[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 19 21:11:49 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0a242378 by security tracker role at 2023-10-19T20:11:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2023-5654 (The React Developer Tools extension registers a message listener with ...)
+ TODO: check
+CVE-2023-5059 (Santesoft Sante FFT Imaging lacks proper validation of user-supplied d ...)
+ TODO: check
+CVE-2023-46227 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...)
+ TODO: check
+CVE-2023-46042 (An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute ...)
+ TODO: check
+CVE-2023-46033 (D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL ...)
+ TODO: check
+CVE-2023-45992 (Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruck ...)
+ TODO: check
+CVE-2023-45883 (A privilege escalation vulnerability exists within the Qumu Multicast ...)
+ TODO: check
+CVE-2023-45826 (Leantime is an open source project management system. A 'userId' varia ...)
+ TODO: check
+CVE-2023-45825 (ydb-go-sdk is a pure Go native and database/sql driver for the YDB pla ...)
+ TODO: check
+CVE-2023-45820 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2023-45809 (Wagtail is an open source content management system built on Django. A ...)
+ TODO: check
+CVE-2023-45665
+ REJECTED
+CVE-2023-45384 (KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestrict ...)
+ TODO: check
+CVE-2023-45381 (In the module "Creative Popup" (creativepopup) up to version 1.6.9 fro ...)
+ TODO: check
+CVE-2023-45379 (In the module "Rotator Img" (posrotatorimg) in versions at least up to ...)
+ TODO: check
+CVE-2023-45376 (In the module "Carousels Pack - Instagram, Products, Brands, Supplier" ...)
+ TODO: check
+CVE-2023-45281 (An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie ...)
+ TODO: check
+CVE-2023-45278 (Directory Traversal vulnerability in the storage functionality of the ...)
+ TODO: check
+CVE-2023-45277 (Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The v ...)
+ TODO: check
+CVE-2023-43986 (DM Concept configurator before v4.9.4 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2023-43492 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi conta ...)
+ TODO: check
+CVE-2023-43252 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted i ...)
+ TODO: check
+CVE-2023-43251 (XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a c ...)
+ TODO: check
+CVE-2023-42666 (The affected product is vulnerable to an exposure of sensitive informa ...)
+ TODO: check
+CVE-2023-42435 (The affected product is vulnerable to a cross-site request forgery vul ...)
+ TODO: check
+CVE-2023-41089 (The affected product is vulnerable to an improper authentication vulne ...)
+ TODO: check
+CVE-2023-41088 (The affected product is vulnerable to a cleartext transmission of sens ...)
+ TODO: check
+CVE-2023-40153 (The affected product is vulnerable to a cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2023-40145 (In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can exe ...)
+ TODO: check
+CVE-2023-39431 (Sante DICOM Viewer Pro lacks proper validation of user-supplied data w ...)
+ TODO: check
+CVE-2023-38584 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi co ...)
+ TODO: check
+CVE-2023-38128 (An out-of-bounds write vulnerability exists in the "HyperLinkFrame" st ...)
+ TODO: check
+CVE-2023-38127 (An integer overflow exists in the "HyperLinkFrame" stream parser of Ic ...)
+ TODO: check
+CVE-2023-35986 (Sante DICOM Viewer Pro lacks proper validation of user-supplied data w ...)
+ TODO: check
+CVE-2023-35187 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
+ TODO: check
+CVE-2023-35186 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
+ TODO: check
+CVE-2023-35185 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...)
+ TODO: check
+CVE-2023-35184 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
+ TODO: check
+CVE-2023-35183 (The SolarWinds Access Rights Manager was susceptible to Privilege Esca ...)
+ TODO: check
+CVE-2023-35182 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
+ TODO: check
+CVE-2023-35181 (The SolarWinds Access Rights Manager was susceptible to Privilege Esca ...)
+ TODO: check
+CVE-2023-35180 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
+ TODO: check
+CVE-2023-35126 (An out-of-bounds write vulnerability exists within the parsers for bot ...)
+ TODO: check
+CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream parsing fun ...)
+ TODO: check
CVE-2023-45024
- request-tracker5 <unfixed>
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
@@ -22410,8 +22498,8 @@ CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.
NOTE: https://github.com/django/django/commit/fb4c55d9ec4bb812a7fb91fa20510d91645e411b (main)
NOTE: https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965 (3.2.19)
NOTE: https://www.openwall.com/lists/oss-security/2023/05/03/1
-CVE-2023-31046
- RESERVED
+CVE-2023-31046 (A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and ...)
+ TODO: check
CVE-2023-31045 (A stored Cross-site scripting (XSS) issue in Text Editors and Formats ...)
- backdrop <itp> (bug #914257)
CVE-2023-31044
@@ -23705,8 +23793,8 @@ CVE-2023-30635 (TiKV 6.1.2 allows remote attackers to cause a denial of service
NOT-FOR-US: TiKV
CVE-2023-30634
RESERVED
-CVE-2023-30633
- RESERVED
+CVE-2023-30633 (An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with k ...)
+ TODO: check
CVE-2023-30632
RESERVED
CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software Foundation ...)
@@ -33002,8 +33090,8 @@ CVE-2023-27793
RESERVED
CVE-2023-27792
RESERVED
-CVE-2023-27791
- RESERVED
+CVE-2023-27791 (An issue found in IXP Data Easy Install 6.6.148840 allows a remote att ...)
+ TODO: check
CVE-2023-27790
RESERVED
CVE-2023-27789 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...)
@@ -38579,8 +38667,8 @@ CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-D
NOTE: https://github.com/gpac/gpac/commit/99dfc2bc443bfb6b80c610c25f98747d358c209d (v2.2.1)
CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache Software Fou ...)
- airflow <itp> (bug #819700)
-CVE-2023-25753
- RESERVED
+CVE-2023-25753 (There exists an SSRF (Server-Side Request Forgery) vulnerability locat ...)
+ TODO: check
CVE-2023-25752 (When accessing throttled streams, the count of available bytes needed ...)
{DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1}
- firefox 111.0-1
@@ -51635,8 +51723,8 @@ CVE-2022-47585
RESERVED
CVE-2022-47584
RESERVED
-CVE-2022-47583
- RESERVED
+CVE-2022-47583 (Terminal character injection in Mintty before 3.6.3 allows code execut ...)
+ TODO: check
CVE-2022-47582
RESERVED
CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDA ...)
@@ -71871,8 +71959,8 @@ CVE-2022-42152
RESERVED
CVE-2022-42151
RESERVED
-CVE-2022-42150
- RESERVED
+CVE-2022-42150 (TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnera ...)
+ TODO: check
CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via ...)
NOT-FOR-US: kkFileView
CVE-2022-42148
@@ -83599,8 +83687,8 @@ CVE-2022-37832 (Mutiny 7.2.0-10788 suffers from Hardcoded root password.)
NOT-FOR-US: Mutiny
CVE-2022-37831
RESERVED
-CVE-2022-37830
- RESERVED
+CVE-2022-37830 (Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting ...)
+ TODO: check
CVE-2022-37829
RESERVED
CVE-2022-37828
@@ -112136,8 +112224,8 @@ CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can
NOT-FOR-US: SWHKD
CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.)
NOT-FOR-US: SWHKD
-CVE-2022-27813
- RESERVED
+CVE-2022-27813 (Motorola MTM5000 series firmwares lack properly configured memory prot ...)
+ TODO: check
CVE-2022-27812 (Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2 ...)
NOT-FOR-US: Flooding SNS firewall
CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via shell met ...)
@@ -114682,12 +114770,12 @@ CVE-2022-26945 (go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, end
CVE-2022-26944 (Percona XtraBackup 2.4.20 unintentionally writes the command line to a ...)
- percona-xtrabackup <removed>
NOTE: https://jira.percona.com/browse/PXB-2722
-CVE-2022-26943
- RESERVED
-CVE-2022-26942
- RESERVED
-CVE-2022-26941
- RESERVED
+CVE-2022-26943 (The Motorola MTM5000 series firmwares generate TETRA authentication ch ...)
+ TODO: check
+CVE-2022-26942 (The Motorola MTM5000 series firmwares lack pointer validation on argum ...)
+ TODO: check
+CVE-2022-26941 (A format string vulnerability exists in Motorola MTM5000 series firmwa ...)
+ TODO: check
CVE-2022-26940 (Remote Desktop Protocol Client Information Disclosure Vulnerability.)
NOT-FOR-US: Microsoft
CVE-2022-26939 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...)
@@ -119099,12 +119187,12 @@ CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3
NOT-FOR-US: Ibexa
CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...)
NOT-FOR-US: RigoBlock Dragos
-CVE-2022-25334
- RESERVED
-CVE-2022-25333
- RESERVED
-CVE-2022-25332
- RESERVED
+CVE-2022-25334 (The Texas Instruments OMAP L138 (secure variants) trusted execution en ...)
+ TODO: check
+CVE-2022-25333 (The Texas Instruments OMAP L138 (secure variants) trusted execution en ...)
+ TODO: check
+CVE-2022-25332 (The AES implementation in the Texas Instruments OMAP L138 (secure vari ...)
+ TODO: check
CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro ServerProtect ...)
NOT-FOR-US: Trend Micro
CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro ServerProtect 6. ...)
@@ -122193,16 +122281,16 @@ CVE-2022-24406 (OX App Suite through 7.10.6 allows SSRF because multipart/form-d
NOT-FOR-US: OX App Suite
CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a serializ ...)
NOT-FOR-US: OX App Suite
-CVE-2022-24404
- RESERVED
+CVE-2022-24404 (Lack of cryptographic integrity check on TETRA air-interface encrypted ...)
+ TODO: check
CVE-2022-24403
RESERVED
-CVE-2022-24402
- RESERVED
-CVE-2022-24401
- RESERVED
-CVE-2022-24400
- RESERVED
+CVE-2022-24402 (The TETRA TEA1 keystream generator implements a key register initializ ...)
+ TODO: check
+CVE-2022-24401 (Adversary-induced keystream re-use on TETRA air-interface encrypted tr ...)
+ TODO: check
+CVE-2022-24400 (A flaw in the TETRA authentication procecure allows a MITM adversary t ...)
+ TODO: check
CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs may allow ...)
NOT-FOR-US: Intel
CVE-2022-24379
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a2423780592c6caff83dbc6d06d08a7ee537005
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a2423780592c6caff83dbc6d06d08a7ee537005
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231019/429492a2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list