[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 25 21:12:38 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e1f32d65 by security tracker role at 2023-10-25T20:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,278 @@
-CVE-2023-46660
+CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's Linux K ...)
+ TODO: check
+CVE-2023-5671 (HP Print and Scan Doctor for Windows may potentially be vulnerable to ...)
+ TODO: check
+CVE-2023-46564 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46563 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46562 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46560 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46559 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46558 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46557 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46556 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46555 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46554 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46553 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46552 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46551 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46550 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46549 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46548 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46547 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46546 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46545 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46544 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46543 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46542 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46541 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46540 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+ TODO: check
+CVE-2023-46539 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46538 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46537 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46536 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46535 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46534 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46527 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46526 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46525 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46523 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46522 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46521 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46520 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...)
+ TODO: check
+CVE-2023-46518 (Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command ex ...)
+ TODO: check
+CVE-2023-46424 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46423 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46422 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46421 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46420 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46419 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46418 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46417 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46416 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46415 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46414 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...)
+ TODO: check
+CVE-2023-46413 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...)
+ TODO: check
+CVE-2023-46412 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...)
+ TODO: check
+CVE-2023-46411 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...)
+ TODO: check
+CVE-2023-46410 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...)
+ TODO: check
+CVE-2023-46409 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...)
+ TODO: check
+CVE-2023-46408 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...)
+ TODO: check
+CVE-2023-46396 (Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex ...)
+ TODO: check
+CVE-2023-46102 (The Android Client application, when enrolled to the AppHub server, co ...)
+ TODO: check
+CVE-2023-45851 (The Android Client application, when enrolled to the AppHub server,con ...)
+ TODO: check
+CVE-2023-45844 (The vulnerability allows a low privileged user that have access to the ...)
+ TODO: check
+CVE-2023-45321 (The Android Client application, when enrolled with the define method ...)
+ TODO: check
+CVE-2023-45220 (The Android Client application, when enrolled with the define method 1 ...)
+ TODO: check
+CVE-2023-45136 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-45135 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-45134 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-43488 (The vulnerability allows a low privileged (untrusted) application to m ...)
+ TODO: check
+CVE-2023-42861 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
+CVE-2023-42857 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-42856 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-42854 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ TODO: check
+CVE-2023-42852 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-42850 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2023-42849 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-42847 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-42846 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ TODO: check
+CVE-2023-42845 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2023-42844 (This issue was addressed with improved handling of symlinks. This issu ...)
+ TODO: check
+CVE-2023-42842 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-42841 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-42494 (EisBaer Scada - CWE-749: Exposed Dangerous Method or Function)
+ TODO: check
+CVE-2023-42493 (EisBaer Scada - CWE-256: Plaintext Storage of a Password)
+ TODO: check
+CVE-2023-42492 (EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key)
+ TODO: check
+CVE-2023-42491 (EisBaer Scada - CWE-285: Improper Authorization)
+ TODO: check
+CVE-2023-42490 (EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unaut ...)
+ TODO: check
+CVE-2023-42489 (EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical ...)
+ TODO: check
+CVE-2023-42488 (EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restric ...)
+ TODO: check
+CVE-2023-42438 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
+CVE-2023-41997 (This issue was addressed by restricting options offered on a locked de ...)
+ TODO: check
+CVE-2023-41989 (The issue was addressed by restricting options offered on a locked dev ...)
+ TODO: check
+CVE-2023-41988 (This issue was addressed by restricting options offered on a locked de ...)
+ TODO: check
+CVE-2023-41983 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-41982 (This issue was addressed by restricting options offered on a locked de ...)
+ TODO: check
+CVE-2023-41977 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-41976 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-41975 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ TODO: check
+CVE-2023-41960 (The vulnerability allows an unprivileged(untrusted) third-party applic ...)
+ TODO: check
+CVE-2023-41372 (The vulnerability allows an unprivileged (untrusted) third- party appl ...)
+ TODO: check
+CVE-2023-41255 (The vulnerability allows an unprivileged user with access to the subne ...)
+ TODO: check
+CVE-2023-41254 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-41077 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-41072 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-40449 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40447 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40445 (The issue was addressed with improved UI handling. This issue is fixed ...)
+ TODO: check
+CVE-2023-40444 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2023-40425 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-40423 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40421 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2023-40416 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40413 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-40408 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
+CVE-2023-40405 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-40404 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-40401 (The issue was addressed with additional permissions checks. This issue ...)
+ TODO: check
+CVE-2023-3010 (Grafana is an open-source platform for monitoring and observability. ...)
+ TODO: check
+CVE-2023-37913 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-37912 (XWiki Rendering is a generic Rendering system that converts textual in ...)
+ TODO: check
+CVE-2023-37911 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-37910 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-37909 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-37908 (XWiki Rendering is a generic Rendering system that converts textual in ...)
+ TODO: check
+CVE-2023-34447 (iTop is an open source, web-based IT service management platform. Prio ...)
+ TODO: check
+CVE-2023-34446 (iTop is an open source, web-based IT service management platform. Prio ...)
+ TODO: check
+CVE-2023-32359 (This issue was addressed with improved redaction of sensitive informat ...)
+ TODO: check
+CVE-2023-46660 (Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time compari ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46659
+CVE-2023-46659 (Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46658
+CVE-2023-46658 (Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-co ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46657
+CVE-2023-46657 (Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time compar ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46656
+CVE-2023-46656 (Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46655
+CVE-2023-46655 (Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46654
+CVE-2023-46654 (Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46653
+CVE-2023-46653 (Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATE ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46652
+CVE-2023-46652 (A missing permission check in Jenkins lambdatest-automation Plugin 1.2 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46651
+CVE-2023-46651 (Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriat ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-46650
+CVE-2023-46650 (Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub pr ...)
NOT-FOR-US: Jenkins plugin
-CVE-2023-5043
+CVE-2023-5043 (Ingress nginx annotation injection causes arbitrary command execution.)
NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2023-5044
+CVE-2023-5044 (Code injection via nginx.ingress.kubernetes.io/permanent-redirect anno ...)
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2023-5758 (When opening a page in reader mode, the redirect URL could have caused ...)
- firefox <not-affected> (Only affects Firefox on iOS)
@@ -129,23 +379,25 @@ CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded
NOT-FOR-US: Dromara Sureness
CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any ...)
TODO: check
-CVE-2023-5574 [Use-after-free bug in DamageDestroy]
+CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue oc ...)
- xorg-server <unfixed>
[bookworm] - xorg-server <no-dsa> (Minor issue)
[bullseye] - xorg-server <no-dsa> (Minor issue)
NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189
-CVE-2023-5380 [Use-after-free bug in DestroyWindow]
+CVE-2023-5380 (A use-after-free flaw was found in the xorg-x11-server. An X server cr ...)
+ {DSA-5534-1 DLA-3631-1}
- xorg-server 2:21.1.9-1
NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7
-CVE-2023-5367 [X.Org server: OOB write in XIChangeDeviceProperty/RRChangeOutputProperty]
+CVE-2023-5367 (A out-of-bounds write flaw was found in the xorg-x11-server. This issu ...)
+ {DSA-5534-1 DLA-3631-1}
- xorg-server 2:21.1.9-1
- xwayland 2:23.2.2-1
[bookworm] - xwayland <no-dsa> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a
-CVE-2023-5472
+CVE-2023-5472 (Use after free in Profiles in Google Chrome prior to 118.0.5993.117 al ...)
- chromium 118.0.5993.117-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to asserts b ...)
@@ -275,6 +527,7 @@ CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to ca
CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to ...)
NOT-FOR-US: PingFederate
CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...)
+ {DSA-5535-1}
- firefox-esr 115.4.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
@@ -283,6 +536,7 @@ CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs sho
- firefox 119.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ...)
+ {DSA-5535-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird <unfixed>
@@ -293,6 +547,7 @@ CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneous
- firefox 119.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
CVE-2023-5728 (During garbage collection extra operations were performed on a object ...)
+ {DSA-5535-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird <unfixed>
@@ -314,6 +569,7 @@ CVE-2023-5726 (A website could have obscured the full screen notification by usi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726
CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, which un ...)
+ {DSA-5535-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird <unfixed>
@@ -321,6 +577,7 @@ CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, whi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5725
CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and in som ...)
+ {DSA-5535-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird <unfixed>
@@ -334,6 +591,7 @@ CVE-2023-5722 (Using iterative requests an attacker was able to learn the size o
- firefox 119.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be activate ...)
+ {DSA-5535-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird <unfixed>
@@ -3901,12 +4159,12 @@ CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version 1
NOT-FOR-US: Jorani
CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the componen ...)
NOT-FOR-US: UPV PEIX
-CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager]
+CVE-2023-4693 (An out-of-bounds read flaw was found on grub2's NTFS filesystem driver ...)
{DSA-5519-1 DLA-3605-1}
- grub2 2.12~rc1-11
NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/
-CVE-2023-4692 [Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass]
+CVE-2023-4692 (An out-of-bounds write flaw was found in grub2's NTFS filesystem drive ...)
{DSA-5519-1 DLA-3605-1}
- grub2 2.12~rc1-11
NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
@@ -23948,8 +24206,8 @@ CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab 15.10.8+ds1-2
CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.10.8+ds1-2
-CVE-2023-30912
- RESERVED
+CVE-2023-30912 (A remote code execution issue exists in HPE OneView.)
+ TODO: check
CVE-2023-30911 (HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest ...)
NOT-FOR-US: HPE
CVE-2023-30910 (HPE MSA Controller prior to versionIN210R004 could be remotely exploit ...)
@@ -32916,8 +33174,8 @@ CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default con
NOTE: Introduced by: https://github.com/KDAB/hotspot/commit/3b4682565f0e53f903f3ad0f3f2c0f236d382efb (v1.3.0)
NOTE: Opt-In to allow privilege escalation (and disable by default):
NOTE: https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c
-CVE-2023-1356
- RESERVED
+CVE-2023-1356 (Reflected cross-site scripting in the StudentSearch component in IDAtt ...)
+ TODO: check
CVE-2023-1355 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.140 ...)
- vim 2:9.0.1658-1 (unimportant)
NOTE: https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9
@@ -35302,12 +35560,12 @@ CVE-2021-4327 (A vulnerability was found in SerenityOS. It has been rated as cri
NOT-FOR-US: SerenityOS
CVE-2023-27381
RESERVED
-CVE-2023-27377
- RESERVED
-CVE-2023-27376
- RESERVED
-CVE-2023-27375
- RESERVED
+CVE-2023-27377 (Missing authentication in the StudentPopupDetails_EmergencyContactDeta ...)
+ TODO: check
+CVE-2023-27376 (Missing authentication in the StudentPopupDetails_StudentDetails ...)
+ TODO: check
+CVE-2023-27375 (Missing authentication in the StudentPopupDetails_ContactDetails ...)
+ TODO: check
CVE-2023-27374
RESERVED
CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
@@ -35747,24 +36005,24 @@ CVE-2023-XXXX [RUSTSEC-2023-0015]
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0015.html
NOTE: https://github.com/tomprogrammer/rust-ascii/commit/dc7e07397ce362487162cb86f92c0bec4645d867 (v0.9.3)
NOTE: https://github.com/tomprogrammer/rust-ascii/issues/64
-CVE-2023-27262
- RESERVED
-CVE-2023-27261
- RESERVED
-CVE-2023-27260
- RESERVED
-CVE-2023-27259
- RESERVED
-CVE-2023-27258
- RESERVED
-CVE-2023-27257
- RESERVED
-CVE-2023-27256
- RESERVED
-CVE-2023-27255
- RESERVED
-CVE-2023-27254
- RESERVED
+CVE-2023-27262 (Unauthenticated SQL injection in the GetAssignmentsDue method i ...)
+ TODO: check
+CVE-2023-27261 (Missing authentication in the DeleteAssignments method in IDAt ...)
+ TODO: check
+CVE-2023-27260 (Unauthenticated SQL injection in the GetAssignmentsDue method i ...)
+ TODO: check
+CVE-2023-27259 (Missing authentication in the GetAssignmentsDue method in IDAtten ...)
+ TODO: check
+CVE-2023-27258 (Missing authentication in the GetStudentGroupStudents method in ID ...)
+ TODO: check
+CVE-2023-27257 (Missing authentication in the GetActiveToiletPasses method in IDAtt ...)
+ TODO: check
+CVE-2023-27256 (Missing authentication in the GetLogFiles method in IDAttend\u2019s ...)
+ TODO: check
+CVE-2023-27255 (Unauthenticated SQL injection in the DeleteRoomChanges method in ...)
+ TODO: check
+CVE-2023-27254 (Unauthenticated SQL injection in the GetRoomChanges method in IDA ...)
+ TODO: check
CVE-2023-27253 (A command injection vulnerability in the function restore_rrddata() of ...)
NOT-FOR-US: pfSense
CVE-2023-27252
@@ -37179,40 +37437,40 @@ CVE-2023-26598
RESERVED
CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network devices ...)
NOT-FOR-US: Buffalo network devices
-CVE-2023-26584
- RESERVED
-CVE-2023-26583
- RESERVED
-CVE-2023-26582
- RESERVED
-CVE-2023-26581
- RESERVED
-CVE-2023-26580
- RESERVED
-CVE-2023-26579
- RESERVED
-CVE-2023-26578
- RESERVED
-CVE-2023-26577
- RESERVED
-CVE-2023-26576
- RESERVED
-CVE-2023-26575
- RESERVED
-CVE-2023-26574
- RESERVED
-CVE-2023-26573
- RESERVED
-CVE-2023-26572
- RESERVED
-CVE-2023-26571
- RESERVED
-CVE-2023-26570
- RESERVED
-CVE-2023-26569
- RESERVED
-CVE-2023-26568
- RESERVED
+CVE-2023-26584 (Unauthenticated SQL injection in the GetStudentInconsistencies met ...)
+ TODO: check
+CVE-2023-26583 (Unauthenticated SQL injection in the GetCurrentPeriod method in IDA ...)
+ TODO: check
+CVE-2023-26582 (Unauthenticated SQL injection in the GetExcursionDetails method in I ...)
+ TODO: check
+CVE-2023-26581 (Unauthenticated SQL injection in the GetVisitors method in IDAttend\u ...)
+ TODO: check
+CVE-2023-26580 (Unauthenticated arbitrary file read in the IDAttend\u2019s IDWeb appli ...)
+ TODO: check
+CVE-2023-26579 (Missing authentication in the DeleteStaff method in IDAttend\u2019s ID ...)
+ TODO: check
+CVE-2023-26578 (Arbitrary file upload to web root in the IDAttend\u2019s IDWeb applica ...)
+ TODO: check
+CVE-2023-26577 (Stored cross-site scripting in the IDAttend\u2019s IDWeb application 3 ...)
+ TODO: check
+CVE-2023-26576 (Missing authentication in the SearchStudentsRFID method in IDAttend\ ...)
+ TODO: check
+CVE-2023-26575 (Missing authentication in the SearchStudentsStaff method in IDAttend\ ...)
+ TODO: check
+CVE-2023-26574 (Missing authentication in the SearchStudents method in IDAttend\u2019s ...)
+ TODO: check
+CVE-2023-26573 (Missing authentication in the SetDB method in IDAttend\u2019s IDWeb ap ...)
+ TODO: check
+CVE-2023-26572 (Unauthenticated SQL injection in the GetExcursionList method in IDAtte ...)
+ TODO: check
+CVE-2023-26571 (Missing authentication in the SetStudentNotes method in IDAttend\u201 ...)
+ TODO: check
+CVE-2023-26570 (Missing authentication in the StudentPopupDetails_Timetable method in ...)
+ TODO: check
+CVE-2023-26569 (Unauthenticated SQL injection in the StudentPopupDetails_Timetable met ...)
+ TODO: check
+CVE-2023-26568 (Unauthenticated SQL injection in the GetStudentGroupStudents method in ...)
+ TODO: check
CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) plac ...)
NOT-FOR-US: Sangoma
CVE-2023-26566
@@ -47266,8 +47524,7 @@ CVE-2023-0224
RESERVED
CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-4886
- RESERVED
+CVE-2022-4886 (Ingress-nginx `path` sanitization can be bypassed with `log_format` di ...)
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...)
NOT-FOR-US: Huawei
@@ -80638,7 +80895,7 @@ CVE-2022-39180 (College Management System v1.0 - SQL Injection (SQLi). By insert
NOT-FOR-US: College Management System
CVE-2022-39179 (College Management System v1.0 - Authenticated remote code execution. ...)
NOT-FOR-US: College Management System
-CVE-2022-39178 (Webvendome - Webvendome Internal Server IP Disclosure. Send GET Reques ...)
+CVE-2022-39178 (Webvendome - webvendome Internal Server IP Disclosure. Send GET Reques ...)
NOT-FOR-US: Webvendome
CVE-2022-39177 (BlueZ before 5.59 allows physically proximate attackers to cause a den ...)
{DLA-3157-1}
@@ -87569,9 +87826,9 @@ CVE-2022-2548
RESERVED
CVE-2022-2547 (A crafted HTTP packet without a content-type header can create a denia ...)
NOT-FOR-US: Softing Industrial Automation
-CVE-2022-36787 (Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter ...)
+CVE-2022-36787 (webvendome - webvendome SQL Injection. SQL Injection in the Parameter ...)
NOT-FOR-US: Webvendome
-CVE-2022-36786 (DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you ...)
+CVE-2022-36786 (DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an inter ...)
NOT-FOR-US: DLINK
CVE-2022-36785 (D-Link \u2013 G integrated Access Device4 Information Disclosure & Aut ...)
NOT-FOR-US: DLINK
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1f32d656eca6bc70dabe119d6523c5e3c8307fa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1f32d656eca6bc70dabe119d6523c5e3c8307fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231025/5a6dd8fd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list