Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9aee9f01 by security tracker role at 2023-08-31T20:12:11+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,73 @@ +CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...) + TODO: check +CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) + TODO: check +CVE-2023-4681 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...) + TODO: check +CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.) + TODO: check +CVE-2023-41748 (Remote command execution due to improper input validation. The followi ...) + TODO: check +CVE-2023-41747 (Sensitive information disclosure due to improper input validation. The ...) + TODO: check +CVE-2023-41746 (Remote command execution due to improper input validation. The followi ...) + TODO: check +CVE-2023-41745 (Sensitive information disclosure due to excessive collection of system ...) + TODO: check +CVE-2023-41744 (Local privilege escalation due to unrestricted loading of unsigned lib ...) + TODO: check +CVE-2023-41743 (Local privilege escalation due to insecure driver communication port p ...) + TODO: check +CVE-2023-41742 (Excessive attack surface due to binding to an unrestricted IP address. ...) + TODO: check +CVE-2023-41741 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + TODO: check +CVE-2023-41740 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + TODO: check +CVE-2023-41739 (Uncontrolled resource consumption vulnerability in File Functionality ...) + TODO: check +CVE-2023-41738 (Improper neutralization of special elements used in an OS command ('OS ...) + TODO: check +CVE-2023-41717 (Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and ...) + TODO: check +CVE-2023-41642 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the E ...) + TODO: check +CVE-2023-41640 (An improper error handling vulnerability in the component ErroreNonGes ...) + TODO: check +CVE-2023-41638 (An arbitrary file upload vulnerability in the Gestione Documentale mod ...) + TODO: check +CVE-2023-41637 (An arbitrary file upload vulnerability in the Carica immagine function ...) + TODO: check +CVE-2023-41636 (A SQL injection vulnerability in the Data Richiesta dal parameter of G ...) + TODO: check +CVE-2023-41635 (A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.a ...) + TODO: check +CVE-2023-41045 (Graylog is a free and open log management platform. Graylog makes use ...) + TODO: check +CVE-2023-41044 (Graylog is a free and open log management platform. A partial path tra ...) + TODO: check +CVE-2023-41034 (Eclipse Leshan is a device management server and client Java implement ...) + TODO: check +CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + TODO: check +CVE-2023-39355 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + TODO: check +CVE-2023-39354 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + TODO: check +CVE-2023-39351 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + TODO: check +CVE-2023-39350 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + TODO: check +CVE-2023-34392 (A Missing Authentication for Critical Function vulnerability in the Sc ...) + TODO: check +CVE-2023-34391 (Insecure Inherited Permissions vulnerability in Schweitzer Engineering ...) + TODO: check +CVE-2023-33835 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a ...) + TODO: check +CVE-2023-33834 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a ...) + TODO: check +CVE-2023-33833 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensiti ...) + TODO: check CVE-2023-4655 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...) NOT-FOR-US: icms2 CVE-2023-4654 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) @@ -292,6 +362,7 @@ CVE-2023-4611 (A use-after-free flaw was found in mm/mempolicy.c in the memory m CVE-2023-4481 NOT-FOR-US: Juniper CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 ...) + {DSA-5487-1} - chromium 116.0.5845.140-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...) @@ -6122,7 +6193,8 @@ CVE-2023-36832 (An Improper Handling of Exceptional Conditions vulnerability in NOT-FOR-US: Juniper CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) NOT-FOR-US: Juniper -CVE-2023-36119 (File upload vulnerability in PHPGurukul Online Security Guards Hiring ...) +CVE-2023-36119 + REJECTED NOT-FOR-US: PHPGurukul Online Security Guards Hiring System CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible way to se ...) NOT-FOR-US: Android @@ -14458,24 +14530,24 @@ CVE-2023-31177 RESERVED CVE-2023-31176 RESERVED -CVE-2023-31175 - RESERVED -CVE-2023-31174 - RESERVED -CVE-2023-31173 - RESERVED -CVE-2023-31172 - RESERVED -CVE-2023-31171 - RESERVED -CVE-2023-31170 - RESERVED -CVE-2023-31169 - RESERVED -CVE-2023-31168 - RESERVED -CVE-2023-31167 - RESERVED +CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the Schweitz ...) + TODO: check +CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer En ...) + TODO: check +CVE-2023-31173 (Use of Hard-coded Credentials vulnerability in Schweitzer Engineering ...) + TODO: check +CVE-2023-31172 (An Incomplete Filtering of Special Elements vulnerability in the Schwe ...) + TODO: check +CVE-2023-31171 (An Improper Neutralization of Special Elements used in an SQL Command ...) + TODO: check +CVE-2023-31170 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...) + TODO: check +CVE-2023-31169 (An Improper Handling of Unicode Encoding vulnerability in the Schweitz ...) + TODO: check +CVE-2023-31168 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...) + TODO: check +CVE-2023-31167 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + TODO: check CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) @@ -21704,8 +21776,8 @@ CVE-2023-28803 RESERVED CVE-2023-28802 RESERVED -CVE-2023-28801 - RESERVED +CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...) + TODO: check CVE-2023-28800 (When using local accounts for administration, the redirect url paramet ...) NOT-FOR-US: Zscaler CVE-2023-28799 (A URL parameter during login flow was vulnerable to injection. An atta ...) @@ -47457,10 +47529,10 @@ CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities th NOTE: https://lists.debian.org/debian-lts/2023/06/msg00051.html CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) NOT-FOR-US: Apache Zeppelin -CVE-2022-46869 - RESERVED -CVE-2022-46868 - RESERVED +CVE-2022-46869 (Local privilege escalation during installation due to improper soft li ...) + TODO: check +CVE-2022-46868 (Local privilege escalation during recovery due to improper soft link h ...) + TODO: check CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...) NOT-FOR-US: WordPress plugin CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...) @@ -51738,8 +51810,8 @@ CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are a NOT-FOR-US: Acronis CVE-2022-45452 (Local privilege escalation due to insecure folder permissions. The fol ...) NOT-FOR-US: Acronis -CVE-2022-45451 - RESERVED +CVE-2022-45451 (Local privilege escalation due to insecure driver communication port p ...) + TODO: check CVE-2022-45450 (Sensitive information disclosure and manipulation due to improper auth ...) NOT-FOR-US: Acronis CVE-2022-45449 @@ -55456,8 +55528,7 @@ CVE-2023-20902 RESERVED CVE-2023-20901 RESERVED -CVE-2023-20900 - RESERVED +CVE-2023-20900 (VMware Tools contains a SAML token signature bypass vulnerability.A ma ...) - open-vm-tools <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1 NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch @@ -66528,7 +66599,7 @@ CVE-2022-41311 (A stored cross-site scripting vulnerability exists in the web ap CVE-2022-40691 (An information disclosure vulnerability exists in the web application ...) NOT-FOR-US: Moxa CVE-2022-40214 - RESERVED + REJECTED CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) - gitlab 15.10.8+ds1-2 CVE-2022-3264 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aee9f01ba6ef3f1ae5ade180922ac08051d19bf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9aee9f01ba6ef3f1ae5ade180922ac08051d19bf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits