[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 10 21:12:33 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
53eb5e26 by security tracker role at 2023-10-10T20:12:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,409 @@
+CVE-2023-5499 (Information exposure vulnerability in Shenzhen Reachfar v28, the explo ...)
+ TODO: check
+CVE-2023-5498 (Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding ...)
+ TODO: check
+CVE-2023-5497 (A vulnerability classified as critical has been found in Tongda OA 201 ...)
+ TODO: check
+CVE-2023-5496 (A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefo ...)
+ TODO: check
+CVE-2023-5495 (A vulnerability was found in QDocs Smart School 6.4.1. It has been cla ...)
+ TODO: check
+CVE-2023-5494 (A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service ...)
+ TODO: check
+CVE-2023-5493 (A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Ser ...)
+ TODO: check
+CVE-2023-5492 (A vulnerability, which was classified as critical, was found in Beijin ...)
+ TODO: check
+CVE-2023-5491 (A vulnerability, which was classified as critical, has been found in B ...)
+ TODO: check
+CVE-2023-5490 (A vulnerability classified as critical was found in Beijing Baichuo Sm ...)
+ TODO: check
+CVE-2023-5489 (A vulnerability classified as critical has been found in Beijing Baich ...)
+ TODO: check
+CVE-2023-5488 (A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service ...)
+ TODO: check
+CVE-2023-5450 (An insufficient verification of data vulnerability exists in BIG-IP Ed ...)
+ TODO: check
+CVE-2023-4966 (Sensitive information disclosurein NetScaler ADC and NetScaler Gateway ...)
+ TODO: check
+CVE-2023-4837 (SmodBIP is vulnerable to Cross-Site Request Forgery, that could be use ...)
+ TODO: check
+CVE-2023-4309 (Election Services Co. (ESC) Internet Election Service is vulnerable to ...)
+ TODO: check
+CVE-2023-45648 (Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ...)
+ TODO: check
+CVE-2023-45601 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...)
+ TODO: check
+CVE-2023-45226 (The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5 ...)
+ TODO: check
+CVE-2023-45219 (Exposure of Sensitive Information vulnerability exist in an undisclose ...)
+ TODO: check
+CVE-2023-45205 (A vulnerability has been identified in SICAM PAS/PQS (All versions >= ...)
+ TODO: check
+CVE-2023-45204 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2023-45129 (Synapse is an open-source Matrix homeserver written and maintained by ...)
+ TODO: check
+CVE-2023-44996 (Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post ...)
+ TODO: check
+CVE-2023-44995 (Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommer ...)
+ TODO: check
+CVE-2023-44994 (Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCod ...)
+ TODO: check
+CVE-2023-44763 (Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability ...)
+ TODO: check
+CVE-2023-44476 (Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea ...)
+ TODO: check
+CVE-2023-44475 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add ...)
+ TODO: check
+CVE-2023-44471 (Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backen ...)
+ TODO: check
+CVE-2023-44470 (Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMC ...)
+ TODO: check
+CVE-2023-44399 (ZITADEL provides identity infrastructure. In versions 2.37.2 and prior ...)
+ TODO: check
+CVE-2023-44315 (A vulnerability has been identified in SINEC NMS (All versions < V2.0) ...)
+ TODO: check
+CVE-2023-44261 (Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block ...)
+ TODO: check
+CVE-2023-44259 (Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine ...)
+ TODO: check
+CVE-2023-44257 (Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board ...)
+ TODO: check
+CVE-2023-44249 (An authorization bypass through user-controlled key[CWE-639] vulnerabi ...)
+ TODO: check
+CVE-2023-44241 (Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing P ...)
+ TODO: check
+CVE-2023-44087 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2023-44086 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2023-44085 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2023-44084 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2023-44083 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2023-44082 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2023-44081 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...)
+ TODO: check
+CVE-2023-43896 (A buffer overflow in Macrium Reflect 8.1.7544 and below allows attacke ...)
+ TODO: check
+CVE-2023-43746 (When running in Appliance mode, an authenticated user assigned the Adm ...)
+ TODO: check
+CVE-2023-43625 (A vulnerability has been identified in Simcenter Amesim (All versions ...)
+ TODO: check
+CVE-2023-43623 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...)
+ TODO: check
+CVE-2023-43611 (The BIG-IP Edge Client Installer on macOS does not follow best practic ...)
+ TODO: check
+CVE-2023-43485 (When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system ...)
+ TODO: check
+CVE-2023-42796 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
+ TODO: check
+CVE-2023-42795 (Incomplete Cleanup vulnerability in Apache Tomcat.When recycling vario ...)
+ TODO: check
+CVE-2023-42794 (Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork ...)
+ TODO: check
+CVE-2023-42788 (An improper neutralization of special elements used in an os command ( ...)
+ TODO: check
+CVE-2023-42787 (A client-side enforcement of server-side security [CWE-602] vulnerabil ...)
+ TODO: check
+CVE-2023-42782 (A insufficient verification of data authenticity vulnerability [CWE-34 ...)
+ TODO: check
+CVE-2023-42768 (When a non-admin user has been assigned an administrator role via an i ...)
+ TODO: check
+CVE-2023-41964 (The BIG-IP and BIG-IQ systems do not encrypt some sensitive informatio ...)
+ TODO: check
+CVE-2023-41876 (Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP ...)
+ TODO: check
+CVE-2023-41858 (Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order De ...)
+ TODO: check
+CVE-2023-41854 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. Wp ...)
+ TODO: check
+CVE-2023-41853 (Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availabilit ...)
+ TODO: check
+CVE-2023-41852 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch ...)
+ TODO: check
+CVE-2023-41851 (Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custo ...)
+ TODO: check
+CVE-2023-41850 (Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Rube ...)
+ TODO: check
+CVE-2023-41841 (An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7. ...)
+ TODO: check
+CVE-2023-41838 (An improper neutralization of special elements used in an os command ( ...)
+ TODO: check
+CVE-2023-41774 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-41773 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-41772 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-41771 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-41770 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-41769 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-41768 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-41767 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-41766 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...)
+ TODO: check
+CVE-2023-41765 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-41763 (Skype for Business Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-41679 (An improper access control vulnerability [CWE-284] in FortiManager man ...)
+ TODO: check
+CVE-2023-41675 (A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 thro ...)
+ TODO: check
+CVE-2023-41373 (A directory traversal vulnerability exists in the BIG-IP Configuration ...)
+ TODO: check
+CVE-2023-41253 (When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, an ...)
+ TODO: check
+CVE-2023-41085 (When IPSec is configured on a Virtual Server, undisclosed traffic can ...)
+ TODO: check
+CVE-2023-40718 (A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 ...)
+ TODO: check
+CVE-2023-40542 (When TCP Verified Accept is enabled on a TCP profile that is configure ...)
+ TODO: check
+CVE-2023-40537 (An authenticated user's session cookie may remain valid for a limited ...)
+ TODO: check
+CVE-2023-40534 (When a client-side HTTP/2 profile and the HTTP MRF Router option are e ...)
+ TODO: check
+CVE-2023-39447 (When BIG-IP APM Guided Configurations are configured, undisclosed sens ...)
+ TODO: check
+CVE-2023-38640 (A vulnerability has been identified in SICAM PAS/PQS (All versions >= ...)
+ TODO: check
+CVE-2023-38171 (Microsoft QUIC Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-38166 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-38159 (Windows Graphics Component Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-37939 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ TODO: check
+CVE-2023-37935 (A use of GET request method with sensitive query strings vulnerability ...)
+ TODO: check
+CVE-2023-37195 (A vulnerability has been identified in SIMATIC CP 1604 (All versions), ...)
+ TODO: check
+CVE-2023-37194 (A vulnerability has been identified in SIMATIC CP 1604 (All versions), ...)
+ TODO: check
+CVE-2023-36902 (Windows Runtime Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36790 (Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36789 (Skype for Business Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36786 (Skype for Business Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36785 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2023-36780 (Skype for Business Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36778 (Microsoft Exchange Server Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36776 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36743 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36737 (Azure Network Watcher VM Agent Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36732 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36731 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36730 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2023-36729 (Named Pipe File System Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36728 (Microsoft SQL Server Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36726 (Windows Internet Key Exchange (IKE) Extension Elevation of Privilege ...)
+ TODO: check
+CVE-2023-36725 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36724 (Windows Power Management Service Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36723 (Windows Container Manager Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36722 (Active Directory Domain Services Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36721 (Windows Error Reporting Service Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36720 (Windows Mixed Reality Developer Tools Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36718 (Microsoft Virtual Trusted Platform Module Remote Code Execution Vulner ...)
+ TODO: check
+CVE-2023-36717 (Windows Virtual Trusted Platform Module Denial of Service Vulnerabilit ...)
+ TODO: check
+CVE-2023-36713 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ TODO: check
+CVE-2023-36712 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36711 (Windows Runtime C++ Template Library Elevation of Privilege Vulnerabil ...)
+ TODO: check
+CVE-2023-36710 (Windows Media Foundation Core Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36709 (Microsoft AllJoyn API Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36707 (Windows Deployment Services Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36706 (Windows Deployment Services Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36704 (Windows Setup Files Cleanup Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36703 (DHCP Server Service Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36702 (Microsoft DirectMusic Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36701 (Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerab ...)
+ TODO: check
+CVE-2023-36698 (Windows Kernel Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36697 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36637 (An improper neutralization of input during web page generation vulnera ...)
+ TODO: check
+CVE-2023-36606 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36605 (Windows Named Pipe Filesystem Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36603 (Windows TCP/IP Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36602 (Windows TCP/IP Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36598 (Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36596 (Remote Procedure Call Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36594 (Windows Graphics Component Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36593 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36592 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36591 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36590 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36589 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36585 (Active Template Library Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36584 (Windows Mark of the Web Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36583 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36582 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36581 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36579 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36578 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36577 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...)
+ TODO: check
+CVE-2023-36576 (Windows Kernel Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36575 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36574 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36573 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36572 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36571 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36570 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36569 (Microsoft Office Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36568 (Microsoft Office Click-To-Run Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36567 (Windows Deployment Services Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36566 (Microsoft Common Data Model SDK Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36565 (Microsoft Office Graphics Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36564 (Windows Search Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-36563 (Microsoft WordPad Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36561 (Azure DevOps Server Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36557 (PrintHTML API Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36556 (An incorrect authorization vulnerability [CWE-863] in FortiMail webmai ...)
+ TODO: check
+CVE-2023-36555 (An improper neutralization of script-related html tags in a web page ( ...)
+ TODO: check
+CVE-2023-36550 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-36549 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-36548 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-36547 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-36478 (Eclipse Jetty provides a web server and servlet container. In versions ...)
+ TODO: check
+CVE-2023-36438 (Windows TCP/IP Information Disclosure Vulnerability)
+ TODO: check
+CVE-2023-36436 (Windows MSHTML Platform Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36435 (Microsoft QUIC Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36434 (Windows IIS Server Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36433 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...)
+ TODO: check
+CVE-2023-36431 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2023-36429 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...)
+ TODO: check
+CVE-2023-36420 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
+ TODO: check
+CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege ...)
+ TODO: check
+CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36417 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36416 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ TODO: check
+CVE-2023-36415 (Azure Identity SDK Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36414 (Azure Identity SDK Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-36380 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
+ TODO: check
+CVE-2023-35796 (A vulnerability has been identified in SINEMA Server V14 (All versions ...)
+ TODO: check
+CVE-2023-35349 (Microsoft Message Queuing Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-34993 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-34992 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-34989 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-34988 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-34987 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-34986 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-34985 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2023-33301 (An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7 ...)
+ TODO: check
CVE-2023-42670 [Samba AD DC Busy RPC multiple listener DoS]
- samba 2:4.19.1+dfsg-1
[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
@@ -22,7 +428,7 @@ CVE-2023-3961 [smbd allows client access to unix domain sockets on the file syst
[buster] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
NOTE: In scope for continued Samba support
-CVE-2023-44487
+CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...)
- tomcat9 <unfixed>
- tomcat10 <unfixed>
- trafficserver <unfixed>
@@ -122,9 +528,11 @@ CVE-2023-41365 (SAP Business One (B1i) - version 10.0, allows an authorized atta
CVE-2023-40310 (SAP PowerDesignerClient- version 16.7, does not sufficiently validate ...)
NOT-FOR-US: SAP
CVE-2023-45360
+ {DSA-5520-1}
- mediawiki 1:1.39.5-1
NOTE: https://phabricator.wikimedia.org/T340221
CVE-2023-45362
+ {DSA-5520-1}
- mediawiki 1:1.39.5-1
NOTE: https://phabricator.wikimedia.org/T341529
CVE-2023-45361
@@ -171,7 +579,7 @@ CVE-2023-45247 (Sensitive information disclosure and manipulation due to missing
NOT-FOR-US: Acronis
CVE-2023-44993 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...)
NOT-FOR-US: QuantumCloud
-CVE-2023-44821 (Buffer Overflow vulnerability in gifsicle v.1.92 allows a remote attac ...)
+CVE-2023-44821 (Gifsicle through 1.94, if deployed in a way that allows untrusted inpu ...)
- gifsicle <unfixed> (unimportant)
NOTE: Memory leak in CLI tool, no security impact
NOTE: https://github.com/kohler/gifsicle/issues/195
@@ -271,6 +679,7 @@ CVE-2023-45364 (An issue was discovered in includes/page/Article.php in MediaWik
[buster] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://phabricator.wikimedia.org/T264765
CVE-2023-45363 (An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, ...)
+ {DSA-5520-1}
- mediawiki 1:1.39.5-1
NOTE: https://phabricator.wikimedia.org/T333050
CVE-2023-45356 (Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 40 ...)
@@ -1002,18 +1411,18 @@ CVE-2023-43789 [libXpm: out of bounds read on XPM with corrupted colormap]
- libxpm 1:3.5.17-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51
-CVE-2023-43788 [libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()]
+CVE-2023-43788 (A vulnerability was found in libXpm due to a boundary condition within ...)
{DSA-5516-1 DLA-3603-1}
- libxpm 1:3.5.17-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0
-CVE-2023-43787 [ibX11: integer overflow in XCreateImage() leading to a heap overflow]
+CVE-2023-43787 (A vulnerability was found in libX11 due to an integer overflow within ...)
{DSA-5517-1 DLA-3602-1}
- libx11 2:1.8.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/7916869d16bdd115ac5be30a67c3749907aea6a0
NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/91f887b41bf75648df725a4ed3be036da02e911e
-CVE-2023-43786 [libX11: stack exhaustion from infinite recursion in PutSubImage()]
+CVE-2023-43786 (A vulnerability was found in libX11 due to an infinite loop within the ...)
{DSA-5517-1 DLA-3602-1}
- libx11 2:1.8.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
@@ -1021,7 +1430,7 @@ CVE-2023-43786 [libX11: stack exhaustion from infinite recursion in PutSubImage(
NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/73a37d5f2fcadd6540159b432a70d80f442ddf4a
NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/b4031fc023816aca07fbd592ed97010b9b48784b
NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/84fb14574c039f19ad7face87eb9acc31a50701c
-CVE-2023-43785 [libX11: out-of-bounds memory access in _XkbReadKeySyms()]
+CVE-2023-43785 (A vulnerability was found in libX11 due to a boundary condition within ...)
{DSA-5517-1 DLA-3602-1}
- libx11 2:1.8.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
@@ -1360,7 +1769,7 @@ CVE-2023-5227 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
NOT-FOR-US: phpmyfaq
CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code Executi ...)
NOT-FOR-US: OpenHook plugin for WordPress
-CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. It affects linters u ...)
+CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...)
- node-postcss <unfixed> (bug #1053282)
[bookworm] - node-postcss <no-dsa> (Minor issue)
[bullseye] - node-postcss <no-dsa> (Minor issue)
@@ -2558,6 +2967,7 @@ CVE-2023-40163 (An out-of-bounds write vulnerability exists in the allocate_buff
CVE-2023-3664 (The FileOrganizer WordPress plugin through 1.0.2 does not restrict fun ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3550 (Mediawiki v1.40.0 does not validate namespaces used in XML files. The ...)
+ {DSA-5520-1}
- mediawiki 1:1.39.5-1
[buster] - mediawiki <postponed> (Wait until it lands in 1.35)
NOTE: https://phabricator.wikimedia.org/T341565
@@ -20498,8 +20908,8 @@ CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software Foun
NOT-FOR-US: Apache InLong
CVE-2023-31097
RESERVED
-CVE-2023-31096
- RESERVED
+CVE-2023-31096 (An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel ...)
+ TODO: check
CVE-2023-31095
RESERVED
CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Ka ...)
@@ -20739,7 +21149,7 @@ CVE-2023-30997
RESERVED
CVE-2023-30996
RESERVED
-CVE-2023-30995 (IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whi ...)
+CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow ...)
NOT-FOR-US: IBM
CVE-2023-30994
RESERVED
@@ -21024,8 +21434,8 @@ CVE-2023-30902 (A privilege escalation vulnerability in the Trend Micro Apex One
NOT-FOR-US: Trend Micro
CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...)
NOT-FOR-US: Siemens
-CVE-2023-30900
- RESERVED
+CVE-2023-30900 (A vulnerability has been identified in Xpedition Layout Browser (All v ...)
+ TODO: check
CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...)
NOT-FOR-US: Siemens
CVE-2023-30898 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...)
@@ -21300,18 +21710,18 @@ CVE-2023-30808
RESERVED
CVE-2023-30807
RESERVED
-CVE-2023-30806
- RESERVED
-CVE-2023-30805
- RESERVED
-CVE-2023-30804
- RESERVED
-CVE-2023-30803
- RESERVED
-CVE-2023-30802
- RESERVED
-CVE-2023-30801
- RESERVED
+CVE-2023-30806 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...)
+ TODO: check
+CVE-2023-30805 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...)
+ TODO: check
+CVE-2023-30804 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...)
+ TODO: check
+CVE-2023-30803 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...)
+ TODO: check
+CVE-2023-30802 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...)
+ TODO: check
+CVE-2023-30801 (All versions of the qBittorrent client through 4.5.5 use default crede ...)
+ TODO: check
CVE-2023-30800 (The web server used by MikroTik RouterOS version 6 is affected by a he ...)
NOT-FOR-US: MikroTik
CVE-2023-30799 (MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 ar ...)
@@ -25678,8 +26088,8 @@ CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabi
NOT-FOR-US: Microsoft
CVE-2023-29349 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-29348
- RESERVED
+CVE-2023-29348 (Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vul ...)
+ TODO: check
CVE-2023-29347 (Windows Admin Center Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability)
@@ -27436,7 +27846,7 @@ CVE-2023-28833 (Nextcloud server is an open source home cloud implementation. In
- nextcloud-server <itp> (bug #941708)
CVE-2023-28832 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...)
NOT-FOR-US: Siemens
-CVE-2023-28831 (The ANSI C OPC UA SDK contains an integer overflow vulnerability that ...)
+CVE-2023-28831 (The OPC UA implementations (ANSI C and C++) in affected products conta ...)
NOT-FOR-US: Siemens
CVE-2023-28830 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...)
NOT-FOR-US: Siemens
@@ -37535,14 +37945,14 @@ CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFo
NOT-FOR-US: Fortinet
CVE-2023-25608 (An incomplete filtering of one or more instances of special elements v ...)
NOT-FOR-US: FortiGuard
-CVE-2023-25607
- RESERVED
+CVE-2023-25607 (An improper neutralization of special elements used in an OS Command ( ...)
+ TODO: check
CVE-2023-25606 (An improper limitation of a pathname to a restricted directory ('Path ...)
NOT-FOR-US: Fortinet
CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - ...)
NOT-FOR-US: Fortinet
-CVE-2023-25604
- RESERVED
+CVE-2023-25604 (An insertion of sensitive information into log file vulnerability in F ...)
+ TODO: check
CVE-2023-25603
RESERVED
CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...)
@@ -102146,8 +102556,8 @@ CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking thro
NOT-FOR-US: asith-eranga ISIC tour booking
CVE-2022-30528 (SQL Injection vulnerability in asith-eranga ISIC tour booking through ...)
NOT-FOR-US: asith-eranga ISIC tour booking
-CVE-2022-30527
- RESERVED
+CVE-2022-30527 (A vulnerability has been identified in SINEC NMS (All versions < V2.0) ...)
+ TODO: check
CVE-2022-1662 (In convert2rhel, there's an ansible playbook named ansible/run-convert ...)
NOT-FOR-US: Red Hat convert2rhel
CVE-2022-1661 (The affected products are vulnerable to directory traversal, which may ...)
@@ -117398,7 +117808,7 @@ CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger st
- expat 2.4.5-1
NOTE: https://github.com/libexpat/libexpat/pull/558
NOTE: https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab
-CVE-2022-25311 (A vulnerability has been identified in SINEC NMS (All versions < V1.0. ...)
+CVE-2022-25311 (A vulnerability has been identified in SINEC NMS (All versions >= V1.0 ...)
NOT-FOR-US: Siemens
CVE-2022-25310 (A segmentation fault (SEGV) flaw was found in the Fribidi package and ...)
{DLA-2974-1}
@@ -120964,7 +121374,7 @@ CVE-2021-4218 (A flaw was found in the Linux kernel\u2019s implementation of rea
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359
NOTE: Issue is specific to CentOS/RHEL. In mainline, xprtrdma always used copy_to_user()
NOTE: until the general conversion of sysctls to use a kernel buffer.
-CVE-2022-24282 (A vulnerability has been identified in SINEC NMS (All versions < V1.0. ...)
+CVE-2022-24282 (A vulnerability has been identified in SINEC NMS (All versions >= V1.0 ...)
NOT-FOR-US: Siemens
CVE-2022-24281 (A vulnerability has been identified in SINEC NMS (All versions < V1.0. ...)
NOT-FOR-US: Siemens
@@ -128249,8 +128659,8 @@ CVE-2022-22300 (A improper handling of insufficient permissions or privileges in
NOT-FOR-US: FortiGuard
CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line interprete ...)
NOT-FOR-US: FortiNet
-CVE-2022-22298
- RESERVED
+CVE-2022-22298 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
CVE-2022-22297 (An incomplete filtering of one or more instances of special elements v ...)
NOT-FOR-US: FortiGuard
CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...)
@@ -213842,20 +214252,20 @@ CVE-2020-27637 (The R programming language\u2019s default package manager CRAN i
[buster] - r-base <no-dsa> (Minor issue)
[stretch] - r-base <no-dsa> (Minor issue)
NOTE: https://labs.bishopfox.com/advisories/cran-version-4.0.2
-CVE-2020-27636
- RESERVED
-CVE-2020-27635
- RESERVED
-CVE-2020-27634
- RESERVED
-CVE-2020-27633
- RESERVED
+CVE-2020-27636 (In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.)
+ TODO: check
+CVE-2020-27635 (In PicoTCP 1.7.0, TCP ISNs are improperly random.)
+ TODO: check
+CVE-2020-27634 (In Contiki 4.5, TCP ISNs are improperly random.)
+ TODO: check
+CVE-2020-27633 (In FNET 4.6.3, TCP ISNs are improperly random.)
+ TODO: check
CVE-2020-27632 (In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is ...)
NOT-FOR-US: Siemens SIMATIC MV400
-CVE-2020-27631
- RESERVED
-CVE-2020-27630
- RESERVED
+CVE-2020-27631 (In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.)
+ TODO: check
+CVE-2020-27630 (In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.)
+ TODO: check
CVE-2020-27629 (In JetBrains TeamCity before 2020.1.5, secure dependency parameters co ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2020-27628 (In JetBrains TeamCity before 2020.1.5, the Guest user had access to au ...)
@@ -214795,8 +215205,8 @@ CVE-2020-27215
RESERVED
CVE-2020-27214
RESERVED
-CVE-2020-27213
- RESERVED
+CVE-2020-27213 (An issue was discovered in Ethernut Nut/OS 5.1. The code that generate ...)
+ TODO: check
CVE-2020-27212 (STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect a ...)
NOT-FOR-US: STMicroelectronics STM32L4 devices
CVE-2020-27211 (Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53eb5e268e1b1aa3583329db5bebb36ee33f5a0e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53eb5e268e1b1aa3583329db5bebb36ee33f5a0e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231010/d6314c58/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list