[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 17 20:13:06 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f42b07f3 by security tracker role at 2023-11-17T20:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-6188 (A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been r ...)
+ TODO: check
+CVE-2023-6179 (Honeywell ProWatch, 4.5, including all Service Pack versions, contain ...)
+ TODO: check
+CVE-2023-5445 (An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 ...)
+ TODO: check
+CVE-2023-5444 (A Cross Site Request Forgery vulnerability in ePolicy Orchestrator pri ...)
+ TODO: check
+CVE-2023-48185 (Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.29 ...)
+ TODO: check
+CVE-2023-48029 (Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with ...)
+ TODO: check
+CVE-2023-48025 (Liblisp through commit 4c65969 was discovered to contain a out-of-boun ...)
+ TODO: check
+CVE-2023-48024 (Liblisp through commit 4c65969 was discovered to contain a use-after-f ...)
+ TODO: check
+CVE-2023-47757 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2023-47073 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47072 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47071 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47070 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47069 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47068 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47067 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-47066 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...)
+ TODO: check
+CVE-2023-44355 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...)
+ TODO: check
+CVE-2023-44353 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...)
+ TODO: check
+CVE-2023-44352 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...)
+ TODO: check
+CVE-2023-44351 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...)
+ TODO: check
+CVE-2023-44350 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...)
+ TODO: check
+CVE-2023-44326 (Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of- ...)
+ TODO: check
+CVE-2023-44325 (Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-b ...)
+ TODO: check
+CVE-2023-44324 (Adobe FrameMaker versions 2022 and earlier are affected by an Improper ...)
+ TODO: check
CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any file on t ...)
NOT-FOR-US: Ray
CVE-2023-6014 (An attacker is able to arbitrarily create an account in MLflow bypassi ...)
@@ -22927,7 +22977,7 @@ CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to ca
NOT-FOR-US: flexjson
CVE-2023-34585
REJECTED
-CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.)
+CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution. This is r ...)
NOT-FOR-US: Langchain
CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...)
NOT-FOR-US: Microsoft
@@ -42184,8 +42234,8 @@ CVE-2023-26366 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and
NOT-FOR-US: Adobe
CVE-2023-26365
RESERVED
-CVE-2023-26364
- RESERVED
+CVE-2023-26364 (@adobe/css-tools version 4.3.0 and earlier are affected by an Improper ...)
+ TODO: check
CVE-2023-26363
RESERVED
CVE-2023-26362
@@ -42218,8 +42268,8 @@ CVE-2023-26349 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Us
NOT-FOR-US: Adobe
CVE-2023-26348 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
NOT-FOR-US: Adobe
-CVE-2023-26347
- RESERVED
+CVE-2023-26347 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...)
+ TODO: check
CVE-2023-26346 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
NOT-FOR-US: Adobe
CVE-2023-26345 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...)
@@ -57099,22 +57149,22 @@ CVE-2022-47577 (An issue was discovered in the endpoint protection agent in Zoho
NOT-FOR-US: Zoho
CVE-2022-4616 (The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to ...)
NOT-FOR-US: webserver in Delta DX-3021
-CVE-2023-22275
- RESERVED
-CVE-2023-22274
- RESERVED
-CVE-2023-22273
- RESERVED
-CVE-2023-22272
- RESERVED
+CVE-2023-22275 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2023-22274 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2023-22273 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...)
+ TODO: check
+CVE-2023-22272 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...)
+ TODO: check
CVE-2023-22271 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a W ...)
NOT-FOR-US: Adobe
CVE-2023-22270
RESERVED
CVE-2023-22269 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...)
NOT-FOR-US: Adobe
-CVE-2023-22268
- RESERVED
+CVE-2023-22268 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...)
+ TODO: check
CVE-2023-22267
RESERVED
CVE-2023-22266 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...)
@@ -77971,6 +78021,7 @@ CVE-2022-41879 (Parse Server is an open source backend that can be deployed to a
CVE-2022-41878 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Node parse-server
CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ {DLA-3654-1}
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h
@@ -84408,6 +84459,7 @@ CVE-2022-39348 (Twisted is an event-based framework for internet applications. S
NOTE: Introduced by: https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4
NOTE: Fixed by: https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b (twisted-22.10.0rc1)
CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ {DLA-3654-1}
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg
@@ -84497,11 +84549,13 @@ CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. A
[buster] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j
CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ {DLA-3654-1}
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh
NOTE: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76
CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...)
+ {DLA-3654-1}
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35
@@ -84512,6 +84566,7 @@ CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. A
[buster] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh
CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...)
+ {DLA-3654-1}
- freerdp2 2.9.0+dfsg1-1 (bug #1024511)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm
@@ -84600,12 +84655,14 @@ CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television soft
CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...)
- codeigniter <itp> (bug #471583)
CVE-2022-39283 (FreeRDP is a free remote desktop protocol library and clients. All Fre ...)
+ {DLA-3654-1}
- freerdp2 2.8.1+dfsg1-1 (bug #1021659)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
[buster] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh
NOTE: patch likely: https://github.com/FreeRDP/FreeRDP/commit/be793c3bb776c1bbda9156b427408d5a5eb00f70 (not confirmed by upstream)
CVE-2022-39282 (FreeRDP is a free remote desktop protocol library and clients. FreeRDP ...)
+ {DLA-3654-1}
- freerdp2 2.8.1+dfsg1-1 (bug #1021659)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
@@ -126057,6 +126114,7 @@ CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA (keyg
NOTE: https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw
NOTE: https://github.com/freifunk-gluon/ecdsautils/commit/1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 (v0.4.1)
CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...)
+ {DLA-3654-1}
- freerdp2 2.7.0+dfsg1-1
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
@@ -154241,6 +154299,7 @@ CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In 3.0.0
CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In versions pr ...)
NOT-FOR-US: Combodo iTop
CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+ {DLA-3654-1}
- freerdp2 2.4.1+dfsg1-1 (bug #1001062)
[bullseye] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
@@ -260933,10 +260992,10 @@ CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU archit
NOT-FOR-US: Microstrategy Web
CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...)
NOT-FOR-US: Technicolor devices
-CVE-2020-11448
- RESERVED
-CVE-2020-11447
- RESERVED
+CVE-2020-11448 (An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There ...)
+ TODO: check
+CVE-2020-11447 (An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remot ...)
+ TODO: check
CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows ...)
NOT-FOR-US: ESET
CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f42b07f3e5b5122da19c1fb8aadac62bfebfd491
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f42b07f3e5b5122da19c1fb8aadac62bfebfd491
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231117/1463c470/attachment.htm>
More information about the debian-security-tracker-commits
mailing list