[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 29 09:12:22 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
312c275e by security tracker role at 2023-09-29T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ TODO: check
+CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an Insecure File ...)
+ TODO: check
+CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine d ...)
+ TODO: check
+CVE-2023-5053 (Hospital management system version 378c157 allows to bypass authentica ...)
+ TODO: check
+CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authentica ...)
+ TODO: check
+CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...)
+ TODO: check
+CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...)
+ TODO: check
+CVE-2023-44466 (An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel ...)
+ TODO: check
+CVE-2023-44464 (pretix before 2023.7.2 allows Pillow to parse EPS files.)
+ TODO: check
+CVE-2023-44174 (Online Movie Ticket Booking System v1.0 is vulnerable to an authentic ...)
+ TODO: check
+CVE-2023-44173 (Online Movie Ticket Booking System v1.0 is vulnerable to an authentic ...)
+ TODO: check
+CVE-2023-44168 (The 'phone' parameter of the process_registration.php resource does n ...)
+ TODO: check
+CVE-2023-44167 (The 'name' parameter of the process_registration.php resource does no ...)
+ TODO: check
+CVE-2023-44166 (The 'age' parameter of the process_registration.php resource does not ...)
+ TODO: check
+CVE-2023-44165 (The 'Password' parameter of the process_login.php resource does not v ...)
+ TODO: check
+CVE-2023-44164 (The 'Email' parameter of the process_login.php resource does not vali ...)
+ TODO: check
+CVE-2023-44163 (The 'search' parameter of the process_search.php resource does not va ...)
+ TODO: check
+CVE-2023-43740 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
+ TODO: check
+CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not validate t ...)
+ TODO: check
+CVE-2023-43662 (ShokoServer is a media server which specializes in organizing anime. I ...)
+ TODO: check
+CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in product ...)
+ TODO: check
+CVE-2023-43014 (Asset Management System v1.0 is vulnerable to an Authenticated SQL In ...)
+ TODO: check
+CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an unauthenticated SQL ...)
+ TODO: check
+CVE-2023-3979 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2023-3922 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2023-3920 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2023-3917 (Denial of Service in pipelines affecting all versions of Gitlab EE and ...)
+ TODO: check
+CVE-2023-3914 (A business logic error in GitLab EE affecting all versions prior to 16 ...)
+ TODO: check
+CVE-2023-3906 (An input validation issue in the asset proxy in GitLab EE, affecting a ...)
+ TODO: check
+CVE-2023-3775 (A Vault Enterprise Sentinel Role Governing Policy created by an operat ...)
+ TODO: check
+CVE-2023-3115 (An issue has been discovered in GitLab EE affecting all versions affec ...)
+ TODO: check
+CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an im ...)
+ TODO: check
CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output error backt ...)
TODO: check
CVE-2023-5215 (A flaw was found in libnbd. A server can reply with a block size large ...)
@@ -652,7 +718,7 @@ CVE-2023-43857 (Dreamer CMS v4.1.3 was discovered to contain a stored cross-site
NOT-FOR-US: Dreamer CMS
CVE-2023-43856 (Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vu ...)
NOT-FOR-US: Dreamer CMS
-CVE-2023-43775 (Denial-of-service vulnerability in the web server of the Eaton SMP SG- ...)
+CVE-2023-43775 (Denial-of-service vulnerability in the web server of the Eaton SMP Gat ...)
NOT-FOR-US: Eaton
CVE-2023-43646 (get-func-name is a module to retrieve a function's name securely and c ...)
TODO: check
@@ -1667,6 +1733,7 @@ CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote
CVE-2023-41901
REJECTED
CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 9.4.21 t ...)
+ {DSA-5507-1}
- jetty9 9.4.52-1
[buster] - jetty9 <not-affected> (The vulnerable code was introduced in 9.4.21)
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
@@ -1814,6 +1881,7 @@ CVE-2023-40868 (Cross Site Request Forgery vulnerability in mooSocial MooSocial
CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
NOT-FOR-US: Discourse
CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to versions ...)
+ {DSA-5507-1}
- jetty9 9.4.52-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
NOTE: https://github.com/eclipse/jetty.project/pull/10329
@@ -1857,6 +1925,7 @@ CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996.
CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built ...)
NOT-FOR-US: OPSWAT MetaDefender KIOSK
CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository for the ...)
+ {DSA-5507-1}
- jetty9 9.4.52-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
NOTE: https://github.com/eclipse/jetty.project/pull/9888
@@ -1992,7 +2061,7 @@ CVE-2023-42468 (The com.cutestudio.colordialer application through 2.1.8-2 for A
NOT-FOR-US: com.cutestudio.colordialer application
CVE-2023-41892 (Craft CMS is a platform for creating digital experiences. This is a hi ...)
NOT-FOR-US: Craft CMS
-CVE-2023-41081 (The mod_jk component of Apache Tomcat Connectorsin some circumstances, ...)
+CVE-2023-41081 (Important: Authentication Bypass CVE-2023-41081 The mod_jk component ...)
{DLA-3580-1}
- libapache-mod-jk 1:1.2.49-1 (bug #1051956)
[bookworm] - libapache-mod-jk <no-dsa> (Minor issue)
@@ -19188,8 +19257,8 @@ CVE-2023-2235 (A use-after-free vulnerability in the Linux Kernel Performance Ev
NOTE: https://git.kernel.org/linus/fd0815f632c24878e325821943edccc7fde947a2 (6.3-rc3)
CVE-2023-2234 (Union variant confusion allows any malicious BT controller to execute ...)
NOT-FOR-US: Zephyr
-CVE-2023-2233
- RESERVED
+CVE-2023-2233 (An improper authorization issue has been discovered in GitLab CE/EE af ...)
+ TODO: check
CVE-2023-2232 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2023-2231 (A vulnerability, which was classified as critical, was found in MAXTEC ...)
@@ -20273,8 +20342,8 @@ CVE-2023-30593
RESERVED
CVE-2023-30592
RESERVED
-CVE-2023-30591
- RESERVED
+CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attacker ...)
+ TODO: check
CVE-2023-30590
RESERVED
- nodejs <unfixed> (bug #1039990)
@@ -32975,8 +33044,8 @@ CVE-2023-0991
RESERVED
CVE-2023-0990
RESERVED
-CVE-2023-0989
- RESERVED
+CVE-2023-0989 (An information disclosure issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
CVE-2023-0988 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: SourceCodester Online Pizza Ordering System
CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCodester ...)
@@ -33829,12 +33898,12 @@ CVE-2023-26150
RESERVED
CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...)
TODO: check
-CVE-2023-26148
- RESERVED
-CVE-2023-26147
- RESERVED
-CVE-2023-26146
- RESERVED
+CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to CRLF Injec ...)
+ TODO: check
+CVE-2023-26147 (All versions of the package ithewei/libhv are vulnerable to HTTP Respo ...)
+ TODO: check
+CVE-2023-26146 (All versions of the package ithewei/libhv are vulnerable to Cross-site ...)
+ TODO: check
CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A number of ...)
TODO: check
CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 are vuln ...)
@@ -34179,12 +34248,14 @@ CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering perso
CVE-2023-26050
RESERVED
CVE-2023-26049 (Jetty is a java based web server and servlet engine. Nonstandard cooki ...)
+ {DSA-5507-1}
[experimental] - jetty9 9.4.51-1
- jetty9 9.4.52-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
NOTE: https://github.com/eclipse/jetty.project/pull/9339
NOTE: https://github.com/eclipse/jetty.project/pull/9352
CVE-2023-26048 (Jetty is a java based web server and servlet engine. In affected versi ...)
+ {DSA-5507-1}
[experimental] - jetty9 9.4.51-1
- jetty9 9.4.52-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/312c275ec9aa8123ba6cc8d10d1154e7c6132fa2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/312c275ec9aa8123ba6cc8d10d1154e7c6132fa2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230929/8bf6da5d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list