[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 13 21:12:34 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8c0d558 by security tracker role at 2023-09-13T20:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2023-4039 [GCC's -fstack-protector fails to guard dynamic stack allocations on ARM64]
+CVE-2023-4828 (An improper check for an exceptional condition in the Insider Threat M ...)
+ TODO: check
+CVE-2023-4803 (A reflected cross-site scripting vulnerability in the WriteWindowTitle ...)
+ TODO: check
+CVE-2023-4802 (A reflected cross-site scripting vulnerability in the UpdateInstalledS ...)
+ TODO: check
+CVE-2023-4801 (An improper certification validation vulnerability in the Insider Thre ...)
+ TODO: check
+CVE-2023-4785 (Lack of error handling in the TCP server in Google's gRPC starting ver ...)
+ TODO: check
+CVE-2023-4701 (A Improper Privilege Management vulnerability through an incorrect use ...)
+ TODO: check
+CVE-2023-42469 (The com.full.dialer.top.secure.encrypted application through 1.0.1 for ...)
+ TODO: check
+CVE-2023-42468 (The com.cutestudio.colordialer application through 2.1.8-2 for Android ...)
+ TODO: check
+CVE-2023-41892 (Craft CMS is a platform for creating digital experiences. This is a hi ...)
+ TODO: check
+CVE-2023-41081 (The mod_jk component of Apache Tomcat Connectorsin some circumstances, ...)
+ TODO: check
+CVE-2023-40850 (netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There ...)
+ TODO: check
+CVE-2023-40717 (A use of hard-coded credentials vulnerability [CWE-798] inFortiTester2 ...)
+ TODO: check
+CVE-2023-40715 (A cleartext storage of sensitive information vulnerability [CWE-312] i ...)
+ TODO: check
+CVE-2023-3935 (A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network ...)
+ TODO: check
+CVE-2023-3588 (A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork C ...)
+ TODO: check
+CVE-2023-3280 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
+ TODO: check
+CVE-2023-39916 (NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1 contains ...)
+ TODO: check
+CVE-2023-39915 (NLnet Labs\u2019 Routinator up to and including version 0.12.1 may cra ...)
+ TODO: check
+CVE-2023-39914 (NLnet Labs\u2019 bcder library up to and including version 0.7.2 panic ...)
+ TODO: check
+CVE-2023-38215 (Adobe Experience Manager versions 6.5.17 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-38214 (Adobe Experience Manager versions 6.5.17 and earlier are affected by a ...)
+ TODO: check
+CVE-2023-36642 (An improper neutralization of special elements used in an OS command v ...)
+ TODO: check
+CVE-2023-36638 (An improper privilege management vulnerability [CWE-269] in FortiManag ...)
+ TODO: check
+CVE-2023-36634 (An incomplete filtering of one or more instances of special elements v ...)
+ TODO: check
+CVE-2023-36551 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
+ TODO: check
+CVE-2023-34984 (A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2. ...)
+ TODO: check
+CVE-2023-4039 (A failure in the -fstack-protector feature in GCC-based toolchains th ...)
- gcc-13 13.2.0-4
- gcc-12 12.3.0-9
- gcc-11 11.4.0-4
@@ -5242,7 +5294,7 @@ CVE-2023-4200 (A vulnerability has been found in SourceCodester Inventory Manage
NOT-FOR-US: SourceCodester Inventory Management System
CVE-2023-4199 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Inventory Management System
-CVE-2023-4155
+CVE-2023-4155 (A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in t ...)
{DSA-5492-1}
- linux 6.4.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -6012,7 +6064,7 @@ CVE-2023-3385 (An issue has been discovered in GitLab affecting all versions sta
- gitlab <unfixed>
CVE-2023-3364 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab <unfixed>
-CVE-2023-3301 [net: triggerable assertion due to race condition in hot-unplug]
+CVE-2023-3301 (A flaw was found in QEMU. The async nature of hot-unplug enables a rac ...)
- qemu 1:8.0.3+dfsg-1
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -9804,7 +9856,7 @@ CVE-2023-35786 (Zoho ManageEngine ADManager Plus before 7183 allows admin users
NOT-FOR-US: Zoho
CVE-2023-34150 (** UNSUPPORTED WHEN ASSIGNED **Use of TikaEncodingDetector in Apache A ...)
NOT-FOR-US: Apache Any23
-CVE-2023-3255 [VNC: infinite loop in inflate_buffer() leads to denial of service]
+CVE-2023-3255 (A flaw was found in the QEMU built-in VNC server while processing Clie ...)
- qemu 1:8.0.4+dfsg-1
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <not-affected> (Vulnerable code not present)
@@ -15201,7 +15253,7 @@ CVE-2023-31913 (Jerryscript 3.0 *commit 1a2c047) was discovered to contain an As
NOTE: https://github.com/jerryscript-project/jerryscript/issues/5061
CVE-2023-2682 (A vulnerability was found in Caton Live up to 2023-04-26 and classifie ...)
NOT-FOR-US: Caton Live
-CVE-2023-2680 [hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750)]
+CVE-2023-2680 (This CVE exists because of an incomplete fix for CVE-2021-3750. More s ...)
- qemu <not-affected> (Red Hat specific incomplete fix for CVE-2021-3750)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203387
CVE-2023-2678 (A vulnerability has been found in SourceCodester File Tracker Manager ...)
@@ -17162,7 +17214,7 @@ CVE-2023-30910
RESERVED
CVE-2023-30909
RESERVED
-CVE-2023-30908 (Potential security vulnerability have been identified in Hewlett Packa ...)
+CVE-2023-30908 (A remote authentication bypass issue exists in a OneView API.)
NOT-FOR-US: HPE
CVE-2023-30907
RESERVED
@@ -21916,10 +21968,10 @@ CVE-2023-29308 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and e
NOT-FOR-US: Adobe
CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
-CVE-2023-29306
- RESERVED
-CVE-2023-29305
- RESERVED
+CVE-2023-29306 (Adobe Connect versions 12.3 and earlier are affected by a reflected Cr ...)
+ TODO: check
+CVE-2023-29305 (Adobe Connect versions 12.3 and earlier are affected by a reflected Cr ...)
+ TODO: check
CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...)
NOT-FOR-US: Adobe
CVE-2023-29303 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...)
@@ -22321,8 +22373,8 @@ CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700
NOT-FOR-US: SAP
CVE-2023-29184
RESERVED
-CVE-2023-29183
- RESERVED
+CVE-2023-29183 (An improper neutralization of input during web page generation ('Cross ...)
+ TODO: check
CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in Fortinet Forti ...)
NOT-FOR-US: FortiGuard
CVE-2023-29181
@@ -26569,8 +26621,8 @@ CVE-2023-28000 (An improper neutralization of special elements used in an OS com
NOT-FOR-US: FortiGuard
CVE-2023-27999 (An improper neutralization of special elements used in an OS command v ...)
NOT-FOR-US: FortiGuard
-CVE-2023-27998
- RESERVED
+CVE-2023-27998 (A lack of custom error pages vulnerability [CWE-756] in FortiPresence ...)
+ TODO: check
CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS versio ...)
NOT-FOR-US: FortiGuard
CVE-2023-27996
@@ -31086,8 +31138,8 @@ CVE-2023-26371 (Adobe Dimension version 3.4.8 (and earlier) is affected by an ou
NOT-FOR-US: Adobe
CVE-2023-26370
RESERVED
-CVE-2023-26369
- RESERVED
+CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and ...)
+ TODO: check
CVE-2023-26368
RESERVED
CVE-2023-26367
@@ -33666,8 +33718,8 @@ CVE-2023-25610
RESERVED
CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...)
NOT-FOR-US: Fortinet
-CVE-2023-25608
- RESERVED
+CVE-2023-25608 (An incomplete filtering of one or more instances of special elements v ...)
+ TODO: check
CVE-2023-25607
RESERVED
CVE-2023-25606 (An improper limitation of a pathname to a restricted directory ('Path ...)
@@ -60365,14 +60417,14 @@ CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Ci
NOT-FOR-US: Cisco
CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...)
NOT-FOR-US: Cisco
-CVE-2023-20236
- RESERVED
+CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR software cou ...)
+ TODO: check
CVE-2023-20235
RESERVED
CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
NOT-FOR-US: Cisco FXOS Software
-CVE-2023-20233
- RESERVED
+CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) feature of ...)
+ TODO: check
CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...)
NOT-FOR-US: Cisco
CVE-2023-20231
@@ -60463,10 +60515,10 @@ CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco IS
NOT-FOR-US: Cisco
CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...)
NOT-FOR-US: Cisco
-CVE-2023-20191
- RESERVED
-CVE-2023-20190
- RESERVED
+CVE-2023-20191 (A vulnerability in the access control list (ACL) processing on MPLS in ...)
+ TODO: check
+CVE-2023-20190 (A vulnerability in the classic access control list (ACL) compression f ...)
+ TODO: check
CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of certain Ci ...)
NOT-FOR-US: Cisco
CVE-2023-20188 (A vulnerability in the web-based management interface of Cisco Small B ...)
@@ -60575,8 +60627,8 @@ CVE-2023-20137 (Multiple vulnerabilities in the web-based management interface o
NOT-FOR-US: Cisco
CVE-2023-20136 (A vulnerability in the OpenAPI of Cisco Secure Workload could allow an ...)
NOT-FOR-US: Cisco
-CVE-2023-20135
- RESERVED
+CVE-2023-20135 (A vulnerability in Cisco IOS XR Software image verification checks cou ...)
+ TODO: check
CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings could all ...)
@@ -63838,7 +63890,7 @@ CVE-2022-42931 (Logins saved by Firefox should be managed by the Password Manage
CVE-2022-42930 (If two Workers were simultaneously initializing their CacheStorage, a ...)
- firefox 106.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42930
-CVE-2022-42929 (If a website called <code>window.print()</code> in a particular way, i ...)
+CVE-2022-42929 (If a website called `window.print()` in a particular way, it could cau ...)
{DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1}
- firefox 106.0-1
- firefox-esr 102.4.0esr-1
@@ -83183,8 +83235,8 @@ CVE-2022-35851 (An improper neutralization of input during web page generation v
NOT-FOR-US: FortiGuard
CVE-2022-35850 (An improper neutralization of script-related HTML tags in a web page v ...)
NOT-FOR-US: Fortinet
-CVE-2022-35849
- RESERVED
+CVE-2022-35849 (An improper neutralization of special elements used in an OS command v ...)
+ TODO: check
CVE-2022-35848
RESERVED
CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...)
@@ -119847,6 +119899,7 @@ CVE-2022-23521 (Git is distributed revision control system. gitattributes are a
NOTE: https://github.com/git/git/commit/3c50032ff5289cc45659f21949c8d09e52164579
NOTE: https://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf
CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ {DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
NOTE: https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md
@@ -119856,6 +119909,7 @@ CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragment
NOTE: https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0)
NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1.
CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ {DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h
NOTE: https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md
@@ -119865,26 +119919,31 @@ CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragment
NOTE: https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0)
NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1.
CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ {DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/issues/135
NOTE: https://github.com/rails/rails-html-sanitizer/commit/d1223a29cb3e4151cdcb6ba6c8431708d8ce40a6 (v1.4.4)
NOTE: https://github.com/rails/rails-html-sanitizer/commit/bb6dfcbaaf9c5c8c4f77555557693c08d4d4ab48 (v1.5.0)
NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...)
+ {DLA-3566-1}
- ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153)
NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
NOTE: https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979
CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...)
+ {DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
[bullseye] - ruby-loofah <no-dsa> (Minor issue)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm
NOTE: https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040
CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...)
+ {DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
[bullseye] - ruby-loofah <no-dsa> (Minor issue)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
NOTE: https://github.com/flavorjones/loofah/commit/415677f3cf7f9254f42f811e784985cd63c7407f
CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...)
+ {DLA-3565-1}
- ruby-loofah 2.19.1-1 (bug #1026083)
[bullseye] - ruby-loofah <no-dsa> (Minor issue)
NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh
@@ -131436,8 +131495,8 @@ CVE-2021-44174
RESERVED
CVE-2021-44173
RESERVED
-CVE-2021-44172
- RESERVED
+CVE-2021-44172 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ TODO: check
CVE-2021-44171 (A improper neutralization of special elements used in an os command (' ...)
NOT-FOR-US: FortiGuard
CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8c0d5582e96c976ff6d85f50fac0b828ea9c34a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8c0d5582e96c976ff6d85f50fac0b828ea9c34a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230913/04cdb6f9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list