Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f94d33e3 by security tracker role at 2023-10-18T08:12:02+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,69 @@ +CVE-2023-5626 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior t ...) + TODO: check +CVE-2023-5621 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) + TODO: check +CVE-2023-5552 (A password disclosure vulnerability in the Secure PDF eXchange (SPX) f ...) + TODO: check +CVE-2023-5538 (The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross ...) + TODO: check +CVE-2023-4938 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) + TODO: check +CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__p ...) + TODO: check +CVE-2023-45810 (OpenFGA is a flexible authorization/permission engine built for develo ...) + TODO: check +CVE-2023-45051 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + TODO: check +CVE-2023-45049 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check +CVE-2023-45008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJo ...) + TODO: check +CVE-2023-42507 (Stack-based buffer overflow vulnerability exists in OnSinView2 version ...) + TODO: check +CVE-2023-42506 (Improper restriction of operations within the bounds of a memory buffe ...) + TODO: check +CVE-2023-42319 (Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, ...) + TODO: check +CVE-2023-41715 (SonicOS post-authentication Improper Privilege Management vulnerabilit ...) + TODO: check +CVE-2023-41713 (SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyT ...) + TODO: check +CVE-2023-41712 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...) + TODO: check +CVE-2023-41711 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...) + TODO: check +CVE-2023-41631 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...) + TODO: check +CVE-2023-41630 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...) + TODO: check +CVE-2023-41629 (A lack of input sanitizing in the file download feature of eSST Monito ...) + TODO: check +CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is vulnerable to C ...) + TODO: check +CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the NormalizationFilter does ...) + TODO: check +CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either strings o ...) + TODO: check +CVE-2023-39331 (A previously disclosed vulnerability (CVE-2023-30584) was patched insu ...) + TODO: check +CVE-2023-39280 (SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerabilit ...) + TODO: check +CVE-2023-39279 (SonicOS post-authentication Stack-Based Buffer Overflow vulnerability ...) + TODO: check +CVE-2023-39278 (SonicOS post-authentication user assertion failure leads to Stack-Base ...) + TODO: check +CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow vulnerability ...) + TODO: check +CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow vulnerability ...) + TODO: check +CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resource aga ...) + TODO: check +CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas discove ...) + TODO: check +CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...) + TODO: check +CVE-2023-35083 (Allows an authenticated attacker with network access to read arbitrary ...) + TODO: check CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown element ...) TODO: check CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during initial ...) @@ -1058,13 +1124,13 @@ CVE-2023-4421 - nss 2:3.93-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2238677 NOTE: https://hg.mozilla.org/projects/nss/rev/fc05574c739947d615ab0b2b2b564f01c922eccd -CVE-2023-38546 +CVE-2023-38546 (This flaw allows an attacker to insert cookies at will into a running ...) {DSA-5523-1 DLA-3613-1} - curl 8.3.0-3 NOTE: https://curl.se/docs/CVE-2023-38546.html NOTE: Fixed in https://github.com/curl/curl/commit/61275672b46d9abb32857404 (curl-8_4_0) NOTE: Introduced in https://github.com/curl/curl/commit/74d5a6fb3b9a96d9f -CVE-2023-38545 +CVE-2023-38545 (This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy ...) {DSA-5523-1} - curl 8.3.0-3 [buster] - curl <not-affected> (Vulnerable code not present) @@ -31569,7 +31635,7 @@ CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to t NOT-FOR-US: expo.io CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...) NOT-FOR-US: Gaia Portal -CVE-2023-28129 (Desktop & Server Management (DSM) may have a possible execution of arb ...) +CVE-2023-28129 (DSM 2022.2 SU2 and all prior versions allows a local low privileged ac ...) NOT-FOR-US: Ivanti CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...) NOT-FOR-US: Avalanche @@ -39596,8 +39662,8 @@ CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet W NOT-FOR-US: WordPress plugin CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotu ...) NOT-FOR-US: WordPress plugin -CVE-2023-25476 - RESERVED +CVE-2023-25476 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic Am ...) + TODO: check CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac S ...) NOT-FOR-US: WordPress plugin CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About M ...) @@ -51896,140 +51962,140 @@ CVE-2023-22132 RESERVED CVE-2023-22131 RESERVED -CVE-2023-22130 - RESERVED -CVE-2023-22129 - RESERVED -CVE-2023-22128 - RESERVED -CVE-2023-22127 - RESERVED -CVE-2023-22126 - RESERVED -CVE-2023-22125 - RESERVED -CVE-2023-22124 - RESERVED -CVE-2023-22123 - RESERVED -CVE-2023-22122 - RESERVED -CVE-2023-22121 - RESERVED +CVE-2023-22130 (Vulnerability in the Sun ZFS Storage Appliance product of Oracle Syste ...) + TODO: check +CVE-2023-22129 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2023-22128 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2023-22127 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2023-22126 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...) + TODO: check +CVE-2023-22125 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + TODO: check +CVE-2023-22124 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + TODO: check +CVE-2023-22123 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + TODO: check +CVE-2023-22122 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + TODO: check +CVE-2023-22121 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + TODO: check CVE-2023-22120 RESERVED -CVE-2023-22119 - RESERVED -CVE-2023-22118 - RESERVED -CVE-2023-22117 - RESERVED +CVE-2023-22119 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + TODO: check +CVE-2023-22118 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + TODO: check +CVE-2023-22117 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + TODO: check CVE-2023-22116 RESERVED -CVE-2023-22115 - RESERVED -CVE-2023-22114 - RESERVED -CVE-2023-22113 - RESERVED -CVE-2023-22112 - RESERVED -CVE-2023-22111 - RESERVED -CVE-2023-22110 - RESERVED -CVE-2023-22109 - RESERVED -CVE-2023-22108 - RESERVED -CVE-2023-22107 - RESERVED -CVE-2023-22106 - RESERVED -CVE-2023-22105 - RESERVED -CVE-2023-22104 - RESERVED -CVE-2023-22103 - RESERVED -CVE-2023-22102 - RESERVED -CVE-2023-22101 - RESERVED -CVE-2023-22100 - RESERVED -CVE-2023-22099 - RESERVED -CVE-2023-22098 - RESERVED -CVE-2023-22097 - RESERVED -CVE-2023-22096 - RESERVED -CVE-2023-22095 - RESERVED -CVE-2023-22094 - RESERVED -CVE-2023-22093 - RESERVED -CVE-2023-22092 - RESERVED -CVE-2023-22091 - RESERVED -CVE-2023-22090 - RESERVED -CVE-2023-22089 - RESERVED -CVE-2023-22088 - RESERVED -CVE-2023-22087 - RESERVED -CVE-2023-22086 - RESERVED -CVE-2023-22085 - RESERVED -CVE-2023-22084 - RESERVED -CVE-2023-22083 - RESERVED -CVE-2023-22082 - RESERVED -CVE-2023-22081 - RESERVED -CVE-2023-22080 - RESERVED -CVE-2023-22079 - RESERVED -CVE-2023-22078 - RESERVED -CVE-2023-22077 - RESERVED -CVE-2023-22076 - RESERVED -CVE-2023-22075 - RESERVED -CVE-2023-22074 - RESERVED -CVE-2023-22073 - RESERVED -CVE-2023-22072 - RESERVED -CVE-2023-22071 - RESERVED -CVE-2023-22070 - RESERVED -CVE-2023-22069 - RESERVED -CVE-2023-22068 - RESERVED -CVE-2023-22067 - RESERVED -CVE-2023-22066 - RESERVED -CVE-2023-22065 - RESERVED -CVE-2023-22064 - RESERVED +CVE-2023-22115 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22114 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22113 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22112 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22111 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22110 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22109 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2023-22108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2023-22107 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...) + TODO: check +CVE-2023-22106 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...) + TODO: check +CVE-2023-22105 (Vulnerability in the BI Publisher product of Oracle Analytics (compone ...) + TODO: check +CVE-2023-22104 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22102 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) + TODO: check +CVE-2023-22101 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2023-22100 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2023-22099 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2023-22098 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + TODO: check +CVE-2023-22097 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22096 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) + TODO: check +CVE-2023-22095 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22094 (Vulnerability in the MySQL Installer product of Oracle MySQL (componen ...) + TODO: check +CVE-2023-22093 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...) + TODO: check +CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE ...) + TODO: check +CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) + TODO: check +CVE-2023-22089 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2023-22088 (Vulnerability in the Oracle Communications Order and Service Managemen ...) + TODO: check +CVE-2023-22087 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...) + TODO: check +CVE-2023-22086 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2023-22085 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...) + TODO: check +CVE-2023-22084 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) + TODO: check +CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of ...) + TODO: check +CVE-2023-22080 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2023-22079 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22078 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22077 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...) + TODO: check +CVE-2023-22076 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + TODO: check +CVE-2023-22075 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...) + TODO: check +CVE-2023-22074 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...) + TODO: check +CVE-2023-22073 (Vulnerability in the Oracle Notification Server component of Oracle Da ...) + TODO: check +CVE-2023-22072 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2023-22071 (Vulnerability in the PL/SQL component of Oracle Database Server. Supp ...) + TODO: check +CVE-2023-22070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22069 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22067 (Vulnerability in Oracle Java SE (component: CORBA). Supported version ...) + TODO: check +CVE-2023-22066 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22065 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22064 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check CVE-2023-22063 RESERVED CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting product of Or ...) @@ -52038,8 +52104,8 @@ CVE-2023-22061 (Vulnerability in the Oracle Business Intelligence Enterprise Edi NOT-FOR-US: Oracle CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyper ...) NOT-FOR-US: Oracle -CVE-2023-22059 - RESERVED +CVE-2023-22059 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) CVE-2023-22057 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) @@ -52104,22 +52170,22 @@ CVE-2023-22034 (Vulnerability in the Unified Audit component of Oracle Database NOT-FOR-US: Oracle CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.34-1 (bug #1041819) -CVE-2023-22032 - RESERVED +CVE-2023-22032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2023-22030 RESERVED -CVE-2023-22029 - RESERVED -CVE-2023-22028 - RESERVED +CVE-2023-22029 (Vulnerability in the Oracle Commerce Guided Search product of Oracle C ...) + TODO: check +CVE-2023-22028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle -CVE-2023-22026 - RESERVED -CVE-2023-22025 - RESERVED +CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + TODO: check CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has ...) NOT-FOR-US: Oracle CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) @@ -52130,16 +52196,16 @@ CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise Edi NOT-FOR-US: Oracle CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle -CVE-2023-22019 - RESERVED +CVE-2023-22019 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + TODO: check CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.10-dfsg-1 CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.10-dfsg-1 CVE-2023-22016 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 7.0.10-dfsg-1 -CVE-2023-22015 - RESERVED +CVE-2023-22015 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94d33e31b29f7cb2ce5bed517215e384933f3ad -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94d33e31b29f7cb2ce5bed517215e384933f3ad You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits