[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 12 09:12:28 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62f7974c by security tracker role at 2023-09-12T08:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2023-4899 (SQL Injection in GitHub repository mintplex-labs/anything-llm prior to ...)
+ TODO: check
+CVE-2023-4898 (Authentication Bypass by Primary Weakness in GitHub repository mintple ...)
+ TODO: check
+CVE-2023-4897 (Relative Path Traversal in GitHub repository mintplex-labs/anything-ll ...)
+ TODO: check
+CVE-2023-4893 (The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Se ...)
+ TODO: check
+CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for WordPress is ...)
+ TODO: check
+CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for WordPress ...)
+ TODO: check
+CVE-2023-4840 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-42472 (Due to insufficient file type validation, SAP BusinessObjectsBusiness ...)
+ TODO: check
+CVE-2023-41990 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-41879 (Magento LTS is the official OpenMage LTS codebase. Guest orders may be ...)
+ TODO: check
+CVE-2023-41369 (The Create Single Payment application of SAP S/4HANA- versions 100, 10 ...)
+ TODO: check
+CVE-2023-41368 (The OData service of the S4 HANA (Manage checkbook apps) - versions 10 ...)
+ TODO: check
+CVE-2023-41367 (Due to missing authentication check in webdynpro application, an unaut ...)
+ TODO: check
+CVE-2023-40625 (S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, ...)
+ TODO: check
+CVE-2023-40624 (SAP NetWeaver AS ABAP (applications based on Unified Rendering)- versi ...)
+ TODO: check
+CVE-2023-40623 (SAP BusinessObjects SuiteInstaller - version 420, 430, allows an attac ...)
+ TODO: check
+CVE-2023-40622 (SAP BusinessObjects Business Intelligence Platform (Promotion Manageme ...)
+ TODO: check
+CVE-2023-40621 (SAP PowerDesigner Client - version 16.7, allows an unauthenticated att ...)
+ TODO: check
+CVE-2023-40442 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-40440 (This issue was addressed with improved state management of S/MIME encr ...)
+ TODO: check
+CVE-2023-40309 (SAP CommonCryptoLib does not perform necessary authentication checks, ...)
+ TODO: check
+CVE-2023-40308 (SAP CommonCryptoLiballows an unauthenticated attacker to craft a reque ...)
+ TODO: check
+CVE-2023-3039 (SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access C ...)
+ TODO: check
+CVE-2023-39069 (An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 al ...)
+ TODO: check
+CVE-2023-38878 (A reflected cross-site scripting (XSS) vulnerability in DevCode OpenST ...)
+ TODO: check
+CVE-2023-37489 (Due to the lack of validation, SAP BusinessObjects Business Intelligen ...)
+ TODO: check
+CVE-2023-35687 (In MtpPropertyValue of MtpProperty.h, there is a possible memory corru ...)
+ TODO: check
+CVE-2023-35684 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds wr ...)
+ TODO: check
+CVE-2023-35683 (In bindSelection of DatabaseUtils.java, there is a possible way to acc ...)
+ TODO: check
+CVE-2023-35682 (In hasPermissionForActivity of PackageManagerHelper.java, there is a p ...)
+ TODO: check
+CVE-2023-35681 (In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible o ...)
+ TODO: check
+CVE-2023-35680 (In multiple locations, there is a possible way to import contacts belo ...)
+ TODO: check
+CVE-2023-35679 (In MtpPropertyValue of MtpProperty.h, there is a possible out of bound ...)
+ TODO: check
+CVE-2023-35677 (In onCreate of DeviceAdminAdd.java, there is a possible way to forcibl ...)
+ TODO: check
+CVE-2023-35676 (In createQuickShareAction of SaveImageInBackgroundTask.java, there is ...)
+ TODO: check
+CVE-2023-35675 (In loadMediaResumptionControls of MediaResumeListener.kt, there is a p ...)
+ TODO: check
+CVE-2023-35674 (In onCreate of WindowState.java, there is a possible way to launch a b ...)
+ TODO: check
+CVE-2023-35673 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...)
+ TODO: check
+CVE-2023-35671 (In onHostEmulationData of HostEmulationManager.java, there is a possib ...)
+ TODO: check
+CVE-2023-35670 (In computeValuesFromData of FileUtils.java, there is a possible way to ...)
+ TODO: check
+CVE-2023-35669 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, ther ...)
+ TODO: check
+CVE-2023-35667 (In updateList of NotificationAccessSettings.java, there is a possible ...)
+ TODO: check
+CVE-2023-35666 (In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free ...)
+ TODO: check
+CVE-2023-35665 (In multiple files, there is a possible way to import a contact from an ...)
+ TODO: check
+CVE-2023-35664 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...)
+ TODO: check
+CVE-2023-35658 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible priv ...)
+ TODO: check
CVE-2023-4881 (A stack based out-of-bounds write flaw was found in the netfilter subs ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/fd94d9dadee58e09b49075240fe83423eb1dcd36 (6.6-rc1)
@@ -4160,7 +4252,7 @@ CVE-2023-32559 (A privilege escalation vulnerability exists in the experimental
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559
NOTE: https://github.com/nodejs/node/commit/d4570fae358693b8f7fec05294b9bb92a966226d (v18.x)
NOTE: https://github.com/nodejs/node/commit/4aa0eff787c14f14a239cf2f44bf751a0151e3eb (main)
-CVE-2023-32558
+CVE-2023-32558 (The use of the deprecated API `process.binding()` can bypass the permi ...)
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558
CVE-2023-32006 (The use of `module.constructor.createRequire()` can bypass the policy ...)
@@ -4169,7 +4261,7 @@ CVE-2023-32006 (The use of `module.constructor.createRequire()` can bypass the p
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006
NOTE: https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a (v18.x)
NOTE: https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1 (main)
-CVE-2023-32005
+CVE-2023-32005 (A vulnerability has been identified in Node.js version 20, affecting u ...)
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsstatfs-can-retrive-stats-from-files-restricted-by-the-permission-model-lowcve-2023-32005
CVE-2023-32004 (A vulnerability has been discovered in Node.js version 20, specificall ...)
@@ -9856,7 +9948,7 @@ CVE-2023-34487 (itsourcecode Online Hotel Management System Project In PHP v1.0.
CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP v1.0.0 is v ...)
NOT-FOR-US: itsourcecode Online Hotel Management System Project
CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access to the Or ...)
- {DSA-5473-1}
+ {DSA-5473-1 DLA-3562-1}
- orthanc 1.12.1+dfsg-1 (bug #1040597)
NOTE: https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
NOTE: Requires the addition of a new RestApiWriteToFileSystemEnabled configuration and
@@ -17122,10 +17214,10 @@ CVE-2023-2139 (A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Ap
NOT-FOR-US: DELMIA Apriso
CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter up to 0 ...)
NOT-FOR-US: eslint-detailed-reporter
-CVE-2022-48475
- RESERVED
-CVE-2022-48474
- RESERVED
+CVE-2022-48475 (Buffer Overflow vulnerability in Control de Ciber version 1.650, in th ...)
+ TODO: check
+CVE-2022-48474 (Control de Ciber, in its 1.650 version, is affected by a Denial of Ser ...)
+ TODO: check
CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei Printer. ...)
NOT-FOR-US: Huawei
CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. Success ...)
@@ -31287,8 +31379,8 @@ CVE-2023-26144
RESERVED
CVE-2023-26143
RESERVED
-CVE-2023-26142
- RESERVED
+CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...)
+ TODO: check
CVE-2023-26141
RESERVED
CVE-2023-26140 (Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerab ...)
@@ -33539,8 +33631,8 @@ CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an
NOT-FOR-US: NVIDIA
CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...)
NOT-FOR-US: NVIDIA
-CVE-2023-25519
- RESERVED
+CVE-2023-25519 (NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit c ...)
+ TODO: check
CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...)
NOT-FOR-US: NVIDIA
CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
@@ -36758,8 +36850,8 @@ CVE-2023-0458 (A speculative pointer dereference problem exists in the Linux Ker
NOTE: https://git.kernel.org/linus/739790605705ddcf18f21782b9c99ad7d53a8c11 (6.2-rc5)
CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric C ...)
NOT-FOR-US: Mitsubishi
-CVE-2022-4896
- RESERVED
+CVE-2022-4896 (Cyber Control, in its 1.650 version, is affected by a vulnerabilityin ...)
+ TODO: check
CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24470 (Potential XML External Entity Injection in ArcSight Logger versions pr ...)
@@ -100855,8 +100947,7 @@ CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions st
- gitlab 15.10.8+ds1-2
CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...)
- gitlab 15.10.8+ds1-2
-CVE-2022-1415
- RESERVED
+CVE-2022-1415 (A flaw was found where some utility classes in Drools core did not use ...)
NOT-FOR-US: drools
CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation for user ...)
NOT-FOR-US: 3scale API Management
@@ -117180,8 +117271,8 @@ CVE-2022-24095 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and
NOT-FOR-US: Adobe
CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...)
NOT-FOR-US: Adobe
-CVE-2022-24093
- RESERVED
+CVE-2022-24093 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...)
+ TODO: check
CVE-2022-24092 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
NOT-FOR-US: Adobe
CVE-2022-24091 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f7974cde30ab9db653cb77aaf6f66fd583ffa2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62f7974cde30ab9db653cb77aaf6f66fd583ffa2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230912/d25a26a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list