[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 9 21:12:32 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fa7c3d95 by security tracker role at 2023-10-09T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2023-5461 (A vulnerability was found in Delta Electronics WPLSoft 2.51. It has be ...)
+ TODO: check
+CVE-2023-5460 (A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and ...)
+ TODO: check
+CVE-2023-5459 (A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 ...)
+ TODO: check
+CVE-2023-5365 (HP LIFE Android Mobile application is potentially vulnerable to escala ...)
+ TODO: check
+CVE-2023-5333 (Mattermost fails to deduplicate input IDs allowing asimple user to cau ...)
+ TODO: check
+CVE-2023-5331 (Mattermost fails to properly check the creator of an attached file whe ...)
+ TODO: check
+CVE-2023-5330 (Mattermost fails toenforce a limit for the size of the cache entry for ...)
+ TODO: check
+CVE-2023-5103 (Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK ...)
+ TODO: check
+CVE-2023-5102 (Insufficient Control Flow Management in RDT400 in SICK APU allows an u ...)
+ TODO: check
+CVE-2023-5101 (Files or Directories Accessible to External Parties in RDT400 in SICK ...)
+ TODO: check
+CVE-2023-5100 (Cleartext Transmission of Sensitive Information in RDT400 in SICK APU ...)
+ TODO: check
+CVE-2023-45613 (In JetBrains Ktor before 2.3.5 server certificates were not verified)
+ TODO: check
+CVE-2023-45612 (In JetBrains Ktor before 2.3.5 default configuration of ContentNegotia ...)
+ TODO: check
+CVE-2023-45248 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ TODO: check
+CVE-2023-45247 (Sensitive information disclosure and manipulation due to missing autho ...)
+ TODO: check
+CVE-2023-44993 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...)
+ TODO: check
+CVE-2023-44821 (Buffer Overflow vulnerability in gifsicle v.1.92 allows a remote attac ...)
+ TODO: check
+CVE-2023-44812 (Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a ...)
+ TODO: check
+CVE-2023-44811 (Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 a ...)
+ TODO: check
+CVE-2023-44473 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table ...)
+ TODO: check
+CVE-2023-44467 (langchain_experimental 0.0.14 allows an attacker to bypass the CVE-202 ...)
+ TODO: check
+CVE-2023-44400 (Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, ...)
+ TODO: check
+CVE-2023-44393 (Piwigo is an open source photo gallery application. Prior to version 1 ...)
+ TODO: check
+CVE-2023-44392 (Garden provides automation for Kubernetes development and testing. Pri ...)
+ TODO: check
+CVE-2023-44378 (gnark is a zk-SNARK library that offers a high-level API to design cir ...)
+ TODO: check
+CVE-2023-44260 (Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, ...)
+ TODO: check
+CVE-2023-44246 (Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly ...)
+ TODO: check
+CVE-2023-44240 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthu ...)
+ TODO: check
+CVE-2023-44238 (Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove ...)
+ TODO: check
+CVE-2023-44237 (Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site ...)
+ TODO: check
+CVE-2023-44236 (Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Ca ...)
+ TODO: check
+CVE-2023-44232 (Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu ...)
+ TODO: check
+CVE-2023-44231 (Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact ...)
+ TODO: check
+CVE-2023-43700 (Missing Authorization in RDT400 in SICK APU allows an unprivileged rem ...)
+ TODO: check
+CVE-2023-43699 (Improper Restriction of Excessive Authentication Attempts in RDT400 in ...)
+ TODO: check
+CVE-2023-43698 (Improper Neutralization of Input During Web Page Generation (\u2019Cro ...)
+ TODO: check
+CVE-2023-43697 (Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU al ...)
+ TODO: check
+CVE-2023-43696 (Improper Access Control in SICK APU allows an unprivileged remote atta ...)
+ TODO: check
+CVE-2023-43643 (AntiSamy is a library for performing fast, configurable cleansing of H ...)
+ TODO: check
+CVE-2023-42455 (Wazuh is a security detection, visibility, and compliance open source ...)
+ TODO: check
+CVE-2023-41672 (Cross-Site Request Forgery (CSRF) vulnerability in R\xe9mi Leclercq Hi ...)
+ TODO: check
+CVE-2023-41670 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in per ...)
+ TODO: check
+CVE-2023-41669 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plu ...)
+ TODO: check
+CVE-2023-41668 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=1 ...)
+ TODO: check
+CVE-2023-41667 (Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP ...)
+ TODO: check
+CVE-2023-41660 (Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchr ...)
+ TODO: check
+CVE-2023-41047 (OctoPrint is a web interface for 3D printers. OctoPrint versions up un ...)
+ TODO: check
+CVE-2023-3589 (A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork C ...)
+ TODO: check
+CVE-2023-39189 (A flaw was found in the Netfilter subsystem in the Linux kernel. The n ...)
+ TODO: check
+CVE-2023-36820 (Micronaut Security is a security solution for applications. Prior to v ...)
+ TODO: check
CVE-2023-43641
- libcue <unfixed>
NOTE: https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj
@@ -483,19 +583,19 @@ CVE-2023-3038 (SQL injection vulnerability in HelpDezk Community affecting versi
NOT-FOR-US: HelpDezk Community
CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community affecting v ...)
NOT-FOR-US: HelpDezk Community
-CVE-2023-39194 [net: xfrm: Fix xfrm_address_filter OOB read]
+CVE-2023-39194 (A flaw was found in the XFRM subsystem in the Linux kernel. The specif ...)
- linux 6.4.13-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux 5.10.197-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1492/
NOTE: https://git.kernel.org/linus/dfa73c17d55b921e1d4e154976de35317e43a93a (6.5-rc7)
-CVE-2023-39193 [netfilter: xt_sctp: validate the flag_info count]
+CVE-2023-39193 (A flaw was found in the Netfilter subsystem in the Linux kernel. The s ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1491/
NOTE: https://git.kernel.org/linus/e99476497687ef9e850748fe6d232264f30bc8f9 (6.6-rc1)
-CVE-2023-39192 [netfilter: xt_u32: validate user space input]
+CVE-2023-39192 (A flaw was found in the Netfilter subsystem in the Linux kernel. The x ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -20752,8 +20852,8 @@ CVE-2023-30912
RESERVED
CVE-2023-30911
RESERVED
-CVE-2023-30910
- RESERVED
+CVE-2023-30910 (HPE MSA Controller prior to versionIN210R004 could be remotely exploit ...)
+ TODO: check
CVE-2023-30909 (A remote authentication bypass issue exists in some OneView APIs.)
NOT-FOR-US: HPE
CVE-2023-30908 (A remote authentication bypass issue exists in a OneView API.)
@@ -36292,8 +36392,8 @@ CVE-2023-25824 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Ver
NOTE: https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec (mod_gnutls/0.12.1)
CVE-2023-25823 (Gradio is an open-source Python library to build machine learning and ...)
NOT-FOR-US: Gradio
-CVE-2023-25822
- RESERVED
+CVE-2023-25822 (ReportPortal is an AI-powered test automation platform. Prior to versi ...)
+ TODO: check
CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.0.4 an ...)
- nextcloud-server <itp> (bug #941708)
CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...)
@@ -68757,8 +68857,8 @@ CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON in
NOTE: https://github.com/haskell/aeson/commit/582a844d8028f62e409048a4caae187b27e8e697 (v2.0.1.0)
CVE-2022-3432 (A potential vulnerability in a driver used during manufacturing proces ...)
NOT-FOR-US: Lenovo
-CVE-2022-3431
- RESERVED
+CVE-2022-3431 (A potential vulnerability in a driver used during manufacturing proces ...)
+ TODO: check
CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some consumer Len ...)
NOT-FOR-US: Lenovo
CVE-2022-42493 (Several OS command injection vulnerabilities exist in the m2m binary o ...)
@@ -86544,8 +86644,8 @@ CVE-2022-35951 (Redis is an in-memory database that persists on disk. Versions 7
[bullseye] - redis <not-affected> (Vulnerable code not present)
[buster] - redis <not-affected> (Vulnerable code not present)
NOTE: https://github.com/redis/redis/commit/fa6815e14ea5adff93c5cd7be513c02a7c6e3f2a (7.0.5)
-CVE-2022-35950
- RESERVED
+CVE-2022-35950 (OroCommerce is an open-source Business to Business Commerce applicatio ...)
+ TODO: check
CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for Node.js.`undici ...)
- node-undici 5.8.2+dfsg1+~cs18.9.18.1-1
NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa7c3d95606f8cc1fc4141f93b873dd3c10b10a3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa7c3d95606f8cc1fc4141f93b873dd3c10b10a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231009/9c88ee5e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list