[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 28 09:11:55 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef9b2710 by security tracker role at 2023-10-28T08:11:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom location with  ...)
+	TODO: check
+CVE-2023-5830 (A vulnerability classified as critical has been found in ColumbiaSoft  ...)
+	TODO: check
+CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a loca ...)
+	TODO: check
+CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...)
+	TODO: check
+CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...)
+	TODO: check
+CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 ...)
+	TODO: check
+CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...)
+	TODO: check
+CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker  ...)
+	TODO: check
+CVE-2023-46468 (An issue in juzawebCMS v.3.4 and before allows a remote attacker to ex ...)
+	TODO: check
+CVE-2023-46467 (Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allo ...)
+	TODO: check
+CVE-2023-46215 (Insertion of Sensitive Information into Log File vulnerability in Apac ...)
+	TODO: check
+CVE-2023-46211 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-46209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme  ...)
+	TODO: check
+CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stylemix ...)
+	TODO: check
+CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...)
+	TODO: check
+CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...)
+	TODO: check
+CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5. ...)
+	TODO: check
+CVE-2023-40140 (In android_view_InputDevice_create of android_view_InputDevice.cpp, th ...)
+	TODO: check
+CVE-2023-40139 (In FillUi of FillUi.java, there is a possible way to view another user ...)
+	TODO: check
+CVE-2023-40138 (In FillUi of FillUi.java, there is a possible way to view another user ...)
+	TODO: check
+CVE-2023-40137 (In multiple functions of DialogFillUi.java, there is a possible way to ...)
+	TODO: check
+CVE-2023-40136 (In setHeader of DialogFillUi.java, there is a possible way to view ano ...)
+	TODO: check
+CVE-2023-40135 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...)
+	TODO: check
+CVE-2023-40134 (In isFullScreen of FillUi.java, there is a possible way to view anothe ...)
+	TODO: check
+CVE-2023-40133 (In multiple locations of DialogFillUi.java, there is a possible way to ...)
+	TODO: check
+CVE-2023-40131 (In GpuService of GpuService.cpp, there is a possible use after free du ...)
+	TODO: check
+CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a possible ...)
+	TODO: check
+CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...)
+	TODO: check
+CVE-2023-40128 (In several functions of xmlregexp.c, there is a possible out of bounds ...)
+	TODO: check
+CVE-2023-40127 (In multiple locations, there is a possible way to access screenshots d ...)
+	TODO: check
+CVE-2023-40125 (In onCreate of ApnEditor.java, there is a possible way for a Guest use ...)
+	TODO: check
+CVE-2023-40123 (In updateActionViews of PipMenuView.java, there is a possible bypass o ...)
+	TODO: check
+CVE-2023-40121 (In appendEscapedSQLString of DatabaseUtils.java, there is a possible S ...)
+	TODO: check
+CVE-2023-40120 (In multiple locations, there is a possible way to bypass user notifica ...)
+	TODO: check
+CVE-2023-40117 (In resetSettingsLocked of SettingsProvider.java, there is a possible l ...)
+	TODO: check
+CVE-2023-40116 (In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to ...)
+	TODO: check
+CVE-2023-35794 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039.  ...)
+	TODO: check
+CVE-2023-32738 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alka ...)
+	TODO: check
 CVE-2023-5829 (A vulnerability was found in code-projects Admission Management System ...)
 	NOT-FOR-US: code-projects Admission Management System
 CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial Develo ...)
@@ -867,7 +943,7 @@ CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to ca
 CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to  ...)
 	NOT-FOR-US: PingFederate
 CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...)
-	{DSA-5535-1 DLA-3632-1}
+	{DSA-5538-1 DSA-5535-1 DLA-3632-1}
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
@@ -876,7 +952,7 @@ CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs sho
 	- firefox 119.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
 CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ...)
-	{DSA-5535-1 DLA-3632-1}
+	{DSA-5538-1 DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -887,7 +963,7 @@ CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneous
 	- firefox 119.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
 CVE-2023-5728 (During garbage collection extra operations were performed on a object  ...)
-	{DSA-5535-1 DLA-3632-1}
+	{DSA-5538-1 DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -909,7 +985,7 @@ CVE-2023-5726 (A website could have obscured the full screen notification by usi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726
 CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, which un ...)
-	{DSA-5535-1 DLA-3632-1}
+	{DSA-5538-1 DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -917,7 +993,7 @@ CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, whi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5725
 CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and in som ...)
-	{DSA-5535-1 DLA-3632-1}
+	{DSA-5538-1 DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -931,7 +1007,7 @@ CVE-2023-5722 (Using iterative requests an attacker was able to learn the size o
 	- firefox 119.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
 CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be activate ...)
-	{DSA-5535-1 DLA-3632-1}
+	{DSA-5538-1 DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -93523,12 +93599,12 @@ CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error a
 	[buster] - u-boot <no-dsa> (Minor issue)
 	NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
 	NOTE: https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (v2022.07-rc6)
-CVE-2022-34834
-	RESERVED
-CVE-2022-34833
-	RESERVED
-CVE-2022-34832
-	RESERVED
+CVE-2022-34834 (An issue was discovered in VERMEG AgileReporter 21.3. Attackers can ga ...)
+	TODO: check
+CVE-2022-34833 (An issue was discovered in VERMEG AgileReporter 21.3. An admin can ent ...)
+	TODO: check
+CVE-2022-34832 (An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur vi ...)
+	TODO: check
 CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...)
 	NOT-FOR-US: Keyfactor
 CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race Condition t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef9b27109a075997ad84cc7f58f26e0ddc08cc8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef9b27109a075997ad84cc7f58f26e0ddc08cc8c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231028/46303676/attachment.htm>

More information about the debian-security-tracker-commits mailing list