[Git][security-tracker-team/security-tracker][master] 4 commits: Add CVE-2023-43655/composer
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 30 20:25:57 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f24057a by Salvatore Bonaccorso at 2023-09-30T21:25:08+02:00
Add CVE-2023-43655/composer
- - - - -
29ed168a by Salvatore Bonaccorso at 2023-09-30T21:25:08+02:00
Process some NFUs
- - - - -
d90c2d9b by Salvatore Bonaccorso at 2023-09-30T21:25:08+02:00
Add CVE-2023-43642/snappy-java
- - - - -
9d16b922 by Salvatore Bonaccorso at 2023-09-30T21:25:08+02:00
Add CVE-2023-20034/elasticsearch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50,7 +50,7 @@ CVE-2023-43702 (Os Commerce is currently susceptible to a Cross-Site Scripting (
CVE-2023-5289 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
- rdiffweb <itp> (bug #969974)
CVE-2023-5288 (A remote unauthorized attacker may connect to the SIM1012, interact wi ...)
- TODO: check
+ NOT-FOR-US: SICK SIM1012
CVE-2023-5287 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...)
NOT-FOR-US: BEECMS
CVE-2023-5286 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -124,7 +124,11 @@ CVE-2023-43944 (A Stored Cross Site Scripting (XSS) vulnerability was found in S
CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to contain ...)
NOT-FOR-US: Hospital Management System
CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a composer. ...)
- TODO: check
+ - composer <unfixed>
+ NOTE: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
+ NOTE: https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d (1.10.27)
+ NOTE: https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c (2.2.22)
+ NOTE: https://github.com/composer/composer/commit/955a48e6319c8962e5cd421b07c00ab3c728968c (2.6.4)
CVE-2023-41691 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay ...)
NOT-FOR-US: WordPress plugin
CVE-2023-41687 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -150,7 +154,7 @@ CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write response
CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible for a r ...)
TODO: check
CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...)
TODO: check
CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an Insecure File ...)
@@ -164,7 +168,7 @@ CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authe
CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...)
TODO: check
CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...)
- TODO: check
+ NOT-FOR-US: Zod
CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...)
- lemonldap-ng 2.17.1+ds-1
[bookworm] - lemonldap-ng <no-dsa> (Minor issue)
@@ -196,7 +200,7 @@ CVE-2023-44164 (The 'Email' parameter of the process_login.php resource does no
CVE-2023-44163 (The 'search' parameter of the process_search.php resource does not va ...)
TODO: check
CVE-2023-43740 (Online Book Store Project v1.0 is vulnerable to an Insecure File Uploa ...)
- TODO: check
+ NOT-FOR-US: Online Book Store Project
CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not validate t ...)
TODO: check
CVE-2023-43662 (ShokoServer is a media server which specializes in organizing anime. I ...)
@@ -277,7 +281,7 @@ CVE-2023-43657 (discourse-encrypt is a plugin that provides a secure communicati
CVE-2023-43323 (mooSocial 3.1.8 is vulnerable to external service interaction on post ...)
NOT-FOR-US: mooSocial
CVE-2023-43226 (An arbitrary file upload vulnerability in dede/baidunews.php in DedeCM ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2023-43044 (IBM License Metric Tool 9.2 could allow a remote attacker to traverse ...)
NOT-FOR-US: IBM
CVE-2023-41911 (Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 ...)
@@ -301,7 +305,7 @@ CVE-2023-44276 (OPNsense before 23.7.5 allows XSS via the index.php sequence par
CVE-2023-44275 (OPNsense before 23.7.5 allows XSS via the index.php column_count param ...)
NOT-FOR-US: OPNsense
CVE-2023-44273 (Consensys gnark-crypto through 0.11.2 allows Signature Malleability. T ...)
- TODO: check
+ NOT-FOR-US: Consensys gnark-crypto
CVE-2023-44080 (An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attack ...)
NOT-FOR-US: PGYER codefever
CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that d ...)
@@ -343,21 +347,21 @@ CVE-2023-41446 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.
CVE-2023-41445 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41444 (An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attac ...)
- TODO: check
+ NOT-FOR-US: Binalyze IREC.sys
CVE-2023-40026 (Argo CD is a declarative continuous deployment framework for Kubernete ...)
NOT-FOR-US: Argo CD
CVE-2023-38877 (A host header injection vulnerability exists in gugoan's Economizzer v ...)
- TODO: check
+ NOT-FOR-US: gugoan's Economizzer
CVE-2023-38874 (A remote code execution (RCE) vulnerability via an insecure file uploa ...)
- TODO: check
+ NOT-FOR-US: gugoan's Economizzer
CVE-2023-38873 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer ...)
- TODO: check
+ NOT-FOR-US: gugoan's Economizzer
CVE-2023-38872 (An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Eco ...)
- TODO: check
+ NOT-FOR-US: gugoan's Economizzer
CVE-2023-38871 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer ...)
- TODO: check
+ NOT-FOR-US: gugoan's Economizzer
CVE-2023-38870 (A SQL injection vulnerability exists in gugoan Economizzer commit 3730 ...)
- TODO: check
+ NOT-FOR-US: gugoan's Economizzer
CVE-2023-42119 [Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability]
- exim4 <unfixed>
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
@@ -716,27 +720,27 @@ CVE-2023-41065 (A privacy issue was addressed with improved private data redacti
CVE-2023-41063 (The issue was addressed with improved memory handling. This issue is f ...)
TODO: check
CVE-2023-40677 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40676 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jaso ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40669 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40668 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40667 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40665 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40664 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40605 (Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40541 (This issue was addressed by adding an additional prompt for user conse ...)
TODO: check
CVE-2023-40520 (The issue was addressed with improved checks. This issue is fixed in t ...)
@@ -823,7 +827,7 @@ CVE-2023-40386 (A privacy issue was addressed with improved handling of temporar
CVE-2023-40384 (A permissions issue was addressed with improved redaction of sensitive ...)
TODO: check
CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Pe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39434 (A use-after-free issue was addressed with improved memory management. ...)
{DSA-5468-1}
- webkit2gtk 2.40.5-1
@@ -846,7 +850,7 @@ CVE-2023-35990 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-35984 (The issue was addressed with improved checks. This issue is fixed in t ...)
TODO: check
CVE-2023-35793 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...)
- TODO: check
+ NOT-FOR-US: Cassia Access Controller
CVE-2023-35074 (The issue was addressed with improved memory handling. This issue is f ...)
{DSA-5396-1}
- webkit2gtk 2.40.0-1
@@ -855,7 +859,7 @@ CVE-2023-35074 (The issue was addressed with improved memory handling. This issu
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0009.html
CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: MRV Tech Logging Administration Panel
CVE-2023-32421 (A privacy issue was addressed with improved handling of temporary file ...)
TODO: check
CVE-2023-32396 (This issue was addressed with improved checks. This issue is fixed in ...)
@@ -865,7 +869,7 @@ CVE-2023-32377 (A buffer overflow issue was addressed with improved memory handl
CVE-2023-32361 (The issue was addressed with improved handling of caches. This issue i ...)
TODO: check
CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server
CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...)
TODO: check
CVE-2023-43040 [Improperly verified POST keys]
@@ -1101,7 +1105,9 @@ CVE-2023-4148 (The Ditty WordPress plugin before 3.1.25 does not sanitise and es
CVE-2023-43644 (Sing-box is an open source proxy system. Affected versions are subject ...)
NOT-FOR-US: sing-box
CVE-2023-43642 (snappy-java is a Java port of the snappy, a fast C++ compresser/decomp ...)
- TODO: check
+ - snappy-java <unfixed>
+ NOTE: https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5 (v1.1.10.4)
+ NOTE: https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
CVE-2023-43458 (Cross Site Scripting (XSS) vulnerability in Resort Reservation System ...)
NOT-FOR-US: Resort Reservation System
CVE-2023-43456 (Cross Site Scripting vulnerability in Service Provider Management Syst ...)
@@ -1129,7 +1135,7 @@ CVE-2023-41867 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ac
CVE-2023-41863 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. ...)
NOT-FOR-US: WordPress plugin
CVE-2023-41419 (An issue in Gevent Gevent before version 23.9.1 allows a remote attack ...)
- TODO: check
+ NOT-FOR-US: Gevent Gevent
CVE-2023-41303 (Command injection vulnerability in the distributed file system module. ...)
NOT-FOR-US: Huawei
CVE-2023-41302 (Redirection permission verification vulnerability in the home screen m ...)
@@ -1629,7 +1635,7 @@ CVE-2023-40932 (A Cross-site scripting (XSS) vulnerability in Nagios XI version
CVE-2023-40931 (A SQL injection vulnerability in Nagios XI from version 5.11.0 up to a ...)
NOT-FOR-US: Nagios XI
CVE-2023-39575 (A reflected cross-site scripting (XSS) vulnerability in the url_str UR ...)
- TODO: check
+ NOT-FOR-US: ISL ARP Guard
CVE-2023-38888 (Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and be ...)
- dolibarr <removed>
CVE-2023-38887 (File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allo ...)
@@ -18484,7 +18490,7 @@ CVE-2023-2317 (DOM-based XSS in updater/update.html in Typora before 1.6.7 on Wi
CVE-2023-2316 (Improper path handling in Typora before 1.6.7 on Windows and Linux all ...)
NOT-FOR-US: Typora
CVE-2023-2315 (Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authe ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2023-31269
RESERVED
CVE-2023-31268
@@ -19334,7 +19340,7 @@ CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabl
CVE-2023-30962 (The Gotham Cerberus service was found to have a stored cross-site scri ...)
NOT-FOR-US: Gotham Cerberus
CVE-2023-30961 (Palantir Gotham was found to be vulnerable to a bug where under certai ...)
- TODO: check
+ NOT-FOR-US: Palantir Gotham
CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...)
NOT-FOR-US: Palantir
CVE-2023-30959 (In Apollo change requests, comments added by users could contain a ja ...)
@@ -20537,7 +20543,7 @@ CVE-2023-30593
CVE-2023-30592
RESERVED
CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attacker ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2023-30590
RESERVED
- nodejs <unfixed> (bug #1039990)
@@ -21115,7 +21121,7 @@ CVE-2023-30495
CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30492
RESERVED
CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard ...)
@@ -21157,9 +21163,9 @@ CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang
CVE-2023-30473 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...)
NOT-FOR-US: WordPress Plugin
CVE-2023-30472 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode generati ...)
NOT-FOR-US: Facebook Hermes
CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...)
@@ -21358,7 +21364,7 @@ CVE-2023-30417 (A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up
CVE-2023-30416
RESERVED
CVE-2023-30415 (Sourcecodester Packers and Movers Management System v1.0 was discovere ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Packers and Movers Management System
CVE-2023-30414 (Jerryscript commit 1a2c047 was discovered to contain a stack overflow ...)
- iotjs <removed>
[bullseye] - iotjs <ignored> (Minor issue)
@@ -23413,7 +23419,7 @@ CVE-2023-29506 (XWiki Commons are technical libraries common to several other to
CVE-2023-29505 (An issue was discovered in Zoho ManageEngine Network Configuration Man ...)
NOT-FOR-US: Zoho
CVE-2023-28393 (A stack-based buffer overflow vulnerability exists in the tif_processi ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2023-1942 (A vulnerability has been found in SourceCodester Online Computer and L ...)
NOT-FOR-US: SourceCodester Online Computer and Laptop Store
CVE-2023-1941 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -26078,7 +26084,7 @@ CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I
CVE-2023-28791
RESERVED
CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Bre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28788
@@ -27090,7 +27096,7 @@ CVE-2023-28492
CVE-2023-28491
RESERVED
CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
NOT-FOR-US: Siemens
CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate the ge ...)
@@ -28734,7 +28740,7 @@ CVE-2023-28057
CVE-2023-28056 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2023-28055 (Dell NetWorker, Version 19.7 has an improper authorization vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. A local ...)
NOT-FOR-US: Dell
CVE-2023-28053
@@ -30108,7 +30114,7 @@ CVE-2023-27630
CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27626
@@ -30120,7 +30126,7 @@ CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-27623
RESERVED
CVE-2023-27622 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27621 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...)
@@ -30130,9 +30136,9 @@ CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerab
CVE-2023-27618 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGI ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27617 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Ca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27615
RESERVED
CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...)
@@ -30505,7 +30511,7 @@ CVE-2023-27522 (HTTP Response Smuggling vulnerability in Apache HTTP Server via
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-27522
NOTE: https://github.com/apache/httpd/commit/0df5879df8f16b4101ea2365672178b4ae899e9e (r1907980)
CVE-2023-23567 (A heap-based buffer overflow vulnerability exists in the CreateDIBfrom ...)
- TODO: check
+ NOT-FOR-US: Accusoft ImageGear
CVE-2023-1155 (The Cost Calculator plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: Cost Calculator plugin for WordPress
CVE-2023-1154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -36569,7 +36575,7 @@ CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25483 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anki ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25482 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tile ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Sub ...)
@@ -37797,7 +37803,7 @@ CVE-2023-25001 (A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2
CVE-2023-0634
REJECTED
CVE-2023-0633 (In Docker Desktop on Windows before 4.12.0 an argument injection to in ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2023-0632 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2023-0631 (The Paid Memberships Pro WordPress plugin before 2.9.12 does not preve ...)
@@ -37809,11 +37815,11 @@ CVE-2023-0629 (Docker Desktop before 4.17.0 allows an unprivileged user to bypas
CVE-2023-0628 (Docker Desktop before 4.17.0 allows an attacker to execute an arbitrar ...)
NOT-FOR-US: Docker Desktop
CVE-2023-0627 (Docker Desktop 4.11.x allows --no-windows-containers flag bypass via I ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2023-0626 (Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2023-0625 (Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extens ...)
- TODO: check
+ NOT-FOR-US: Docker Desktop
CVE-2023-0624 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...)
NOT-FOR-US: OrangeScrum
CVE-2023-0623 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...)
@@ -40863,7 +40869,7 @@ CVE-2023-23960
CVE-2023-23959
RESERVED
CVE-2023-23958 (Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Ha ...)
- TODO: check
+ NOT-FOR-US: Symantec Protection Engine
CVE-2023-23957 (An authenticated user can see and modify the value for \u2018next\u201 ...)
NOT-FOR-US: Symantec Identity Portal
CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...)
@@ -45836,7 +45842,7 @@ CVE-2023-22515
CVE-2023-22514
RESERVED
CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...)
- TODO: check
+ NOT-FOR-US: Bitbucket Data Center and Server
CVE-2023-22512
RESERVED
CVE-2023-22511
@@ -50956,9 +50962,9 @@ CVE-2022-47189 (Generex UPS CS141 below 2.06 version, allows an attacker touploa
CVE-2022-47188 (There is an arbitrary file reading vulnerability in Generex UPS CS141 ...)
NOT-FOR-US: Generex UPS CS141
CVE-2022-47187 (There is a file upload XSS vulnerability in Generex CS141 below 2.06 v ...)
- TODO: check
+ NOT-FOR-US: Generex CS141
CVE-2022-47186 (There is an unrestricted upload of file vulnerability in Generex CS141 ...)
- TODO: check
+ NOT-FOR-US: Generex CS141
CVE-2022-47185 (Improper input validation vulnerability on the range header in Apache ...)
- trafficserver 9.2.2+ds-1 (bug #1043430)
NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
@@ -62715,7 +62721,7 @@ CVE-2023-20270
CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...)
NOT-FOR-US: Cisco
CVE-2023-20268 (A vulnerability in the packet processing functionality of Cisco access ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20267
RESERVED
CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified Communicat ...)
@@ -62727,7 +62733,7 @@ CVE-2023-20264
CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
NOT-FOR-US: Cisco
CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager co ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20261
RESERVED
CVE-2023-20260
@@ -62743,13 +62749,13 @@ CVE-2023-20256
CVE-2023-20255
RESERVED
CVE-2023-20254 (A vulnerability in the session management system of the Cisco Catalyst ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20253 (A vulnerability in the command line interface (cli) management interfa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20252 (A vulnerability in the Security Assertion Markup Language (SAML) APIs ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20251 (A vulnerability in the memory buffer of Cisco Wireless LAN Controller ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20250 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20249
@@ -62789,7 +62795,7 @@ CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) featu
CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...)
NOT-FOR-US: Cisco
CVE-2023-20231 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20230 (A vulnerability in the restricted security domain implementation of Ci ...)
NOT-FOR-US: Cisco
CVE-2023-20229 (A vulnerability in the CryptoService function of Cisco Duo Device Heal ...)
@@ -62797,15 +62803,15 @@ CVE-2023-20229 (A vulnerability in the CryptoService function of Cisco Duo Devic
CVE-2023-20228 (A vulnerability in the web-based management interface of Cisco Integra ...)
NOT-FOR-US: Cisco
CVE-2023-20227 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20226 (A vulnerability in Application Quality of Experience (AppQoE) and Unif ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20225
RESERVED
CVE-2023-20224 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...)
NOT-FOR-US: Cisco
CVE-2023-20223 (A vulnerability in Cisco DNA Center could allow an unauthenticated, re ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20222 (A vulnerability in the web-based management interface of Cisco Prime I ...)
NOT-FOR-US: Cisco
CVE-2023-20221 (A vulnerability in the web-based management interface of Cisco IP Phon ...)
@@ -62851,7 +62857,7 @@ CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco B
CVE-2023-20203 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20202 (A vulnerability in the Wireless Network Control daemon (wncd) of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20201 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2023-20200 (A vulnerability in the Simple Network Management Protocol (SNMP) servi ...)
@@ -62885,9 +62891,9 @@ CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of cert
CVE-2023-20188 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2023-20187 (A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) featu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20186 (A vulnerability in the Authentication, Authorization, and Accounting ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20185 (A vulnerability in the Cisco ACI Multi-Site CloudSec encryption featur ...)
NOT-FOR-US: Cisco
CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...)
@@ -62901,13 +62907,13 @@ CVE-2023-20181 (A vulnerability in the web-based management interface of Cisco S
CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings could all ...)
NOT-FOR-US: Cisco
CVE-2023-20179 (A vulnerability in the web-based management interface of Cisco Catalys ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20178 (A vulnerability in the client update process of Cisco AnyConnect Secur ...)
NOT-FOR-US: Cisco
CVE-2023-20177
RESERVED
CVE-2023-20176 (A vulnerability in the networking component of Cisco access point (AP) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20175
RESERVED
CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -63041,7 +63047,7 @@ CVE-2023-20111 (A vulnerability in the web-based management interface of Cisco I
CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco Smart S ...)
NOT-FOR-US: Cisco
CVE-2023-20109 (A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20108 (A vulnerability in the XCP Authentication Service of the Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG), also ...)
@@ -63194,9 +63200,9 @@ CVE-2023-20036
CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
NOT-FOR-US: Cisco
CVE-2023-20034 (Vulnerability in the Elasticsearch database used in the of Cisco SD-WA ...)
- TODO: check
+ - elasticsearch <removed>
CVE-2023-20033 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...)
{DLA-3328-1}
- clamav 1.0.1+dfsg-1 (bug #1031509)
@@ -85385,7 +85391,7 @@ CVE-2022-35910 (In Jellyfin before 10.8, stored XSS allows theft of an admin acc
CVE-2022-35909 (In Jellyfin before 10.8, the /users endpoint has incorrect access cont ...)
- jellyfin <itp> (bug #994189)
CVE-2022-35908 (Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitiz ...)
- TODO: check
+ NOT-FOR-US: Cambium Enterprise Wi-Fi System Software
CVE-2022-35907
RESERVED
CVE-2022-35906 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...)
@@ -152885,7 +152891,7 @@ CVE-2021-38245
CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...)
NOT-FOR-US: cbioportal
CVE-2021-38243 (xunruicms <=4.5.1 is vulnerable to Remote Code Execution.)
- TODO: check
+ NOT-FOR-US: xunruicms
CVE-2021-38242
RESERVED
CVE-2021-38241 (Deserialization issue discovered in Ruoyi before 4.6.1 allows remote a ...)
@@ -480340,7 +480346,7 @@ CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nib
CVE-2015-6965 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Cont ...)
NOT-FOR-US: Contact Form Generator plugin for WordPress
CVE-2015-6964 (MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping atta ...)
- TODO: check
+ NOT-FOR-US: MultiBit HD
CVE-2015-6963
REJECTED
CVE-2015-6962 (SQL injection vulnerability in the web application in Farol allows rem ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8b749e7e1fd7df332c64f5a41a1d676eedcdd393...9d16b9225081cc4ea74cc04a145ac1ddf9edec4f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8b749e7e1fd7df332c64f5a41a1d676eedcdd393...9d16b9225081cc4ea74cc04a145ac1ddf9edec4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230930/a1e70698/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list