[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 23 Oct 2023 01:11:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
89cf2160 by security tracker role at 2023-10-23T08:11:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 
2.1.3.0 and  ...)
+       TODO: check
+CVE-2023-5701 (A vulnerability has been found in vnotex vnote up to 3.17.0 and 
classi ...)
+       TODO: check
+CVE-2023-5700 (A vulnerability, which was classified as critical, was found in 
Netent ...)
+       TODO: check
+CVE-2023-5699 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2023-5698 (A vulnerability classified as problematic was found in 
CodeAstro Inter ...)
+       TODO: check
+CVE-2023-5697 (A vulnerability classified as problematic has been found in 
CodeAstro  ...)
+       TODO: check
+CVE-2023-5696 (A vulnerability was found in CodeAstro Internet Banking System 
1.0. It ...)
+       TODO: check
+CVE-2023-5695 (A vulnerability was found in CodeAstro Internet Banking System 
1.0. It ...)
+       TODO: check
+CVE-2023-5694 (A vulnerability was found in CodeAstro Internet Banking System 
1.0. It ...)
+       TODO: check
+CVE-2023-5693 (A vulnerability was found in CodeAstro Internet Banking System 
1.0 and ...)
+       TODO: check
+CVE-2023-46324 (pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 
1.19 is u ...)
+       TODO: check
+CVE-2023-46322 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not 
sanitize  ...)
+       TODO: check
+CVE-2023-46321 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not 
sanitize  ...)
+       TODO: check
+CVE-2023-46319 (WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows 
unauthen ...)
+       TODO: check
+CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections 
upon receiv ...)
+       TODO: check
+CVE-2023-46315 (The zanllp sd-webui-infinite-image-browsing (aka Infinite 
Image Browsi ...)
+       TODO: check
+CVE-2023-46095 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole 
Smooth  ...)
+       TODO: check
+CVE-2023-46089 (Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ 
Userback U ...)
+       TODO: check
+CVE-2023-46085 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp 
Ultimate R ...)
+       TODO: check
+CVE-2023-43624 (CX-Designer Ver.3.740 and earlier (included in CX-One 
CXONE-AL[][]D-V4 ...)
+       TODO: check
 CVE-2023-46306 (The web administration interface in NetModule Router Software 
(NRSW) 4 ...)
        NOT-FOR-US: NetModule Router Software
 CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py 
in calib ...)
@@ -439,12 +479,12 @@ CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum 
Plugin for WordPress is
        NOT-FOR-US: WordPress plugin
 CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress 
is vulne ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-45802
+CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there 
was a ti ...)
        - apache2 2.4.58-1
        NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802
        NOTE: 
https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802
-CVE-2023-43622
+CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial 
window size o ...)
        - apache2 2.4.58-1
        NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622
@@ -619,6 +659,7 @@ CVE-2023-5632 (In Eclipse Mosquito before and including 
2.0.5, establishing a co
        NOTE: https://github.com/eclipse/mosquitto/pull/2053
        NOTE: 
https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d
 (v2.0.6)
 CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 
1.6.4 al ...)
+       {DSA-5531-1}
        - roundcube 1.6.4+dfsg-1 (bug #1054079)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d
 (1.6.4)
 CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System 
Config ...)
@@ -9173,7 +9214,7 @@ CVE-2023-40477
        [bullseye] - unrar-nonfree 1:6.0.3-1+deb11u3
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
        NOTE: 
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa
-CVE-2023-38831 (RARLabs WinRAR before 6.23 allows attackers to execute 
arbitrary code  ...)
+CVE-2023-38831 (RARLAB WinRAR before 6.23 allows attackers to execute 
arbitrary code w ...)
        NOTE: RARLabs WinRAR
 CVE-2023-38422 (Walchem Intuition 9 firmware versions prior to v4.21 are 
missing authe ...)
        NOT-FOR-US: Walchem Intuition 9 firmware
@@ -11524,6 +11565,7 @@ CVE-2023-36499 (Netgear XR300 v1.0.3.78 was discovered 
to contain multiple buffe
 CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8 
allows a r ...)
        NOT-FOR-US: Textpattern CMS
 CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 
1.20.2 an ...)
+       {DLA-3626-1}
        - krb5 1.20.1-3 (bug #1043431)
        [bookworm] - krb5 1.20.1-2+deb12u1
        [bullseye] - krb5 1.18.3-6+deb11u4
@@ -22762,8 +22804,7 @@ CVE-2023-2259 (Improper Neutralization of Special 
Elements Used in a Template En
        NOT-FOR-US: Alf.io
 CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in 
GitHub re ...)
        NOT-FOR-US: Alf.io
-CVE-2023-31122
-       RESERVED
+CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP 
Server.Th ...)
        - apache2 2.4.58-1
        NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4
        NOTE: 
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89cf2160f2c2f3cdb0b430569e6d84a2b3212ebf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89cf2160f2c2f3cdb0b430569e6d84a2b3212ebf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to