Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa00b741 by security tracker role at 2023-10-27T08:11:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,90 @@
-CVE-2023-46813
+CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder
System 1.0. ...)
+ TODO: check
+CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder
System 1.0 a ...)
+ TODO: check
+CVE-2023-5812 (A vulnerability has been found in flusity CMS and classified as
critic ...)
+ TODO: check
+CVE-2023-5811 (A vulnerability, which was classified as problematic, was found
in flu ...)
+ TODO: check
+CVE-2023-5810 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-5805 (A vulnerability was found in SourceCodester Simple Real Estate
Portal ...)
+ TODO: check
+CVE-2023-5051 (The CallRail Phone Call Tracking plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-46818 (An issue was discovered in ISPConfig before 3.2.11p1. PHP code
injecti ...)
+ TODO: check
+CVE-2023-46816 (An issue was discovered in SugarCRM 12 before 12.0.4 and 13
before 13. ...)
+ TODO: check
+CVE-2023-46815 (An issue was discovered in SugarCRM 12 before 12.0.4 and 13
before 13. ...)
+ TODO: check
+CVE-2023-46665 (Sielco PolyEco1000 is vulnerable to an authentication bypass
vulnerabi ...)
+ TODO: check
+CVE-2023-46505 (Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an
attacke ...)
+ TODO: check
+CVE-2023-46504 (Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS
v.1.0.2 a ...)
+ TODO: check
+CVE-2023-46503 (Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS
v.1.0.2 a ...)
+ TODO: check
+CVE-2023-46491 (ZenTao Biz version 4.1.3 and before has a Cross Site Scripting
(XSS) v ...)
+ TODO: check
+CVE-2023-46376 (Zentao Biz version 8.7 and before is vulnerable to Information
Disclos ...)
+ TODO: check
+CVE-2023-46375 (ZenTao Biz version 4.1.3 and before is vulnerable to Cross
Site Reques ...)
+ TODO: check
+CVE-2023-46374 (ZenTao Enterprise Edition version 4.1.3 and before is
vulnerable to Cr ...)
+ TODO: check
+CVE-2023-46199 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Trib ...)
+ TODO: check
+CVE-2023-46194 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Eric Teu ...)
+ TODO: check
+CVE-2023-46192 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Inte ...)
+ TODO: check
+CVE-2023-46153 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
UserFeedbac ...)
+ TODO: check
+CVE-2023-46093 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Lion ...)
+ TODO: check
+CVE-2023-46091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Bala ...)
+ TODO: check
+CVE-2023-45499 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.*
was disco ...)
+ TODO: check
+CVE-2023-45498 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.*
was disco ...)
+ TODO: check
+CVE-2023-44375 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+ TODO: check
+CVE-2023-44268 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+ TODO: check
+CVE-2023-44220 (SonicWall NetExtender Windows (32-bit and 64-bit) client
10.2.336 and ...)
+ TODO: check
+CVE-2023-44219 (A local privilege escalation vulnerability in SonicWall
Directory Serv ...)
+ TODO: check
+CVE-2023-44162 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+ TODO: check
+CVE-2023-43738 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+ TODO: check
+CVE-2023-43737 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+ TODO: check
+CVE-2023-43352 (An issue in CMSmadesimple v.2.2.18 allows a local attacker to
execute ...)
+ TODO: check
+CVE-2023-42406 (SQL injection vulnerability in D-Link Online behavior audit
gateway DA ...)
+ TODO: check
+CVE-2023-42188 (IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery
(CSRF).)
+ TODO: check
+CVE-2023-39726 (An issue in Mintty v.3.6.4 and before allows a remote attacker
to exec ...)
+ TODO: check
+CVE-2023-38328 (An issue was discovered in eGroupWare 17.1.20190111. An
Improper Passw ...)
+ TODO: check
+CVE-2023-34059 (open-vm-tools contains a file descriptor hijack vulnerability
in the v ...)
+ TODO: check
+CVE-2023-34058 (VMware Tools contains a SAML token signature bypass
vulnerability.A ma ...)
+ TODO: check
+CVE-2023-34057 (VMware Tools contains a local privilege escalation
vulnerability.A mal ...)
+ TODO: check
+CVE-2023-33559 (A local file inclusion vulnerability via the lang parameter in
OcoMon ...)
+ TODO: check
+CVE-2023-33558 (An information disclosure vulnerability in the component
users-grid-da ...)
+ TODO: check
+CVE-2023-46813 (An issue was discovered in the Linux kernel before 6.5.9,
exploitable ...)
- linux <unfixed>
NOTE:
https://git.kernel.org/linus/63e44bc52047f182601e7817da969a105aa1f721 (6.6-rc7)
NOTE:
https://git.kernel.org/linus/b9cb9c45583b911e0db71d09caa6b56469eb2bdf (6.6-rc7)
@@ -716,7 +802,7 @@ CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4
allows an attacker to ca
CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA
device to ...)
NOT-FOR-US: PingFederate
CVE-2023-5732 (An attacker could have created a malicious link using
bidirectional ch ...)
- {DSA-5535-1}
+ {DSA-5535-1 DLA-3632-1}
- firefox-esr 115.4.0esr-1
- thunderbird 1:115.4.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
@@ -725,7 +811,7 @@ CVE-2023-5731 (Memory safety bugs present in Firefox 118.
Some of these bugs sho
- firefox 119.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3,
and Thun ...)
- {DSA-5535-1}
+ {DSA-5535-1 DLA-3632-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird 1:115.4.1-1
@@ -736,7 +822,7 @@ CVE-2023-5729 (A malicious web site can enter fullscreen
mode while simultaneous
- firefox 119.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
CVE-2023-5728 (During garbage collection extra operations were performed on a
object ...)
- {DSA-5535-1}
+ {DSA-5535-1 DLA-3632-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird 1:115.4.1-1
@@ -758,7 +844,7 @@ CVE-2023-5726 (A website could have obscured the full
screen notification by usi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726
CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs,
which un ...)
- {DSA-5535-1}
+ {DSA-5535-1 DLA-3632-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird 1:115.4.1-1
@@ -766,7 +852,7 @@ CVE-2023-5725 (A malicious installed WebExtension could
open arbitrary URLs, whi
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5725
CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and
in som ...)
- {DSA-5535-1}
+ {DSA-5535-1 DLA-3632-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird 1:115.4.1-1
@@ -780,7 +866,7 @@ CVE-2023-5722 (Using iterative requests an attacker was
able to learn the size o
- firefox 119.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be
activate ...)
- {DSA-5535-1}
+ {DSA-5535-1 DLA-3632-1}
- firefox 119.0-1
- firefox-esr 115.4.0esr-1
- thunderbird 1:115.4.1-1
@@ -36396,8 +36482,8 @@ CVE-2023-27172
RESERVED
CVE-2023-27171
RESERVED
-CVE-2023-27170
- RESERVED
+CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform
a direc ...)
+ TODO: check
CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in
license cl ...)
NOT-FOR-US: Xpand IT Write-back manager
CVE-2023-27168
@@ -65278,21 +65364,21 @@ CVE-2022-44458
RESERVED
CVE-2022-44457 (A vulnerability has been identified in Mendix SAML (Mendix 7
compatibl ...)
NOT-FOR-US: Siemens
-CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta Electronics
DIAEnergie v ...)
+CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta
Electronics DIAEn ...)
NOT-FOR-US: Delta Electronics
CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability
in distr ...)
NOT-FOR-US: OpenHarmony
-CVE-2022-43457 (SQL Injection in HandlerPage_KID.ashx in Delta Electronics
DIAEnergie ...)
+CVE-2022-43457 (SQL Injection in HandlerPage_KID.ashxin Delta
Electronics ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-43452 (SQL Injection in FtyInfoSetting.aspx in Delta Electronics
DIAEnergie v ...)
+CVE-2022-43452 (SQL Injection in FtyInfoSetting.aspxin Delta
Electronics ...)
NOT-FOR-US: Delta Electronics
CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path
traversal v ...)
NOT-FOR-US: OpenHarmony
CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file
read vulne ...)
NOT-FOR-US: OpenHarmony
-CVE-2022-43447 (SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics
DIAEnergie ...)
+CVE-2022-43447 (SQL Injection in AM_EBillAnalysis.aspxin Delta
Electronics D ...)
NOT-FOR-US: Delta Electronics
-CVE-2022-41775 (SQL Injection in Handler_CFG.ashx in Delta Electronics
DIAEnergie vers ...)
+CVE-2022-41775 (SQL Injection in Handler_CFG.ashxin Delta Electronics
DIAEnerg ...)
NOT-FOR-US: Delta Electronics
CVE-2022-3780 (Database connections on deleted users could stay active on
MySQL data ...)
NOT-FOR-US: Devolutions Remote Desktop Manager
@@ -348538,10 +348624,10 @@ CVE-2018-17881 (On D-Link DIR-823G 2018-09-19
devices, the GoAhead configuration
NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead
configuration allow ...)
NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
-CVE-2018-17879
- RESERVED
-CVE-2018-17878
- RESERVED
+CVE-2018-17879 (An issue was discovered on certain ABUS TVIP cameras. The CGI
scripts ...)
+ TODO: check
+CVE-2018-17878 (Buffer Overflow vulnerability in certain ABUS TVIP cameras
allows atta ...)
+ TODO: check
CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an
Ethereum ga ...)
NOT-FOR-US: Greedy 599
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0
version o ...)
@@ -349247,10 +349333,10 @@ CVE-2018-17561
RESERVED
CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1
prior to 1. ...)
NOT-FOR-US: Grouptime Teamwire Client
-CVE-2018-17559
- RESERVED
-CVE-2018-17558
- RESERVED
+CVE-2018-17559 (Due to incorrect access control, unauthenticated remote
attackers can ...)
+ TODO: check
+CVE-2018-17558 (Hardcoded manufacturer credentials and an OS command injection
vulnera ...)
+ TODO: check
CVE-2018-17557
REJECTED
CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New
Media Sou ...)
@@ -351541,8 +351627,8 @@ CVE-2018-16741 (An issue was discovered in mgetty
before 1.2.1. In fax/faxq-help
NOTE: Upstream commit: 1a7b3a30f79bae4cfbc6404fe4648689cd0ade62 (1.2.1)
CVE-2018-16740
RESERVED
-CVE-2018-16739
- RESERVED
+CVE-2018-16739 (An issue was discovered on certain ABUS TVIP devices. Due to a
path tr ...)
+ TODO: check
CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication
protocol, altho ...)
{DSA-4312-1}
- tinc 1.0.35-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa00b7414881f5bb6d24565b1d189f27d2febdee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa00b7414881f5bb6d24565b1d189f27d2febdee
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
