[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 1 21:12:34 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5263ddab by security tracker role at 2023-09-01T20:12:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,18 +1,116 @@
-CVE-2023-4647
+CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...)
+ TODO: check
+CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
+ TODO: check
+CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub repository ...)
+ TODO: check
+CVE-2023-4714 (A vulnerability was found in PlayTube 3.0.1 and classified as problema ...)
+ TODO: check
+CVE-2023-4713 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...)
+ TODO: check
+CVE-2023-4712 (A vulnerability, which was classified as critical, was found in Xintia ...)
+ TODO: check
+CVE-2023-4711 (A vulnerability, which was classified as critical, has been found in D ...)
+ TODO: check
+CVE-2023-4710 (A vulnerability classified as problematic was found in TOTVS RM 12.1. ...)
+ TODO: check
+CVE-2023-4709 (A vulnerability classified as problematic has been found in TOTVS RM 1 ...)
+ TODO: check
+CVE-2023-4708 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been r ...)
+ TODO: check
+CVE-2023-4707 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been d ...)
+ TODO: check
+CVE-2023-4704 (External Control of System or Configuration Setting in GitHub reposito ...)
+ TODO: check
+CVE-2023-41633 (Catdoc v0.95 was discovered to contain a NULL pointer dereference via ...)
+ TODO: check
+CVE-2023-41628 (An issue in O-RAN Software Community E2 G-Release allows attackers to ...)
+ TODO: check
+CVE-2023-41627 (O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the ...)
+ TODO: check
+CVE-2023-41364 (In tine through 2023.01.14.325, the sort parameter of the /index.php e ...)
+ TODO: check
+CVE-2023-41051 (In a typical Virtual Machine Monitor (VMM) there are several component ...)
+ TODO: check
+CVE-2023-41049 (@dcl/single-sign-on-client is an open source npm library which deals w ...)
+ TODO: check
+CVE-2023-41046 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-40980 (File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before ...)
+ TODO: check
+CVE-2023-40970 (Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerabl ...)
+ TODO: check
+CVE-2023-40969 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable ...)
+ TODO: check
+CVE-2023-40968 (Buffer Overflow vulnerability in hzeller timg v.1.5.2 and before allow ...)
+ TODO: check
+CVE-2023-40771 (SQL injection vulnerability in DataEase v.1.18.9 allows a remote attac ...)
+ TODO: check
+CVE-2023-40239 (Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE at ...)
+ TODO: check
+CVE-2023-3210 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2023-39714 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
+ TODO: check
+CVE-2023-39710 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
+ TODO: check
+CVE-2023-39703 (A cross site scripting (XSS) vulnerability in the Markdown Editor comp ...)
+ TODO: check
+CVE-2023-39685 (An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial ...)
+ TODO: check
+CVE-2023-39631 (An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker t ...)
+ TODO: check
+CVE-2023-39582 (SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allow ...)
+ TODO: check
+CVE-2023-37997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh ...)
+ TODO: check
+CVE-2023-37994 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-37986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...)
+ TODO: check
+CVE-2023-37893 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Cho ...)
+ TODO: check
+CVE-2023-37830 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+ TODO: check
+CVE-2023-37829 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+ TODO: check
+CVE-2023-37828 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+ TODO: check
+CVE-2023-37827 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+ TODO: check
+CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...)
+ TODO: check
+CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath before ...)
+ TODO: check
+CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba424 ...)
+ TODO: check
+CVE-2023-36326 (Integer Overflow vulnerability in RELIC before commit 34580d840469361b ...)
+ TODO: check
+CVE-2023-36187 (Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4. ...)
+ TODO: check
+CVE-2023-36100 (An issue was discovered in IceCMS version 2.0.1, allows attackers to e ...)
+ TODO: check
+CVE-2023-36088 (Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio ...)
+ TODO: check
+CVE-2023-36076 (SQL Injection vulnerability in smanga version 3.1.9 and earlier, allow ...)
+ TODO: check
+CVE-2023-34011 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...)
+ TODO: check
+CVE-2023-4647 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2023-3205
+CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
-CVE-2023-4018
+CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2023-4638
- gitlab <unfixed>
CVE-2023-4630
- gitlab <unfixed>
-CVE-2023-3950
+CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all versions fr ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2023-4378
+CVE-2023-4378 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2023-3915
+CVE-2023-3915 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-40325
- moodle <removed>
@@ -553,7 +651,7 @@ CVE-2023-4585
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4585
CVE-2023-4584
- {DSA-5485-1}
+ {DSA-5485-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -583,7 +681,7 @@ CVE-2023-4582
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4582
CVE-2023-4581
- {DSA-5485-1}
+ {DSA-5485-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -643,7 +741,7 @@ CVE-2023-4576
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4576
CVE-2023-4575
- {DSA-5485-1}
+ {DSA-5485-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -652,7 +750,7 @@ CVE-2023-4575
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4575
CVE-2023-4574
- {DSA-5485-1}
+ {DSA-5485-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -661,7 +759,7 @@ CVE-2023-4574
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4574
CVE-2023-4573
- {DSA-5485-1}
+ {DSA-5485-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
- thunderbird 1:115.2.0-1
@@ -22196,8 +22294,7 @@ CVE-2023-1557 (A vulnerability was found in SourceCodester E-Commerce System 1.0
NOT-FOR-US: SourceCodester E-Commerce System
CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management System ...)
NOT-FOR-US: SourceCodester Judging Management System
-CVE-2023-1555
- RESERVED
+CVE-2023-1555 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WordPress plugin
@@ -22548,8 +22645,7 @@ CVE-2023-27927 (An authenticated malicious user could acquire the simple mail tr
NOT-FOR-US: SAUTER
CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...)
NOT-FOR-US: SAUTER
-CVE-2023-1523
- RESERVED
+CVE-2023-1523 (Using the TIOCLINUX ioctl request, a malicious snap could inject conte ...)
- snapd 2.59.5-1
[bookworm] - snapd <no-dsa> (Minor issue)
[bullseye] - snapd <no-dsa> (Minor issue)
@@ -23485,8 +23581,8 @@ CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are
NOTE: https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb
CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ( ...)
NOT-FOR-US: TP-Link
-CVE-2023-28366
- RESERVED
+CVE-2023-28366 (The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a ...)
+ TODO: check
CVE-2023-28365 (A backup file vulnerability found in UniFi applications (Version 7.3.8 ...)
NOT-FOR-US: UniFi
CVE-2023-28364 (An Open Redirect vulnerability exists prior to version 1.52.117, where ...)
@@ -24900,8 +24996,7 @@ CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control inde
NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3
CVE-2023-1280
RESERVED
-CVE-2023-1279
- RESERVED
+CVE-2023-1279 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2023-1278 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: IBOS
@@ -32367,8 +32462,8 @@ CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25489
RESERVED
-CVE-2023-25488
- RESERVED
+CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc ...)
+ TODO: check
CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25486
@@ -32389,8 +32484,8 @@ CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25477
- RESERVED
+CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotu ...)
+ TODO: check
CVE-2023-25476
RESERVED
CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac S ...)
@@ -33452,12 +33547,12 @@ CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25045
RESERVED
-CVE-2023-25044
- RESERVED
+CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo ...)
+ TODO: check
CVE-2023-25043
RESERVED
-CVE-2023-25042
- RESERVED
+CVE-2023-25042 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam ...)
+ TODO: check
CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...)
NOT-FOR-US: WordPress theme
CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -34490,10 +34585,10 @@ CVE-2023-24677
RESERVED
CVE-2023-24676
RESERVED
-CVE-2023-24675
- RESERVED
-CVE-2023-24674
- RESERVED
+CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attack ...)
+ TODO: check
+CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows local att ...)
+ TODO: check
CVE-2023-24673
RESERVED
CVE-2023-24672
@@ -35535,8 +35630,8 @@ CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Phot
NOT-FOR-US: WordPress plugin
CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24412
- RESERVED
+CVE-2023-24412 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...)
+ TODO: check
CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24410
@@ -37260,8 +37355,8 @@ CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub E
NOT-FOR-US: Github Enterprise Server
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: Github Enterprise Server
-CVE-2023-23763
- RESERVED
+CVE-2023-23763 (An authorization/sensitive information disclosure vulnerability was id ...)
+ TODO: check
CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23761 (An improper authentication vulnerability was identified in GitHub Ente ...)
@@ -40274,8 +40369,7 @@ CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe
- linux <not-affected> (Vulnerable code not present in any released Debian version)
CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affecting all ...)
- gitlab 15.10.8+ds1-2
-CVE-2023-0120
- RESERVED
+CVE-2023-0120 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2023-0119
RESERVED
@@ -47983,8 +48077,7 @@ CVE-2022-46769 (An improper neutralization of input during web page generation (
NOT-FOR-US: Apache Sling
CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked se ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-4343
- RESERVED
+CVE-2022-4343 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.10.8+ds1-2
@@ -48710,8 +48803,8 @@ CVE-2022-46529
RESERVED
CVE-2022-46528
RESERVED
-CVE-2022-46527
- RESERVED
+CVE-2022-46527 (ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow ...)
+ TODO: check
CVE-2022-46526
RESERVED
CVE-2022-46525
@@ -56435,8 +56528,8 @@ CVE-2022-44351 (Skycaiji v2.5.1 was discovered to contain a deserialization vuln
NOT-FOR-US: Skycaiji
CVE-2022-44350
RESERVED
-CVE-2022-44349
- RESERVED
+CVE-2022-44349 (NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scri ...)
+ TODO: check
CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
NOT-FOR-US: Sanitization Management System
CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...)
@@ -63453,8 +63546,8 @@ CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause
NOT-FOR-US: OpenBMC
CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3407
- RESERVED
+CVE-2022-3407 (I some cases, when the device is USB-tethered to a host PC, and the de ...)
+ TODO: check
CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by administ ...)
NOT-FOR-US: Generex CS141
CVE-2022-42456
@@ -122504,8 +122597,8 @@ CVE-2021-46130
RESERVED
CVE-2022-22306 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2022-22305
- RESERVED
+CVE-2022-22305 (An improper certificate validation vulnerability [CWE-295] inFortiMana ...)
+ TODO: check
CVE-2022-22304 (An improper neutralization of input during web page generation vulnera ...)
NOT-FOR-US: Fortinet
CVE-2022-22303 (An exposure of sensitive system information to an unauthorized control ...)
@@ -219856,8 +219949,8 @@ CVE-2020-22614
RESERVED
CVE-2020-22613
RESERVED
-CVE-2020-22612
- RESERVED
+CVE-2020-22612 (Installer RCE on settings file write in MyBB before 1.8.22.)
+ TODO: check
CVE-2020-22611
RESERVED
CVE-2020-22610
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5263ddab07bbeb35c5c9d597973ba87f63725ca8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5263ddab07bbeb35c5c9d597973ba87f63725ca8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230901/51fe14d4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list