Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0fa853b6 by security tracker role at 2023-12-19T20:12:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,110 +1,202 @@
-CVE-2023-50762
+CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student
Manage ...)
+ TODO: check
+CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp
compon ...)
+ TODO: check
+CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's
Perform ...)
+ TODO: check
+CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou
Life a ...)
+ TODO: check
+CVE-2023-6730 (Deserialization of Untrusted Data in GitHub repository
huggingface/tra ...)
+ TODO: check
+CVE-2023-6711 (Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC
60870-5-104 th ...)
+ TODO: check
+CVE-2023-6280 (An XXE (XML External Entity) vulnerability has been detected in
52Nort ...)
+ TODO: check
+CVE-2023-50376 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2023-50272 (A potential security vulnerability has been identified in HPE
Integrat ...)
+ TODO: check
+CVE-2023-49706 (Defective request context handling in Self Service in LinOTP
3.x befor ...)
+ TODO: check
+CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in
KodeExplorer ve ...)
+ TODO: check
+CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo
version ...)
+ TODO: check
+CVE-2023-46804 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46803 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46266 (An attacker can send a specially crafted request which could
lead to l ...)
+ TODO: check
+CVE-2023-46265 (An unauthenticated could abuse a XXE vulnerability in the
Smart Device ...)
+ TODO: check
+CVE-2023-46264 (An unrestricted upload of file with dangerous type
vulnerability exist ...)
+ TODO: check
+CVE-2023-46263 (An unrestricted upload of file with dangerous type
vulnerability exist ...)
+ TODO: check
+CVE-2023-46262 (An unauthenticated attacked could send a specifically crafted
web requ ...)
+ TODO: check
+CVE-2023-46261 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46260 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46259 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46258 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46257 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46225 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46224 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46223 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46222 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46221 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46220 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46217 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-46216 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-45105 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
+ TODO: check
+CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-44983 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-43870 (When installing the Net2 software a root certificate is
installed into ...)
+ TODO: check
+CVE-2023-43826 (Apache Guacamole 1.5.3 and older do not consistently ensure
that value ...)
+ TODO: check
+CVE-2023-41727 (An attacker sending specially crafted data packets to the
Mobile Devic ...)
+ TODO: check
+CVE-2023-41648 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
+ TODO: check
+CVE-2023-40602 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in D ...)
+ TODO: check
+CVE-2023-38481 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
+ TODO: check
+CVE-2023-38478 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
+ TODO: check
+CVE-2023-37390 (Deserialization of Untrusted Data vulnerability in Themesflat
Themesfl ...)
+ TODO: check
+CVE-2023-34382 (Deserialization of Untrusted Data vulnerability in weDevs
Dokan \u2013 ...)
+ TODO: check
+CVE-2023-34027 (Deserialization of Untrusted Data vulnerability in Rajnish
Arora Recen ...)
+ TODO: check
+CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4
and cla ...)
+ TODO: check
+CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally
signed text ...)
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762
-CVE-2023-50761
+CVE-2023-50761 (The signature of a digitally signed S/MIME email message may
optionall ...)
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761
-CVE-2023-6862
+CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`.
This iss ...)
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862
-CVE-2023-6873
+CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs
showed e ...)
- firefox <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873
-CVE-2023-6864
+CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5,
and Thun ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864
-CVE-2023-6863
+CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially
undefined beha ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863
-CVE-2023-6872
+CVE-2023-6872 (Browser tab titles were being leaked by GNOME to system logs.
This cou ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6872
-CVE-2023-6871
+CVE-2023-6871 (Under certain conditions, Firefox did not display a warning
when a use ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6871
-CVE-2023-6870
+CVE-2023-6870 (Applications which spawn a Toast notification in a background
thread m ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6870
-CVE-2023-6869
+CVE-2023-6869 (A `<dialog>` element could have been manipulated to paint
content o ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6869
-CVE-2023-6868
+CVE-2023-6868 (In some instances, the user-agent would allow push requests
which lack ...)
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868
-CVE-2023-6861
+CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a
heap buff ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861
-CVE-2023-6867
+CVE-2023-6867 (The timing of a button click causing a popup to disappear was
approxim ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867
-CVE-2023-6860
+CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures
produced ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860
-CVE-2023-6866
+CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception
handling. This ...)
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866
-CVE-2023-6859
+CVE-2023-6859 (A use-after-free condition affected TLS socket creation when
under mem ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859
-CVE-2023-6858
+CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in
`nsTextFragment` ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858
-CVE-2023-6857
+CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer
passed to ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857
-CVE-2023-6865
+CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing
uninitialized dat ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865
-CVE-2023-6856
+CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a
heap buf ...)
- firefox <unfixed>
- firefox-esr <unfixed>
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856
-CVE-2023-6135
+CVE-2023-6135 (Multiple NSS NIST curves were susceptible to a side-channel
attack kno ...)
- nss <unfixed>
- firefox <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6135
-CVE-2023-49734
+CVE-2023-49734 (An authenticated Gamma user has the ability to create a
dashboard and ...)
NOT-FOR-US: Apache Superset
-CVE-2023-49736
+CVE-2023-49736 (A where_in JINJA macro allows users to specify a quote, which
combined ...)
NOT-FOR-US: Apache Superset
-CVE-2023-46104
+CVE-2023-46104 (Uncontrolled resource consumption can be triggered by
authenticated at ...)
NOT-FOR-US: Apache Superset
CVE-2023-XXXX [RUSTSEC-2023-0074]
- rust-zerocopy <unfixed>
@@ -41222,8 +41314,8 @@ CVE-2023-1516 (RoboDK versions 5.5.3 and prior contain
an insecure permission a
NOT-FOR-US: RoboDK
CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
NOT-FOR-US: pimcore
-CVE-2023-1514
- RESERVED
+CVE-2023-1514 (A vulnerability exists in the component RTU500 Scripting
interface. Wh ...)
+ TODO: check
CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS
ioctl, on ...)
{DLA-3404-1 DLA-3403-1}
- linux 6.1.15-1
@@ -50021,8 +50113,8 @@ CVE-2023-25717 (Ruckus Wireless Admin through 10.4
allows Remote Code Execution
NOT-FOR-US: Ruckus Wireless Admin
CVE-2023-25716 (Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in gqevu ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-25715
- RESERVED
+CVE-2023-25715 (Missing Authorization vulnerability in GamiPress GamiPress
\u2013 The ...)
+ TODO: check
CVE-2023-25714
RESERVED
CVE-2023-25713 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Fullworks Q ...)
@@ -206226,8 +206318,8 @@ CVE-2021-22964 (A redirect vulnerability in the
`fastify-static` module version
NOT-FOR-US: fastify-static
CVE-2021-22963 (A redirect vulnerability in the fastify-static module version
< 4.2.4 ...)
NOT-FOR-US: fastify-static
-CVE-2021-22962
- RESERVED
+CVE-2021-22962 (An attacker can send a specially crafted request which could
lead to l ...)
+ TODO: check
CVE-2021-22961 (A code injection vulnerability exists within the firewall
software of ...)
NOT-FOR-US: GlassWire
CVE-2021-22960 (The parse function in llhttp < 2.1.4 and < 6.0.6. ignores
chunk extens ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fa853b64001bc85083758cd69a09177a6ab2675
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fa853b64001bc85083758cd69a09177a6ab2675
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
