[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 27 09:12:42 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d7a17de by security tracker role at 2023-09-27T08:12:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,249 @@
+CVE-2023-5183 (Unsafe deserialization of untrusted JSON allows execution of arbitrary ...)
+ TODO: check
+CVE-2023-4934 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4737 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-4423 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...)
+ TODO: check
+CVE-2023-44216 (PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU de ...)
+ TODO: check
+CVE-2023-44044 (Super Store Finder v3.6 and below was discovered to contain a SQL inje ...)
+ TODO: check
+CVE-2023-44043 (A stored cross-site scripting (XSS) vulnerability in /settings/index.p ...)
+ TODO: check
+CVE-2023-44042 (A stored cross-site scripting (XSS) vulnerability in /settings/index.p ...)
+ TODO: check
+CVE-2023-43825 (Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and ...)
+ TODO: check
+CVE-2023-43645 (OpenFGA is an authorization/permission engine built for developers and ...)
+ TODO: check
+CVE-2023-43381 (SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote a ...)
+ TODO: check
+CVE-2023-43331 (A cross-site scripting (XSS) vulnerability in the Add User function of ...)
+ TODO: check
+CVE-2023-43291 (Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier al ...)
+ TODO: check
+CVE-2023-43263 (A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 al ...)
+ TODO: check
+CVE-2023-43232 (A stored cross-site scripting (XSS) vulnerability in the Website colum ...)
+ TODO: check
+CVE-2023-43187 (A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint ...)
+ TODO: check
+CVE-2023-43154 (In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loos ...)
+ TODO: check
+CVE-2023-42820 (JumpServer is an open source bastion host. This vulnerability is due t ...)
+ TODO: check
+CVE-2023-42819 (JumpServer is an open source bastion host. Logged-in users can access ...)
+ TODO: check
+CVE-2023-42462 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-42461 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-42453 (Synapse is an open-source Matrix homeserver written and maintained by ...)
+ TODO: check
+CVE-2023-41996 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-41995 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-41986 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-41984 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-41981 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-41980 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2023-41979 (A race condition was addressed with improved locking. This issue is fi ...)
+ TODO: check
+CVE-2023-41968 (This issue was addressed with improved validation of symlinks. This is ...)
+ TODO: check
+CVE-2023-41888 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-41878 (MeterSphere is a one-stop open source continuous testing platform, cov ...)
+ TODO: check
+CVE-2023-41335 (Synapse is an open-source Matrix homeserver written and maintained by ...)
+ TODO: check
+CVE-2023-41333 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2023-41332 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2023-41326 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-41324 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-41323 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-41322 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-41321 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-41320 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...)
+ TODO: check
+CVE-2023-41232 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2023-41174 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-41079 (The issue was addressed with improved permissions logic. This issue is ...)
+ TODO: check
+CVE-2023-41078 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2023-41074 (The issue was addressed with improved checks. This issue is fixed in t ...)
+ TODO: check
+CVE-2023-41073 (An authorization issue was addressed with improved state management. T ...)
+ TODO: check
+CVE-2023-41071 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-41070 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-41068 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
+CVE-2023-41067 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-41066 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2023-41065 (A privacy issue was addressed with improved private data redaction for ...)
+ TODO: check
+CVE-2023-41063 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40677 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
+CVE-2023-40676 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jaso ...)
+ TODO: check
+CVE-2023-40675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plug ...)
+ TODO: check
+CVE-2023-40669 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-40668 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfc ...)
+ TODO: check
+CVE-2023-40667 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Si ...)
+ TODO: check
+CVE-2023-40665 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfc ...)
+ TODO: check
+CVE-2023-40664 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...)
+ TODO: check
+CVE-2023-40663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme ...)
+ TODO: check
+CVE-2023-40605 (Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digi ...)
+ TODO: check
+CVE-2023-40604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes ...)
+ TODO: check
+CVE-2023-40541 (This issue was addressed by adding an additional prompt for user conse ...)
+ TODO: check
+CVE-2023-40520 (The issue was addressed with improved checks. This issue is fixed in t ...)
+ TODO: check
+CVE-2023-40456 (The issue was addressed with improved checks. This issue is fixed in t ...)
+ TODO: check
+CVE-2023-40455 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2023-40454 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2023-40452 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2023-40451 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
+ TODO: check
+CVE-2023-40450 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-40448 (The issue was addressed with improved handling of protocols. This issu ...)
+ TODO: check
+CVE-2023-40443 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-40441 (A resource exhaustion issue was addressed with improved input validati ...)
+ TODO: check
+CVE-2023-40436 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2023-40435 (This issue was addressed by enabling hardened runtime. This issue is f ...)
+ TODO: check
+CVE-2023-40434 (A configuration issue was addressed with additional restrictions. This ...)
+ TODO: check
+CVE-2023-40432 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40431 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40429 (A permissions issue was addressed with improved validation. This issue ...)
+ TODO: check
+CVE-2023-40428 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-40427 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-40426 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2023-40424 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-40422 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40420 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40419 (The issue was addressed with improved checks. This issue is fixed in t ...)
+ TODO: check
+CVE-2023-40418 (An authentication issue was addressed with improved state management. ...)
+ TODO: check
+CVE-2023-40417 (A window management issue was addressed with improved state management ...)
+ TODO: check
+CVE-2023-40412 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40410 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-40409 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40407 (The issue was addressed with improved bounds checks. This issue is fix ...)
+ TODO: check
+CVE-2023-40406 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-40403 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40402 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2023-40400 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2023-40399 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40395 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-40391 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-40388 (A privacy issue was addressed with improved handling of temporary file ...)
+ TODO: check
+CVE-2023-40386 (A privacy issue was addressed with improved handling of temporary file ...)
+ TODO: check
+CVE-2023-40384 (A permissions issue was addressed with improved redaction of sensitive ...)
+ TODO: check
+CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Pe ...)
+ TODO: check
+CVE-2023-39434 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-39233 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-38615 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-38596 (The issue was addressed with improved handling of protocols. This issu ...)
+ TODO: check
+CVE-2023-38586 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ TODO: check
+CVE-2023-37448 (A lock screen issue was addressed with improved state management. This ...)
+ TODO: check
+CVE-2023-35990 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-35984 (The issue was addressed with improved checks. This issue is fixed in t ...)
+ TODO: check
+CVE-2023-35793 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...)
+ TODO: check
+CVE-2023-35074 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-32421 (A privacy issue was addressed with improved handling of temporary file ...)
+ TODO: check
+CVE-2023-32396 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2023-32377 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2023-32361 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
+ TODO: check
+CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...)
+ TODO: check
CVE-2023-43040 [Improperly verified POST keys]
- ceph <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10
@@ -145,7 +391,7 @@ CVE-2023-4258 (In Bluetooth mesh implementation If provisionee has a public key
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-43457 (An issue in Service Provider Management System v.1.0 allows a remote a ...)
NOT-FOR-US: Service Provider Management System
-CVE-2023-43326 (mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS ...)
+CVE-2023-43326 (A reflected cross-site scripting (XSS) vulnerability exisits in multip ...)
NOT-FOR-US: mooSocial
CVE-2023-43325 (A reflected cross-site scripting (XSS) vulnerability in the data[redir ...)
NOT-FOR-US: mooSocial
@@ -508,11 +754,11 @@ CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download
TODO: check
CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
NOT-FOR-US: Dreamer CMS
-CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in i ...)
+CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in S ...)
TODO: check
-CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in i ...)
+CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in m ...)
TODO: check
-CVE-2023-41991 (A certificate validation issue was addressed. This issue is fixed in i ...)
+CVE-2023-41991 (A certificate validation issue was addressed. This issue is fixed in m ...)
TODO: check
CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image` fields targe ...)
NOT-FOR-US: plone.namedfile
@@ -20257,8 +20503,8 @@ CVE-2023-30473 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ma
NOT-FOR-US: WordPress Plugin
CVE-2023-30472
RESERVED
-CVE-2023-30471
- RESERVED
+CVE-2023-30471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel R ...)
+ TODO: check
CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode generati ...)
NOT-FOR-US: Facebook Hermes
CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...)
@@ -25176,8 +25422,8 @@ CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I
NOT-FOR-US: WordPress plugin
CVE-2023-28791
RESERVED
-CVE-2023-28790
- RESERVED
+CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Bre ...)
+ TODO: check
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28788
@@ -26188,8 +26434,8 @@ CVE-2023-28492
RESERVED
CVE-2023-28491
RESERVED
-CVE-2023-28490
- RESERVED
+CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...)
+ TODO: check
CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
NOT-FOR-US: Siemens
CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate the ge ...)
@@ -29204,8 +29450,8 @@ CVE-2023-27630
RESERVED
CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27628
- RESERVED
+CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27626
@@ -29216,8 +29462,8 @@ CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-27623
RESERVED
-CVE-2023-27622
- RESERVED
+CVE-2023-27622 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel ...)
+ TODO: check
CVE-2023-27621 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...)
@@ -29226,10 +29472,10 @@ CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerab
NOT-FOR-US: WordPress theme
CVE-2023-27618 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGI ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-27617
- RESERVED
-CVE-2023-27616
- RESERVED
+CVE-2023-27617 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
+ TODO: check
+CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Ca ...)
+ TODO: check
CVE-2023-27615
RESERVED
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...)
@@ -35662,8 +35908,8 @@ CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25483
- RESERVED
+CVE-2023-25483 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anki ...)
+ TODO: check
CVE-2023-25482 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tile ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Sub ...)
@@ -39957,8 +40203,8 @@ CVE-2023-23960
RESERVED
CVE-2023-23959
RESERVED
-CVE-2023-23958
- RESERVED
+CVE-2023-23958 (Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Ha ...)
+ TODO: check
CVE-2023-23957 (An authenticated user can see and modify the value for \u2018next\u201 ...)
NOT-FOR-US: Symantec Identity Portal
CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...)
@@ -41468,8 +41714,8 @@ CVE-2023-23497 (A logic issue was addressed with improved state management. This
NOT-FOR-US: Apple
CVE-2023-23496 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
-CVE-2023-23495
- RESERVED
+CVE-2023-23495 (A permissions issue was addressed with improved redaction of sensitive ...)
+ TODO: check
CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking. This is ...)
NOT-FOR-US: Apple
CVE-2023-23493 (A logic issue was addressed with improved state management. This issue ...)
@@ -151975,8 +152221,8 @@ CVE-2021-38245
RESERVED
CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...)
NOT-FOR-US: cbioportal
-CVE-2021-38243
- RESERVED
+CVE-2021-38243 (xunruicms <=4.5.1 is vulnerable to Remote Code Execution.)
+ TODO: check
CVE-2021-38242
RESERVED
CVE-2021-38241 (Deserialization issue discovered in Ruoyi before 4.6.1 allows remote a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7a17ded5df3e81d4a45a3a93868bc5236d0f7a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d7a17ded5df3e81d4a45a3a93868bc5236d0f7a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230927/9dfede40/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list