Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b2269f9 by security tracker role at 2023-12-14T20:15:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,231 @@
+CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API
endpoint was f ...)
+ TODO: check
+CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ TODO: check
+CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow)
+ TODO: check
+CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow)
+ TODO: check
+CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3)
+ TODO: check
+CVE-2023-6563 (An unconstrained memory consumption vulnerability was
discovered in Ke ...)
+ TODO: check
+CVE-2023-6545 (The package authelia-bhf included in Beckhoffs TwinCAT/BSD is
prone to ...)
+ TODO: check
+CVE-2023-6368 (In WhatsUp Gold versions released before 2023.1, an API
endpoint was f ...)
+ TODO: check
+CVE-2023-6367 (In WhatsUp Gold versions released before 2023.1, a stored
cross-site s ...)
+ TODO: check
+CVE-2023-6366 (In WhatsUp Gold versions released before 2023.1, a stored
cross-site s ...)
+ TODO: check
+CVE-2023-6365 (In WhatsUp Gold versions released before 2023.1, a stored
cross-site s ...)
+ TODO: check
+CVE-2023-6364 (In WhatsUp Gold versions released before 2023.1, a stored
cross-site s ...)
+ TODO: check
+CVE-2023-5769 (A vulnerability exists in the webserver that affects the
RTU500 serie ...)
+ TODO: check
+CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in
PHOENIX CONT ...)
+ TODO: check
+CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other
JavaScr ...)
+ TODO: check
+CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to
version 3.11.7 ...)
+ TODO: check
+CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in
EyouCMS-V1.6.5-UT ...)
+ TODO: check
+CVE-2023-50565 (A cross-site scripting (XSS) vulnerability in the component
/logs/dopo ...)
+ TODO: check
+CVE-2023-50564 (An arbitrary file upload vulnerability in the component
/inc/modules_i ...)
+ TODO: check
+CVE-2023-50563 (Semcms v4.8 was discovered to contain a SQL injection
vulnerability vi ...)
+ TODO: check
+CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation
violation via t ...)
+ TODO: check
+CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation
violation via t ...)
+ TODO: check
+CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50370 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50369 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50368 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled
Recursion ...)
+ TODO: check
+CVE-2023-50137 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in
the sit ...)
+ TODO: check
+CVE-2023-50102 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).)
+ TODO: check
+CVE-2023-50101 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS)
via Label ...)
+ TODO: check
+CVE-2023-50100 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS)
via carous ...)
+ TODO: check
+CVE-2023-50073 (EmpireCMS v7.5 was discovered to contain a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2023-50017 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-50011 (PopojiCMS version 2.0.1 is vulnerable to remote command
execution in t ...)
+ TODO: check
+CVE-2023-4694 (Certain HP OfficeJet Pro printers are potentially vulnerable to
a Deni ...)
+ TODO: check
+CVE-2023-49860 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49847 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49846 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49842 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49841 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49836 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49833 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49828 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49827 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49820 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49813 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49786 (Asterisk is an open source private branch exchange and
telephony toolk ...)
+ TODO: check
+CVE-2023-49771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49770 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49766 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49745 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49743 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION]
on [PLATF ...)
+ TODO: check
+CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.)
+ TODO: check
+CVE-2023-49707 (SQLi vulnerability in S5 Register module for Joomla.)
+ TODO: check
+CVE-2023-49294 (Asterisk is an open source private branch exchange and
telephony toolk ...)
+ TODO: check
+CVE-2023-49195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49173 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49172 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49171 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49168 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49157 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49152 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49151 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49150 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-49149 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48925 (SQL injection vulnerability in Buy Addons bavideotab before
version 1. ...)
+ TODO: check
+CVE-2023-48780 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48770 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48767 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48756 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-48676 (Sensitive information disclosure and manipulation due to
missing autho ...)
+ TODO: check
+CVE-2023-48671 (Dell vApp Manager, versions prior to 9.2.4.x contain an
information di ...)
+ TODO: check
+CVE-2023-48668 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS
7.7.5.25, LTS 7 ...)
+ TODO: check
+CVE-2023-48667 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS
7.7.5.25, LTS 7 ...)
+ TODO: check
+CVE-2023-48665 (Dell vApp Manager, versions prior to 9.2.4.x contain a command
injecti ...)
+ TODO: check
+CVE-2023-48664 (Dell vApp Manager, versions prior to 9.2.4.x contain a command
injecti ...)
+ TODO: check
+CVE-2023-48663 (Dell vApp Manager, versions prior to 9.2.4.x contain a command
injecti ...)
+ TODO: check
+CVE-2023-48662 (Dell vApp Manager, versions prior to 9.2.4.x contain a command
injecti ...)
+ TODO: check
+CVE-2023-48661 (Dell vApp Manager, versions prior to 9.2.4.x contain an
arbitrary file ...)
+ TODO: check
+CVE-2023-48660 (Dell vApp Manger, versions prior to 9.2.4.x contain an
arbitrary file ...)
+ TODO: check
+CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an
Imprope ...)
+ TODO: check
+CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the
response to ...)
+ TODO: check
+CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability when ...)
+ TODO: check
+CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version
1.1.13, a ...)
+ TODO: check
+CVE-2023-46144 (A download of code without integrity check vulnerability in
PLCnext pr ...)
+ TODO: check
+CVE-2023-46143 (Download of Code Without Integrity Check vulnerability in
PHOENIX CONT ...)
+ TODO: check
+CVE-2023-46142 (A incorrect permission assignment for critical resource
vulnerability ...)
+ TODO: check
+CVE-2023-46141 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
+ TODO: check
+CVE-2023-45894 (The Remote Application Server in Parallels RAS before
19.2.23975 does ...)
+ TODO: check
+CVE-2023-45185 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3
through ...)
+ TODO: check
+CVE-2023-45182 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3
through ...)
+ TODO: check
+CVE-2023-44286 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS
7.7.5.25, LTS ...)
+ TODO: check
+CVE-2023-44285 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS
7.7.5.25, LTS 7 ...)
+ TODO: check
+CVE-2023-44284 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS
7.7.5.25, LTS ...)
+ TODO: check
+CVE-2023-44279 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS
7.7.5.25, LTS ...)
+ TODO: check
+CVE-2023-44278 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS
7.7.5.25, LTS ...)
+ TODO: check
+CVE-2023-44277 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS
7.7.5.25, LTS 7 ...)
+ TODO: check
+CVE-2023-42801 (Moonlight-common-c contains the core GameStream client code
shared bet ...)
+ TODO: check
+CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code
shared bet ...)
+ TODO: check
+CVE-2023-42799 (Moonlight-common-c contains the core GameStream client code
shared bet ...)
+ TODO: check
+CVE-2023-41151 (An uncaught exception issue discovered in Softing OPC UA C++
SDK befor ...)
+ TODO: check
+CVE-2023-40659 (A reflected XSS vulnerability was discovered in the Easy Quick
Contact ...)
+ TODO: check
+CVE-2023-40658 (A reflected XSS vulnerability was discovered in the Clicky
Analytics D ...)
+ TODO: check
+CVE-2023-40657 (A reflected XSS vulnerability was discovered in the Joomdoc
component ...)
+ TODO: check
+CVE-2023-40656 (A reflected XSS vulnerability was discovered in the Quickform
componen ...)
+ TODO: check
+CVE-2023-40655 (A reflected XSS vulnerability was discovered in the Proforms
Basic com ...)
+ TODO: check
+CVE-2023-40630 (Unauthenticated LFI/SSRF in JCDashboards component for Joomla.)
+ TODO: check
+CVE-2023-40629 (SQLi vulnerability in LMS Lite component for Joomla.)
+ TODO: check
+CVE-2023-40628 (A reflected XSS vulnerability was discovered in the Extplorer
componen ...)
+ TODO: check
+CVE-2023-40627 (A reflected XSS vulnerability was discovered in the LivingWord
compone ...)
+ TODO: check
+CVE-2023-37457 (Asterisk is an open source private branch exchange and
telephony toolk ...)
+ TODO: check
CVE-2023-3904
- gitlab <not-affected> (Specific to EE)
CVE-2023-3511
@@ -1157,6 +1385,7 @@ CVE-2023-35618 (Microsoft Edge (Chromium-based) Elevation
of Privilege Vulnerabi
CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management
security ...)
NOT-FOR-US: Dell
CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated
Peripheral ...)
+ {DLA-3689-1}
- bluez <unfixed> (bug #1057914)
NOTE:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
NOTE: The fix for CVE-2020-0556 allows to set manually the
"ClassicBondedOnly"
@@ -3024,6 +3253,7 @@ CVE-2023-48121 (An authentication bypass vulnerability in
the Direct Connection
CVE-2023-48042 (Cross Site Scripting (XSS) in Search filters in Prestashop
Amazzing fi ...)
NOT-FOR-US: Amazzing Filter for Prestashop
CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component,
which mig ...)
+ {DLA-3688-1}
- haproxy 2.6.15-1
NOTE:
https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html
NOTE:
https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6
(v2.9-dev3)
@@ -27169,7 +27399,7 @@ CVE-2023-32753 (OMICARD EDM\u2019s file uploading
function does not restrict upl
NOT-FOR-US: OMICARD
CVE-2023-32752 (L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000\u2019s
file uploa ...)
NOT-FOR-US: L7 Networks InstantScan
-CVE-2023-32028 (Microsoft OLE DB Remote Code Execution Vulnerability)
+CVE-2023-32028 (Microsoft SQL OLE DB Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-32027 (Microsoft ODBC Driver for SQL Server Remote Code Execution
Vulnerabili ...)
NOT-FOR-US: Microsoft
@@ -49172,8 +49402,8 @@ CVE-2023-0759 (Privilege Chaining in GitHub repository
cockpit-hq/cockpit prior
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and
classified a ...)
NOT-FOR-US: glorylion JFinalOA
-CVE-2023-0757
- RESERVED
+CVE-2023-0757 (Incorrect Permission Assignment for Critical Resource
vulnerability in ...)
+ TODO: check
CVE-2022-4904 (A flaw was found in the c-ares package. The ares_set_sortlist
is missi ...)
{DLA-3323-1}
- c-ares 1.18.1-2 (bug #1031525)
@@ -51172,7 +51402,7 @@ CVE-2023-24924 (Microsoft PostScript and PCL6 Class
Printer Driver Remote Code E
NOT-FOR-US: Microsoft
CVE-2023-24923 (Microsoft OneDrive for Android Information Disclosure
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-24922 (Microsoft Dynamics 365 Information Disclosure Vulnerability)
+CVE-2023-24922 (Microsoft Dynamics 365 (On-Premises) Information Disclosure
Vulnerabil ...)
NOT-FOR-US: Microsoft
CVE-2023-24921 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting
Vulnerabilit ...)
NOT-FOR-US: Microsoft
@@ -69926,8 +70156,8 @@ CVE-2022-45367 (Cross-Site Request Forgery (CSRF)
vulnerability in Tyche Softwar
NOT-FOR-US: WordPress plugin
CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Jason Cr ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-45365
- RESERVED
+CVE-2022-45365 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L.
Mongaya ...)
NOT-FOR-US: WordPress plugin
CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in
Muffingroup B ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2269f9280bb0510c7433b5ee44e61a46e97af8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2269f9280bb0510c7433b5ee44e61a46e97af8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
