVE-2023-47511 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO W ...)
+ TODO: check
+CVE-2023-47509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup ...)
+ TODO: check
+CVE-2023-47508 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta M ...)
+ TODO: check
+CVE-2023-47245 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...)
+ TODO: check
+CVE-2023-47242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47240 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47239 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-47060 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
+ TODO: check
+CVE-2023-47059 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
+ TODO: check
+CVE-2023-47058 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
+ TODO: check
+CVE-2023-47057 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
+ TODO: check
+CVE-2023-47056 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
+ TODO: check
+CVE-2023-47055 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...)
+ TODO: check
+CVE-2023-47054 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47053 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47052 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47051 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47050 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47049 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47048 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47047 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47046 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...)
+ TODO: check
+CVE-2023-47044 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47043 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47042 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47041 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47040 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-44372 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44371 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44367 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44366 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44365 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44361 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44360 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44359 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44358 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44357 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44356 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44348 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44347 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
+ TODO: check
+CVE-2023-44346 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
+ TODO: check
+CVE-2023-44345 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
+ TODO: check
+CVE-2023-44344 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
+ TODO: check
+CVE-2023-44343 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
+ TODO: check
+CVE-2023-44342 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
+ TODO: check
+CVE-2023-44341 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...)
+ TODO: check
+CVE-2023-44340 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44339 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44338 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44337 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44336 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...)
+ TODO: check
+CVE-2023-44335 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
+ TODO: check
+CVE-2023-44334 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
+ TODO: check
+CVE-2023-44333 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
+ TODO: check
+CVE-2023-44332 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
+ TODO: check
+CVE-2023-44331 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
+ TODO: check
+CVE-2023-44330 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...)
+ TODO: check
+CVE-2023-44329 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...)
+ TODO: check
+CVE-2023-44328 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...)
+ TODO: check
+CVE-2023-44327 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...)
+ TODO: check
+CVE-2023-44292 (Dell Repository Manager, 3.4.3 and prior, contains an Improper Access ...)
+ TODO: check
+CVE-2023-44282 (Dell Repository Manager, 3.4.3 and prior, contains an Improper Access ...)
+ TODO: check
+CVE-2023-39926 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Unde ...)
+ TODO: check
+CVE-2023-39259 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 c ...)
+ TODO: check
+CVE-2023-39246 (Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Sec ...)
+ TODO: check
+CVE-2023-36026 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
+CVE-2023-36008 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-34375 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SE ...)
+ TODO: check
+CVE-2023-32957 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazz ...)
+ TODO: check
+CVE-2023-32796 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommer ...)
+ TODO: check
+CVE-2023-32469 (Dell Precision Tower BIOS contains an Improper Input Validation vulner ...)
+ TODO: check
CVE-2023-6105 (An information disclosure vulnerability exists in multiple ManageEngin ...)
NOT-FOR-US: ManageEngine
CVE-2023-5381 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...)
@@ -2278,7 +2466,7 @@ CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as pr
NOT-FOR-US: PopojiCMS
CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core before 1. ...)
NOT-FOR-US: transmute-core
-CVE-2023-46595 (Net-NTLM leak in Fireflow A32.20 allows an attackerto obtain victim\u2 ...)
+CVE-2023-46595 (Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workf ...)
NOT-FOR-US: Fireflow
CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Com ...)
NOT-FOR-US: dmpop Mejiro
@@ -35051,8 +35239,8 @@ CVE-2023-28623 (Zulip is an open-source team collaboration tool with unique topi
NOT-FOR-US: Zulip
CVE-2023-28622 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Tri ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28621
- RESERVED
+CVE-2023-28621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28619
@@ -41843,8 +42031,8 @@ CVE-2023-26370 (Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earl
NOT-FOR-US: Adobe
CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and ...)
NOT-FOR-US: Adobe
-CVE-2023-26368
- RESERVED
+CVE-2023-26368 (Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are ...)
+ TODO: check
CVE-2023-26367 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...)
NOT-FOR-US: Adobe
CVE-2023-26366 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...)
@@ -42894,8 +43082,8 @@ CVE-2023-26032 (ZoneMinder is a free, open source Closed-circuit television soft
NOTE: Only supported for trusted users/behind auth
NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9
NOTE: https://github.com/ZoneMinder/zoneminder/commit/decf3e307bdadc0a96ffb151d19f4a4605a7cc71
-CVE-2023-26031
- RESERVED
+CVE-2023-26031 (Relative library resolution in linux container-executor binary in Apac ...)
+ TODO: check
CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
NOT-FOR-US: pixelfed
CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does not prop ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f335425cad4e5fd87ebdacd44b66761a952a71c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f335425cad4e5fd87ebdacd44b66761a952a71c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231116/c2b88af8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list