[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 30 20:12:20 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
04525b33 by security tracker role at 2023-11-30T20:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,294 @@
-CVE-2023-49620
+CVE-2023-6439 (A vulnerability classified as problematic was found in ZenTao PMS 18.8 ...)
+ TODO: check
+CVE-2023-6438 (A vulnerability classified as problematic has been found in IceCMS 2.0 ...)
+ TODO: check
+CVE-2023-6435 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6434 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6433 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6432 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6431 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6430 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6429 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6428 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6427 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6426 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
+ TODO: check
+CVE-2023-6425 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...)
+ TODO: check
+CVE-2023-6424 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...)
+ TODO: check
+CVE-2023-6423 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...)
+ TODO: check
+CVE-2023-6422 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...)
+ TODO: check
+CVE-2023-6420 (A vulnerability has been reported in Voovi Social Networking Script ve ...)
+ TODO: check
+CVE-2023-6419 (A vulnerability has been reported in Voovi Social Networking Script ve ...)
+ TODO: check
+CVE-2023-6418 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6417 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6416 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6415 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6414 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6413 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6412 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6411 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6410 (A vulnerability has been reported in Voovi Social Networking Script th ...)
+ TODO: check
+CVE-2023-6402 (A vulnerability, which was classified as critical, was found in PHPGur ...)
+ TODO: check
+CVE-2023-6401 (A vulnerability classified as problematic was found in NotePad++ up to ...)
+ TODO: check
+CVE-2023-6376 (Henschen & Associates court document management software does not suff ...)
+ TODO: check
+CVE-2023-6375 (Tyler Technologies Court Case Management Plus may store backups in a l ...)
+ TODO: check
+CVE-2023-6360 (The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an ...)
+ TODO: check
+CVE-2023-6354 (Tyler Technologies Magistrate Court Case Management Plus allows an una ...)
+ TODO: check
+CVE-2023-6353 (Tyler Technologies Civil and Criminal Electronic Filing allows an unau ...)
+ TODO: check
+CVE-2023-6352 (The default configuration of Aquaforest TIFF Server allows access to a ...)
+ TODO: check
+CVE-2023-6344 (Tyler Technologies Court Case Management Plus allows a remote, unauthe ...)
+ TODO: check
+CVE-2023-6343 (Tyler Technologies Court Case Management Plus allows a remote, unauthe ...)
+ TODO: check
+CVE-2023-6342 (Tyler Technologies Court Case Management Plus allows a remote attacker ...)
+ TODO: check
+CVE-2023-6341 (Catalis (previously Icon Software) CMS360 allows a remote, unauthentic ...)
+ TODO: check
+CVE-2023-6137 (Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post ...)
+ TODO: check
+CVE-2023-6136 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-6071 (An Improper Neutralization of Special Elements used in a command vulne ...)
+ TODO: check
+CVE-2023-6027 (A critical flaw has been identified in elijaa/phpmemcachedadmin affect ...)
+ TODO: check
+CVE-2023-6026 (A Path traversal vulnerability has been reported in elijaa/phpmemcache ...)
+ TODO: check
+CVE-2023-5966 (An authenticated privileged attacker could upload a specially crafted ...)
+ TODO: check
+CVE-2023-5965 (An authenticated privileged attacker could upload a specially crafted ...)
+ TODO: check
+CVE-2023-5803 (Cross-Site Request Forgery (CSRF) vulnerability in Business Directory ...)
+ TODO: check
+CVE-2023-4770 (An uncontrolled search path element vulnerability has been found on 4D ...)
+ TODO: check
+CVE-2023-48964 (Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/W ...)
+ TODO: check
+CVE-2023-48963 (Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/w ...)
+ TODO: check
+CVE-2023-48914 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-48913 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-48912 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-48812 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 ...)
+ TODO: check
+CVE-2023-48811 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48810 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48808 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48807 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48806 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48805 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48804 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48803 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48802 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...)
+ TODO: check
+CVE-2023-48754 (Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Po ...)
+ TODO: check
+CVE-2023-48752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48749 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48744 (Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master ...)
+ TODO: check
+CVE-2023-48743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48742 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-48737 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48336 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48334 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table ...)
+ TODO: check
+CVE-2023-48333 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-48331 (Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyB ...)
+ TODO: check
+CVE-2023-48330 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Co ...)
+ TODO: check
+CVE-2023-48329 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48328 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress G ...)
+ TODO: check
+CVE-2023-48326 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48323 (Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Tea ...)
+ TODO: check
+CVE-2023-48322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48321 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48317 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-48284 (Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator ...)
+ TODO: check
+CVE-2023-48283 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...)
+ TODO: check
+CVE-2023-48282 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Tax ...)
+ TODO: check
+CVE-2023-48281 (Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broke ...)
+ TODO: check
+CVE-2023-48279 (Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutio ...)
+ TODO: check
+CVE-2023-48278 (Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP For ...)
+ TODO: check
+CVE-2023-48272 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47877 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47876 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47875 (Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows ...)
+ TODO: check
+CVE-2023-47872 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47870 (Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability ...)
+ TODO: check
+CVE-2023-47854 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47853 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47851 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47850 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47848 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47844 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47827 (Incorrect Authorization vulnerability in NicheAddons Events Addon for ...)
+ TODO: check
+CVE-2023-47777 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47645 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic R ...)
+ TODO: check
+CVE-2023-47521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-47505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-46820 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-46086 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-45834 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-45609 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-45066 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-45050 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-44150 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-44143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-41735 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-41136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-41128 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-41127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-40680 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-40674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-40662 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-40600 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-40211 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-39921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-38474 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-38400 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-37972 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-37890 (Missing Authorization vulnerability in WPOmnia KB Support \u2013 WordP ...)
+ TODO: check
+CVE-2023-37868 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-37867 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Yet ...)
+ TODO: check
+CVE-2023-36685 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US ...)
+ TODO: check
+CVE-2023-36682 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US ...)
+ TODO: check
+CVE-2023-36523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-36507 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
+CVE-2023-34390 (An input validation vulnerability in the Schweitzer Engineering Labora ...)
+ TODO: check
+CVE-2023-34389 (An allocation of resources without limits or throttling vulnerability ...)
+ TODO: check
+CVE-2023-34388 (AnImproper Authentication vulnerability in the Schweitzer Engineering ...)
+ TODO: check
+CVE-2023-34030 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...)
+ TODO: check
+CVE-2023-34018 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-33333 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...)
+ TODO: check
+CVE-2023-32291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-49620 (Before DolphinScheduler version 3.1.0, the login user could delete UDF ...)
NOT-FOR-US: Apache DolphinScheduler
-CVE-2023-49733
+CVE-2023-49733 (Improper Restriction of XML External Entity Reference vulnerability in ...)
NOT-FOR-US: Apache Cocoon
CVE-2023-5772 (The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site ...)
NOT-FOR-US: WordPress plugin
@@ -168,21 +456,27 @@ CVE-2023-45480 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered
CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...)
NOT-FOR-US: Tenda
CVE-2023-6351 (Use after free in libavif in Google Chrome prior to 119.0.6045.199 all ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6350 (Use after free in libavif in Google Chrome prior to 119.0.6045.199 all ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6348 (Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6347 (Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowe ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6346 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 al ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6345 (Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allo ...)
+ {DSA-5569-1}
- chromium 119.0.6045.199-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6359 (A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LM ...)
@@ -1000,7 +1294,7 @@ CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs sho
- firefox 120.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213
CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thun ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1014,7 +1308,7 @@ CVE-2023-6210 (When an https: web page created a pop-up from a "javascript:" URL
- firefox 120.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6210
CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly parsed, and ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1022,7 +1316,7 @@ CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly parsed
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6209
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6209
CVE-2023-6208 (When using X11, text selected by the page using the Selection API was ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1030,7 +1324,7 @@ CVE-2023-6208 (When using X11, text selected by the page using the Selection API
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6208
CVE-2023-6207 (Ownership mismanagement led to a use-after-free in ReadableByteStreams ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1038,7 +1332,7 @@ CVE-2023-6207 (Ownership mismanagement led to a use-after-free in ReadableByteSt
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6207
CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the length ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1046,7 +1340,7 @@ CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the l
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206
CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had already ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1054,7 +1348,7 @@ CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had al
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205
CVE-2023-6204 (On some systems\u2014depending on the graphics settings and drivers\u2 ...)
- {DSA-5566-1 DSA-5561-1 DLA-3661-1}
+ {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1}
- firefox 120.0-1
- firefox-esr 115.5.0esr-1
- thunderbird 1:115.5.0-1
@@ -1754,12 +2048,14 @@ CVE-2023-47674 (Missing authentication for critical function vulnerability in Fi
CVE-2023-47638
REJECTED
CVE-2023-43887 (Libde265 v1.0.12 was discovered to contain multiple buffer overflows v ...)
+ {DLA-3676-1}
- libde265 1.0.13-1
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/418
NOTE: https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133 (v1.0.13)
CVE-2023-47471 (Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a ...)
+ {DLA-3676-1}
- libde265 1.0.13-1 (bug #1056187)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
@@ -2079,7 +2375,7 @@ CVE-2023-44442 [GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Exe
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d (GIMP_2_10_36)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10101 (restricted)
CVE-2023-44441 [GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
- {DSA-5564-1}
+ {DSA-5564-1 DLA-3677-1}
- gimp 2.10.36-1 (bug #1055984)
[buster] - gimp <not-affected> (DDS plugin added in 2.10.10)
- gimp-dds <removed>
@@ -8400,7 +8696,7 @@ CVE-2023-36429 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vuln
NOT-FOR-US: Microsoft
CVE-2023-36420 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege ...)
+CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privi ...)
NOT-FOR-US: Microsoft
CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -12474,7 +12770,7 @@ CVE-2023-38161 (Windows GDI Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-38160 (Windows TCP/IP Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-38156 (Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability)
+CVE-2023-38156 (Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vu ...)
NOT-FOR-US: Microsoft
CVE-2023-38155 (Azure DevOps Server Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -14632,11 +14928,13 @@ CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain h
CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In ...)
- node-openpgp <itp> (bug #787774)
CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...)
+ {DLA-3675-1}
- zbar <unfixed> (bug #1051724)
NOTE: https://hackmd.io/@cspl/H1PxPAUnn
NOTE: https://github.com/mchehab/zbar/issues/263
NOTE: 0.23.92-9 upload adds patch to avoid exploitation, but no upstream fix exists yet.
CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_centers fun ...)
+ {DLA-3675-1}
- zbar <unfixed> (bug #1051724)
NOTE: https://hackmd.io/@cspl/B1ZkFZv23
NOTE: https://github.com/mchehab/zbar/issues/263
@@ -28936,10 +29234,10 @@ CVE-2023-31179 (AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal -Vulnerability
NOT-FOR-US: AgilePoint
CVE-2023-31178 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Arbitrary File DeleteVulnerabi ...)
NOT-FOR-US: AgilePoint
-CVE-2023-31177
- RESERVED
-CVE-2023-31176
- RESERVED
+CVE-2023-31177 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2023-31176 (An Insufficient Entropy vulnerability in the Schweitzer Engineering La ...)
+ TODO: check
CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the Schweitz ...)
NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer En ...)
@@ -29097,14 +29395,14 @@ CVE-2023-2269 (A denial of service problem was found, due to a possible recursiv
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view all sto ...)
NOT-FOR-US: Plane
-CVE-2023-2267
- RESERVED
-CVE-2023-2266
- RESERVED
-CVE-2023-2265
- RESERVED
-CVE-2023-2264
- RESERVED
+CVE-2023-2267 (An Improper Input Validation vulnerability in Schweitzer Engineering L ...)
+ TODO: check
+CVE-2023-2266 (AnImproper neutralization of input during web page generation in the S ...)
+ TODO: check
+CVE-2023-2265 (AnImproper Restriction of Rendered UI Layers or Frames in the Schweitz ...)
+ TODO: check
+CVE-2023-2264 (An improper input validation vulnerability in the Schweitzer Engineeri ...)
+ TODO: check
CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is v ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-2262 (A buffer overflow vulnerability exists in the Rockwell Automation sele ...)
@@ -41878,12 +42176,14 @@ CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling M5
CVE-2023-27104
RESERVED
CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via ...)
+ {DLA-3676-1}
- libde265 1.0.12-1 (bug #1033257)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/394
NOTE: https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995 (v1.0.12)
CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation violation vi ...)
+ {DLA-3676-1}
- libde265 1.0.12-1 (bug #1033257)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
@@ -43191,8 +43491,8 @@ CVE-2023-26535 (Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets
NOT-FOR-US: WordPress plugin
CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneW ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-26533
- RESERVED
+CVE-2023-26533 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2023-26532 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26531 (Cross-Site Request Forgery (CSRF) vulnerability in \u95ea\u7535\u535a ...)
@@ -47843,8 +48143,8 @@ CVE-2023-25059 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sc ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25057
- RESERVED
+CVE-2023-25057 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ TODO: check
CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...)
@@ -67646,8 +67946,7 @@ CVE-2022-45136 (Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deser
- apache-jena 4.5.0-1 (bug #1024738)
NOTE: https://www.openwall.com/lists/oss-security/2022/11/14/5
NOTE: The SDB module was removed after 3.17.0, marking 4.5.0 as fixed: https://jena.apache.org/documentation/archive/sdb/
-CVE-2022-45135
- RESERVED
+CVE-2022-45135 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Apache Cocoon
CVE-2022-43668 (Typora versions prior to 1.4.4 fails to properly neutralize JavaScript ...)
NOT-FOR-US: Typora
@@ -166912,8 +167211,8 @@ CVE-2021-36808 (A local attacker could bypass the app password using a race cond
NOT-FOR-US: Sophos
CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...)
NOT-FOR-US: Sophos
-CVE-2021-36806
- RESERVED
+CVE-2021-36806 (A reflected XSS vulnerability allows an open redirect when the victim ...)
+ TODO: check
CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.)
NOT-FOR-US: Unicorn Engine
CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04525b332aea5cbd55aad776464bc7e104d1068e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04525b332aea5cbd55aad776464bc7e104d1068e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231130/f8f7d68c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list