[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 3 21:14:39 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c634e94 by security tracker role at 2023-10-03T20:14:29+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,141 @@
+CVE-2023-5353 (Improper Access Control in GitHub repository salesagility/suitecrm pri ...)
+ TODO: check
+CVE-2023-5351 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...)
+ TODO: check
+CVE-2023-5350 (SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14 ...)
+ TODO: check
+CVE-2023-5255 (For certificates that utilize the auto-renew feature in Puppet Server, ...)
+ TODO: check
+CVE-2023-4929 (All firmware versions of the NPort 5000 Series are affected by an impr ...)
+ TODO: check
+CVE-2023-4886 (A sensitive information exposure vulnerability was found in foreman. C ...)
+ TODO: check
+CVE-2023-4885 (Man in the Middle vulnerability, which could allow an attacker to inte ...)
+ TODO: check
+CVE-2023-4884 (An attacker could send an HTTP request to an Open5GS endpoint and retr ...)
+ TODO: check
+CVE-2023-4883 (Invalid pointer release vulnerability. Exploitation of this vulnerabil ...)
+ TODO: check
+CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a new VNF ( ...)
+ TODO: check
+CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload maliciou ...)
+ TODO: check
+CVE-2023-4732 (A flaw was found in the Linux Kernel's memory management subsytem. A t ...)
+ TODO: check
+CVE-2023-4564 (This vulnerability could allow an attacker to store a malicious JavaSc ...)
+ TODO: check
+CVE-2023-4103 (QSige statistics are affected by a remote SQLi vulnerability. It has b ...)
+ TODO: check
+CVE-2023-4102 (QSige login SSO does not have an access control mechanism to verify wh ...)
+ TODO: check
+CVE-2023-4101 (The QSige login SSO does not have an access control mechanism to verif ...)
+ TODO: check
+CVE-2023-4100 (Allows an attacker to perform XSS attacks stored on certain resources. ...)
+ TODO: check
+CVE-2023-4099 (The QSige Monitor application does not have an access control mechanis ...)
+ TODO: check
+CVE-2023-4098 (It has been identified that the web application does not correctly fil ...)
+ TODO: check
+CVE-2023-4097 (The file upload functionality is not implemented correctly and allows ...)
+ TODO: check
+CVE-2023-43976 (An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to ...)
+ TODO: check
+CVE-2023-42508 (JFrog Artifactory prior to version 7.66.0 is vulnerable to specific en ...)
+ TODO: check
+CVE-2023-41693 (Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview My ...)
+ TODO: check
+CVE-2023-41244 (Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize ...)
+ TODO: check
+CVE-2023-40830 (Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index p ...)
+ TODO: check
+CVE-2023-40558 (Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouT ...)
+ TODO: check
+CVE-2023-40212 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product ...)
+ TODO: check
+CVE-2023-40210 (Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoi ...)
+ TODO: check
+CVE-2023-40202 (Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer ...)
+ TODO: check
+CVE-2023-40201 (Cross-Site Request Forgery (CSRF) vulnerability inFuturioWP Futurio Ex ...)
+ TODO: check
+CVE-2023-40199 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like But ...)
+ TODO: check
+CVE-2023-40198 (Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Coo ...)
+ TODO: check
+CVE-2023-40009 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes ...)
+ TODO: check
+CVE-2023-3654 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...)
+ TODO: check
+CVE-2023-3350 (A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, ...)
+ TODO: check
+CVE-2023-3349 (Information exposure vulnerability in IBERMATICA RPS 2019, which explo ...)
+ TODO: check
+CVE-2023-3196 (This vulnerability could allow an attacker to store a malicious JavaSc ...)
+ TODO: check
+CVE-2023-39989 (Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Foo ...)
+ TODO: check
+CVE-2023-39923 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Pos ...)
+ TODO: check
+CVE-2023-39917 (Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team ...)
+ TODO: check
+CVE-2023-39165 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...)
+ TODO: check
+CVE-2023-39159 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud P ...)
+ TODO: check
+CVE-2023-39158 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner ...)
+ TODO: check
+CVE-2023-38398 (Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <=2. ...)
+ TODO: check
+CVE-2023-38396 (Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plug ...)
+ TODO: check
+CVE-2023-38390 (Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile ...)
+ TODO: check
+CVE-2023-38381 (Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyB ...)
+ TODO: check
+CVE-2023-37998 (Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugi ...)
+ TODO: check
+CVE-2023-37996 (Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix f ...)
+ TODO: check
+CVE-2023-37992 (Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertain ...)
+ TODO: check
+CVE-2023-37991 (Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emo ...)
+ TODO: check
+CVE-2023-37990 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro p ...)
+ TODO: check
+CVE-2023-37891 (Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: ...)
+ TODO: check
+CVE-2023-34970 (A local non-privileged user can make improper GPU processing operation ...)
+ TODO: check
+CVE-2023-33200 (A local non-privileged user can make improper GPU processing operation ...)
+ TODO: check
+CVE-2023-32792 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5 ...)
+ TODO: check
+CVE-2023-32791 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5 ...)
+ TODO: check
+CVE-2023-32790 (Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 ver ...)
+ TODO: check
+CVE-2023-32671 (A stored XSS vulnerability has been found on BuddyBoss Platform affect ...)
+ TODO: check
+CVE-2023-32670 (Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , whi ...)
+ TODO: check
+CVE-2023-32669 (Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exp ...)
+ TODO: check
+CVE-2023-32091 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <=0 ...)
+ TODO: check
+CVE-2023-2830 (Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Te ...)
+ TODO: check
+CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version 1.0.0. ...)
+ TODO: check
+CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the componen ...)
+ TODO: check
CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager]
- grub2 2.12~rc1-11
NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
CVE-2023-4692 [Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass]
- grub2 2.12~rc1-11
NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
-CVE-2023-4911 [buffer overflow in dynamic loader's processing of the GLIBC_TUNABLES environment variable]
+CVE-2023-4911 (A buffer overflow was discovered in the GNU C Library's dynamic loader ...)
+ {DSA-5514-1}
- glibc 2.37-12
[buster] - glibc <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/2
@@ -777,7 +908,7 @@ CVE-2023-5222 (A vulnerability classified as critical was found in Viessmann Vit
CVE-2023-5221 (A vulnerability classified as critical has been found in ForU CMS. Thi ...)
NOT-FOR-US: ForU CMS
CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior ...)
- {DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3598-1 DLA-3591-1}
+ {DSA-5513-1 DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3598-1 DLA-3591-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox <unfixed> (unimportant)
@@ -954,7 +1085,7 @@ CVE-2023-44216 (PVRIC (PowerVR Image Compression) on Imagination 2018 and later
TODO: check
CVE-2023-44044 (Super Store Finder v3.6 and below was discovered to contain a SQL inje ...)
NOT-FOR-US: Super Store Finder
-CVE-2023-44043 (A stored cross-site scripting (XSS) vulnerability in /settings/index.p ...)
+CVE-2023-44043 (A reflected cross-site scripting (XSS) vulnerability in /install/index ...)
NOT-FOR-US: Black Cat CMS
CVE-2023-44042 (A stored cross-site scripting (XSS) vulnerability in /settings/index.p ...)
NOT-FOR-US: Black Cat CMS
@@ -1312,7 +1443,7 @@ CVE-2023-34043 (VMware Aria Operations contains a local privilege escalation vul
CVE-2023-32541 (A use-after-free vulnerability exists in the footerr functionality of ...)
NOT-FOR-US: Hancom Office 2020 HWord
CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ...)
- {DSA-5506-1 DLA-3587-1}
+ {DSA-5513-1 DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -1336,7 +1467,7 @@ CVE-2023-5172 (A hashtable in the Ion Engine could have been mutated while ther
- firefox 118.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172
CVE-2023-5171 (During Ion compilation, a Garbage Collection could have resulted in a ...)
- {DSA-5506-1 DLA-3587-1}
+ {DSA-5513-1 DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -1347,7 +1478,7 @@ CVE-2023-5170 (In canvas rendering, a compromised content process could have cau
- firefox 118.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170
CVE-2023-5169 (A compromised content process could have provided malicious data in a ...)
- {DSA-5506-1 DLA-3587-1}
+ {DSA-5513-1 DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -2046,7 +2177,7 @@ CVE-2023-3892 (Improper Restriction of XML External Entity Reference vulnerabili
NOT-FOR-US: MIM Assistant and Client DICOM RTst Loading modules
CVE-2023-38356 (MiniTool Power Data Recovery 11.6 contains an insecure installation pr ...)
NOT-FOR-US: MiniTool Power Data Recovery
-CVE-2023-38355 (MiniTool Movie Maker 6.1.0 contains an insecure installation process t ...)
+CVE-2023-38355 (MiniTool Movie Maker 7.0 contains an insecure installation process tha ...)
NOT-FOR-US: MiniTool Movie Maker
CVE-2023-38354 (MiniTool Shadow Maker version 4.1 contains an insecure installation pr ...)
NOT-FOR-US: MiniTool Movie Maker
@@ -19857,7 +19988,7 @@ CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise
CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2222 [objdump SEGV in concat_filename() at dwarf2.c:2060]
- RESERVED
+ REJECTED
- binutils 2.39.50.20221224-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29936
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09
@@ -31112,8 +31243,8 @@ CVE-2023-27437
RESERVED
CVE-2023-27436
RESERVED
-CVE-2023-27435
- RESERVED
+CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui ...)
+ TODO: check
CVE-2023-27434
RESERVED
CVE-2023-27433
@@ -34997,8 +35128,8 @@ CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationM
NOT-FOR-US: WordPress plugin
CVE-2023-25990
RESERVED
-CVE-2023-25989
- RESERVED
+CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer ...)
+ TODO: check
CVE-2023-25988
RESERVED
CVE-2023-25987
@@ -35639,8 +35770,8 @@ CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS
NOT-FOR-US: EasyNAS
CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scri ...)
NOT-FOR-US: Plesk
-CVE-2023-0828
- RESERVED
+CVE-2023-0828 (Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora ...)
+ TODO: check
CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
NOT-FOR-US: pimcore
CVE-2023-0826
@@ -36999,8 +37130,8 @@ CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25463
- RESERVED
+CVE-2023-25463 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP te ...)
+ TODO: check
CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP h ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nami ...)
@@ -39731,8 +39862,8 @@ CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus t
NOT-FOR-US: Milesight UR32L
CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...)
NOT-FOR-US: Milesight UR32L
-CVE-2023-24518
- RESERVED
+CVE-2023-24518 (A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allow ...)
+ TODO: check
CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability in the P ...)
NOT-FOR-US: Pandora FMS File Manager component
CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Da ...)
@@ -39745,8 +39876,8 @@ CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client func
NOT-FOR-US: Milesight UR32L
CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
-CVE-2023-0506
- RESERVED
+CVE-2023-0506 (The web service of ByDemes Group Airspace CCTV Web Service in its 2.61 ...)
+ TODO: check
CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have CSRF che ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF check ...)
@@ -47935,12 +48066,12 @@ CVE-2022-47895 (In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP Fil
- intellij-idea <itp> (bug #747616)
CVE-2022-47894
RESERVED
-CVE-2022-47893
- RESERVED
-CVE-2022-47892
- RESERVED
-CVE-2022-47891
- RESERVED
+CVE-2022-47893 (There is a remote code execution vulnerability that affects all versio ...)
+ TODO: check
+CVE-2022-47892 (All versions of NetMan 204 could allow an unauthenticated remote attac ...)
+ TODO: check
+CVE-2022-47891 (All versions of NetMan 204 allow an attacker that knows the MAC and se ...)
+ TODO: check
CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...)
NOT-FOR-US: Sewio
CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in initial de ...)
@@ -52310,8 +52441,8 @@ CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le
NOT-FOR-US: WordPress plugin
CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk plugin ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46841
- RESERVED
+CVE-2022-46841 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Build ...)
+ TODO: check
CVE-2022-46840
RESERVED
CVE-2022-46839
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c634e948c0fd1bf2d10bbf723fbe4c8fdf1aaac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c634e948c0fd1bf2d10bbf723fbe4c8fdf1aaac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231003/d0818929/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list