[Git][security-tracker-team/security-tracker][master] Add CVE-2023-45866/bluez
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cf78f4e9 by Salvatore Bonaccorso at 2023-12-08T08:25:56+01:00 Add CVE-2023-45866/bluez - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,6 @@ +CVE-2023-45866 [unauthorized HID device connections allows keystroke injection and arbitrary commands execution] + - bluez + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 CVE-2023-6588 (Offline mode is always enabled, even if permission disallows it, in D ...) NOT-FOR-US: Devolutions Server CVE-2023-6575 (A vulnerability was found in Beijing Baichuo S210 up to 20231121. It h ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf78f4e9abe51deefa098e59cabbc1dc3d168e5b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf78f4e9abe51deefa098e59cabbc1dc3d168e5b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] mark CVE of gpac as EOL in Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e8ab4b0c by Thorsten Alteholz at 2023-12-07T23:38:18+01:00
mark CVE of gpac as EOL in Buster
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -108,6 +108,7 @@ CVE-2023-49402 (Tenda W30E V16.01.0.12(4843) was discovered
to contain a stack o
NOT-FOR-US: Tenda
CVE-2023-48958 (gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in
gf_mpd_ ...)
- gpac
+ [buster] - gpac (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2689
NOTE: Fixed by:
https://github.com/gpac/gpac/commit/249c9fc18704e6d3cb6a4b173034a41aa570e7e4
CVE-2023-48325 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
@@ -122,6 +123,7 @@ CVE-2023-46974 (Cross Site Scripting vulnerability in Best
Courier Management Sy
NOT-FOR-US: Best Courier Management System
CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box
contains a mem ...)
- gpac
+ [buster] - gpac (EOL in Buster LTS)
NOTE: https://github.com/gpac/gpac/issues/2658
NOTE: Fixed by:
https://github.com/gpac/gpac/commit/03760e34d32e502a0078b20d15ea83ecaf453a5c
CVE-2023-46641 (Server-Side Request Forgery (SSRF) vulnerability in Code for
Recovery ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ab4b0c1ff3407f01305d852574170f58bbed4e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8ab4b0c1ff3407f01305d852574170f58bbed4e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Correct version for weborf via bookworm-pu
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5f4c9fc6 by Salvatore Bonaccorso at 2023-12-07T23:04:01+01:00 Correct version for weborf via bookworm-pu - - - - - 1 changed file: - data/next-point-update.txt Changes: = data/next-point-update.txt = @@ -7,7 +7,7 @@ CVE-2023-40743 CVE-2023-45143 [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u2 CVE-2023-46586 - [bookworm] - weborf 0.19-3 + [bookworm] - weborf 0.19-2.1+deb12u1 CVE-2023-42117 [bookworm] - exim4 4.96-15+deb12u3 CVE-2023-42119 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f4c9fc6dc1e609d02e9f7d6610fcdfe35d34f02 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f4c9fc6dc1e609d02e9f7d6610fcdfe35d34f02 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues addressed via unstable upload
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 40ebf28d by Salvatore Bonaccorso at 2023-12-07T22:34:21+01:00 Track fixed version for chromium issues addressed via unstable upload - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -380,19 +380,19 @@ CVE-2023-41268 (Improper input validation vulnerability in Samsung Open Source E CVE-2023-40053 (A vulnerability has been identified within Serv-U 15.4 that allows an ...) NOT-FOR-US: SolarWinds CVE-2023-6512 (Inappropriate implementation in Web Browser UI in Google Chrome prior ...) - - chromium + - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-6511 (Inappropriate implementation in Autofill in Google Chrome prior to 120 ...) - - chromium + - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-6510 (Use after free in Media Capture in Google Chrome prior to 120.0.6099.6 ...) - - chromium + - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-6509 (Use after free in Side Panel Search in Google Chrome prior to 120.0.60 ...) - - chromium + - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-6508 (Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 ...) - - chromium + - chromium 120.0.6099.71-1 [buster] - chromium (see DSA 5046) CVE-2023-39326 (A malicious HTTP sender can use chunk extensions to cause a receiver r ...) - golang-1.21 1.21.5-1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40ebf28d8d69d9828e0bb39b0b7c4bd8c4a75454 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40ebf28d8d69d9828e0bb39b0b7c4bd8c4a75454 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5a966ea by Salvatore Bonaccorso at 2023-12-07T22:27:21+01:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -127,7 +127,7 @@ CVE-2023-46871 (GPAC version
2.3-DEV-rev602-ged8424300-master in MP4Box contains
CVE-2023-46641 (Server-Side Request Forgery (SSRF) vulnerability in Code for
Recovery ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45762 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41905 (NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected
Cross-Site scr ...)
NOT-FOR-US: NETSCOUT nGeniusONE
CVE-2023-41804 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm
Force S ...)
@@ -151,13 +151,13 @@ CVE-2023-40300 (NETSCOUT nGeniusPULSE 3.8 has a Hardcoded
Cryptographic Key.)
CVE-2023-39909 (Ericsson Network Manager before 23.2 mishandles Access Control
and thu ...)
NOT-FOR-US: Ericsson Network Manager
CVE-2023-39172 (The affected devices transmit sensitive information
unencrypted allowi ...)
- TODO: check
+ NOT-FOR-US: SENEC Home
CVE-2023-39171 (SENEC Storage Box V1,V2 and V3 accidentially expose a
management UI ac ...)
NOT-FOR-US: SENEC Storage Box
CVE-2023-39170
REJECTED
CVE-2023-39169 (The affected devices use publicly available default
credentials with a ...)
- TODO: check
+ NOT-FOR-US: SENEC Home
CVE-2023-39168
REJECTED
CVE-2023-39167 (InSENEC Storage Box V1,V2 and V3 an unauthenticated remote
attacker ca ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5a966ea22899a8f784e22938bf60f3c652fd753
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5a966ea22899a8f784e22938bf60f3c652fd753
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-46871/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20cf7e53 by Salvatore Bonaccorso at 2023-12-07T22:26:53+01:00
Add CVE-2023-46871/gpac
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -121,7 +121,9 @@ CVE-2023-47440 (Gladys Assistant v4.27.0 and prior is
vulnerable to Directory Tr
CVE-2023-46974 (Cross Site Scripting vulnerability in Best Courier Management
System v ...)
NOT-FOR-US: Best Courier Management System
CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box
contains a mem ...)
- TODO: check
+ - gpac
+ NOTE: https://github.com/gpac/gpac/issues/2658
+ NOTE: Fixed by:
https://github.com/gpac/gpac/commit/03760e34d32e502a0078b20d15ea83ecaf453a5c
CVE-2023-46641 (Server-Side Request Forgery (SSRF) vulnerability in Code for
Recovery ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45762 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in M ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20cf7e5344dd62e69ea161c9de309b1b05403546
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20cf7e5344dd62e69ea161c9de309b1b05403546
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-48958/gpac
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
afdcb393 by Salvatore Bonaccorso at 2023-12-07T22:26:18+01:00
Add CVE-2023-48958/gpac
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -107,7 +107,9 @@ CVE-2023-49403 (Tenda W30E V16.01.0.12(4843) was discovered
to contain a command
CVE-2023-49402 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack
overflo ...)
NOT-FOR-US: Tenda
CVE-2023-48958 (gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in
gf_mpd_ ...)
- TODO: check
+ - gpac
+ NOTE: https://github.com/gpac/gpac/issues/2689
+ NOTE: Fixed by:
https://github.com/gpac/gpac/commit/249c9fc18704e6d3cb6a4b173034a41aa570e7e4
CVE-2023-48325 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
NOT-FOR-US: WordPress plugin
CVE-2023-47779 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afdcb393f8c92438cc79a625ba0da0a1dde1494f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/afdcb393f8c92438cc79a625ba0da0a1dde1494f
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new issues in libde265 (upstream status not fully clarified)
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 42a75821 by Salvatore Bonaccorso at 2023-12-07T21:50:39+01:00 Add new issues in libde265 (upstream status not fully clarified) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -39,11 +39,15 @@ CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective cross-si CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) NOT-FOR-US: DedeCMS CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer overflow vu ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/432 + NOTE: Fixed by: https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/434 CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) - TODO: check + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/435 CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - libheif NOTE: https://github.com/strukturag/libheif/issues/1044 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42a75821d7aaa9714aa2cb11bc43e7d365a0dfbb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/42a75821d7aaa9714aa2cb11bc43e7d365a0dfbb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add new libheif issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6ff52722 by Salvatore Bonaccorso at 2023-12-07T21:29:45+01:00 Add new libheif issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45,13 +45,19 @@ CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflo CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) TODO: check CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - TODO: check + - libheif + NOTE: https://github.com/strukturag/libheif/issues/1044 + NOTE: https://github.com/strukturag/libheif/pull/1049 + NOTE: https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287 CVE-2023-49463 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - TODO: check + - libheif + NOTE: https://github.com/strukturag/libheif/issues/1042 CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - TODO: check + - libheif + NOTE: https://github.com/strukturag/libheif/issues/1043 CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) - TODO: check + - libheif + NOTE: https://github.com/strukturag/libheif/issues/1046 CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) NOT-FOR-US: Tenda CVE-2023-49436 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ff52722e5b94d88ef3f4f80b57c9a1c88ad4856 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ff52722e5b94d88ef3f4f80b57c9a1c88ad4856 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 26a8bcde by Salvatore Bonaccorso at 2023-12-07T21:26:30+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,43 +1,43 @@ CVE-2023-6588 (Offline mode is always enabled, even if permission disallows it, in D ...) - TODO: check + NOT-FOR-US: Devolutions Server CVE-2023-6575 (A vulnerability was found in Beijing Baichuo S210 up to 20231121. It h ...) - TODO: check + NOT-FOR-US: Beijing Baichuo S210 CVE-2023-6574 (A vulnerability was found in Beijing Baichuo Smart S20 up to 20231120 ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S20 CVE-2023-6333 (The affected ControlByWeb Relay products are vulnerable to a stored cr ...) - TODO: check + NOT-FOR-US: ControlByWeb Relay CVE-2023-50164 (An attacker can manipulate file upload params to enable paths traversa ...) - libstruts1.2-java NOTE: https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj NOTE: https://cwiki.apache.org/confluence/display/WW/S2-066 CVE-2023-50002 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-50001 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-5 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-4486 (Under certain circumstances, invalid authentication credentials could ...) - TODO: check + NOT-FOR-US: Johnson Controls Metasys NAE55, SNE, and SNC engines CVE-2023-4 (Tenda W30E V16.01.0.12(4843) was discovered to contain a command injec ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49967 (Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blo ...) - TODO: check + NOT-FOR-US: Typecho CVE-2023-49958 (An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (O ...) - TODO: check + NOT-FOR-US: Dalmann OCPP.Core CVE-2023-49957 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Op ...) - TODO: check + NOT-FOR-US: Dalmann OCPP.Core CVE-2023-49956 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Op ...) - TODO: check + NOT-FOR-US: Dalmann OCPP.Core CVE-2023-49955 (An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Op ...) - TODO: check + NOT-FOR-US: Dalmann OCPP.Core CVE-2023-49787 REJECTED CVE-2023-49746 (Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team S ...) - TODO: check + NOT-FOR-US: Softaculous Team SpeedyCache CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer overflow vu ...) TODO: check CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) @@ -53,93 +53,93 @@ CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violati CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) TODO: check CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49436 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49435 (Tenda AX9 V22.03.01.46 is vulnerable to command injection.) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49434 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49433 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49432 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49431 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49430 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49429 (Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injecti ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-49428 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-50164/libstruts1.2-java
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c637e03f by Salvatore Bonaccorso at 2023-12-07T21:24:27+01:00 Add CVE-2023-50164/libstruts1.2-java Similarly as per CVE-2023-41835 this actually might be just not-affected for the 1.2 series versions. It is though unclear if upstream just only consider 2. versions onwards for advisories since the 1.2 based versions were long deprecated and not supported. The information so in this CVE entry might be wrong but safe on the side of marking it potentially wrong as affected. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,7 +7,9 @@ CVE-2023-6574 (A vulnerability was found in Beijing Baichuo Smart S20 up to 2023 CVE-2023-6333 (The affected ControlByWeb Relay products are vulnerable to a stored cr ...) TODO: check CVE-2023-50164 (An attacker can manipulate file upload params to enable paths traversa ...) - TODO: check + - libstruts1.2-java + NOTE: https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj + NOTE: https://cwiki.apache.org/confluence/display/WW/S2-066 CVE-2023-50002 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) TODO: check CVE-2023-50001 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c637e03fb00c682376b6746ce9ce84030befe39e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c637e03fb00c682376b6746ce9ce84030befe39e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-39968/jupyter-server
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1515939 by Salvatore Bonaccorso at 2023-12-07T21:14:37+01:00 Add Debian bug reference for CVE-2023-39968/jupyter-server - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -16564,7 +16564,7 @@ CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows - ming CVE-2023-39968 (jupyter-server is the backend for Jupyter web applications. Open Redir ...) [experimental] - jupyter-server 2.9.1-1 - - jupyter-server + - jupyter-server (bug #1057739) [bookworm] - jupyter-server (Minor issue) [bullseye] - jupyter-server (Minor issue) NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a15159393e87504ebf6ca13c903e60ee46d65ebc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a15159393e87504ebf6ca13c903e60ee46d65ebc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 110c6fa7 by security tracker role at 2023-12-07T20:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,161 @@ +CVE-2023-6588 (Offline mode is always enabled, even if permission disallows it, in D ...) + TODO: check +CVE-2023-6575 (A vulnerability was found in Beijing Baichuo S210 up to 20231121. It h ...) + TODO: check +CVE-2023-6574 (A vulnerability was found in Beijing Baichuo Smart S20 up to 20231120 ...) + TODO: check +CVE-2023-6333 (The affected ControlByWeb Relay products are vulnerable to a stored cr ...) + TODO: check +CVE-2023-50164 (An attacker can manipulate file upload params to enable paths traversa ...) + TODO: check +CVE-2023-50002 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + TODO: check +CVE-2023-50001 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + TODO: check +CVE-2023-5 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + TODO: check +CVE-2023-4486 (Under certain circumstances, invalid authentication credentials could ...) + TODO: check +CVE-2023-4 (Tenda W30E V16.01.0.12(4843) was discovered to contain a command injec ...) + TODO: check +CVE-2023-49967 (Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blo ...) + TODO: check +CVE-2023-49958 (An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (O ...) + TODO: check +CVE-2023-49957 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Op ...) + TODO: check +CVE-2023-49956 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Op ...) + TODO: check +CVE-2023-49955 (An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Op ...) + TODO: check +CVE-2023-49787 + REJECTED +CVE-2023-49746 (Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team S ...) + TODO: check +CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) + TODO: check +CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) + TODO: check +CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer overflow vu ...) + TODO: check +CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) + TODO: check +CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) + TODO: check +CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2023-49463 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) + TODO: check +CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) + TODO: check +CVE-2023-49436 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) + TODO: check +CVE-2023-49435 (Tenda AX9 V22.03.01.46 is vulnerable to command injection.) + TODO: check +CVE-2023-49434 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) + TODO: check +CVE-2023-49433 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) + TODO: check +CVE-2023-49432 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) + TODO: check +CVE-2023-49431 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) + TODO: check +CVE-2023-49430 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) + TODO: check +CVE-2023-49429 (Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injecti ...) + TODO: check +CVE-2023-49428 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) + TODO: check +CVE-2023-49426 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) + TODO: check +CVE-2023-49425 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) + TODO: check +CVE-2023-49424 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) + TODO: check +CVE-2023-49411 (Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability v ...) + TODO: check +CVE-2023-49410 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + TODO: check +CVE-2023-49409 (Tenda AX3 V16.03.12.11 was discovered to contain a Command
[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 14999e09 by Salvatore Bonaccorso at 2023-12-07T21:02:00+01:00 Process more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,7 +17,7 @@ CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to unauth CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access Point pro ...) NOT-FOR-US: Ruckus CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows local at ...) - TODO: check + NOT-FOR-US: TTplayer CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication ...) NOT-FOR-US: TOTOLINK CVE-2023-48841 (Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Languag ...) @@ -53,7 +53,7 @@ CVE-2023-48825 (Availability Booking Calendar 5.0 is vulnerable to Multiple HTML CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (X ...) NOT-FOR-US: BoidCMS CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier Manageme ...) - TODO: check + NOT-FOR-US: GaatiTrack Courier Management System CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking Calendar ...) NOT-FOR-US: Availability Booking Calendar CVE-2023-48207 (Availability Booking Calendar 5.0 allows CSV injection via the unique ...) @@ -71,7 +71,7 @@ CVE-2023-46354 (In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < CVE-2023-46353 (In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPre ...) NOT-FOR-US: PrestaShop module CVE-2023-46307 (An issue was discovered in server.js in etcd-browser 87ae63d75260. By ...) - TODO: check + NOT-FOR-US: etcd-browser CVE-2023-43304 (An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to s ...) NOT-FOR-US: PARK DANDAN mini-app on Line CVE-2023-43303 (An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attac ...) @@ -247,7 +247,7 @@ CVE-2023-6448 (Unitronics Vision Series PLCs and HMIs use default administrative CVE-2023-6357 (A low-privileged remote attacker could exploit the vulnerability and i ...) NOT-FOR-US: CODESYS CVE-2023-6180 (The tokio-boring library in version 4.0.0 is affected by a memory leak ...) - TODO: check + NOT-FOR-US: tokio-boring Rust library CVE-2023-49448 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) NOT-FOR-US: JFinalCMS CVE-2023-49447 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) @@ -191865,7 +191865,7 @@ CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...) NOT-FOR-US: Brocade CVE-2021-27795 (Brocade Fabric OS (FOS) hardware platforms running any version of Bro ...) - TODO: check + NOT-FOR-US: Broadcom (various producs relating to Brocade Fabric OS hardware and software) CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...) NOT-FOR-US: Brocade Fabric OS CVE-2021-27793 (ntermittent authorization failure in aaa tacacs+ with Brocade Fabric O ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14999e094e5f382b2e31361e1b73afdf11bc1f6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14999e094e5f382b2e31361e1b73afdf11bc1f6b You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] nuget removed
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 808b3bd6 by Moritz Muehlenhoff at 2023-12-07T21:00:14+01:00 nuget removed - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35956,7 +35956,7 @@ CVE-2023-29339 CVE-2023-29338 (Visual Studio Code Spoofing Vulnerability) NOT-FOR-US: Microsoft CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability) - - nuget (bug #1050835) + - nuget (bug #1050835) [bookworm] - nuget (Minor issue) [bullseye] - nuget (Minor issue) [buster] - nuget (Can wait for next update) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/808b3bd66bf259890654feee44d6687d74f3b16e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/808b3bd66bf259890654feee44d6687d74f3b16e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim haproxy.
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker Commits: c2c15f64 by Chris Lamb at 2023-12-07T17:26:21+00:00 data/dla-needed.txt: Claim haproxy. - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -66,7 +66,7 @@ dogecoin frr NOTE: 20231119: Added by Front-Desk (apo) -- -haproxy +haproxy (Chris Lamb) NOTE: 20231206: Added by Front-Desk (ta) -- i2p View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2c15f64e66a6d32082ffcef391b200ec78b4520 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2c15f64e66a6d32082ffcef391b200ec78b4520 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DLA-3684-1 for tzdata
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d7e704dc by Emilio Pozuelo Monfort at 2023-12-07T10:35:12+01:00
Reserve DLA-3684-1 for tzdata
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=
data/DLA/list
=
@@ -1,3 +1,5 @@
+[07 Dec 2023] DLA-3684-1 tzdata - new timezone database
+ [buster] - tzdata 2021a-0+deb10u12
[05 Dec 2023] DLA-3683-1 roundcube - security update
{CVE-2023-47272}
[buster] - roundcube 1.3.17+dfsg.1-1~deb10u5
=
data/dla-needed.txt
=
@@ -226,9 +226,6 @@ tomcat9
tor
NOTE: 20231119: Added by Front-Desk (apo)
--
-tzdata (Emilio)
- NOTE: 20231206: Added by pochu
---
varnish (Abhijith PA)
NOTE: 20231117: Added by Front-Desk (apo)
NOTE: 20231204: Working on pre commits for CVE-2023-44487,
https://github.com/varnishcache/varnish-cache/pull/4004
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e704dcd46b9064c7df6bfc96c79d9115802751
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e704dcd46b9064c7df6bfc96c79d9115802751
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 02479081 by Salvatore Bonaccorso at 2023-12-07T09:57:02+01:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,7 +15,7 @@ CVE-2023-5711 (The System Dashboard plugin for WordPress is vulnerable to unauth CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) NOT-FOR-US: WordPress plugin CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access Point pro ...) - TODO: check + NOT-FOR-US: Ruckus CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows local at ...) TODO: check CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication ...) @@ -55,45 +55,45 @@ CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Script CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier Manageme ...) TODO: check CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking Calendar ...) - TODO: check + NOT-FOR-US: Availability Booking Calendar CVE-2023-48207 (Availability Booking Calendar 5.0 allows CSV injection via the unique ...) - TODO: check + NOT-FOR-US: Availability Booking Calendar CVE-2023-48206 (A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Manag ...) - TODO: check + NOT-FOR-US: GaatiTrack CourierManagement System CVE-2023-48205 (Jorani Leave Management System 1.0.2 allows a remote attacker to spoof ...) - TODO: check + NOT-FOR-US: Jorani Leave Management System CVE-2023-48172 (A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software ...) - TODO: check + NOT-FOR-US: Shuttle Booking Software CVE-2023-46916 (Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An att ...) - TODO: check + NOT-FOR-US: Maxima Max Pro Power CVE-2023-46354 (In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46353 (In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPre ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-46307 (An issue was discovered in server.js in etcd-browser 87ae63d75260. By ...) TODO: check CVE-2023-43304 (An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to s ...) - TODO: check + NOT-FOR-US: PARK DANDAN mini-app on Line CVE-2023-43303 (An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attac ...) - TODO: check + NOT-FOR-US: craftbeer bar canvas mini-app on Line CVE-2023-43302 (An issue in sanTas mini-app on Line v13.6.1 allows attackers to send c ...) - TODO: check + NOT-FOR-US: sanTas mini-app on Line CVE-2023-43301 (An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers ...) - TODO: check + NOT-FOR-US: DARTS SHOP MAXIM mini-app on Line CVE-2023-43300 (An issue in urban_project mini-app on Line v13.6.1 allows attackers to ...) - TODO: check + NOT-FOR-US: urban_project mini-app on Line CVE-2023-43299 (An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to s ...) - TODO: check + NOT-FOR-US: DA BUTCHERS mini-app on Line CVE-2023-43298 (An issue in SCOL Members Card mini-app on Line v13.6.1 allows attacker ...) - TODO: check + NOT-FOR-US: SCOL Members Card mini-app on Line CVE-2023-43103 (An XSS issue was discovered in a web endpoint in Zimbra Collaboration ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2023-43102 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. A ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2023-41106 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. A ...) - TODO: check + NOT-FOR-US: Zimbra CVE-2023-40238 (A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O w ...) - TODO: check + NOT-FOR-US: Insyde CVE-2023-6560 [io_uring out of boundary memory access in __io_uaddr_map()] - linux [bookworm] - linux (Vulnerable code not present) @@ -40626,7 +40626,7 @@ CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version < 1 CVE-2023-28018 RESERVED CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack where a ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...) NOT-FOR-US: HCL CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...) View it on GitLab:
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 95fe23c0 by Salvatore Bonaccorso at 2023-12-07T09:45:14+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,57 +1,57 @@ CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlf ...) - TODO: check + NOT-FOR-US: mlflow CVE-2023-6566 (Business Logic Errors in GitHub repository microweber/microweber prior ...) - TODO: check + NOT-FOR-US: microweber CVE-2023-5761 (The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5714 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5713 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5712 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5711 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access Point pro ...) TODO: check CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows local at ...) TODO: check CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-48841 (Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Languag ...) - TODO: check + NOT-FOR-US: Appointment Scheduler CVE-2023-48840 (A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3 ...) - TODO: check + NOT-FOR-US: Appointment Scheduler CVE-2023-48839 (Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site ...) - TODO: check + NOT-FOR-US: Appointment Scheduler CVE-2023-48838 (Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection iss ...) - TODO: check + NOT-FOR-US: Appointment Scheduler CVE-2023-48837 (Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues ...) - TODO: check + NOT-FOR-US: Car Rental Script CVE-2023-48836 (Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scri ...) - TODO: check + NOT-FOR-US: Car Rental Script CVE-2023-48835 (Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > ...) - TODO: check + NOT-FOR-US: Car Rental Script CVE-2023-48834 (A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows ...) - TODO: check + NOT-FOR-US: Car Rental Script CVE-2023-48833 (A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Cale ...) - TODO: check + NOT-FOR-US: Time Slots Booking Calendar CVE-2023-48831 (A lack of rate limiting in pjActionAJaxSend in Availability Booking Ca ...) - TODO: check + NOT-FOR-US: Availability Booking Calendar CVE-2023-48830 (Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Lan ...) - TODO: check + NOT-FOR-US: Shuttle Booking Software CVE-2023-48828 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross ...) - TODO: check + NOT-FOR-US: Time Slots Booking Calendar CVE-2023-48827 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injecti ...) - TODO: check + NOT-FOR-US: Time Slots Booking Calendar CVE-2023-48826 (Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the ...) - TODO: check + NOT-FOR-US: Time Slots Booking Calendar CVE-2023-48825 (Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injec ...) - TODO: check + NOT-FOR-US: Availability Booking Calendar CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (X ...) - TODO: check + NOT-FOR-US: BoidCMS CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier Manageme ...) TODO: check CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking Calendar ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fe23c079c534650a0a54691a04de7ec5e06d88 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95fe23c079c534650a0a54691a04de7ec5e06d88 You're receiving this email because of your account on salsa.debian.org.
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 573070b7 by security tracker role at 2023-12-07T08:12:06+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,99 @@ +CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlf ...) + TODO: check +CVE-2023-6566 (Business Logic Errors in GitHub repository microweber/microweber prior ...) + TODO: check +CVE-2023-5761 (The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress p ...) + TODO: check +CVE-2023-5714 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2023-5713 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2023-5712 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2023-5711 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + TODO: check +CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access Point pro ...) + TODO: check +CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows local at ...) + TODO: check +CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication ...) + TODO: check +CVE-2023-48841 (Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Languag ...) + TODO: check +CVE-2023-48840 (A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3 ...) + TODO: check +CVE-2023-48839 (Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site ...) + TODO: check +CVE-2023-48838 (Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection iss ...) + TODO: check +CVE-2023-48837 (Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues ...) + TODO: check +CVE-2023-48836 (Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scri ...) + TODO: check +CVE-2023-48835 (Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > ...) + TODO: check +CVE-2023-48834 (A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows ...) + TODO: check +CVE-2023-48833 (A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Cale ...) + TODO: check +CVE-2023-48831 (A lack of rate limiting in pjActionAJaxSend in Availability Booking Ca ...) + TODO: check +CVE-2023-48830 (Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Lan ...) + TODO: check +CVE-2023-48828 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross ...) + TODO: check +CVE-2023-48827 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injecti ...) + TODO: check +CVE-2023-48826 (Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the ...) + TODO: check +CVE-2023-48825 (Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injec ...) + TODO: check +CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (X ...) + TODO: check +CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier Manageme ...) + TODO: check +CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking Calendar ...) + TODO: check +CVE-2023-48207 (Availability Booking Calendar 5.0 allows CSV injection via the unique ...) + TODO: check +CVE-2023-48206 (A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Manag ...) + TODO: check +CVE-2023-48205 (Jorani Leave Management System 1.0.2 allows a remote attacker to spoof ...) + TODO: check +CVE-2023-48172 (A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software ...) + TODO: check +CVE-2023-46916 (Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An att ...) + TODO: check +CVE-2023-46354 (In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 ...) + TODO: check +CVE-2023-46353 (In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPre ...) + TODO: check +CVE-2023-46307 (An issue was discovered in server.js in etcd-browser 87ae63d75260. By ...) + TODO: check +CVE-2023-43304 (An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to s ...) + TODO: check +CVE-2023-43303 (An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attac ...) + TODO: check +CVE-2023-43302 (An issue in sanTas mini-app on Line v13.6.1 allows attackers to send c ...) + TODO: check +CVE-2023-43301 (An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers ...) +
