[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 23 20:11:49 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8213b5fe by security tracker role at 2023-11-23T20:11:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,54 @@
-CVE-2023-43123
+CVE-2023-6118 (: Path Traversal: '/../filedir' vulnerability in Neutron IP Camera all ...)
+	TODO: check
+CVE-2023-5972 (A null pointer dereference flaw was found in the nft_inner.c functiona ...)
+	TODO: check
+CVE-2023-4677 (Cron log backup files contain administrator session IDs. It is trivial ...)
+	TODO: check
+CVE-2023-4595 (An information exposure vulnerability has been found, the exploitation ...)
+	TODO: check
+CVE-2023-4594 (Stored XSS vulnerability. This vulnerability could allow an attacker t ...)
+	TODO: check
+CVE-2023-4593 (Path traversal vulnerability whose exploitation could allow an authent ...)
+	TODO: check
+CVE-2023-4406 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was character ...)
+	TODO: check
+CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible b ...)
+	TODO: check
+CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability in Pando ...)
+	TODO: check
+CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-41810 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-41808 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...)
+	TODO: check
+CVE-2023-41807 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...)
+	TODO: check
+CVE-2023-41806 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...)
+	TODO: check
+CVE-2023-41792 (Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all  ...)
+	TODO: check
+CVE-2023-41791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-41790 (Uncontrolled Search Path Element vulnerability in Pandora FMS on all a ...)
+	TODO: check
+CVE-2023-41789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2023-41788 (Unrestricted Upload of File with Dangerous Type vulnerability in Pando ...)
+	TODO: check
+CVE-2023-41787 (Uncontrolled Search Path Element vulnerability in Pandora FMS on all a ...)
+	TODO: check
+CVE-2023-41786 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2023-3631 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-3377 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-33202 (Bouncy Castle for Java before 1.73 contains a potential Denial of Serv ...)
+	TODO: check
+CVE-2023-43123 (On unix-like systems, the temporary directory is shared between all us ...)
 	NOT-FOR-US: Apache Storm
 CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG do ...)
 	NOT-FOR-US: dom-sanitizer
@@ -1748,6 +1798,7 @@ CVE-2023-22327 (Out-of-bounds write in firmware for some Intel(R) FPGA products
 CVE-2023-5528 (A security issue was discovered in Kubernetes where a user that can cr ...)
 	- kubernetes <not-affected> (Windows-specific)
 CVE-2023-23583 (Sequence of processor instructions leads to unexpected behavior for so ...)
+	{DSA-5563-1}
 	- intel-microcode 3.20231114.1 (bug #1055962)
 	[buster] - intel-microcode <postponed> (Wait for exposure in unstable)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
@@ -35551,10 +35602,10 @@ CVE-2023-28815
 	RESERVED
 CVE-2023-28814
 	RESERVED
-CVE-2023-28813
-	RESERVED
-CVE-2023-28812
-	RESERVED
+CVE-2023-28813 (An attacker could exploit a vulnerability by sending crafted messages  ...)
+	TODO: check
+CVE-2023-28812 (There is a buffer overflow vulnerability in a web browser plug-in coul ...)
+	TODO: check
 CVE-2023-28811 (There is a buffer overflow in the password recovery feature of Hikvisi ...)
 	NOT-FOR-US: hikvison
 CVE-2023-28810 (Some access control/intercom products have unauthorized modification o ...)
@@ -70909,10 +70960,10 @@ CVE-2022-44013 (An issue was discovered in Simmeth Lieferantenmanager before 5.6
 	NOT-FOR-US: Simmeth Lieferantenmanager
 CVE-2022-44012 (An issue was discovered in /DS/LM_API/api/SelectionService/InsertQuery ...)
 	NOT-FOR-US: Simmeth Lieferantenmanager
-CVE-2022-44011
-	RESERVED
-CVE-2022-44010
-	RESERVED
+CVE-2022-44011 (An issue was discovered in ClickHouse before 22.9.1.2603. An authentic ...)
+	TODO: check
+CVE-2022-44010 (An issue was discovered in ClickHouse before 22.9.1.2603. An attacker  ...)
+	TODO: check
 CVE-2022-44009 (Improper access control in Key-Value RBAC in StackStorm version 3.7.0  ...)
 	NOT-FOR-US: StackStorm
 CVE-2022-44008 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to impro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8213b5fe516b81853e91e5f830df7cc2117f6cea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8213b5fe516b81853e91e5f830df7cc2117f6cea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231123/73f4b950/attachment.htm>

More information about the debian-security-tracker-commits mailing list