[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 3 09:13:01 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cbf9ed4d by security tracker role at 2023-10-03T08:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,153 @@
+CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/client com ...)
+ TODO: check
+CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
+ TODO: check
+CVE-2023-5334 (The WP Responsive header image slider plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2023-5290
+ REJECTED
+CVE-2023-5160 (Mattermost fails to check the Show Full Name option at the /api/v4/tea ...)
+ TODO: check
+CVE-2023-5106 (An issue has been discovered in Ultimate-licensed GitLab EE affecting ...)
+ TODO: check
+CVE-2023-4659 (Cross-Site Request Forgery vulnerability, whose exploitation could all ...)
+ TODO: check
+CVE-2023-44479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim ...)
+ TODO: check
+CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-44474 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir ...)
+ TODO: check
+CVE-2023-44463 (An issue was discovered in pretix before 2023.7.1. Incorrect parsing o ...)
+ TODO: check
+CVE-2023-44266 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewe ...)
+ TODO: check
+CVE-2023-44265 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
+CVE-2023-44264 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-44263 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riya ...)
+ TODO: check
+CVE-2023-44262 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renz ...)
+ TODO: check
+CVE-2023-44245 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Con ...)
+ TODO: check
+CVE-2023-44244 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...)
+ TODO: check
+CVE-2023-44242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-44239 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobi ...)
+ TODO: check
+CVE-2023-44230 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
+CVE-2023-44228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
+CVE-2023-44218 (A flaw within the SonicWall NetExtender Pre-Logon feature enables an u ...)
+ TODO: check
+CVE-2023-44217 (A local privilege escalation vulnerability in SonicWall Net Extender M ...)
+ TODO: check
+CVE-2023-44145 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesw ...)
+ TODO: check
+CVE-2023-44144 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox ...)
+ TODO: check
+CVE-2023-44012 (Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a re ...)
+ TODO: check
+CVE-2023-44011 (An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute a ...)
+ TODO: check
+CVE-2023-44009 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...)
+ TODO: check
+CVE-2023-44008 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...)
+ TODO: check
+CVE-2023-43980 (Presto Changeo testsitecreator up to v1.1.1 was discovered to contain ...)
+ TODO: check
+CVE-2023-43893 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
+ TODO: check
+CVE-2023-43892 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
+ TODO: check
+CVE-2023-43891 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
+ TODO: check
+CVE-2023-43890 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
+ TODO: check
+CVE-2023-43836 (There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, ...)
+ TODO: check
+CVE-2023-43835 (Super Store Finder 3.7 and below is vulnerable to authenticated Arbitr ...)
+ TODO: check
+CVE-2023-43627 (Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earl ...)
+ TODO: check
+CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local a ...)
+ TODO: check
+CVE-2023-43297 (An issue in animal-art-lab v13.6.1 allows attackers to send crafted no ...)
+ TODO: check
+CVE-2023-43268 (Deyue Remote Vehicle Management System v1.1 was discovered to contain ...)
+ TODO: check
+CVE-2023-43267 (A cross-site scripting (XSS) vulnerability in the publish article func ...)
+ TODO: check
+CVE-2023-42771 (Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 a ...)
+ TODO: check
+CVE-2023-41859 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Asho ...)
+ TODO: check
+CVE-2023-41856 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToT ...)
+ TODO: check
+CVE-2023-41855 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regp ...)
+ TODO: check
+CVE-2023-41847 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-41800 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniC ...)
+ TODO: check
+CVE-2023-41797 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-41580 (Phpipam before v1.5.2 was discovered to contain a LDAP injection vulne ...)
+ TODO: check
+CVE-2023-41086 (Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTE ...)
+ TODO: check
+CVE-2023-40744
+ REJECTED
+CVE-2023-3967 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2023-3770 (Incorrect validation vulnerability of the data entered, allowing an at ...)
+ TODO: check
+CVE-2023-3769 (Incorrect data input validation vulnerability, which could allow an at ...)
+ TODO: check
+CVE-2023-3768 (Incorrect data input validation vulnerability, which could allow an at ...)
+ TODO: check
+CVE-2023-3744 (Server-Side Request Forgery vulnerability in SLims version 9.6.0. This ...)
+ TODO: check
+CVE-2023-3656 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...)
+ TODO: check
+CVE-2023-3655 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...)
+ TODO: check
+CVE-2023-3440 (Incorrect Default Permissions vulnerability in Hitachi JP1/Performance ...)
+ TODO: check
+CVE-2023-3335 (Insertion of Sensitive Information into Log File vulnerability in Hita ...)
+ TODO: check
+CVE-2023-39429 (Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN acce ...)
+ TODO: check
+CVE-2023-39222 (OS command injection vulnerability in FURUNO SYSTEMS wireless LAN acce ...)
+ TODO: check
+CVE-2023-37605 (Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23. ...)
+ TODO: check
+CVE-2023-36628 (A flaw exists in VASA which allows users with access to a vSphere/ESXi ...)
+ TODO: check
+CVE-2023-36627 (A flaw exists in FlashBlade Purity whereby a user with access to an ad ...)
+ TODO: check
+CVE-2023-33039 (Memory corruption in Automotive Display while destroying the image han ...)
+ TODO: check
+CVE-2023-33035 (Memory corruption while invoking callback function of AFE from ADSP.)
+ TODO: check
+CVE-2023-33034 (Memory corruption while parsing the ADSP response command.)
+ TODO: check
+CVE-2023-33029 (Memory corruption in DSP Service during a remote call from HLOS to DSP ...)
+ TODO: check
+CVE-2023-33028 (Memory corruption in WLAN Firmware while doing a memory copy of pmk ca ...)
+ TODO: check
+CVE-2023-33027 (Transient DOS in WLAN Firmware while parsing rsn ies.)
+ TODO: check
+CVE-2023-33026 (Transient DOS in WLAN Firmware while parsing a NAN management frame.)
+ TODO: check
+CVE-2023-32572 (A flaw exists in FlashArray Purity wherein under limited circumstances ...)
+ TODO: check
+CVE-2015-10124 (A vulnerability was found in Most Popular Posts Widget Plugin up to 0. ...)
+ TODO: check
CVE-2023-5329 (A vulnerability classified as problematic was found in Field Logic Dat ...)
NOT-FOR-US: Field Logic DataCube4
CVE-2023-5328 (A vulnerability classified as critical has been found in SATO CL4NX-J ...)
@@ -530,6 +680,7 @@ CVE-2023-42117 [Exim Improper Neutralization of Special Elements Remote Code Exe
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability]
+ {DSA-5512-1 DLA-3599-1}
- exim4 4.97~RC1-2
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1470/
NOTE: https://bugs.exim.org/show_bug.cgi?id=3000
@@ -538,6 +689,7 @@ CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Exec
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability]
+ {DSA-5512-1}
- exim4 4.97~RC1-2
[buster] - exim4 <not-affected> (External authenticator support was introduced later)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
@@ -547,6 +699,7 @@ CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerabilit
NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4
NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt
CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability]
+ {DSA-5512-1 DLA-3599-1}
- exim4 4.97~RC1-2
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1468/
NOTE: https://bugs.exim.org/show_bug.cgi?id=3001
@@ -19334,8 +19487,8 @@ CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 l
NOT-FOR-US: EnterpriseDB
CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask variab ...)
NOT-FOR-US: Octopus Deploy
-CVE-2023-31042
- RESERVED
+CVE-2023-31042 (A flaw exists in FlashBlade Purity whereby an authenticated user with ...)
+ TODO: check
CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with ker ...)
NOT-FOR-US: Insyde
CVE-2023-31040
@@ -27113,8 +27266,8 @@ CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command paramete
NOT-FOR-US: Qualcomm
CVE-2023-28572
RESERVED
-CVE-2023-28571
- RESERVED
+CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN scan des ...)
+ TODO: check
CVE-2023-28570
RESERVED
CVE-2023-28569
@@ -27175,10 +27328,10 @@ CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status informat
NOT-FOR-US: Qualcomm
CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...)
NOT-FOR-US: Qualcomm
-CVE-2023-28540
- RESERVED
-CVE-2023-28539
- RESERVED
+CVE-2023-28540 (Cryptographic issue in Data Modem due to improper authentication durin ...)
+ TODO: check
+CVE-2023-28539 (Memory corruption in WLAN Host when the firmware invokes multiple WMI ...)
+ TODO: check
CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update driver ...)
NOT-FOR-US: Qualcomm
CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...)
@@ -27801,10 +27954,10 @@ CVE-2022-48423 (In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not val
NOTE: NTFS3 driver not enabled in Debian
CVE-2022-48421
RESERVED
-CVE-2023-28373
- RESERVED
-CVE-2023-28372
- RESERVED
+CVE-2023-28373 (A flaw exists in FlashArray Purity whereby an array administrator by c ...)
+ TODO: check
+CVE-2023-28372 (A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user w ...)
+ TODO: check
CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are typic ...)
- stellarium <unfixed> (bug #1034183)
[bookworm] - stellarium <no-dsa> (Minor issue)
@@ -34276,12 +34429,12 @@ CVE-2023-26154
RESERVED
CVE-2023-26153
RESERVED
-CVE-2023-26152
- RESERVED
-CVE-2023-26151
- RESERVED
-CVE-2023-26150
- RESERVED
+CVE-2023-26152 (All versions of the package static-server are vulnerable to Directory ...)
+ TODO: check
+CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable to Denial ...)
+ TODO: check
+CVE-2023-26150 (Versions of the package asyncua before 0.9.96 are vulnerable to Improp ...)
+ TODO: check
CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...)
TODO: check
CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to CRLF Injec ...)
@@ -35654,14 +35807,13 @@ CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on th
NOT-FOR-US: Omron CJ1M
CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
NOT-FOR-US: btcpayserver
-CVE-2023-0809
- RESERVED
+CVE-2023-0809 (In Mosquitto before 2.0.16, excessive memory is allocated based on mal ...)
{DSA-5511-1}
- mosquitto 2.0.17-1
[buster] - mosquitto <not-affected> (The vulnerable code was introduced later)
NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/
NOTE: Fixed by https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad
-CVE-2023-3592
+CVE-2023-3592 (In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 ...)
{DSA-5511-1}
- mosquitto 2.0.17-1
[buster] - mosquitto <not-affected> (The vulnerable code was introduced later)
@@ -38385,32 +38537,32 @@ CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not pr
NOT-FOR-US: WordPress plugin
CVE-2023-0601
RESERVED
-CVE-2023-24855
- RESERVED
+CVE-2023-24855 (Memory corruption in Modem while processing security related configura ...)
+ TODO: check
CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...)
NOT-FOR-US: Qualcomm
-CVE-2023-24853
- RESERVED
+CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...)
+ TODO: check
CVE-2023-24852
RESERVED
CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...)
NOT-FOR-US: Qualcomm
-CVE-2023-24850
- RESERVED
-CVE-2023-24849
- RESERVED
-CVE-2023-24848
- RESERVED
-CVE-2023-24847
- RESERVED
+CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...)
+ TODO: check
+CVE-2023-24849 (Information Disclosure in data Modem while parsing an FMTP line in an ...)
+ TODO: check
+CVE-2023-24848 (Information Disclosure in Data Modem while performing a VoLTE call wit ...)
+ TODO: check
+CVE-2023-24847 (Transient DOS in Modem while allocating DSM items.)
+ TODO: check
CVE-2023-24846
RESERVED
CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...)
NOT-FOR-US: Siemens
-CVE-2023-24844
- RESERVED
-CVE-2023-24843
- RESERVED
+CVE-2023-24844 (Memory Corruption in Core while invoking a call to Access Control core ...)
+ TODO: check
+CVE-2023-24843 (Transient DOS in Modem while triggering a camping on an 5G cell.)
+ TODO: check
CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...)
NOT-FOR-US: HGiga MailSherlock
CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...)
@@ -47718,14 +47870,14 @@ CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write
NOT-FOR-US: Qualcomm
CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...)
NOT-FOR-US: Qualcomm
-CVE-2023-22385
- RESERVED
-CVE-2023-22384
- RESERVED
+CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT VOLTE cal ...)
+ TODO: check
+CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast Message ...)
+ TODO: check
CVE-2023-22383
RESERVED
-CVE-2023-22382
- RESERVED
+CVE-2023-22382 (Weak configuration in Automotive while VM is processing a listener req ...)
+ TODO: check
CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
NOT-FOR-US: Sewio
CVE-2022-47912
@@ -52464,8 +52616,8 @@ CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user
NOT-FOR-US: WordPress plugin
CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote low p ...)
NOT-FOR-US: CODESYS
-CVE-2023-21673
- RESERVED
+CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Corrupti ...)
+ TODO: check
CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...)
NOT-FOR-US: Qualcomm
CVE-2023-21671
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf9ed4d3f73606d76b06637c6d72cd10884a956
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbf9ed4d3f73606d76b06637c6d72cd10884a956
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231003/b1813ec3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list