Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7338ce99 by security tracker role at 2023-11-23T08:12:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,74 @@
-CVE-2023-48706 [heap-use-after-free in ex_substitute]
+CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via
an SVG do ...)
+ TODO: check
+CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because
the una ...)
+ TODO: check
+CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2
allows an ...)
+ TODO: check
+CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode
alliance was ...)
+ TODO: check
+CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47835 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47834 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47833 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47831 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47829 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47821 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47817 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47816 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47815 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47814 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47813 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47812 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47811 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47810 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47809 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47808 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47790 (Cross-Site Request Forgery (CSRF) leading to Cross-Site
Scripting (XSS ...)
+ TODO: check
+CVE-2023-47786 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47773 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47768 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47767 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47766 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-47668 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-44290 (Dell Command | Monitor versions prior to 10.10.0, contain an
improper ...)
+ TODO: check
+CVE-2023-44289 (Dell Command | Configure versions prior to 4.11.0, contain an
improper ...)
+ TODO: check
+CVE-2023-43086 (Dell Command | Configure, versions prior to 4.11.0, contains
an improp ...)
+ TODO: check
+CVE-2023-41140 (A maliciously crafted PRT file when parsed through Autodesk
AutoCAD 20 ...)
+ TODO: check
+CVE-2023-41139 (A maliciously crafted STP file when parsed through Autodesk
AutoCAD 20 ...)
+ TODO: check
+CVE-2023-40002 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-39253 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and
2.3.7515.0 c ...)
+ TODO: check
+CVE-2023-48706 (Vim is a UNIX editor that, prior to version 9.0.2121, has a
heap-use-a ...)
- vim <unfixed> (unimportant)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q
NOTE: Fixed by:
https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf8 (v9.0.2121)
@@ -1310,9 +1380,9 @@ CVE-2023-39199 (Cryptographic issues with In-Meeting Chat
for some Zoom clients
NOT-FOR-US: Zoom
CVE-2023-38544 (A logged in user can modify specific files that may lead to
unauthoriz ...)
NOT-FOR-US: Ivanti
-CVE-2023-38543 (When a specific component is loaded a local attacker and is
able to se ...)
+CVE-2023-38543 (A vulnerability exists on all versions of the Ivanti Secure
Access Cli ...)
NOT-FOR-US: Ivanti
-CVE-2023-38043 (When a specific component is loaded a local attacker and is
able to se ...)
+CVE-2023-38043 (A vulnerability exists on all versions of the Ivanti Secure
Access Cli ...)
NOT-FOR-US: Ivanti
CVE-2023-36558 (ASP.NET Core - Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
@@ -30024,8 +30094,7 @@ CVE-2023-30582
RESERVED
- nodejs <not-affected> (Vulnerable code introduced in 20.x)
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#fswatchfile-bypass-in-experimental-permission-model-medium-cve-2023-30582
-CVE-2023-30581
- RESERVED
+CVE-2023-30581 (The use of __proto__ in process.mainModule.__proto__.require()
can byp ...)
- nodejs 18.13.0+dfsg1-1.1 (bug #1039990)
[buster] - nodejs <not-affected> (v10.x doesn't support policy
manifests)
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#mainmoduleproto-bypass-experimental-policy-mechanism-high-cve-2023-30581
@@ -34452,14 +34521,14 @@ CVE-2023-29078
REJECTED
CVE-2023-29077
RESERVED
-CVE-2023-29076
- RESERVED
-CVE-2023-29075
- RESERVED
-CVE-2023-29074
- RESERVED
-CVE-2023-29073
- RESERVED
+CVE-2023-29076 (A maliciously crafted MODEL, SLDASM, SAT or CATPART file when
parsed t ...)
+ TODO: check
+CVE-2023-29075 (A maliciously crafted PRT file when parsed through Autodesk
AutoCAD 20 ...)
+ TODO: check
+CVE-2023-29074 (A maliciously crafted CATPART file when parsed through
Autodesk AutoCA ...)
+ TODO: check
+CVE-2023-29073 (A maliciously crafted MODEL file when parsed through Autodesk
AutoCAD ...)
+ TODO: check
CVE-2023-29072
RESERVED
CVE-2023-29071
@@ -35477,8 +35546,8 @@ CVE-2023-28813
RESERVED
CVE-2023-28812
RESERVED
-CVE-2023-28811
- RESERVED
+CVE-2023-28811 (There is a buffer overflow in the password recovery feature of
Hikvisi ...)
+ TODO: check
CVE-2023-28810 (Some access control/intercom products have unauthorized
modification o ...)
NOT-FOR-US: hikvison
CVE-2023-28809 (Some access control products are vulnerable to a session
hijacking att ...)
@@ -39845,9 +39914,9 @@ CVE-2023-1165 (A vulnerability was found in Zhong Bang
CRMEB Java 1.3.4. It has
NOT-FOR-US: Zhong Bang CRMEB Java
CVE-2023-1164 (A vulnerability was found in KylinSoft kylin-activation on
KylinOS and ...)
NOT-FOR-US: KylinSoft
-CVE-2023-1163 (A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4
and class ...)
+CVE-2023-1163 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found
in Dray ...)
NOT-FOR-US: DrayTek Vigor 2960
-CVE-2023-1162 (A vulnerability, which was classified as critical, was found in
DrayTe ...)
+CVE-2023-1162 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was
classified ...)
NOT-FOR-US: DrayTek Vigor 2960
CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to
4.0.3 an ...)
{DSA-5429-1 DLA-3402-1}
@@ -42502,7 +42571,7 @@ CVE-2023-1011 (The AI ChatBot WordPress plugin before
4.4.5 does not escape most
NOT-FOR-US: WordPress plugin
CVE-2023-1010 (A vulnerability classified as critical was found in vox2png
1.0. Affec ...)
NOT-FOR-US: vox2png
-CVE-2023-1009 (A vulnerability classified as problematic has been found in
DrayTek Vi ...)
+CVE-2023-1009 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as
critical ...)
NOT-FOR-US: DrayTek Vigor 2960
CVE-2023-1008 (A vulnerability was found in Twister Antivirus 8.17. It has
been rated ...)
NOT-FOR-US: Twister Antivirus
@@ -50217,8 +50286,8 @@ CVE-2023-23980 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-23979 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Fullworks Q ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23978
- RESERVED
+CVE-2023-23978 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23976
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7338ce997d412d7b8f50d3baaf8d2d7077ee6061
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7338ce997d412d7b8f50d3baaf8d2d7077ee6061
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
