[Git][security-tracker-team/security-tracker][master] automatic update

Wed Nov 29 08:11:47 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
125a6507 by security tracker role at 2023-11-29T08:11:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-49092 (RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a ...)
+	TODO: check
+CVE-2023-48193 (Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows  ...)
+	TODO: check
+CVE-2023-47462 (Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and befor ...)
+	TODO: check
+CVE-2023-46944 (An issue in GitKraken GitLens before v.14.0.0 allows an attacker to ex ...)
+	TODO: check
+CVE-2023-46887 (In Dreamer CMS before 4.0.1, the backend attachment management office  ...)
+	TODO: check
+CVE-2023-46886 (Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. ...)
+	TODO: check
+CVE-2023-45484 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...)
+	TODO: check
+CVE-2023-45483 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...)
+	TODO: check
+CVE-2023-45482 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...)
+	TODO: check
+CVE-2023-45481 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...)
+	TODO: check
+CVE-2023-45480 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...)
+	TODO: check
+CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...)
+	TODO: check
 CVE-2023-6351
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -1568,9 +1592,9 @@ CVE-2023-48204 (An issue in PublicCMS v.4.0.202302.e allows a remote attacker to
 	NOT-FOR-US: PublicCMS
 CVE-2023-48200 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...)
 	- grocy <itp> (bug #969056)
-CVE-2023-48199 (An issue in Grocy v.4.0.3 allows a local attacker to execute arbitrary ...)
+CVE-2023-48199 (HTML Injection vulnerability in the 'manageApiKeys' component in Grocy ...)
 	- grocy <itp> (bug #969056)
-CVE-2023-48198 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...)
+CVE-2023-48198 (A Cross-Site Scripting (XSS) vulnerability in the 'product description ...)
 	- grocy <itp> (bug #969056)
 CVE-2023-48197 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...)
 	- grocy <itp> (bug #969056)
@@ -10122,7 +10146,7 @@ CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vu
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
 	NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
 CVE-2023-44446 [MXF demuxer use-after-free]
-	{DSA-5565-1}
+	{DSA-5565-1 DLA-3673-1}
 	- gst-plugins-bad1.0 1.22.7-1 (bug #1056101)
 	- gst-plugins-bad0.10 <removed>
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0010.html
@@ -35052,19 +35076,19 @@ CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file co
 	NOT-FOR-US: Autodesk
 CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...)
 	NOT-FOR-US: Autodesk
-CVE-2023-29066
-	RESERVED
-CVE-2023-29065
-	RESERVED
-CVE-2023-29064
-	RESERVED
-CVE-2023-29063
-	RESERVED
-CVE-2023-29062
-	RESERVED
-CVE-2023-29061
-	RESERVED
-CVE-2023-29060 (The FACSChorus\xe2\u201e\xa2 workstation operating system does not res ...)
+CVE-2023-29066 (The FACSChorus software does not properly assign data access privilege ...)
+	TODO: check
+CVE-2023-29065 (The FACSChorus software database can be accessed directly with the pri ...)
+	TODO: check
+CVE-2023-29064 (The FACSChorus software contains sensitive information stored in plain ...)
+	TODO: check
+CVE-2023-29063 (The FACSChorus workstation does not prevent physical access to its PCI ...)
+	TODO: check
+CVE-2023-29062 (The Operating System hosting the FACSChorus application is configured  ...)
+	TODO: check
+CVE-2023-29061 (There is no BIOS password on the FACSChorus workstation. A threat acto ...)
+	TODO: check
+CVE-2023-29060 (The FACSChorus workstation operating system does not restrict what dev ...)
 	NOT-FOR-US: facschorus
 CVE-2023-1764 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...)
 	NOT-FOR-US: Canon
@@ -50070,8 +50094,8 @@ CVE-2023-24296
 	RESERVED
 CVE-2023-24295 (A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows at ...)
 	NOT-FOR-US: SoftMaker Software GmbH FlexiPDF
-CVE-2023-24294
-	RESERVED
+CVE-2023-24294 (Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to  ...)
+	TODO: check
 CVE-2023-24293
 	RESERVED
 CVE-2023-24292
@@ -52926,10 +52950,10 @@ CVE-2023-23327 (An Information Disclosure vulnerability exists in AvantFAX 3.3.7
 	NOT-FOR-US: AvantFAX
 CVE-2023-23326 (A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3 ...)
 	NOT-FOR-US: AvantFAX
-CVE-2023-23325
-	RESERVED
-CVE-2023-23324
-	RESERVED
+CVE-2023-23325 (Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to co ...)
+	TODO: check
+CVE-2023-23324 (Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to co ...)
+	TODO: check
 CVE-2023-23323
 	RESERVED
 CVE-2023-23322



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/125a6507bda8ba709f67b97161f50e88f119a5dd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/125a6507bda8ba709f67b97161f50e88f119a5dd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231129/9cb662bd/attachment.htm>
