Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
819c6a77 by security tracker role at 2023-12-16T08:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2023-6849 (A vulnerability was found in kalcaddle kodbox up to 1.48. It
has been ...)
+ TODO: check
+CVE-2023-6848 (A vulnerability was found in kalcaddle kodbox up to 1.48. It
has been ...)
+ TODO: check
+CVE-2023-50728 (octokit/webhooks is a GitHub webhook events toolset for
Node.js. Start ...)
+ TODO: check
+CVE-2023-50469 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6
was discov ...)
+ TODO: check
+CVE-2023-50266 (Bazarr manages and downloads subtitles. In version 1.2.4, the
proxy me ...)
+ TODO: check
+CVE-2023-50265 (Bazarr manages and downloads subtitles. Prior to 1.3.1, the
/api/swagg ...)
+ TODO: check
+CVE-2023-50264 (Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr
contain ...)
+ TODO: check
+CVE-2023-4020 (An unvalidated input in a library function responsible for
communicati ...)
+ TODO: check
+CVE-2023-39340 (A vulnerability exists on all versions of Ivanti Connect
Secure below ...)
+ TODO: check
+CVE-2023-31813
+ REJECTED
CVE-2023-6839 (Due to improper error handling, a REST API resource could
expose a ser ...)
NOT-FOR-US: WSO2
CVE-2023-6838 (Reflected XSS vulnerability can be exploited by tampering a
request pa ...)
@@ -2329,6 +2349,7 @@ CVE-2023-48123 (An issue in Netgate pfSense Plus
v.23.05.1 and before and pfSens
CVE-2023-46773 (Permission management vulnerability in the PMS module.
Successful expl ...)
NOT-FOR-US: Huawei
CVE-2023-46751 (An issue was discovered in the function
gdev_prn_open_printer_seekable ...)
+ {DSA-5578-1}
- ghostscript 10.02.1~dfsg-1
[bullseye] - ghostscript <not-affected> (Vulnerable code introduced
later)
[buster] - ghostscript <not-affected> (Vulnerable code introduced later)
@@ -42861,8 +42882,8 @@ CVE-2023-28024
RESERVED
CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI
Softwar ...)
NOT-FOR-US: HCL
-CVE-2023-28022
- RESERVED
+CVE-2023-28022 (HCL Connections is vulnerable to an information disclosure
vulnerabili ...)
+ TODO: check
CVE-2023-28021 (The BigFix WebUI uses weak cipher suites.)
NOT-FOR-US: HCL
CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows
malicious use ...)
@@ -45049,8 +45070,8 @@ CVE-2023-27319
RESERVED
CVE-2023-27318
RESERVED
-CVE-2023-27317
- RESERVED
+CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are
susceptible to a ...)
+ TODO: check
CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a
vulnerabilit ...)
NOT-FOR-US: NetApp
CVE-2023-27315 (SnapGathers versions prior to 4.9 are susceptible to a
vulnerability ...)
@@ -133132,8 +133153,8 @@ CVE-2022-24353 (This vulnerability allows
network-adjacent attackers to execute
NOT-FOR-US: TP-Link
CVE-2022-24352 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
NOT-FOR-US: TP-Link
-CVE-2022-24351
- RESERVED
+CVE-2022-24351 (TOCTOU race-condition vulnerability in Insyde InsydeH2O with
Kernel 5. ...)
+ TODO: check
CVE-2022-24350 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with
kernel 5. ...)
NOT-FOR-US: Insyde
CVE-2022-24349 (An authenticated user can create a link with reflected XSS
payload for ...)
@@ -154033,14 +154054,14 @@ CVE-2021-42799
RESERVED
CVE-2021-42798
RESERVED
-CVE-2021-42797
- RESERVED
-CVE-2021-42796
- RESERVED
+CVE-2021-42797 (Path traversal vulnerability in AVEVA Edge (formerly InduSoft
Web Stud ...)
+ TODO: check
+CVE-2021-42796 (An issue was discovered in ExecuteCommand() in AVEVA Edge
(formerly In ...)
+ TODO: check
CVE-2021-42795
RESERVED
-CVE-2021-42794
- RESERVED
+CVE-2021-42794 (An issue was discovered in AVEVA Edge (formerly InduSoft Web
Studio) v ...)
+ TODO: check
CVE-2021-42793
REJECTED
CVE-2021-42792
@@ -249269,12 +249290,12 @@ CVE-2020-17487 (radare2 4.5.0 misparses signature
information in PE files, causi
NOTE: https://github.com/radareorg/radare2/issues/17431
CVE-2020-17486
RESERVED
-CVE-2020-17485
- RESERVED
-CVE-2020-17484
- RESERVED
-CVE-2020-17483
- RESERVED
+CVE-2020-17485 (A Remote Code Execution vulnerability exist in Uffizio's GPS
Tracker a ...)
+ TODO: check
+CVE-2020-17484 (An Open Redirection vulnerability exists in Uffizio's GPS
Tracker all ...)
+ TODO: check
+CVE-2020-17483 (An improper access control vulnerability exists in Uffizio's
GPS Track ...)
+ TODO: check
CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server
before 4.3.1 ...)
- pdns 4.3.1-1 (bug #970737)
[buster] - pdns 4.1.6-3+deb10u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819c6a77ba94854c3865643d22f7b14751521fab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819c6a77ba94854c3865643d22f7b14751521fab
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
