[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 6 21:13:10 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6df9dc59 by security tracker role at 2023-10-06T20:12:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2023-5452 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...)
+ TODO: check
+CVE-2023-5214 (In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges ...)
+ TODO: check
+CVE-2023-4530 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4469 (The Profile Extra Fields by BestWebSoft plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2023-45311 (fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us- ...)
+ TODO: check
+CVE-2023-45303 (ThingsBoard before 3.5 allows Server-Side Template Injection if users ...)
+ TODO: check
+CVE-2023-45282 (In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype polluti ...)
+ TODO: check
+CVE-2023-45246 (Sensitive information disclosure and manipulation due to improper auth ...)
+ TODO: check
+CVE-2023-45245 (Sensitive information disclosure due to missing authorization. The fol ...)
+ TODO: check
+CVE-2023-45244 (Sensitive information disclosure and manipulation due to missing autho ...)
+ TODO: check
+CVE-2023-45239 (A lack of input validation exists in tac_plus prior to commit 4fdf178 ...)
+ TODO: check
+CVE-2023-44807 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the canc ...)
+ TODO: check
+CVE-2023-44771 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...)
+ TODO: check
+CVE-2023-44770 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...)
+ TODO: check
+CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
+ TODO: check
+CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
+ TODO: check
+CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
+ TODO: check
+CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
+ TODO: check
+CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...)
+ TODO: check
+CVE-2023-44758 (GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerabil ...)
+ TODO: check
+CVE-2023-44384 (Discourse-jira is a Discourse plugin allows Jira projects, issue types ...)
+ TODO: check
+CVE-2023-44243 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Inst ...)
+ TODO: check
+CVE-2023-44233 (Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best Wor ...)
+ TODO: check
+CVE-2023-44146 (Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Che ...)
+ TODO: check
+CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a vendor-neutral open- ...)
+ TODO: check
+CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escal ...)
+ TODO: check
+CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...)
+ TODO: check
+CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bous ...)
+ TODO: check
+CVE-2023-41801 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...)
+ TODO: check
+CVE-2023-41732 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Block ...)
+ TODO: check
+CVE-2023-41659 (Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM R ...)
+ TODO: check
+CVE-2023-41654 (Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authL ...)
+ TODO: check
+CVE-2023-41650 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hi ...)
+ TODO: check
+CVE-2023-40671 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0wp DX-a ...)
+ TODO: check
+CVE-2023-40607 (Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, ...)
+ TODO: check
+CVE-2023-40008 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...)
+ TODO: check
+CVE-2023-3725 (Potential buffer overflow vulnerability in the Zephyr CAN bus subsyste ...)
+ TODO: check
+CVE-2023-38703 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
+CVE-2023-36465 (Decidim is a participatory democracy framework, written in Ruby on Rai ...)
+ TODO: check
+CVE-2023-35897 (IBM Spectrum Protect Client and IBM Storage Protect for Virtual Enviro ...)
+ TODO: check
+CVE-2023-32972 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
+CVE-2023-32971 (A buffer copy without checking size of input vulnerability has been re ...)
+ TODO: check
CVE-2023-5408
NOT-FOR-US: OpenShift
CVE-2023-4061
@@ -360,7 +444,7 @@ CVE-2023-33269 (An issue was discovered in DTS Monitoring 3.57.0. The parameter
NOT-FOR-US: DTS Monitoring
CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The parameter port w ...)
NOT-FOR-US: DTS Monitoring
-CVE-2023-5366 [openvswitch don't match packets on nd_target field]
+CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertise ...)
- openvswitch 3.1.2-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
NOTE: https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459 (v3.1.2)
@@ -506,12 +590,12 @@ CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version 1
CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the componen ...)
NOT-FOR-US: UPV PEIX
CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager]
- {DLA-3605-1}
+ {DSA-5519-1 DLA-3605-1}
- grub2 2.12~rc1-11
NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/
CVE-2023-4692 [Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass]
- {DLA-3605-1}
+ {DSA-5519-1 DLA-3605-1}
- grub2 2.12~rc1-11
NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/
@@ -3200,7 +3284,7 @@ CVE-2023-3588 (A stored Cross-site Scripting (XSS) vulnerability affecting Teamw
NOT-FOR-US: 3ds
CVE-2023-3280 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
NOT-FOR-US: Palo Alto Networks
-CVE-2023-39928 [A malicious web page can cause memory corruption and potentially arbitrary code execution]
+CVE-2023-39928 (A use-after-free vulnerability exists in the MediaRecorder API of Webk ...)
- webkit2gtk 2.42.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
@@ -25433,8 +25517,8 @@ CVE-2023-29237
RESERVED
CVE-2023-29236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...)
NOT-FOR-US: WordPress theme
-CVE-2023-29235
- RESERVED
+CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Sw ...)
+ TODO: check
CVE-2023-29234
RESERVED
CVE-2023-23581
@@ -27037,8 +27121,8 @@ CVE-2023-28793
RESERVED
CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28791
- RESERVED
+CVE-2023-28791 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...)
+ TODO: check
CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Bre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti ...)
@@ -31095,8 +31179,8 @@ CVE-2023-27617 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Ca ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27615
- RESERVED
+CVE-2023-27615 (Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP ...)
+ TODO: check
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...)
@@ -31660,8 +31744,8 @@ CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Tepli
NOT-FOR-US: WordPress plugin
CVE-2023-27449
RESERVED
-CVE-2023-27448
- RESERVED
+CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team Ma ...)
+ TODO: check
CVE-2023-27447
RESERVED
CVE-2023-27446
@@ -37539,8 +37623,8 @@ CVE-2023-25482 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel W
NOT-FOR-US: WordPress plugin
CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Sub ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25480
- RESERVED
+CVE-2023-25480 (Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and P ...)
+ TODO: check
CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...)
@@ -38630,8 +38714,8 @@ CVE-2023-25035
RESERVED
CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean U ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25033
- RESERVED
+CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share B ...)
+ TODO: check
CVE-2023-25032
RESERVED
CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
@@ -43740,20 +43824,20 @@ CVE-2023-23373
RESERVED
CVE-2023-23372
RESERVED
-CVE-2023-23371
- RESERVED
-CVE-2023-23370
- RESERVED
+CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...)
+ TODO: check
+CVE-2023-23370 (An insufficiently protected credentials vulnerability has been reporte ...)
+ TODO: check
CVE-2023-23369
RESERVED
CVE-2023-23368
RESERVED
CVE-2023-23367
RESERVED
-CVE-2023-23366
- RESERVED
-CVE-2023-23365
- RESERVED
+CVE-2023-23366 (A path traversal vulnerability has been reported to affect Music Stati ...)
+ TODO: check
+CVE-2023-23365 (A path traversal vulnerability has been reported to affect Music Stati ...)
+ TODO: check
CVE-2023-23364 (A buffer copy without checking size of input vulnerability has been re ...)
NOT-FOR-US: QNAP
CVE-2023-23363 (A buffer copy without checking size of input vulnerability has been re ...)
@@ -51962,8 +52046,8 @@ CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay W
NOT-FOR-US: WordPress plugin
CVE-2022-47176
RESERVED
-CVE-2022-47175
- RESERVED
+CVE-2022-47175 (Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Eleme ...)
+ TODO: check
CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performan ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...)
@@ -59710,8 +59794,8 @@ CVE-2023-21293
RESERVED
CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2023-21291
- RESERVED
+CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to reveal i ...)
+ TODO: check
CVE-2023-21290 (In update of MmsProvider.java, there is a possible way to bypass file ...)
NOT-FOR-US: Android
CVE-2023-21289 (In multiple locations, there is a possible bypass of a multi user secu ...)
@@ -59760,8 +59844,8 @@ CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change
NOT-FOR-US: Android
CVE-2023-21267 (In doKeyguardLocked of KeyguardViewMediator.java, there is a possible ...)
NOT-FOR-US: Android
-CVE-2023-21266
- RESERVED
+CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java, there is a ...)
+ TODO: check
CVE-2023-21265 (In multiple locations, there are root CA certificates which need to be ...)
NOT-FOR-US: Android
CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way to acc ...)
@@ -59793,10 +59877,10 @@ CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory co
NOTE: https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4)
CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there is a po ...)
NOT-FOR-US: Android
-CVE-2023-21253
- RESERVED
-CVE-2023-21252
- RESERVED
+CVE-2023-21253 (In multiple locations, there is a possible way to crash multiple syste ...)
+ TODO: check
+CVE-2023-21252 (In validatePassword of WifiConfigurationUtil.java, there is a possible ...)
+ TODO: check
CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to connect ...)
NOT-FOR-US: Android
CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible out of bou ...)
@@ -59811,8 +59895,8 @@ CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java, there is a possible way fo
NOT-FOR-US: Android
CVE-2023-21245 (In showNextSecurityScreenOrFinish of KeyguardSecurityContainerControll ...)
NOT-FOR-US: Android
-CVE-2023-21244
- RESERVED
+CVE-2023-21244 (In visitUris of Notification.java, there is a possible bypass of user ...)
+ TODO: check
CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...)
NOT-FOR-US: Android
CVE-2023-21242 (In isServerCertChainValid of InsecureEapNetworkHandler.java, there is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6df9dc5931074b483a4429362c85179fb7a80022
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6df9dc5931074b483a4429362c85179fb7a80022
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231006/b6216f61/attachment.htm>
More information about the debian-security-tracker-commits
mailing list