[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 15 21:18:29 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d393443b by security tracker role at 2023-09-15T20:18:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been rated ...)
+ TODO: check
+CVE-2023-4988 (A vulnerability, which was classified as problematic, was found in Bet ...)
+ TODO: check
+CVE-2023-4987 (A vulnerability, which was classified as critical, has been found in i ...)
+ TODO: check
+CVE-2023-4986 (A vulnerability classified as problematic was found in Supcon InPlant ...)
+ TODO: check
+CVE-2023-4985 (A vulnerability classified as critical has been found in Supcon InPlan ...)
+ TODO: check
+CVE-2023-4984 (A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has bee ...)
+ TODO: check
+CVE-2023-4983 (A vulnerability was found in app1pro Shopicial up to 20230830. It has ...)
+ TODO: check
+CVE-2023-4982 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...)
+ TODO: check
+CVE-2023-4981 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...)
+ TODO: check
+CVE-2023-4980 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...)
+ TODO: check
+CVE-2023-4979 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...)
+ TODO: check
+CVE-2023-4978 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...)
+ TODO: check
+CVE-2023-4977 (Code Injection in GitHub repository librenms/librenms prior to 23.9.0.)
+ TODO: check
+CVE-2023-4974 (A vulnerability was found in Academy LMS 6.2. It has been rated as cri ...)
+ TODO: check
+CVE-2023-4973 (A vulnerability was found in Academy LMS 6.2 on Windows. It has been d ...)
+ TODO: check
+CVE-2023-4963 (The WS Facebook Like Box Widget for WordPress plugin for WordPress is ...)
+ TODO: check
+CVE-2023-4959 (A flaw was found in Quay. Cross-site request forgery (CSRF) attacks fo ...)
+ TODO: check
+CVE-2023-4835 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4833 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4831 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4680 (HashiCorp Vault and Vault Enterprise transit secrets engine allowed au ...)
+ TODO: check
+CVE-2023-4673 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4670 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4665 (Incorrect Execution-Assigned Permissions vulnerability in Saphira Saph ...)
+ TODO: check
+CVE-2023-4664 (Incorrect Default Permissions vulnerability in Saphira Saphira Connect ...)
+ TODO: check
+CVE-2023-4663 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2023-4662 (Execution with Unnecessary Privileges vulnerability in Saphira Saphira ...)
+ TODO: check
+CVE-2023-4661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4231 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-42405 (SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attac ...)
+ TODO: check
+CVE-2023-42398 (An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary ...)
+ TODO: check
+CVE-2023-42362 (An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allow ...)
+ TODO: check
+CVE-2023-42270 (Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).)
+ TODO: check
+CVE-2023-41889 (SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHI ...)
+ TODO: check
+CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working with messy ...)
+ TODO: check
+CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working with messy ...)
+ TODO: check
+CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions fr ...)
+ TODO: check
+CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site ...)
+ TODO: check
+CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...)
+ TODO: check
+CVE-2023-41160 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...)
+ TODO: check
+CVE-2023-41159 (A Stored Cross-Site Scripting (XSS) vulnerability while editing the au ...)
+ TODO: check
+CVE-2023-41156 (A Stored Cross-Site Scripting (XSS) vulnerability in the filter and fo ...)
+ TODO: check
+CVE-2023-41043 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
+ TODO: check
+CVE-2023-41042 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
+ TODO: check
+CVE-2023-40986 (A stored cross-site scripting (XSS) vulnerability in the Usermin Confi ...)
+ TODO: check
+CVE-2023-40985 (An issue was discovered in Webmin 2.100. The File Manager functionalit ...)
+ TODO: check
+CVE-2023-40984 (A reflected cross-site scripting (XSS) vulnerability in the File Manag ...)
+ TODO: check
+CVE-2023-40983 (A reflected cross-site scripting (XSS) vulnerability in the File Manag ...)
+ TODO: check
+CVE-2023-40982 (A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 all ...)
+ TODO: check
+CVE-2023-40958 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...)
+ TODO: check
+CVE-2023-40957 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...)
+ TODO: check
+CVE-2023-40956 (A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 ...)
+ TODO: check
+CVE-2023-40955 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...)
+ TODO: check
+CVE-2023-40869 (Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1 ...)
+ TODO: check
+CVE-2023-40868 (Cross Site Request Forgery vulnerability in mooSocial MooSocial Softwa ...)
+ TODO: check
+CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
+ TODO: check
+CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to versions ...)
+ TODO: check
+CVE-2023-40019 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ TODO: check
+CVE-2023-40018 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ TODO: check
+CVE-2023-3891 (Race condition in Lapce v0.2.8 allows an attacker to elevate privilege ...)
+ TODO: check
+CVE-2023-3378
+ REJECTED
+CVE-2023-39643 (Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL inje ...)
+ TODO: check
+CVE-2023-39642 (Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL inje ...)
+ TODO: check
+CVE-2023-39641 (Active Design psaffiliate before v1.9.8 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2023-39639 (LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injectio ...)
+ TODO: check
+CVE-2023-39638 (D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain ...)
+ TODO: check
+CVE-2023-38912 (SQL injection vulnerability in Super Store Finder PHP Script v.3.6 all ...)
+ TODO: check
+CVE-2023-38891 (SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote auth ...)
+ TODO: check
+CVE-2023-38706 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
+ TODO: check
+CVE-2023-38507 (Strapi is the an open-source headless content management system. Prior ...)
+ TODO: check
+CVE-2023-37459 (Contiki-NG is an operating system for internet-of-things devices. In v ...)
+ TODO: check
+CVE-2023-37281 (Contiki-NG is an operating system for internet-of-things devices. In v ...)
+ TODO: check
+CVE-2023-37263 (Strapi is the an open-source headless content management system. Prior ...)
+ TODO: check
+CVE-2023-36659 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long ...)
+ TODO: check
+CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It ha ...)
+ TODO: check
+CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built ...)
+ TODO: check
+CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository for the ...)
+ TODO: check
+CVE-2023-36472 (Strapi is the an open-source headless content management system. Prior ...)
+ TODO: check
+CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow ...)
+ TODO: check
CVE-2023-4958
NOT-FOR-US: StackRox
CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital Yepas all ...)
@@ -88,7 +248,7 @@ CVE-2023-38204 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and ear
NOT-FOR-US: Adobe
CVE-2023-4910
NOT-FOR-US: 3scale-admin-portal
-CVE-2023-38039 [HTTP headers eat all memory]
+CVE-2023-38039 (When curl retrieves an HTTP response, it stores the incoming headers s ...)
- curl 8.3.0-1
[bookworm] - curl <no-dsa> (Minor issue, can be fixed in point release)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -511,7 +671,7 @@ CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on A
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 ...)
- {DSA-5497-1 DSA-5496-1}
+ {DSA-5498-1 DSA-5497-1 DSA-5496-1}
- chromium 117.0.5938.62-1 (unimportant)
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox 117.0.1-1
@@ -24593,8 +24753,8 @@ CVE-2023-28616
RESERVED
CVE-2023-28615
RESERVED
-CVE-2023-28614
- RESERVED
+CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injectio ...)
+ TODO: check
CVE-2023-28613 (An issue was discovered in Samsung Exynos Mobile Processor and Baseban ...)
NOT-FOR-US: Samsung
CVE-2023-28612
@@ -33939,28 +34099,24 @@ CVE-2023-0733 (The Newsletter Popup WordPress plugin through 1.2 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
NOT-FOR-US: SourceCodester
-CVE-2023-25588
- RESERVED
+CVE-2023-25588 (A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct i ...)
- binutils 2.39.50.20221208-1 (unimportant)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
NOTE: binutils not covered by security support
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29677
CVE-2023-25587
REJECTED
-CVE-2023-25586
- RESERVED
+CVE-2023-25586 (A flaw was found in Binutils. A logic fail in the bfd_init_section_dec ...)
- binutils 2.39.50.20221208-1 (unimportant)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502
NOTE: binutils not covered by security support
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29855
-CVE-2023-25585
- RESERVED
+CVE-2023-25585 (A flaw was found in Binutils. The use of an uninitialized field in the ...)
- binutils 2.39.50.20221224-1 (unimportant)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
NOTE: binutils not covered by security support
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29892
-CVE-2023-25584
- RESERVED
+CVE-2023-25584 (An out-of-bounds read flaw was found in the parse_module function in b ...)
- binutils 2.39.50.20221224-1 (unimportant)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44
NOTE: binutils not covered by security support
@@ -45543,8 +45699,8 @@ CVE-2022-47850
RESERVED
CVE-2022-47849
RESERVED
-CVE-2022-47848
- RESERVED
+CVE-2022-47848 (An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09. ...)
+ TODO: check
CVE-2022-47847
RESERVED
CVE-2022-47846
@@ -46045,8 +46201,8 @@ CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.
NOT-FOR-US: Kyverno
CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege escalation due t ...)
NOT-FOR-US: Razer
-CVE-2022-47631
- RESERVED
+CVE-2022-47631 (Razer Synapse through 3.7.1209.121307 allows privilege escalation due ...)
+ TODO: check
CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 ...)
- arm-trusted-firmware <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/16/8
@@ -64342,8 +64498,7 @@ CVE-2022-3468
RESERVED
CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA. Affected ...)
NOT-FOR-US: Jiusi OA
-CVE-2022-3466
- RESERVED
+CVE-2022-3466 (The version of cri-o as released for Red Hat OpenShift Container Platf ...)
- cri-o <itp> (bug #979702)
CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge Medial ...)
NOT-FOR-US: Mediabridge Medialink
@@ -75730,7 +75885,7 @@ CVE-2022-38638 (Casdoor v1.97.3 was discovered to contain an arbitrary file writ
CVE-2022-38637 (Hospital Management System v1.0 was discovered to contain multiple SQL ...)
NOT-FOR-US: Hospital Management System
CVE-2022-38636
- RESERVED
+ REJECTED
CVE-2022-38635
RESERVED
CVE-2022-38634
@@ -136004,8 +136159,8 @@ CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial
NOT-FOR-US: Cisco
CVE-2022-20918 (A vulnerability in the Simple Network Management Protocol (SNMP) acces ...)
NOT-FOR-US: Cisco
-CVE-2022-20917
- RESERVED
+CVE-2022-20917 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...)
+ TODO: check
CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...)
NOT-FOR-US: Cisco
CVE-2022-20915 (A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) wit ...)
@@ -165745,7 +165900,7 @@ CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffe
NOTE: https://github.com/drbye78/libgig/issues/1
CVE-2021-32293
RESERVED
-CVE-2021-32292 (An issue was discovered in json-c through 0.15-20200726. A stack-buffe ...)
+CVE-2021-32292 (An issue was discovered in json-c from 20200420 (post 0.14 unreleased ...)
{DSA-5486-1}
- json-c 0.16-1
[buster] - json-c <not-affected> (Vulnerable code was introduced later)
@@ -176015,7 +176170,7 @@ CVE-2021-28487
RESERVED
CVE-2021-28486
RESERVED
-CVE-2021-28485 (Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS 3.1 rele ...)
+CVE-2021-28485 (In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, ...)
NOT-FOR-US: Ericsson
CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler in Yubi ...)
NOT-FOR-US: yubihsm-connector
@@ -222735,6 +222890,7 @@ CVE-2020-22218 (An issue was discovered in function _libssh2_packet_add in libss
NOTE: https://github.com/libssh2/libssh2/pull/476
NOTE: https://github.com/libssh2/libssh2/commit/642eec48ff3adfdb7a9e562b6d7fc865d1733f45 (libssh2-1.10.0)
CVE-2020-22217 (Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via ...)
+ {DLA-3567-1}
- c-ares 1.17.1-1
NOTE: https://github.com/c-ares/c-ares/issues/333
NOTE: https://github.com/c-ares/c-ares/pull/332
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d393443bc0930c27cd634f1ee8ccb61aeeacf208
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d393443bc0930c27cd634f1ee8ccb61aeeacf208
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230915/90a7b834/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list