[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 28 Oct 2023 01:12:05 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ef9b2710 by security tracker role at 2023-10-28T08:11:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom 
location with  ...)
+       TODO: check
+CVE-2023-5830 (A vulnerability classified as critical has been found in 
ColumbiaSoft  ...)
+       TODO: check
+CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5 
allows a loca ...)
+       TODO: check
+CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in 
the prin ...)
+       TODO: check
+CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in 
the prin ...)
+       TODO: check
+CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R 
v.4.1cu.4154 ...)
+       TODO: check
+CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows 
an attack ...)
+       TODO: check
+CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote 
attacker  ...)
+       TODO: check
+CVE-2023-46468 (An issue in juzawebCMS v.3.4 and before allows a remote 
attacker to ex ...)
+       TODO: check
+CVE-2023-46467 (Cross Site Scripting vulnerability in juzawebCMS v.3.4 and 
before allo ...)
+       TODO: check
+CVE-2023-46215 (Insertion of Sensitive Information into Log File vulnerability 
in Apac ...)
+       TODO: check
+CVE-2023-46211 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-46209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
G5Theme  ...)
+       TODO: check
+CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Stylemix ...)
+       TODO: check
+CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Step ...)
+       TODO: check
+CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple 
Authent ...)
+       TODO: check
+CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to 
v5.2.19, v5. ...)
+       TODO: check
+CVE-2023-40140 (In android_view_InputDevice_create of 
android_view_InputDevice.cpp, th ...)
+       TODO: check
+CVE-2023-40139 (In FillUi of FillUi.java, there is a possible way to view 
another user ...)
+       TODO: check
+CVE-2023-40138 (In FillUi of FillUi.java, there is a possible way to view 
another user ...)
+       TODO: check
+CVE-2023-40137 (In multiple functions of DialogFillUi.java, there is a 
possible way to ...)
+       TODO: check
+CVE-2023-40136 (In setHeader of DialogFillUi.java, there is a possible way to 
view ano ...)
+       TODO: check
+CVE-2023-40135 (In applyCustomDescription of SaveUi.java, there is a possible 
way to v ...)
+       TODO: check
+CVE-2023-40134 (In isFullScreen of FillUi.java, there is a possible way to 
view anothe ...)
+       TODO: check
+CVE-2023-40133 (In multiple locations of DialogFillUi.java, there is a 
possible way to ...)
+       TODO: check
+CVE-2023-40131 (In GpuService of GpuService.cpp, there is a possible use after 
free du ...)
+       TODO: check
+CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a 
possible ...)
+       TODO: check
+CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out 
of boun ...)
+       TODO: check
+CVE-2023-40128 (In several functions of xmlregexp.c, there is a possible out 
of bounds ...)
+       TODO: check
+CVE-2023-40127 (In multiple locations, there is a possible way to access 
screenshots d ...)
+       TODO: check
+CVE-2023-40125 (In onCreate of ApnEditor.java, there is a possible way for a 
Guest use ...)
+       TODO: check
+CVE-2023-40123 (In updateActionViews of PipMenuView.java, there is a possible 
bypass o ...)
+       TODO: check
+CVE-2023-40121 (In appendEscapedSQLString of DatabaseUtils.java, there is a 
possible S ...)
+       TODO: check
+CVE-2023-40120 (In multiple locations, there is a possible way to bypass user 
notifica ...)
+       TODO: check
+CVE-2023-40117 (In resetSettingsLocked of SettingsProvider.java, there is a 
possible l ...)
+       TODO: check
+CVE-2023-40116 (In onTaskAppeared of PipTaskOrganizer.java, there is a 
possible way to ...)
+       TODO: check
+CVE-2023-35794 (An issue was discovered in Cassia Access Controller 
2.1.1.2303271039.  ...)
+       TODO: check
+CVE-2023-32738 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Alka ...)
+       TODO: check
 CVE-2023-5829 (A vulnerability was found in code-projects Admission Management 
System ...)
        NOT-FOR-US: code-projects Admission Management System
 CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial 
Develo ...)
@@ -867,7 +943,7 @@ CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 
allows an attacker to ca
 CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA 
device to  ...)
        NOT-FOR-US: PingFederate
 CVE-2023-5732 (An attacker could have created a malicious link using 
bidirectional ch ...)
-       {DSA-5535-1 DLA-3632-1}
+       {DSA-5538-1 DSA-5535-1 DLA-3632-1}
        - firefox-esr 115.4.0esr-1
        - thunderbird 1:115.4.1-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
@@ -876,7 +952,7 @@ CVE-2023-5731 (Memory safety bugs present in Firefox 118. 
Some of these bugs sho
        - firefox 119.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
 CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, 
and Thun ...)
-       {DSA-5535-1 DLA-3632-1}
+       {DSA-5538-1 DSA-5535-1 DLA-3632-1}
        - firefox 119.0-1
        - firefox-esr 115.4.0esr-1
        - thunderbird 1:115.4.1-1
@@ -887,7 +963,7 @@ CVE-2023-5729 (A malicious web site can enter fullscreen 
mode while simultaneous
        - firefox 119.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
 CVE-2023-5728 (During garbage collection extra operations were performed on a 
object  ...)
-       {DSA-5535-1 DLA-3632-1}
+       {DSA-5538-1 DSA-5535-1 DLA-3632-1}
        - firefox 119.0-1
        - firefox-esr 115.4.0esr-1
        - thunderbird 1:115.4.1-1
@@ -909,7 +985,7 @@ CVE-2023-5726 (A website could have obscured the full 
screen notification by usi
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726
 CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, 
which un ...)
-       {DSA-5535-1 DLA-3632-1}
+       {DSA-5538-1 DSA-5535-1 DLA-3632-1}
        - firefox 119.0-1
        - firefox-esr 115.4.0esr-1
        - thunderbird 1:115.4.1-1
@@ -917,7 +993,7 @@ CVE-2023-5725 (A malicious installed WebExtension could 
open arbitrary URLs, whi
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5725
 CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and 
in som ...)
-       {DSA-5535-1 DLA-3632-1}
+       {DSA-5538-1 DSA-5535-1 DLA-3632-1}
        - firefox 119.0-1
        - firefox-esr 115.4.0esr-1
        - thunderbird 1:115.4.1-1
@@ -931,7 +1007,7 @@ CVE-2023-5722 (Using iterative requests an attacker was 
able to learn the size o
        - firefox 119.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
 CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be 
activate ...)
-       {DSA-5535-1 DLA-3632-1}
+       {DSA-5538-1 DSA-5535-1 DLA-3632-1}
        - firefox 119.0-1
        - firefox-esr 115.4.0esr-1
        - thunderbird 1:115.4.1-1
@@ -93523,12 +93599,12 @@ CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an 
integer signedness error a
        [buster] - u-boot <no-dsa> (Minor issue)
        NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
        NOTE: 
https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
 (v2022.07-rc6)
-CVE-2022-34834
-       RESERVED
-CVE-2022-34833
-       RESERVED
-CVE-2022-34832
-       RESERVED
+CVE-2022-34834 (An issue was discovered in VERMEG AgileReporter 21.3. 
Attackers can ga ...)
+       TODO: check
+CVE-2022-34833 (An issue was discovered in VERMEG AgileReporter 21.3. An admin 
can ent ...)
+       TODO: check
+CVE-2022-34832 (An issue was discovered in VERMEG AgileReporter 21.3. XXE can 
occur vi ...)
+       TODO: check
 CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 
7.9.0, rela ...)
        NOT-FOR-US: Keyfactor
 CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race 
Condition t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef9b27109a075997ad84cc7f58f26e0ddc08cc8c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef9b27109a075997ad84cc7f58f26e0ddc08cc8c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to