[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 28 08:21:32 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
94a863e9 by security tracker role at 2023-11-28T08:21:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2024-0070
+ REJECTED
+CVE-2024-0069
+ REJECTED
+CVE-2023-6226 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+ TODO: check
+CVE-2023-6225 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+ TODO: check
+CVE-2023-6219 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2023-5960 (An improper privilege management vulnerability in the hotspot feature ...)
+ TODO: check
+CVE-2023-5885 (The discontinued FFS Colibri product allows a remote user to access fi ...)
+ TODO: check
+CVE-2023-5797 (An improper privilege management vulnerability in the debug CLI comman ...)
+ TODO: check
+CVE-2023-5773
+ REJECTED
+CVE-2023-5650 (An improper privilege management vulnerability in the ZySH of the Zyxe ...)
+ TODO: check
+CVE-2023-4667 (The web interface of the PAC Device allows the device administrator us ...)
+ TODO: check
+CVE-2023-4398 (An integer overflow vulnerability in the source code of the QuickSec I ...)
+ TODO: check
+CVE-2023-4397 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...)
+ TODO: check
+CVE-2023-4226 (Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo ...)
+ TODO: check
+CVE-2023-4225 (Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Cham ...)
+ TODO: check
+CVE-2023-4224 (Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chami ...)
+ TODO: check
+CVE-2023-4223 (Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Cham ...)
+ TODO: check
+CVE-2023-4222 (Command injection in `main/lp/openoffice_text_document.class.php` in C ...)
+ TODO: check
+CVE-2023-4221 (Command injection in `main/lp/openoffice_presentation.class.php` in Ch ...)
+ TODO: check
+CVE-2023-4220 (Unrestricted file upload in big file upload functionality in `/main/in ...)
+ TODO: check
+CVE-2023-49145 (Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Process ...)
+ TODO: check
+CVE-2023-49075 (The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBund ...)
+ TODO: check
+CVE-2023-49044 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...)
+ TODO: check
+CVE-2023-49030 (SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows ...)
+ TODO: check
+CVE-2023-48713 (Knative Serving builds on Kubernetes to support deploying and serving ...)
+ TODO: check
+CVE-2023-48188 (SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4 ...)
+ TODO: check
+CVE-2023-48034 (An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker ...)
+ TODO: check
+CVE-2023-48023 (Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor' ...)
+ TODO: check
+CVE-2023-48022 (Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbit ...)
+ TODO: check
+CVE-2023-47503 (An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to exec ...)
+ TODO: check
+CVE-2023-47437 (A vulnerability has been identified in Pachno 1.0.6 allowing an authen ...)
+ TODO: check
+CVE-2023-46480 (An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitr ...)
+ TODO: check
+CVE-2023-46355 (In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for P ...)
+ TODO: check
+CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" (updateprod ...)
+ TODO: check
+CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_ ...)
+ TODO: check
+CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via ...)
+ TODO: check
+CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to ...)
+ TODO: check
+CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf function in ...)
+ TODO: check
+CVE-2023-3545 (Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo ...)
+ TODO: check
+CVE-2023-3533 (Path traversal in file upload functionality in `/main/webservices/addi ...)
+ TODO: check
+CVE-2023-3368 (Command injection in `/main/webservices/additional_webservices.php` in ...)
+ TODO: check
+CVE-2023-37926 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...)
+ TODO: check
+CVE-2023-37925 (An improper privilege management vulnerability in the debug CLI comman ...)
+ TODO: check
+CVE-2023-35139 (A cross-site scripting (XSS) vulnerability in the CGI program of the Z ...)
+ TODO: check
+CVE-2023-35136 (An improper input validation vulnerability in the \u201cQuagga\u201d p ...)
+ TODO: check
+CVE-2023-34054 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...)
+ TODO: check
+CVE-2023-34053 (In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user ...)
+ TODO: check
+CVE-2023-32065 (OroCommerce is an open-source Business to Business Commerce applicatio ...)
+ TODO: check
+CVE-2023-32064 (OroCommerce package with customer portal and non authenticated visitor ...)
+ TODO: check
+CVE-2023-32063 (OroCalendarBundle enables a Calendar feature and related functionality ...)
+ TODO: check
+CVE-2023-32062 (OroPlatform is a package that assists system and user calendar managem ...)
+ TODO: check
CVE-2023-6329 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
NOT-FOR-US: Control iD iDSecure
CVE-2023-6287 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...)
@@ -7033,6 +7135,7 @@ CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachmen
CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...)
NOT-FOR-US: qdPM
CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...)
+ {DLA-3670-1}
- zlib 1:1.3.dfsg-2 (bug #1054290)
[bookworm] - zlib <ignored> (contrib/minizip not built and producing binary packages)
[bullseye] - zlib <ignored> (contrib/minizip not built and producing binary packages)
@@ -30411,8 +30514,7 @@ CVE-2023-30587
CVE-2023-30586 (A privilege escalation vulnerability exists in Node.js 20 that allowed ...)
- nodejs <not-affected> (Vulnerable code introduced in 20.x)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#openssl-engines-can-be-used-to-bypass-the-permission-model-medium-cve-2023-30586
-CVE-2023-30585
- RESERVED
+CVE-2023-30585 (A vulnerability has been identified in the Node.js (.msi version) inst ...)
- nodejs <not-affected> (Only affects installation process on Windows)
NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#privilege-escalation-via-malicious-registry-key-manipulation-during-nodejs-installer-repair-process-medium-cve-2023-30585
CVE-2023-30584
@@ -32576,8 +32678,8 @@ CVE-2023-29772 (A Cross-site scripting (XSS) vulnerability in the System Log/Gen
NOT-FOR-US: ASUS
CVE-2023-29771
RESERVED
-CVE-2023-29770
- RESERVED
+CVE-2023-29770 (In Sentrifugo 3.5, the AssetsController::uploadsaveAction function all ...)
+ TODO: check
CVE-2023-29769
RESERVED
CVE-2023-29768
@@ -50535,8 +50637,8 @@ CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algori
NOT-FOR-US: CRYSTALS-DILITHIUM
CVE-2023-24024
RESERVED
-CVE-2023-24023
- RESERVED
+CVE-2023-24023 (Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connect ...)
+ TODO: check
CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with ...)
NOT-FOR-US: Baicells
CVE-2023-0432 (The web configuration service of the affected device contains an authe ...)
@@ -78947,8 +79049,8 @@ CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled wil
NOTE: https://github.com/matrix-org/synapse/pull/11784
NOTE: https://github.com/matrix-org/synapse/pull/11936
NOTE: First bugfix in 1.52.0 but 1.53.0 does fully fix the issue.
-CVE-2022-41951
- RESERVED
+CVE-2022-41951 (OroPlatform is a PHP Business Application Platform (BAP) designed to m ...)
+ TODO: check
CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning tool xray ...)
NOT-FOR-US: super-xray
CVE-2022-41949 (DHIS 2 is an open source information system for data capture, manageme ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94a863e9a7967bee9ceb9a45357650144cd9bb35
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94a863e9a7967bee9ceb9a45357650144cd9bb35
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231128/f688df84/attachment.htm>
More information about the debian-security-tracker-commits
mailing list