[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 29 21:13:01 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ef0dfcf by security tracker role at 2023-09-29T20:12:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2023-5289 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+ TODO: check
+CVE-2023-5288 (A remote unauthorized attacker may connect to the SIM1012, interact wi ...)
+ TODO: check
+CVE-2023-5287 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...)
+ TODO: check
+CVE-2023-5286 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-5285 (A vulnerability classified as critical was found in Tongda OA 2017. Af ...)
+ TODO: check
+CVE-2023-5284 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-5283 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...)
+ TODO: check
+CVE-2023-5282 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...)
+ TODO: check
+CVE-2023-5281 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...)
+ TODO: check
+CVE-2023-5280 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...)
+ TODO: check
+CVE-2023-5279 (A vulnerability has been found in SourceCodester Engineers Online Port ...)
+ TODO: check
+CVE-2023-5278 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-5277 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-5276 (A vulnerability classified as critical was found in SourceCodester Eng ...)
+ TODO: check
+CVE-2023-5273 (A vulnerability classified as problematic was found in SourceCodester ...)
+ TODO: check
+CVE-2023-5272 (A vulnerability classified as critical has been found in SourceCodeste ...)
+ TODO: check
+CVE-2023-5271 (A vulnerability was found in SourceCodester Best Courier Management Sy ...)
+ TODO: check
+CVE-2023-5270 (A vulnerability was found in SourceCodester Best Courier Management Sy ...)
+ TODO: check
+CVE-2023-5269 (A vulnerability was found in SourceCodester Best Courier Management Sy ...)
+ TODO: check
+CVE-2023-5268 (A vulnerability was found in DedeBIZ 6.2 and classified as critical. T ...)
+ TODO: check
+CVE-2023-5267 (A vulnerability has been found in Tongda OA 2017 and classified as cri ...)
+ TODO: check
+CVE-2023-5266 (A vulnerability, which was classified as critical, was found in DedeBI ...)
+ TODO: check
+CVE-2023-5265 (A vulnerability, which was classified as critical, has been found in T ...)
+ TODO: check
+CVE-2023-5264 (A vulnerability classified as critical was found in huakecms 3.0. Affe ...)
+ TODO: check
+CVE-2023-5263 (A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. ...)
+ TODO: check
+CVE-2023-5262 (A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classif ...)
+ TODO: check
+CVE-2023-5261 (A vulnerability, which was classified as critical, was found in Tongda ...)
+ TODO: check
+CVE-2023-5260 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-5259 (A vulnerability classified as problematic was found in ForU CMS. This ...)
+ TODO: check
+CVE-2023-5258 (A vulnerability classified as critical has been found in OpenRapid Rap ...)
+ TODO: check
+CVE-2023-5257 (A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It ...)
+ TODO: check
+CVE-2023-5196 (Mattermost fails to enforce character limits in all possible notificat ...)
+ TODO: check
+CVE-2023-5195 (Mattermost fails to properly validate the permissions when soft deleti ...)
+ TODO: check
+CVE-2023-5194 (Mattermost fails to properly validate permissions when demoting and de ...)
+ TODO: check
+CVE-2023-5193 (Mattermost fails to properly check permissions when retrieving a post ...)
+ TODO: check
+CVE-2023-5159 (Mattermost fails to properly verify the permissions when managing/upda ...)
+ TODO: check
+CVE-2023-43944 (A Stored Cross Site Scripting (XSS) vulnerability was found in SourceC ...)
+ TODO: check
+CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to contain ...)
+ TODO: check
+CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a composer. ...)
+ TODO: check
+CVE-2023-41691 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay ...)
+ TODO: check
+CVE-2023-41687 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-41666 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-41663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovamba ...)
+ TODO: check
+CVE-2023-41662 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benj ...)
+ TODO: check
+CVE-2023-41661 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pres ...)
+ TODO: check
+CVE-2023-41658 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
+ TODO: check
+CVE-2023-41657 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...)
+ TODO: check
+CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...)
+ TODO: check
+CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions starting ...)
+ TODO: check
+CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write response' pac ...)
+ TODO: check
+CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible for a r ...)
+ TODO: check
+CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...)
+ TODO: check
CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...)
TODO: check
CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an Insecure File ...)
@@ -42,7 +146,7 @@ CVE-2023-44164 (The 'Email' parameter of the process_login.php resource does no
TODO: check
CVE-2023-44163 (The 'search' parameter of the process_search.php resource does not va ...)
TODO: check
-CVE-2023-43740 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
+CVE-2023-43740 (Online Book Store Project v1.0 is vulnerable to an Insecure File Uploa ...)
TODO: check
CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not validate t ...)
TODO: check
@@ -260,6 +364,7 @@ CVE-2023-5222 (A vulnerability classified as critical was found in Viessmann Vit
CVE-2023-5221 (A vulnerability classified as critical has been found in ForU CMS. Thi ...)
NOT-FOR-US: ForU CMS
CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior ...)
+ {DSA-5509-1 DSA-5508-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox <unfixed> (unimportant)
@@ -273,9 +378,11 @@ CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome p
NOTE: src:firefox and firefox-esr use the system libvpx starting in bookworm and above. For
NOTE: older releases still needs the fixes in src:firefox-esr.
CVE-2023-5187 (Use after free in Extensions in Google Chrome prior to 117.0.5938.132 ...)
+ {DSA-5508-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5186 (Use after free in Passwords in Google Chrome prior to 117.0.5938.132 a ...)
+ {DSA-5508-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5184 (Two potential signed to unsigned conversion errors and buffer overflow ...)
@@ -789,7 +896,7 @@ CVE-2023-34043 (VMware Aria Operations contains a local privilege escalation vul
CVE-2023-32541 (A use-after-free vulnerability exists in the footerr functionality of ...)
NOT-FOR-US: Hancom Office 2020 HWord
CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ...)
- {DSA-5506-1}
+ {DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -813,7 +920,7 @@ CVE-2023-5172 (A hashtable in the Ion Engine could have been mutated while ther
- firefox 118.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172
CVE-2023-5171 (During Ion compilation, a Garbage Collection could have resulted in a ...)
- {DSA-5506-1}
+ {DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -824,7 +931,7 @@ CVE-2023-5170 (In canvas rendering, a compromised content process could have cau
- firefox 118.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170
CVE-2023-5169 (A compromised content process could have provided malicious data in a ...)
- {DSA-5506-1}
+ {DSA-5506-1 DLA-3587-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -3157,6 +3264,7 @@ CVE-2023-29166 (A logic issue was addressed with improved state management. This
CVE-2023-36851 (A Missing Authentication for Critical Function vulnerability in Junipe ...)
NOT-FOR-US: Juniper
CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
+ {DLA-3588-1}
- vim 2:9.0.1894-1
[bookworm] - vim <no-dsa> (Minor issue)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -3329,6 +3437,7 @@ CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-D
NOTE: https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.)
+ {DLA-3588-1}
- vim 2:9.0.1894-1
[bookworm] - vim <no-dsa> (Minor issue)
[bullseye] - vim <no-dsa> (Minor issue)
@@ -4049,6 +4158,7 @@ CVE-2023-41163 (A Reflected Cross-site scripting (XSS) vulnerability in the file
CVE-2023-41041 (Graylog is a free and open log management platform. In a multi-node Gr ...)
- graylog2 <itp> (bug #652273)
CVE-2023-41040 (GitPython is a python library used to interact with Git repositories. ...)
+ {DLA-3589-1}
- python-git 3.1.36-1
[bookworm] - python-git <no-dsa> (Minor issue; can be fixed via point release)
[bullseye] - python-git <no-dsa> (Minor issue; can be fixed via point release)
@@ -33718,8 +33828,8 @@ CVE-2023-26220
RESERVED
CVE-2023-26219
RESERVED
-CVE-2023-26218
- RESERVED
+CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contain ...)
+ TODO: check
CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX ...)
NOT-FOR-US: TIBICO Software
CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...)
@@ -207750,6 +207860,7 @@ CVE-2020-28465
CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...)
NOT-FOR-US: Node djv
CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...)
+ {DLA-3590-1}
- python-reportlab 3.5.55-1
[stretch] - python-reportlab <postponed> (Can be fixed in next DLA)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
@@ -278050,6 +278161,7 @@ CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename arg
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/dia/commit/baa2df853f9fb770eedcf3d94c7f5becebc90bb9
NOTE: Negligible security impact, hang in end user tool
CVE-2019-19450 (paraparser in ReportLab before 3.5.31 allows remote code execution bec ...)
+ {DLA-3590-1}
- python-reportlab 3.5.31-1
NOTE: https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md#release-353115102019
NOTE: Fixed by: https://hg.reportlab.com/hg-public/reportlab/rev/b117091a73c2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ef0dfcf9c4729e65d70dfb7f883f79b6aa1929a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ef0dfcf9c4729e65d70dfb7f883f79b6aa1929a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230929/95c68ff1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list