[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 29 09:12:22 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
312c275e by security tracker role at 2023-09-29T08:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...)
+	TODO: check
+CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to  an Insecure File  ...)
+	TODO: check
+CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine d ...)
+	TODO: check
+CVE-2023-5053 (Hospital management system version 378c157 allows to bypass authentica ...)
+	TODO: check
+CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authentica ...)
+	TODO: check
+CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
+CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...)
+	TODO: check
+CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...)
+	TODO: check
+CVE-2023-44466 (An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel ...)
+	TODO: check
+CVE-2023-44464 (pretix before 2023.7.2 allows Pillow to parse EPS files.)
+	TODO: check
+CVE-2023-44174 (Online Movie Ticket Booking System v1.0 is vulnerable to  an authentic ...)
+	TODO: check
+CVE-2023-44173 (Online Movie Ticket Booking System v1.0 is vulnerable to  an authentic ...)
+	TODO: check
+CVE-2023-44168 (The 'phone' parameter of the process_registration.php resource  does n ...)
+	TODO: check
+CVE-2023-44167 (The 'name' parameter of the process_registration.php resource  does no ...)
+	TODO: check
+CVE-2023-44166 (The 'age' parameter of the process_registration.php resource  does not ...)
+	TODO: check
+CVE-2023-44165 (The 'Password' parameter of the process_login.php resource  does not v ...)
+	TODO: check
+CVE-2023-44164 (The 'Email' parameter of the process_login.php resource  does not vali ...)
+	TODO: check
+CVE-2023-44163 (The 'search' parameter of the process_search.php resource  does not va ...)
+	TODO: check
+CVE-2023-43740 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
+	TODO: check
+CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource  does not validate t ...)
+	TODO: check
+CVE-2023-43662 (ShokoServer is a media server which specializes in organizing anime. I ...)
+	TODO: check
+CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in product ...)
+	TODO: check
+CVE-2023-43014 (Asset Management System v1.0 is vulnerable to  an Authenticated SQL In ...)
+	TODO: check
+CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an  unauthenticated SQL  ...)
+	TODO: check
+CVE-2023-3979 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
+CVE-2023-3922 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
+CVE-2023-3920 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
+CVE-2023-3917 (Denial of Service in pipelines affecting all versions of Gitlab EE and ...)
+	TODO: check
+CVE-2023-3914 (A business logic error in GitLab EE affecting all versions prior to 16 ...)
+	TODO: check
+CVE-2023-3906 (An input validation issue in the asset proxy in GitLab EE, affecting a ...)
+	TODO: check
+CVE-2023-3775 (A Vault Enterprise Sentinel Role Governing Policy created by an operat ...)
+	TODO: check
+CVE-2023-3115 (An issue has been discovered in GitLab EE affecting all versions affec ...)
+	TODO: check
+CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an im ...)
+	TODO: check
 CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output error backt ...)
 	TODO: check
 CVE-2023-5215 (A flaw was found in libnbd. A server can reply with a block size large ...)
@@ -652,7 +718,7 @@ CVE-2023-43857 (Dreamer CMS v4.1.3 was discovered to contain a stored cross-site
 	NOT-FOR-US: Dreamer CMS
 CVE-2023-43856 (Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vu ...)
 	NOT-FOR-US: Dreamer CMS
-CVE-2023-43775 (Denial-of-service vulnerability in the web server of the Eaton SMP SG- ...)
+CVE-2023-43775 (Denial-of-service vulnerability in the web server of the Eaton SMP Gat ...)
 	NOT-FOR-US: Eaton
 CVE-2023-43646 (get-func-name is a module to retrieve a function's name securely and c ...)
 	TODO: check
@@ -1667,6 +1733,7 @@ CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote
 CVE-2023-41901
 	REJECTED
 CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 9.4.21 t ...)
+	{DSA-5507-1}
 	- jetty9 9.4.52-1
 	[buster] - jetty9 <not-affected> (The vulnerable code was introduced in 9.4.21)
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48
@@ -1814,6 +1881,7 @@ CVE-2023-40868 (Cross Site Request Forgery vulnerability in mooSocial MooSocial
 CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
 	NOT-FOR-US: Discourse
 CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to versions ...)
+	{DSA-5507-1}
 	- jetty9 9.4.52-1
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
 	NOTE: https://github.com/eclipse/jetty.project/pull/10329
@@ -1857,6 +1925,7 @@ CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996.
 CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built ...)
 	NOT-FOR-US: OPSWAT MetaDefender KIOSK
 CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository for the ...)
+	{DSA-5507-1}
 	- jetty9 9.4.52-1
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
 	NOTE: https://github.com/eclipse/jetty.project/pull/9888
@@ -1992,7 +2061,7 @@ CVE-2023-42468 (The com.cutestudio.colordialer application through 2.1.8-2 for A
 	NOT-FOR-US: com.cutestudio.colordialer application
 CVE-2023-41892 (Craft CMS is a platform for creating digital experiences. This is a hi ...)
 	NOT-FOR-US: Craft CMS
-CVE-2023-41081 (The mod_jk component of Apache Tomcat Connectorsin some circumstances, ...)
+CVE-2023-41081 (Important: Authentication Bypass CVE-2023-41081  The mod_jk component  ...)
 	{DLA-3580-1}
 	- libapache-mod-jk 1:1.2.49-1 (bug #1051956)
 	[bookworm] - libapache-mod-jk <no-dsa> (Minor issue)
@@ -19188,8 +19257,8 @@ CVE-2023-2235 (A use-after-free vulnerability in the Linux Kernel Performance Ev
 	NOTE: https://git.kernel.org/linus/fd0815f632c24878e325821943edccc7fde947a2 (6.3-rc3)
 CVE-2023-2234 (Union variant confusion allows any malicious BT controller to execute  ...)
 	NOT-FOR-US: Zephyr
-CVE-2023-2233
-	RESERVED
+CVE-2023-2233 (An improper authorization issue has been discovered in GitLab CE/EE af ...)
+	TODO: check
 CVE-2023-2232 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2023-2231 (A vulnerability, which was classified as critical, was found in MAXTEC ...)
@@ -20273,8 +20342,8 @@ CVE-2023-30593
 	RESERVED
 CVE-2023-30592
 	RESERVED
-CVE-2023-30591
-	RESERVED
+CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attacker ...)
+	TODO: check
 CVE-2023-30590
 	RESERVED
 	- nodejs <unfixed> (bug #1039990)
@@ -32975,8 +33044,8 @@ CVE-2023-0991
 	RESERVED
 CVE-2023-0990
 	RESERVED
-CVE-2023-0989
-	RESERVED
+CVE-2023-0989 (An information disclosure issue in GitLab CE/EE affecting all versions ...)
+	TODO: check
 CVE-2023-0988 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: SourceCodester Online Pizza Ordering System
 CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCodester  ...)
@@ -33829,12 +33898,12 @@ CVE-2023-26150
 	RESERVED
 CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...)
 	TODO: check
-CVE-2023-26148
-	RESERVED
-CVE-2023-26147
-	RESERVED
-CVE-2023-26146
-	RESERVED
+CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to CRLF Injec ...)
+	TODO: check
+CVE-2023-26147 (All versions of the package ithewei/libhv are vulnerable to HTTP Respo ...)
+	TODO: check
+CVE-2023-26146 (All versions of the package ithewei/libhv are vulnerable to Cross-site ...)
+	TODO: check
 CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A number of  ...)
 	TODO: check
 CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 are vuln ...)
@@ -34179,12 +34248,14 @@ CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering perso
 CVE-2023-26050
 	RESERVED
 CVE-2023-26049 (Jetty is a java based web server and servlet engine. Nonstandard cooki ...)
+	{DSA-5507-1}
 	[experimental] - jetty9 9.4.51-1
 	- jetty9 9.4.52-1
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
 	NOTE: https://github.com/eclipse/jetty.project/pull/9339
 	NOTE: https://github.com/eclipse/jetty.project/pull/9352
 CVE-2023-26048 (Jetty is a java based web server and servlet engine. In affected versi ...)
+	{DSA-5507-1}
 	[experimental] - jetty9 9.4.51-1
 	- jetty9 9.4.52-1
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/312c275ec9aa8123ba6cc8d10d1154e7c6132fa2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/312c275ec9aa8123ba6cc8d10d1154e7c6132fa2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230929/8bf6da5d/attachment.htm>


More information about the debian-security-tracker-commits mailing list