[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 21 20:11:59 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cea084e2 by security tracker role at 2023-11-21T20:11:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2023-6235 (An uncontrolled search path element vulnerability has been found in th ...)
+ TODO: check
+CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs showed e ...)
+ TODO: check
+CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox 115.4, and Thunderb ...)
+ TODO: check
+CVE-2023-6211 (If an attacker needed a user to load an insecure http: page and knew t ...)
+ TODO: check
+CVE-2023-6210 (When an https: web page created a pop-up from a "javascript:" URL, tha ...)
+ TODO: check
+CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly parsed, and ...)
+ TODO: check
+CVE-2023-6208 (When using X11, text selected by the page using the Selection API was ...)
+ TODO: check
+CVE-2023-6207 (Ownership mismanagement led to a use-after-free in ReadableByteStreams ...)
+ TODO: check
+CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the length ...)
+ TODO: check
+CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had already ...)
+ TODO: check
+CVE-2023-6204 (On some systems\u2014depending on the graphics settings and drivers\u2 ...)
+ TODO: check
+CVE-2023-5776 (The Post Meta Data Manager plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...)
+ TODO: check
+CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities\xc2affecting 3DSwym ...)
+ TODO: check
+CVE-2023-5055 (Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.)
+ TODO: check
+CVE-2023-49061 (An attacker could have performed HTML template injection via Reader Mo ...)
+ TODO: check
+CVE-2023-49060 (An attacker could have accessed internal pages or data by ex-filtratin ...)
+ TODO: check
+CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version 1.14.0, d ...)
+ TODO: check
+CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote atta ...)
+ TODO: check
+CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software applicat ...)
+ TODO: check
+CVE-2023-46377
+ REJECTED
CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the server. ...)
NOT-FOR-US: bookstack
CVE-2023-6178 (An arbitrary file write vulnerability exists where an authenticated at ...)
@@ -88,7 +130,7 @@ CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in p
NOT-FOR-US: WooHoo Newspaper Magazine theme
CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4799 (The Magic Embeds WordPress plugin through 3.0.10 does not validate and ...)
+CVE-2023-4799 (The Magic Embeds WordPress plugin before 3.1.2 does not validate and e ...)
NOT-FOR-US: WordPress plugin
CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` applicati ...)
TODO: check
@@ -958,6 +1000,7 @@ CVE-2023-35080 (A vulnerability has been identified in the Ivanti Secure Access
CVE-2023-34060 (VMware Cloud Director Appliance contains an authentication bypass vuln ...)
NOT-FOR-US: VMware
CVE-2023-44444 [GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability]
+ {DLA-3659-1}
- gimp 2.10.36-1 (bug #1055984)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
@@ -974,6 +1017,7 @@ CVE-2023-44443 [GIMP PSP File Parsing Integer Overflow Remote Code Execution Vul
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10072 (restricted)
NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gimp/-/commit/bf66a07d207bc09f222e56c398760478a3a057fa (GIMP_2_10_22)
CVE-2023-44442 [GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
+ {DLA-3659-1}
- gimp 2.10.36-1 (bug #1055984)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1594/
NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities
@@ -35115,8 +35159,8 @@ CVE-2023-28804 (An Improper Verification of Cryptographic Signature vulnerabilit
NOT-FOR-US: Zscaler Client Connector
CVE-2023-28803 (An authentication bypass by spoofing of a device with a synthetic IP a ...)
NOT-FOR-US: Zscaler Client Connector
-CVE-2023-28802
- RESERVED
+CVE-2023-28802 (An Improper Validation of Integrity Check Value in Zscaler Client Conn ...)
+ TODO: check
CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...)
NOT-FOR-US: Zscaler
CVE-2023-28800 (When using local accounts for administration, the redirect url paramet ...)
@@ -54899,8 +54943,8 @@ CVE-2023-22523
RESERVED
CVE-2023-22522
RESERVED
-CVE-2023-22521
- RESERVED
+CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
+ TODO: check
CVE-2023-22520
RESERVED
CVE-2023-22519
@@ -54909,8 +54953,8 @@ CVE-2023-22518 (All versions of Confluence Data Center and Server are affected b
NOT-FOR-US: Atlassian
CVE-2023-22517
RESERVED
-CVE-2023-22516
- RESERVED
+CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
+ TODO: check
CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...)
NOT-FOR-US: Atlassian
CVE-2023-22514
@@ -71818,12 +71862,12 @@ CVE-2023-20276
RESERVED
CVE-2023-20275
RESERVED
-CVE-2023-20274
- RESERVED
+CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics PHP Agent ...)
+ TODO: check
CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
NOT-FOR-US: Cisco
-CVE-2023-20272
- RESERVED
+CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
CVE-2023-20271
RESERVED
CVE-2023-20270 (A vulnerability in the interaction between the Server Message Block (S ...)
@@ -71836,8 +71880,8 @@ CVE-2023-20267 (A vulnerability in the IP geolocation rules of Snort 3 could all
NOT-FOR-US: Cisco
CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified Communicat ...)
NOT-FOR-US: Cisco
-CVE-2023-20265
- RESERVED
+CVE-2023-20265 (A vulnerability in the web-based management interface of a small subse ...)
+ TODO: check
CVE-2023-20264 (A vulnerability in the implementation of Security Assertion Markup Lan ...)
NOT-FOR-US: Cisco
CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
@@ -71955,8 +71999,8 @@ CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated
NOT-FOR-US: Cisco
CVE-2023-20209 (A vulnerability in the web-based management interface of Cisco Express ...)
NOT-FOR-US: Cisco
-CVE-2023-20208
- RESERVED
+CVE-2023-20208 (A vulnerability in the web-based management interface of Cisco ISE cou ...)
+ TODO: check
CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...)
NOT-FOR-US: Cisco
CVE-2023-20206 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -111148,6 +111192,7 @@ CVE-2022-30069
CVE-2022-30068
RESERVED
CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a ...)
+ {DLA-3659-1}
- gimp 2.10.32-1 (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/8120
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/4f99f1fcfd892ead19831b5adcd38a99d71214b6 (master)
@@ -161606,8 +161651,8 @@ CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerab
NOT-FOR-US: Delta Electronics DIALink
CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
-CVE-2021-38405
- RESERVED
+CVE-2021-38405 (The Datalogics APDFL library used in affected products is vulnerable t ...)
+ TODO: check
CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
NOT-FOR-US: Delta Electronic
CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
@@ -189786,12 +189831,12 @@ CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component embedded
NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2021-27505 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized ...)
NOT-FOR-US: mySCADA myPRO
-CVE-2021-27504
- RESERVED
+CVE-2021-27504 (Texas Instruments devices running FREERTOS, malloc returns a valid po ...)
+ TODO: check
CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
NOT-FOR-US: Ypsomed
-CVE-2021-27502
- RESERVED
+CVE-2021-27502 (Texas Instruments TI-RTOS, when configured to use HeapMem heap(default ...)
+ TODO: check
CVE-2021-27501 (Philips Vue PACS versions 12.2.x.x and prior does not follow certain c ...)
NOT-FOR-US: Philips Vue PACS
CVE-2021-27500 (A specifically crafted packet sent by an attacker to EIPStackGroup OpE ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cea084e2636e5caf3b16d89eb56efda870dd8baf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cea084e2636e5caf3b16d89eb56efda870dd8baf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231121/9ec16f62/attachment.htm>
More information about the debian-security-tracker-commits
mailing list