[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 18 09:12:15 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f94d33e3 by security tracker role at 2023-10-18T08:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-5626 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior t ...)
+ TODO: check
+CVE-2023-5621 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-5552 (A password disclosure vulnerability in the Secure PDF eXchange (SPX) f ...)
+ TODO: check
+CVE-2023-5538 (The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2023-4938 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
+ TODO: check
+CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__p ...)
+ TODO: check
+CVE-2023-45810 (OpenFGA is a flexible authorization/permission engine built for develo ...)
+ TODO: check
+CVE-2023-45051 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
+CVE-2023-45049 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJo ...)
+ TODO: check
+CVE-2023-42507 (Stack-based buffer overflow vulnerability exists in OnSinView2 version ...)
+ TODO: check
+CVE-2023-42506 (Improper restriction of operations within the bounds of a memory buffe ...)
+ TODO: check
+CVE-2023-42319 (Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, ...)
+ TODO: check
+CVE-2023-41715 (SonicOS post-authentication Improper Privilege Management vulnerabilit ...)
+ TODO: check
+CVE-2023-41713 (SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyT ...)
+ TODO: check
+CVE-2023-41712 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...)
+ TODO: check
+CVE-2023-41711 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...)
+ TODO: check
+CVE-2023-41631 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...)
+ TODO: check
+CVE-2023-41630 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...)
+ TODO: check
+CVE-2023-41629 (A lack of input sanitizing in the file download feature of eSST Monito ...)
+ TODO: check
+CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is vulnerable to C ...)
+ TODO: check
+CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the NormalizationFilter does ...)
+ TODO: check
+CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either strings o ...)
+ TODO: check
+CVE-2023-39331 (A previously disclosed vulnerability (CVE-2023-30584) was patched insu ...)
+ TODO: check
+CVE-2023-39280 (SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerabilit ...)
+ TODO: check
+CVE-2023-39279 (SonicOS post-authentication Stack-Based Buffer Overflow vulnerability ...)
+ TODO: check
+CVE-2023-39278 (SonicOS post-authentication user assertion failure leads to Stack-Base ...)
+ TODO: check
+CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow vulnerability ...)
+ TODO: check
+CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow vulnerability ...)
+ TODO: check
+CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resource aga ...)
+ TODO: check
+CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas discove ...)
+ TODO: check
+CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...)
+ TODO: check
+CVE-2023-35083 (Allows an authenticated attacker with network access to read arbitrary ...)
+ TODO: check
CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown element ...)
TODO: check
CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during initial ...)
@@ -1058,13 +1124,13 @@ CVE-2023-4421
- nss 2:3.93-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2238677
NOTE: https://hg.mozilla.org/projects/nss/rev/fc05574c739947d615ab0b2b2b564f01c922eccd
-CVE-2023-38546
+CVE-2023-38546 (This flaw allows an attacker to insert cookies at will into a running ...)
{DSA-5523-1 DLA-3613-1}
- curl 8.3.0-3
NOTE: https://curl.se/docs/CVE-2023-38546.html
NOTE: Fixed in https://github.com/curl/curl/commit/61275672b46d9abb32857404 (curl-8_4_0)
NOTE: Introduced in https://github.com/curl/curl/commit/74d5a6fb3b9a96d9f
-CVE-2023-38545
+CVE-2023-38545 (This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy ...)
{DSA-5523-1}
- curl 8.3.0-3
[buster] - curl <not-affected> (Vulnerable code not present)
@@ -31569,7 +31635,7 @@ CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to t
NOT-FOR-US: expo.io
CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...)
NOT-FOR-US: Gaia Portal
-CVE-2023-28129 (Desktop & Server Management (DSM) may have a possible execution of arb ...)
+CVE-2023-28129 (DSM 2022.2 SU2 and all prior versions allows a local low privileged ac ...)
NOT-FOR-US: Ivanti
CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...)
NOT-FOR-US: Avalanche
@@ -39596,8 +39662,8 @@ CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet W
NOT-FOR-US: WordPress plugin
CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25476
- RESERVED
+CVE-2023-25476 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic Am ...)
+ TODO: check
CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About M ...)
@@ -51896,140 +51962,140 @@ CVE-2023-22132
RESERVED
CVE-2023-22131
RESERVED
-CVE-2023-22130
- RESERVED
-CVE-2023-22129
- RESERVED
-CVE-2023-22128
- RESERVED
-CVE-2023-22127
- RESERVED
-CVE-2023-22126
- RESERVED
-CVE-2023-22125
- RESERVED
-CVE-2023-22124
- RESERVED
-CVE-2023-22123
- RESERVED
-CVE-2023-22122
- RESERVED
-CVE-2023-22121
- RESERVED
+CVE-2023-22130 (Vulnerability in the Sun ZFS Storage Appliance product of Oracle Syste ...)
+ TODO: check
+CVE-2023-22129 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2023-22128 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2023-22127 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2023-22126 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...)
+ TODO: check
+CVE-2023-22125 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
+ TODO: check
+CVE-2023-22124 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
+ TODO: check
+CVE-2023-22123 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
+ TODO: check
+CVE-2023-22122 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
+ TODO: check
+CVE-2023-22121 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...)
+ TODO: check
CVE-2023-22120
RESERVED
-CVE-2023-22119
- RESERVED
-CVE-2023-22118
- RESERVED
-CVE-2023-22117
- RESERVED
+CVE-2023-22119 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ TODO: check
+CVE-2023-22118 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ TODO: check
+CVE-2023-22117 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ TODO: check
CVE-2023-22116
RESERVED
-CVE-2023-22115
- RESERVED
-CVE-2023-22114
- RESERVED
-CVE-2023-22113
- RESERVED
-CVE-2023-22112
- RESERVED
-CVE-2023-22111
- RESERVED
-CVE-2023-22110
- RESERVED
-CVE-2023-22109
- RESERVED
-CVE-2023-22108
- RESERVED
-CVE-2023-22107
- RESERVED
-CVE-2023-22106
- RESERVED
-CVE-2023-22105
- RESERVED
-CVE-2023-22104
- RESERVED
-CVE-2023-22103
- RESERVED
-CVE-2023-22102
- RESERVED
-CVE-2023-22101
- RESERVED
-CVE-2023-22100
- RESERVED
-CVE-2023-22099
- RESERVED
-CVE-2023-22098
- RESERVED
-CVE-2023-22097
- RESERVED
-CVE-2023-22096
- RESERVED
-CVE-2023-22095
- RESERVED
-CVE-2023-22094
- RESERVED
-CVE-2023-22093
- RESERVED
-CVE-2023-22092
- RESERVED
-CVE-2023-22091
- RESERVED
-CVE-2023-22090
- RESERVED
-CVE-2023-22089
- RESERVED
-CVE-2023-22088
- RESERVED
-CVE-2023-22087
- RESERVED
-CVE-2023-22086
- RESERVED
-CVE-2023-22085
- RESERVED
-CVE-2023-22084
- RESERVED
-CVE-2023-22083
- RESERVED
-CVE-2023-22082
- RESERVED
-CVE-2023-22081
- RESERVED
-CVE-2023-22080
- RESERVED
-CVE-2023-22079
- RESERVED
-CVE-2023-22078
- RESERVED
-CVE-2023-22077
- RESERVED
-CVE-2023-22076
- RESERVED
-CVE-2023-22075
- RESERVED
-CVE-2023-22074
- RESERVED
-CVE-2023-22073
- RESERVED
-CVE-2023-22072
- RESERVED
-CVE-2023-22071
- RESERVED
-CVE-2023-22070
- RESERVED
-CVE-2023-22069
- RESERVED
-CVE-2023-22068
- RESERVED
-CVE-2023-22067
- RESERVED
-CVE-2023-22066
- RESERVED
-CVE-2023-22065
- RESERVED
-CVE-2023-22064
- RESERVED
+CVE-2023-22115 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22114 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22113 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22112 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22111 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22110 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22109 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-22108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-22107 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...)
+ TODO: check
+CVE-2023-22106 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...)
+ TODO: check
+CVE-2023-22105 (Vulnerability in the BI Publisher product of Oracle Analytics (compone ...)
+ TODO: check
+CVE-2023-22104 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22102 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ TODO: check
+CVE-2023-22101 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-22100 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2023-22099 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2023-22098 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ TODO: check
+CVE-2023-22097 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22096 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...)
+ TODO: check
+CVE-2023-22095 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22094 (Vulnerability in the MySQL Installer product of Oracle MySQL (componen ...)
+ TODO: check
+CVE-2023-22093 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...)
+ TODO: check
+CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE ...)
+ TODO: check
+CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
+ TODO: check
+CVE-2023-22089 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-22088 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
+ TODO: check
+CVE-2023-22087 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...)
+ TODO: check
+CVE-2023-22086 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-22085 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...)
+ TODO: check
+CVE-2023-22084 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ TODO: check
+CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of ...)
+ TODO: check
+CVE-2023-22080 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2023-22079 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22078 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22077 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...)
+ TODO: check
+CVE-2023-22076 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2023-22075 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...)
+ TODO: check
+CVE-2023-22074 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...)
+ TODO: check
+CVE-2023-22073 (Vulnerability in the Oracle Notification Server component of Oracle Da ...)
+ TODO: check
+CVE-2023-22072 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-22071 (Vulnerability in the PL/SQL component of Oracle Database Server. Supp ...)
+ TODO: check
+CVE-2023-22070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22069 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22067 (Vulnerability in Oracle Java SE (component: CORBA). Supported version ...)
+ TODO: check
+CVE-2023-22066 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22065 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22064 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
CVE-2023-22063
RESERVED
CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting product of Or ...)
@@ -52038,8 +52104,8 @@ CVE-2023-22061 (Vulnerability in the Oracle Business Intelligence Enterprise Edi
NOT-FOR-US: Oracle
CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyper ...)
NOT-FOR-US: Oracle
-CVE-2023-22059
- RESERVED
+CVE-2023-22059 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.34-1 (bug #1041819)
CVE-2023-22057 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -52104,22 +52170,22 @@ CVE-2023-22034 (Vulnerability in the Unified Audit component of Oracle Database
NOT-FOR-US: Oracle
CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.34-1 (bug #1041819)
-CVE-2023-22032
- RESERVED
+CVE-2023-22032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-22030
RESERVED
-CVE-2023-22029
- RESERVED
-CVE-2023-22028
- RESERVED
+CVE-2023-22029 (Vulnerability in the Oracle Commerce Guided Search product of Oracle C ...)
+ TODO: check
+CVE-2023-22028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
-CVE-2023-22026
- RESERVED
-CVE-2023-22025
- RESERVED
+CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ TODO: check
CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has ...)
NOT-FOR-US: Oracle
CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -52130,16 +52196,16 @@ CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise Edi
NOT-FOR-US: Oracle
CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
-CVE-2023-22019
- RESERVED
+CVE-2023-22019 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ TODO: check
CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
CVE-2023-22016 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 7.0.10-dfsg-1
-CVE-2023-22015
- RESERVED
+CVE-2023-22015 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94d33e31b29f7cb2ce5bed517215e384933f3ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94d33e31b29f7cb2ce5bed517215e384933f3ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231018/c43c624f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list