[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 1 21:12:34 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5263ddab by security tracker role at 2023-09-01T20:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,18 +1,116 @@
-CVE-2023-4647
+CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
+	TODO: check
+CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
+	TODO: check
+CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub repository ...)
+	TODO: check
+CVE-2023-4714 (A vulnerability was found in PlayTube 3.0.1 and classified as problema ...)
+	TODO: check
+CVE-2023-4713 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...)
+	TODO: check
+CVE-2023-4712 (A vulnerability, which was classified as critical, was found in Xintia ...)
+	TODO: check
+CVE-2023-4711 (A vulnerability, which was classified as critical, has been found in D ...)
+	TODO: check
+CVE-2023-4710 (A vulnerability classified as problematic was found in TOTVS RM 12.1.  ...)
+	TODO: check
+CVE-2023-4709 (A vulnerability classified as problematic has been found in TOTVS RM 1 ...)
+	TODO: check
+CVE-2023-4708 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been r ...)
+	TODO: check
+CVE-2023-4707 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been d ...)
+	TODO: check
+CVE-2023-4704 (External Control of System or Configuration Setting in GitHub reposito ...)
+	TODO: check
+CVE-2023-41633 (Catdoc v0.95 was discovered to contain a NULL pointer dereference via  ...)
+	TODO: check
+CVE-2023-41628 (An issue in O-RAN Software Community E2 G-Release allows attackers to  ...)
+	TODO: check
+CVE-2023-41627 (O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the  ...)
+	TODO: check
+CVE-2023-41364 (In tine through 2023.01.14.325, the sort parameter of the /index.php e ...)
+	TODO: check
+CVE-2023-41051 (In a typical Virtual Machine Monitor (VMM) there are several component ...)
+	TODO: check
+CVE-2023-41049 (@dcl/single-sign-on-client is an open source npm library which deals w ...)
+	TODO: check
+CVE-2023-41046 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-40980 (File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before  ...)
+	TODO: check
+CVE-2023-40970 (Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerabl ...)
+	TODO: check
+CVE-2023-40969 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable ...)
+	TODO: check
+CVE-2023-40968 (Buffer Overflow vulnerability in hzeller timg v.1.5.2 and before allow ...)
+	TODO: check
+CVE-2023-40771 (SQL injection vulnerability in DataEase v.1.18.9 allows a remote attac ...)
+	TODO: check
+CVE-2023-40239 (Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE at ...)
+	TODO: check
+CVE-2023-3210 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
+CVE-2023-39714 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
+	TODO: check
+CVE-2023-39710 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
+	TODO: check
+CVE-2023-39703 (A cross site scripting (XSS) vulnerability in the Markdown Editor comp ...)
+	TODO: check
+CVE-2023-39685 (An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial ...)
+	TODO: check
+CVE-2023-39631 (An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker t ...)
+	TODO: check
+CVE-2023-39582 (SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allow ...)
+	TODO: check
+CVE-2023-37997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh ...)
+	TODO: check
+CVE-2023-37994 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-37986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...)
+	TODO: check
+CVE-2023-37893 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Cho ...)
+	TODO: check
+CVE-2023-37830 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+	TODO: check
+CVE-2023-37829 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+	TODO: check
+CVE-2023-37828 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+	TODO: check
+CVE-2023-37827 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+	TODO: check
+CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+	TODO: check
+CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath before  ...)
+	TODO: check
+CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba424 ...)
+	TODO: check
+CVE-2023-36326 (Integer Overflow vulnerability in RELIC before commit 34580d840469361b ...)
+	TODO: check
+CVE-2023-36187 (Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4. ...)
+	TODO: check
+CVE-2023-36100 (An issue was discovered in IceCMS version 2.0.1, allows attackers to e ...)
+	TODO: check
+CVE-2023-36088 (Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio ...)
+	TODO: check
+CVE-2023-36076 (SQL Injection vulnerability in smanga version 3.1.9 and earlier, allow ...)
+	TODO: check
+CVE-2023-34011 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...)
+	TODO: check
+CVE-2023-4647 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
-CVE-2023-3205
+CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
-CVE-2023-4018
+CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2023-4638
 	- gitlab <unfixed>
 CVE-2023-4630
 	- gitlab <unfixed>
-CVE-2023-3950
+CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all versions fr ...)
 	- gitlab <not-affected> (Specific to EE)
-CVE-2023-4378
+CVE-2023-4378 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
-CVE-2023-3915
+CVE-2023-3915 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2023-40325
 	- moodle <removed>
@@ -553,7 +651,7 @@ CVE-2023-4585
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4585
 CVE-2023-4584
-	{DSA-5485-1}
+	{DSA-5485-1 DLA-3553-1}
 	- firefox-esr 115.2.0esr-1
 	- firefox 117.0-1
 	- thunderbird 1:115.2.0-1
@@ -583,7 +681,7 @@ CVE-2023-4582
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4582
 CVE-2023-4581
-	{DSA-5485-1}
+	{DSA-5485-1 DLA-3553-1}
 	- firefox-esr 115.2.0esr-1
 	- firefox 117.0-1
 	- thunderbird 1:115.2.0-1
@@ -643,7 +741,7 @@ CVE-2023-4576
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4576
 CVE-2023-4575
-	{DSA-5485-1}
+	{DSA-5485-1 DLA-3553-1}
 	- firefox-esr 115.2.0esr-1
 	- firefox 117.0-1
 	- thunderbird 1:115.2.0-1
@@ -652,7 +750,7 @@ CVE-2023-4575
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4575
 CVE-2023-4574
-	{DSA-5485-1}
+	{DSA-5485-1 DLA-3553-1}
 	- firefox-esr 115.2.0esr-1
 	- firefox 117.0-1
 	- thunderbird 1:115.2.0-1
@@ -661,7 +759,7 @@ CVE-2023-4574
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4574
 CVE-2023-4573
-	{DSA-5485-1}
+	{DSA-5485-1 DLA-3553-1}
 	- firefox-esr 115.2.0esr-1
 	- firefox 117.0-1
 	- thunderbird 1:115.2.0-1
@@ -22196,8 +22294,7 @@ CVE-2023-1557 (A vulnerability was found in SourceCodester E-Commerce System 1.0
 	NOT-FOR-US: SourceCodester E-Commerce System
 CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management System  ...)
 	NOT-FOR-US: SourceCodester Judging Management System
-CVE-2023-1555
-	RESERVED
+CVE-2023-1555 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: WordPress plugin
@@ -22548,8 +22645,7 @@ CVE-2023-27927 (An authenticated malicious user could acquire the simple mail tr
 	NOT-FOR-US: SAUTER
 CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...)
 	NOT-FOR-US: SAUTER
-CVE-2023-1523
-	RESERVED
+CVE-2023-1523 (Using the TIOCLINUX ioctl request, a malicious snap could inject conte ...)
 	- snapd 2.59.5-1
 	[bookworm] - snapd <no-dsa> (Minor issue)
 	[bullseye] - snapd <no-dsa> (Minor issue)
@@ -23485,8 +23581,8 @@ CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are
 	NOTE: https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb
 CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ( ...)
 	NOT-FOR-US: TP-Link
-CVE-2023-28366
-	RESERVED
+CVE-2023-28366 (The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a  ...)
+	TODO: check
 CVE-2023-28365 (A backup file vulnerability found in UniFi applications (Version 7.3.8 ...)
 	NOT-FOR-US: UniFi
 CVE-2023-28364 (An Open Redirect vulnerability exists prior to version 1.52.117, where ...)
@@ -24900,8 +24996,7 @@ CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control inde
 	NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3
 CVE-2023-1280
 	RESERVED
-CVE-2023-1279
-	RESERVED
+CVE-2023-1279 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2023-1278 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: IBOS
@@ -32367,8 +32462,8 @@ CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25489
 	RESERVED
-CVE-2023-25488
-	RESERVED
+CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc  ...)
+	TODO: check
 CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25486
@@ -32389,8 +32484,8 @@ CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25477
-	RESERVED
+CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotu ...)
+	TODO: check
 CVE-2023-25476
 	RESERVED
 CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac S ...)
@@ -33452,12 +33547,12 @@ CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25045
 	RESERVED
-CVE-2023-25044
-	RESERVED
+CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo ...)
+	TODO: check
 CVE-2023-25043
 	RESERVED
-CVE-2023-25042
-	RESERVED
+CVE-2023-25042 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam ...)
+	TODO: check
 CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...)
 	NOT-FOR-US: WordPress theme
 CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -34490,10 +34585,10 @@ CVE-2023-24677
 	RESERVED
 CVE-2023-24676
 	RESERVED
-CVE-2023-24675
-	RESERVED
-CVE-2023-24674
-	RESERVED
+CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attack ...)
+	TODO: check
+CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows local att ...)
+	TODO: check
 CVE-2023-24673
 	RESERVED
 CVE-2023-24672
@@ -35535,8 +35630,8 @@ CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Phot
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-24412
-	RESERVED
+CVE-2023-24412 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...)
+	TODO: check
 CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24410
@@ -37260,8 +37355,8 @@ CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub E
 	NOT-FOR-US: Github Enterprise Server
 CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
 	NOT-FOR-US: Github Enterprise Server
-CVE-2023-23763
-	RESERVED
+CVE-2023-23763 (An authorization/sensitive information disclosure vulnerability was id ...)
+	TODO: check
 CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
 	NOT-FOR-US: Github Enterprise Server
 CVE-2023-23761 (An improper authentication vulnerability was identified in GitHub Ente ...)
@@ -40274,8 +40369,7 @@ CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe
 	- linux <not-affected> (Vulnerable code not present in any released Debian version)
 CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affecting all ...)
 	- gitlab 15.10.8+ds1-2
-CVE-2023-0120
-	RESERVED
+CVE-2023-0120 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2023-0119
 	RESERVED
@@ -47983,8 +48077,7 @@ CVE-2022-46769 (An improper neutralization of input during web page generation (
 	NOT-FOR-US: Apache Sling
 CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked se ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4343
-	RESERVED
+CVE-2022-4343 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab 15.10.8+ds1-2
@@ -48710,8 +48803,8 @@ CVE-2022-46529
 	RESERVED
 CVE-2022-46528
 	RESERVED
-CVE-2022-46527
-	RESERVED
+CVE-2022-46527 (ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow ...)
+	TODO: check
 CVE-2022-46526
 	RESERVED
 CVE-2022-46525
@@ -56435,8 +56528,8 @@ CVE-2022-44351 (Skycaiji v2.5.1 was discovered to contain a deserialization vuln
 	NOT-FOR-US: Skycaiji
 CVE-2022-44350
 	RESERVED
-CVE-2022-44349
-	RESERVED
+CVE-2022-44349 (NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scri ...)
+	TODO: check
 CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
 	NOT-FOR-US: Sanitization Management System
 CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
@@ -63453,8 +63546,8 @@ CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause
 	NOT-FOR-US: OpenBMC
 CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3407
-	RESERVED
+CVE-2022-3407 (I some cases, when the device is USB-tethered to a host PC, and the de ...)
+	TODO: check
 CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by administ ...)
 	NOT-FOR-US: Generex CS141
 CVE-2022-42456
@@ -122504,8 +122597,8 @@ CVE-2021-46130
 	RESERVED
 CVE-2022-22306 (An improper certificate validation vulnerability [CWE-295] in FortiOS  ...)
 	NOT-FOR-US: Fortinet FortiOS
-CVE-2022-22305
-	RESERVED
+CVE-2022-22305 (An improper certificate validation vulnerability [CWE-295] inFortiMana ...)
+	TODO: check
 CVE-2022-22304 (An improper neutralization of input during web page generation vulnera ...)
 	NOT-FOR-US: Fortinet
 CVE-2022-22303 (An exposure of sensitive system information to an unauthorized control ...)
@@ -219856,8 +219949,8 @@ CVE-2020-22614
 	RESERVED
 CVE-2020-22613
 	RESERVED
-CVE-2020-22612
-	RESERVED
+CVE-2020-22612 (Installer RCE on settings file write in MyBB before 1.8.22.)
+	TODO: check
 CVE-2020-22611
 	RESERVED
 CVE-2020-22610



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5263ddab07bbeb35c5c9d597973ba87f63725ca8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5263ddab07bbeb35c5c9d597973ba87f63725ca8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230901/51fe14d4/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list