[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 23 09:11:46 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89cf2160 by security tracker role at 2023-10-23T08:11:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and  ...)
+	TODO: check
+CVE-2023-5701 (A vulnerability has been found in vnotex vnote up to 3.17.0 and classi ...)
+	TODO: check
+CVE-2023-5700 (A vulnerability, which was classified as critical, was found in Netent ...)
+	TODO: check
+CVE-2023-5699 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-5698 (A vulnerability classified as problematic was found in CodeAstro Inter ...)
+	TODO: check
+CVE-2023-5697 (A vulnerability classified as problematic has been found in CodeAstro  ...)
+	TODO: check
+CVE-2023-5696 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...)
+	TODO: check
+CVE-2023-5695 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...)
+	TODO: check
+CVE-2023-5694 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...)
+	TODO: check
+CVE-2023-5693 (A vulnerability was found in CodeAstro Internet Banking System 1.0 and ...)
+	TODO: check
+CVE-2023-46324 (pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is u ...)
+	TODO: check
+CVE-2023-46322 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize  ...)
+	TODO: check
+CVE-2023-46321 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize  ...)
+	TODO: check
+CVE-2023-46319 (WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthen ...)
+	TODO: check
+CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections upon receiv ...)
+	TODO: check
+CVE-2023-46315 (The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsi ...)
+	TODO: check
+CVE-2023-46095 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth  ...)
+	TODO: check
+CVE-2023-46089 (Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback U ...)
+	TODO: check
+CVE-2023-46085 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate R ...)
+	TODO: check
+CVE-2023-43624 (CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4 ...)
+	TODO: check
 CVE-2023-46306 (The web administration interface in NetModule Router Software (NRSW) 4 ...)
 	NOT-FOR-US: NetModule Router Software
 CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py in calib ...)
@@ -439,12 +479,12 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is
 	NOT-FOR-US: WordPress plugin
 CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-45802
+CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...)
 	- apache2 2.4.58-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
 	NOTE: https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802
-CVE-2023-43622
+CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial window size o ...)
 	- apache2 2.4.58-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622
@@ -619,6 +659,7 @@ CVE-2023-5632 (In Eclipse Mosquito before and including 2.0.5, establishing a co
 	NOTE: https://github.com/eclipse/mosquitto/pull/2053
 	NOTE: https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d (v2.0.6)
 CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...)
+	{DSA-5531-1}
 	- roundcube 1.6.4+dfsg-1 (bug #1054079)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d (1.6.4)
 CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System Config ...)
@@ -9173,7 +9214,7 @@ CVE-2023-40477
 	[bullseye] - unrar-nonfree 1:6.0.3-1+deb11u3
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
 	NOTE: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa
-CVE-2023-38831 (RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code  ...)
+CVE-2023-38831 (RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code w ...)
 	NOTE: RARLabs WinRAR
 CVE-2023-38422 (Walchem Intuition 9 firmware versions prior to v4.21 are missing authe ...)
 	NOT-FOR-US: Walchem Intuition 9 firmware
@@ -11524,6 +11565,7 @@ CVE-2023-36499 (Netgear XR300 v1.0.3.78 was discovered to contain multiple buffe
 CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a r ...)
 	NOT-FOR-US: Textpattern CMS
 CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...)
+	{DLA-3626-1}
 	- krb5 1.20.1-3 (bug #1043431)
 	[bookworm] - krb5 1.20.1-2+deb12u1
 	[bullseye] - krb5 1.18.3-6+deb11u4
@@ -22762,8 +22804,7 @@ CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template En
 	NOT-FOR-US: Alf.io
 CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
 	NOT-FOR-US: Alf.io
-CVE-2023-31122
-	RESERVED
+CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...)
 	- apache2 2.4.58-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89cf2160f2c2f3cdb0b430569e6d84a2b3212ebf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89cf2160f2c2f3cdb0b430569e6d84a2b3212ebf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231023/b3d9d0d2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list