[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 12 21:12:28 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
801a8384 by security tracker role at 2023-10-12T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-5562 (An unsafe default configuration in KNIME Analytics Platform before 5.2 ...)
+ TODO: check
+CVE-2023-5556 (Cross-site Scripting (XSS) - Reflected in GitHub repository structuriz ...)
+ TODO: check
+CVE-2023-5555 (Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms p ...)
+ TODO: check
+CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a financia ...)
+ TODO: check
+CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 20230618. ...)
+ TODO: check
+CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-45143 (Undici is an HTTP/1.1 client written from scratch for Node.js. Prior t ...)
+ TODO: check
+CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...)
+ TODO: check
+CVE-2023-45138 (Change Request is an pplication allowing users to request changes on a ...)
+ TODO: check
+CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior ...)
+ TODO: check
+CVE-2023-45106 (Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram ...)
+ TODO: check
+CVE-2023-45103 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Per ...)
+ TODO: check
+CVE-2023-45102 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Mana ...)
+ TODO: check
+CVE-2023-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact F ...)
+ TODO: check
+CVE-2023-45063 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content W ...)
+ TODO: check
+CVE-2023-45060 (Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Intera ...)
+ TODO: check
+CVE-2023-45058 (Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short ...)
+ TODO: check
+CVE-2023-45052 (Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map ...)
+ TODO: check
+CVE-2023-45048 (Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof ...)
+ TODO: check
+CVE-2023-45047 (Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc Le ...)
+ TODO: check
+CVE-2023-45011 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Pow ...)
+ TODO: check
+CVE-2023-44998 (Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy H ...)
+ TODO: check
+CVE-2023-43149 (SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) th ...)
+ TODO: check
+CVE-2023-43148 (SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2023-43147 (PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Reque ...)
+ TODO: check
+CVE-2023-41131 (Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Da ...)
+ TODO: check
+CVE-2023-37637
+ REJECTED
+CVE-2023-32634 (An authentication bypass vulnerability exists in the CiRpcServerThread ...)
+ TODO: check
+CVE-2023-32275 (An information disclosure vulnerability exists in the CtEnumCa() funct ...)
+ TODO: check
+CVE-2023-32124 (Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publi ...)
+ TODO: check
+CVE-2023-31192 (An information disclosure vulnerability exists in the ClientConnect() ...)
+ TODO: check
+CVE-2023-27516 (An authentication bypass vulnerability exists in the CiRpcAccepted() f ...)
+ TODO: check
CVE-2023-36839
NOT-FOR-US: Juniper
CVE-2023-44204
@@ -260,45 +326,59 @@ CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and imm
- golang-1.11 <removed>
NOTE: https://github.com/golang/go/issues/63417
CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5486 (Inappropriate implementation in Input in Google Chrome prior to 118.0. ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5477 (Inappropriate implementation in Installer in Google Chrome prior to 11 ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5478 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5485 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5479 (Inappropriate implementation in Extensions API in Google Chrome prior ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5476 (Use after free in Blink History in Google Chrome prior to 118.0.5993.7 ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5474 (Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 al ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5475 (Inappropriate implementation in DevTools in Google Chrome prior to 118 ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5481 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5483 (Inappropriate implementation in Intents in Google Chrome prior to 118. ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5484 (Inappropriate implementation in Navigation in Google Chrome prior to 1 ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5487 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5218 (Use after free in Site Isolation in Google Chrome prior to 118.0.5993. ...)
+ {DSA-5526-1}
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4421
@@ -1759,7 +1839,7 @@ CVE-2023-4911 (A buffer overflow was discovered in the GNU C Library's dynamic l
NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca (glibc-2.34; backported in debian/2.31-12)
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
NOTE: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
-CVE-2023-43789 [libXpm: out of bounds read on XPM with corrupted colormap]
+CVE-2023-43789 (A vulnerability was found in libXpm where a vulnerability exists due t ...)
{DSA-5516-1 DLA-3603-1}
- libxpm 1:3.5.17-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
@@ -2426,13 +2506,13 @@ CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated user
NOT-FOR-US: JumpServer
CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, ...)
NOT-FOR-US: Proxmox
-CVE-2023-43314 (Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a r ...)
+CVE-2023-43314 (The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware v ...)
NOT-FOR-US: ZYXEL
CVE-2023-43233 (A stored cross-site scripting (XSS) vulnerability in the cms/content/e ...)
NOT-FOR-US: YZNCMS
-CVE-2023-43192 (SQL injection can exist in a newly created part of the JFinalcms backg ...)
+CVE-2023-43192 (SQL injection can exist in a newly created part of the SpringbootCMS 1 ...)
NOT-FOR-US: JFinalcms
-CVE-2023-43191 (JFinalCMS foreground message can be embedded malicious code saved in t ...)
+CVE-2023-43191 (SpringbootCMS 1.0 foreground message can be embedded malicious code sa ...)
NOT-FOR-US: JFinalCMS
CVE-2023-42818 (JumpServer is an open source bastion host. When users enable MFA and u ...)
NOT-FOR-US: JumpServer
@@ -2840,6 +2920,7 @@ CVE-2023-41079 (The issue was addressed with improved permissions logic. This is
CVE-2023-41078 (An authorization issue was addressed with improved state management. T ...)
NOT-FOR-US: Apple
CVE-2023-41074 (The issue was addressed with improved checks. This issue is fixed in t ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
@@ -3560,6 +3641,7 @@ CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download
CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
NOT-FOR-US: Dreamer CMS
CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in S ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.1-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.1-1
@@ -4462,6 +4544,7 @@ CVE-2023-3588 (A stored Cross-site Scripting (XSS) vulnerability affecting Teamw
CVE-2023-3280 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
NOT-FOR-US: Palo Alto Networks
CVE-2023-39928 (A use-after-free vulnerability exists in the MediaRecorder API of Webk ...)
+ {DSA-5527-1}
- webkit2gtk 2.42.0-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.0-1
@@ -22870,8 +22953,8 @@ CVE-2023-27880
RESERVED
CVE-2023-27513
RESERVED
-CVE-2023-25774
- RESERVED
+CVE-2023-25774 (A denial-of-service vulnerability exists in the vpnserver ConnectionAc ...)
+ TODO: check
CVE-2023-2077 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Campcodes Online Traffic Offense Management System
CVE-2023-2076 (A vulnerability classified as problematic was found in Campcodes Onlin ...)
@@ -25590,7 +25673,7 @@ CVE-2015-10099 (A vulnerability classified as critical has been found in CP Appo
NOT-FOR-US: WordPress plugin
CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been ...)
NOT-FOR-US: WordPress plugin
-CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has be ...)
+CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2023-29530 (Laminas Diactoros provides PSR HTTP Message implementations. In versio ...)
NOT-FOR-US: Laminas Diactoros
@@ -26460,7 +26543,7 @@ CVE-2023-29340 (AV1 Video Extension Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29339
RESERVED
-CVE-2023-29338 (Visual Studio Code Information Disclosure Vulnerability)
+CVE-2023-29338 (Visual Studio Code Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability)
- nuget <unfixed> (bug #1050835)
@@ -26712,8 +26795,8 @@ CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintena
NOT-FOR-US: WordPress plugin
CVE-2023-29234
RESERVED
-CVE-2023-23581
- RESERVED
+CVE-2023-23581 (A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHe ...)
+ TODO: check
CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is vulnerab ...)
NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress
CVE-2023-1839 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...)
@@ -28210,12 +28293,12 @@ CVE-2023-28827
RESERVED
CVE-2023-28379
RESERVED
-CVE-2023-27395
- RESERVED
-CVE-2023-22325
- RESERVED
-CVE-2023-22308
- RESERVED
+CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the vpnserver Wpc ...)
+ TODO: check
+CVE-2023-22325 (A denial of service vulnerability exists in the DCRegister DDNS_RPC_MA ...)
+ TODO: check
+CVE-2023-22308 (An integer underflow vulnerability exists in the vpnserver OvsProcessD ...)
+ TODO: check
CVE-2023-1625 (An information leak was discovered in OpenStack heat. This issue could ...)
[experimental] - heat 1:20.0.0~rc1-1
- heat 1:19.0.0-2 (bug #1034186)
@@ -28992,7 +29075,7 @@ CVE-2018-25082 (A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and
NOT-FOR-US: zwczou WeChat SDK Python
CVE-2016-15029 (A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and class ...)
NOT-FOR-US: Ydalb mapicoin
-CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2. It has been c ...)
+CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...)
NOT-FOR-US: RockOA
@@ -29010,7 +29093,7 @@ CVE-2023-2491 (A flaw was found in the Emacs text editor. Processing a specially
- emacs <not-affected> (Red Hat specific security regression from CVE-2023-28617 patches)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2192873
CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...)
- {DLA-3416-1}
+ {DLA-3616-1 DLA-3416-1}
[experimental] - org-mode 9.6.6+dfsg-1~exp1
- org-mode 9.5.2+dfsh-5 (bug #1033341)
[bullseye] - org-mode 9.4.0+dfsg-1+deb11u1
@@ -32330,7 +32413,7 @@ CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Pa
NOT-FOR-US: SourceCodester Health Center Patient Record Management System
CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...)
NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System
-CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1. It has been d ...)
+CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It ...)
NOT-FOR-US: Email Registration
CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file ...)
NOT-FOR-US: Shingo Intrepidity
@@ -33309,14 +33392,14 @@ CVE-2023-27317
RESERVED
CVE-2023-27316
RESERVED
-CVE-2023-27315
- RESERVED
-CVE-2023-27314
- RESERVED
-CVE-2023-27313
- RESERVED
-CVE-2023-27312
- RESERVED
+CVE-2023-27315 (SnapGathers versions prior to 4.9 are susceptible to a vulnerability ...)
+ TODO: check
+CVE-2023-27314 (ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12 ...)
+ TODO: check
+CVE-2023-27313 (SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vul ...)
+ TODO: check
+CVE-2023-27312 (SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are su ...)
+ TODO: check
CVE-2023-27311 (NetApp Blue XP Connector versions prior to 3.9.25 expose information v ...)
NOT-FOR-US: NetApp Blue XP Connector
CVE-2023-27310 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...)
@@ -36664,7 +36747,7 @@ CVE-2016-15024 (A vulnerability was found in doomsider shadow. It has been class
NOT-FOR-US: doomsider shadow
CVE-2014-125087 (A vulnerability was found in java-xmlbuilder up to 1.1. It has been ra ...)
NOT-FOR-US: java-xmlbuilder
-CVE-2012-10007 (A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. ...)
+CVE-2012-10007 (A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 ...)
NOT-FOR-US: madgicweb BuddyStream Plugin
CVE-2023-26056 (XWiki Platform is a generic wiki platform. Starting in version 3.0-mil ...)
NOT-FOR-US: XWiki
@@ -43811,8 +43894,8 @@ CVE-2023-23739
RESERVED
CVE-2023-23738
RESERVED
-CVE-2023-23737
- RESERVED
+CVE-2023-23737 (Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Lin ...)
+ TODO: check
CVE-2023-23736
RESERVED
CVE-2023-23735
@@ -44030,8 +44113,8 @@ CVE-2023-23653
RESERVED
CVE-2023-23652
RESERVED
-CVE-2023-23651
- RESERVED
+CVE-2023-23651 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Googl ...)
+ TODO: check
CVE-2023-23650 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23649
@@ -44105,8 +44188,8 @@ CVE-2023-23634
RESERVED
CVE-2023-23633
RESERVED
-CVE-2023-23632
- RESERVED
+CVE-2023-23632 (BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x a ...)
+ TODO: check
CVE-2023-23631 (github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go- ...)
NOT-FOR-US: github.com/ipfs/go-unixfsnode
CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno, ...)
@@ -46428,7 +46511,7 @@ CVE-2015-10037 (A vulnerability, which was classified as critical, was found in
NOT-FOR-US: ACI_Escola
CVE-2015-10036 (A vulnerability was found in kylebebak dronfelipe. It has been declare ...)
NOT-FOR-US: kylebebak dronfelipe
-CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart. It has been ...)
+CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It ...)
NOT-FOR-US: backdrop-contrib Basic Cart
CVE-2023-22924 (A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware vers ...)
NOT-FOR-US: Zyxel
@@ -46797,7 +46880,7 @@ CVE-2017-20165 (A vulnerability classified as problematic has been found in debu
NOTE: https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685
CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared as pr ...)
NOT-FOR-US: HealthMateWeb
-CVE-2010-10004 (A vulnerability was found in Information Cards Module and classified a ...)
+CVE-2010-10004 (A vulnerability was found in Information Cards Module on simpleSAMLphp ...)
NOT-FOR-US: Information Cards Module
CVE-2023-22858 (An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, al ...)
NOT-FOR-US: BlogEngine.NET
@@ -125936,7 +126019,7 @@ CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in
NOT-FOR-US: WordPress plugin
CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-44760 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
+CVE-2021-44760 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability disc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-4207 (A flaw was found in the QXL display device emulation in QEMU. A double ...)
{DSA-5133-1 DLA-3099-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/801a8384d0777a4d2ce22895bfb6d7fbd6cc89cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/801a8384d0777a4d2ce22895bfb6d7fbd6cc89cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231012/db957b8e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list