[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 19 21:13:08 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
91cd3b61 by security tracker role at 2023-09-19T20:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,65 @@
+CVE-2023-4376 (The Serial Codes Generator and Validator with WooCommerce Support Word ...)
+ TODO: check
+CVE-2023-4096 (Weak password recovery mechanism vulnerability in Fujitsu Arconte \xc1 ...)
+ TODO: check
+CVE-2023-4095 (User enumeration vulnerability in Arconte \xc1urea 1.5.0.0 version. Th ...)
+ TODO: check
+CVE-2023-4094 (ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could a ...)
+ TODO: check
+CVE-2023-4093 (Reflected and persistent XSS vulnerability in Arconte \xc1urea, in its ...)
+ TODO: check
+CVE-2023-4092 (SQL injection vulnerability in Arconte \xc1urea, in its 1.5.0.0 versio ...)
+ TODO: check
+CVE-2023-43566 (In JetBrains TeamCity before 2023.05.4 stored XSS was possible during ...)
+ TODO: check
+CVE-2023-42793 (In JetBrains TeamCity before 2023.05.4 authentication bypass leading t ...)
+ TODO: check
+CVE-2023-42452 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2023-42451 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2023-42450 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2023-42447 (blurhash-rs is a pure Rust implementation of Blurhash, software for en ...)
+ TODO: check
+CVE-2023-42444 (phonenumber is a library for parsing, formatting and validating intern ...)
+ TODO: check
+CVE-2023-41890 (Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, all ...)
+ TODO: check
+CVE-2023-41834 (Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Fl ...)
+ TODO: check
+CVE-2023-41387 (A SQL injection in the flutter_downloader component through 1.11.1 for ...)
+ TODO: check
+CVE-2023-41179 (A vulnerability in the 3rd party AV uninstaller module contained in Tr ...)
+ TODO: check
+CVE-2023-3892 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2023-38356 (MiniTool Power Data Recovery 11.6 contains an insecure installation pr ...)
+ TODO: check
+CVE-2023-38355 (MiniTool Movie Maker 6.1.0 contains an insecure installation process t ...)
+ TODO: check
+CVE-2023-38354 (MiniTool Movie Maker 4.1 contains an insecure installation process tha ...)
+ TODO: check
+CVE-2023-38353 (MiniTool Power Data Recovery 11.5 contains an insecure in-app payment ...)
+ TODO: check
+CVE-2023-38352 (MiniTool Partition Wizard 12.8 contains an insecure update mechanism t ...)
+ TODO: check
+CVE-2023-38351 (MiniTool Partition Wizard 12.8 contains an insecure installation mecha ...)
+ TODO: check
+CVE-2023-32649 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian an ...)
+ TODO: check
+CVE-2023-32186 (A Allocation of Resources Without Limits or Throttling vulnerability i ...)
+ TODO: check
+CVE-2023-32182 (A Improper Link Resolution Before File Access ('Link Following') vulne ...)
+ TODO: check
+CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard ...)
+ TODO: check
+CVE-2023-2995 (The Leyka WordPress plugin through 3.30.3 does not sanitise and escape ...)
+ TODO: check
+CVE-2023-2567 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...)
+ TODO: check
+CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...)
+ TODO: check
CVE-2023-4998
- gitlab <not-affected> (Specific to EE)
CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...)
@@ -394,7 +456,7 @@ CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996.
NOT-FOR-US: OPSWAT MetaDefender KIOSK
CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository for the ...)
TODO: check
-CVE-2023-36472 (Strapi is the an open-source headless content management system. Prior ...)
+CVE-2023-36472 (Strapi is an open-source headless content management system. Prior to ...)
NOT-FOR-US: Strapi
CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow ...)
NOT-FOR-US: Dell
@@ -1798,6 +1860,7 @@ CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a CD
- lldpd 1.0.17-1
NOTE: Fixed by: https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b (1.0.17)
CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_f ...)
+ {DLA-3573-1}
- frr 8.4.4-1
NOTE: https://github.com/FRRouting/frr/commit/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 (frr-9.0)
NOTE: https://github.com/FRRouting/frr/commit/cc1a551cb007cc8ed8b1ea0605a7ab46c16de12b (frr-8.5.1)
@@ -2799,7 +2862,7 @@ CVE-2023-39267 (An authenticated remote code execution vulnerability exists in t
CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface could a ...)
NOT-FOR-US: Aruba
CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...)
- {DSA-5495-1}
+ {DSA-5495-1 DLA-3573-1}
- frr 8.4.4-1.1
NOTE: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
NOTE: https://github.com/FRRouting/frr/pull/14290
@@ -2946,6 +3009,7 @@ CVE-2023-4573 (When receiving rendering data over IPC `mStream` could have been
CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController allows au ...)
NOT-FOR-US: Cerebrate
CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...)
+ {DLA-3573-1}
- frr <unfixed>
[bullseye] - frr <not-affected> (The vulnerable code was introduced later)
NOTE: https://github.com/FRRouting/frr/pull/14241
@@ -2953,6 +3017,7 @@ CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c do
NOTE: Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e
CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...)
+ {DLA-3573-1}
- frr 8.4.4-1.1
[bookworm] - frr 8.4.4-1.1~deb12u1
[bullseye] - frr <not-affected> (The vulnerable code was introduced later)
@@ -2968,7 +3033,7 @@ CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is a
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/460ee930d6dbce6e96ecbfcd568a291f31bae24e
NOTE: Introduced in: https://github.com/FRRouting/frr/commit/97a52c82a569f4a2ba792fbd734f5e635a057e6f (frr-8.5-rc)
CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...)
- {DSA-5495-1}
+ {DSA-5495-1 DLA-3573-1}
- frr 8.4.4-1.1
NOTE: https://github.com/FRRouting/frr/pull/14260
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38
@@ -3847,7 +3912,7 @@ CVE-2023-XXXX [RUSTSEC-2023-0052 webpki: CPU denial of service in certificate pa
[bookworm] - rust-webpki <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0052.html
NOTE: https://github.com/briansmith/webpki/issues/69
-CVE-2023-32184
+CVE-2023-32184 (A Insecure Storage of Sensitive Information vulnerability in openSUSE ...)
NOT-FOR-US: OpenSUSE-welcome
CVE-2023-4456 (A flaw was found in openshift-logging LokiStack. The key used for cach ...)
NOT-FOR-US: LokiStack
@@ -16243,7 +16308,7 @@ CVE-2023-31800 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.1
CVE-2023-31799 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
NOT-FOR-US: Chamilo LMS
CVE-2023-31490 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...)
- {DSA-5495-1}
+ {DSA-5495-1 DLA-3573-1}
- frr 8.4.4-1 (bug #1036062)
NOTE: https://github.com/FRRouting/frr/issues/13099
NOTE: https://github.com/FRRouting/frr/pull/12454
@@ -34058,8 +34123,8 @@ CVE-2023-0775 (An invalid \u2018prepare write request\u2019 command can cause th
NOT-FOR-US: GSDK
CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...)
NOT-FOR-US: SourceCodester Medical Certificate Generator App
-CVE-2023-0773
- RESERVED
+CVE-2023-0773 (The vulnerability exists in Uniview IP Camera due to identification an ...)
+ TODO: check
CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25676 (TensorFlow is an open source machine learning platform. When running v ...)
@@ -39084,8 +39149,8 @@ CVE-2023-23959
RESERVED
CVE-2023-23958
RESERVED
-CVE-2023-23957
- RESERVED
+CVE-2023-23957 (An authenticated user can see and modify the value for \u2018next\u201 ...)
+ TODO: check
CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...)
NOT-FOR-US: Symantec
CVE-2023-23955 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...)
@@ -44054,8 +44119,8 @@ CVE-2023-22515
RESERVED
CVE-2023-22514
RESERVED
-CVE-2023-22513
- RESERVED
+CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
+ TODO: check
CVE-2023-22512
RESERVED
CVE-2023-22511
@@ -46732,20 +46797,20 @@ CVE-2022-47561
RESERVED
CVE-2022-47560
RESERVED
-CVE-2022-47559
- RESERVED
-CVE-2022-47558
- RESERVED
-CVE-2022-47557
- RESERVED
-CVE-2022-47556
- RESERVED
-CVE-2022-47555
- RESERVED
-CVE-2022-47554
- RESERVED
-CVE-2022-47553
- RESERVED
+CVE-2022-47559 (Lack of device control over web requests in ekorCCP and ekorRCI, allow ...)
+ TODO: check
+CVE-2022-47558 (Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP se ...)
+ TODO: check
+CVE-2022-47557 (Vulnerability in ekorCCP and ekorRCI that could allow an attacker with ...)
+ TODO: check
+CVE-2022-47556 (Uncontrolled resource consumption in ekorRCI, allowing an attacker wit ...)
+ TODO: check
+CVE-2022-47555 (Operating system command injection in ekorCCP and ekorRCI, which could ...)
+ TODO: check
+CVE-2022-47554 (Exposure of sensitive information in ekorCCP and ekorRCI, potentially ...)
+ TODO: check
+CVE-2022-47553 (Incorrect authorisation in ekorCCP and ekorRCI, which could allow a re ...)
+ TODO: check
CVE-2022-47552
RESERVED
CVE-2022-47551 (Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read perm ...)
@@ -62197,6 +62262,7 @@ CVE-2022-43683
CVE-2022-43682
RESERVED
CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...)
+ {DLA-3573-1}
- frr 8.4.1-1 (bug #1035829)
[bullseye] - frr 7.5.1-1.1+deb11u2
NOTE: https://github.com/FRRouting/frr/issues/13427
@@ -71535,6 +71601,7 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based
CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...)
NOT-FOR-US: LISTSERV
CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
+ {DLA-3573-1}
- frr 8.4.1-1 (bug #1035829)
[bullseye] - frr 7.5.1-1.1+deb11u2
NOTE: https://github.com/FRRouting/frr/issues/13427
@@ -71602,6 +71669,7 @@ CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 (v2.10.3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336
CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
+ {DLA-3573-1}
- frr 8.4.1-1 (bug #1035829)
[bullseye] - frr 7.5.1-1.1+deb11u2
NOTE: https://github.com/FRRouting/frr/issues/13427
@@ -82048,6 +82116,7 @@ CVE-2022-36442 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19.
CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gb ...)
NOT-FOR-US: Zebra Enterprise Home Screen
CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...)
+ {DLA-3573-1}
- frr 8.4.1-1
[bullseye] - frr 7.5.1-1.1+deb11u2
NOTE: https://github.com/FRRouting/frr/issues/13202
@@ -259740,47 +259809,55 @@ CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories
CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
+ {DLA-3572-1}
[experimental] - libyang 1.0.167-1
- libyang 1.0.176-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935
NOTE: https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08
NOTE: https://github.com/CESNET/libyang/issues/773
CVE-2019-20397 (A double-free is present in libyang before v1.0-r1 in the function yyp ...)
+ {DLA-3572-1}
[experimental] - libyang 1.0.167-1
- libyang 1.0.176-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793928
NOTE: https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4
NOTE: https://github.com/CESNET/libyang/issues/739
CVE-2019-20396 (A segmentation fault is present in yyparse in libyang before v1.0-r1 d ...)
+ {DLA-3572-1}
[experimental] - libyang 1.0.167-1
- libyang 1.0.176-1
NOTE: https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
NOTE: https://github.com/CESNET/libyang/issues/740
CVE-2019-20395 (A stack consumption issue is present in libyang before v1.0-r1 due to ...)
+ {DLA-3572-1}
[experimental] - libyang 1.0.167-1
- libyang 1.0.176-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793924
NOTE: https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237
NOTE: https://github.com/CESNET/libyang/issues/724
CVE-2019-20394 (A double-free is present in libyang before v1.0-r3 in the function yyp ...)
+ {DLA-3572-1}
[experimental] - libyang 1.0.167-1
- libyang 1.0.176-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793932
NOTE: https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6
NOTE: https://github.com/CESNET/libyang/issues/769
CVE-2019-20393 (A double-free is present in libyang before v1.0-r1 in the function yyp ...)
+ {DLA-3572-1}
[experimental] - libyang 1.0.167-1
- libyang 1.0.176-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793930
NOTE: https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed
NOTE: https://github.com/CESNET/libyang/issues/742
CVE-2019-20392 (An invalid memory access flaw is present in libyang before v1.0-r1 in ...)
+ {DLA-3572-1}
[experimental] - libyang 1.0.167-1
- libyang 1.0.176-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793922
NOTE: https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5
NOTE: https://github.com/CESNET/libyang/issues/723
CVE-2019-20391 (An invalid memory access flaw is present in libyang before v1.0-r3 in ...)
+ {DLA-3572-1}
[experimental] - libyang 1.0.167-1
- libyang 1.0.176-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793934
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd3b61e37a10fbbb4cec1d918227fe67b89308
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cd3b61e37a10fbbb4cec1d918227fe67b89308
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230919/c69892ef/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list