[Git][security-tracker-team/security-tracker][master] automatic update

Tue Nov 21 08:12:05 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3459fa64 by security tracker role at 2023-11-21T08:11:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,54 @@
+CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the server. ...)
+	TODO: check
+CVE-2023-6178 (An arbitrary file write vulnerability exists where an authenticated at ...)
+	TODO: check
+CVE-2023-6144 (Dev blog v1.0 allows to exploit an account takeover through the "user" ...)
+	TODO: check
+CVE-2023-6142 (Dev blog v1.0 allows to exploit an XSS through an unrestricted file up ...)
+	TODO: check
+CVE-2023-6062 (An arbitrary file write vulnerability exists where an authenticated, r ...)
+	TODO: check
+CVE-2023-5553 (During internal Axis Security Development Model (ASDM) threat-modellin ...)
+	TODO: check
+CVE-2023-5275 (Improper Input Validation vulnerability in simulation function of GX W ...)
+	TODO: check
+CVE-2023-5274 (Improper Input Validation vulnerability in simulation function of GX W ...)
+	TODO: check
+CVE-2023-4424 (An malicious BLE device can cause buffer overflow by sending malformed ...)
+	TODO: check
+CVE-2023-4149 (A vulnerability in the web-based management allows an unauthenticated  ...)
+	TODO: check
+CVE-2023-48310 (TestingPlatform is a testing platform for Internet Security Standards. ...)
+	TODO: check
+CVE-2023-48192 (An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local att ...)
+	TODO: check
+CVE-2023-48176 (An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote at ...)
+	TODO: check
+CVE-2023-48051 (An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to dec ...)
+	TODO: check
+CVE-2023-47311 (An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcomma ...)
+	TODO: check
+CVE-2023-47172 (Certain WithSecure products allow Local Privilege Escalation. This aff ...)
+	TODO: check
+CVE-2023-46935 (eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lea ...)
+	TODO: check
+CVE-2023-46471 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...)
+	TODO: check
+CVE-2023-46470 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...)
+	TODO: check
+CVE-2023-45886 (The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote ...)
+	TODO: check
+CVE-2023-42770 (Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users en ...)
+	TODO: check
+CVE-2023-40151 (When user authentication is not enabled the shell can execute commands ...)
+	TODO: check
 CVE-2023-6134
 	NOT-FOR-US: Keycloak
 CVE-2023-5764
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247629
 	TODO: check with Red Hat for details
 CVE-2023-41913
+	{DSA-5560-1}
 	- strongswan <unfixed>
 	NOTE: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html
 	NOTE: Patches: https://download.strongswan.org/security/CVE-2023-41913/
@@ -1286,7 +1331,7 @@ CVE-2023-6034
 	REJECTED
 CVE-2023-6010
 	REJECTED
-CVE-2023-6006 (This vulnerability allows local attackers to escalate privileges on af ...)
+CVE-2023-6006 (This vulnerability potentially allows local attackers to escalate priv ...)
 	NOT-FOR-US: PaperCut NG
 CVE-2023-5977
 	REJECTED
@@ -3697,6 +3742,7 @@ CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when proces
 	[buster] - memcached <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22)
 CVE-2023-46604 (The Java OpenWire protocol marshaller is vulnerable to Remote Code  Ex ...)
+	{DLA-3657-1}
 	- activemq 5.17.6+dfsg-1 (bug #1054909)
 	NOTE: https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
 	NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5
@@ -5864,6 +5910,7 @@ CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-D
 CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...)
 	NOT-FOR-US: Devolutions Server
 CVE-2023-5561 (WordPress does not properly restrict which user fields are searchable  ...)
+	{DLA-3658-1}
 	- wordpress 6.3.2+dfsg1-1
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
 	NOTE: https://core.trac.wordpress.org/changeset/56840/
@@ -6303,6 +6350,7 @@ CVE-2023-41680 (A improper neutralization of input during web page generation ('
 CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspe ...)
 	NOT-FOR-US: OVM
 CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in WordPres ...)
+	{DLA-3658-1}
 	- wordpress 6.3.2+dfsg1-1
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/
 	NOTE: https://core.trac.wordpress.org/changeset/56843/
@@ -67459,12 +67507,12 @@ CVE-2022-3863 (Use after free in Browser History in Google Chrome prior to 100.0
 	{DSA-5114-1}
 	- chromium 100.0.4896.75-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-21418
-	RESERVED
-CVE-2023-21417
-	RESERVED
-CVE-2023-21416
-	RESERVED
+CVE-2023-21418 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
+	TODO: check
+CVE-2023-21417 (Sandro Poppi, member of the AXIS OS Bug Bounty Program,  has found tha ...)
+	TODO: check
+CVE-2023-21416 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
+	TODO: check
 CVE-2023-21415 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...)
 	NOT-FOR-US: AXIS OS
 CVE-2023-21414 (NCC Group has found a flaw during the annual internal penetration test ...)
@@ -193236,7 +193284,7 @@ CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.tem
 CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...)
 	NOT-FOR-US: Apache ActiveMQ Artemis
 CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...)
-	{DLA-2583-1}
+	{DLA-3657-1 DLA-2583-1}
 	- activemq 5.16.1-1 (bug #982590)
 	NOTE: https://issues.apache.org/jira/browse/AMQ-8035
 	NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6
@@ -220438,7 +220486,7 @@ CVE-2020-27793 (An off-by-one overflow flaw was found in radare2 due to mismatch
 	- radare2 5.0.0+dfsg-1
 	NOTE: https://github.com/radareorg/radare2/commit/ced0223c7a1b3b5344af315715cd28fe7c0d9ebc (4.4.0)
 	NOTE: https://github.com/radareorg/radare2/issues/16304
-CVE-2020-27792 (A heap-based buffer over write vulnerability was found in GhostScript' ...)
+CVE-2020-27792 (A heap-based buffer overwrite vulnerability was found in GhostScript's ...)
 	{DLA-3096-1}
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701844
@@ -253470,7 +253518,7 @@ CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an or
 CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...)
 	NOT-FOR-US: Apache SkyWalking
 CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...)
-	{DLA-2400-1}
+	{DLA-3657-1 DLA-2400-1}
 	- activemq 5.16.0-1
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
 	NOTE: When fixing this issue make sure to use a complete fix and not open up



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3459fa6426a5937913bbdd2406c52479b4631fae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3459fa6426a5937913bbdd2406c52479b4631fae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231121/faf26883/attachment.htm>
