[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 1 21:12:42 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
510617e6 by security tracker role at 2023-08-01T20:12:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,41 @@
-CVE-2023-4058
+CVE-2023-3718 (An authenticated command injection vulnerability exists in the AOS-CX  ...)
+	TODO: check
+CVE-2023-39147 (An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attacker ...)
+	TODO: check
+CVE-2023-39110 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...)
+	TODO: check
+CVE-2023-39109 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...)
+	TODO: check
+CVE-2023-39108 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...)
+	TODO: check
+CVE-2023-38560 (An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_ ...)
+	TODO: check
+CVE-2023-38559 (A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_w ...)
+	TODO: check
+CVE-2023-38357 (Session tokens in RWS WorldServer 11.7.3 and earlier have a low entrop ...)
+	TODO: check
+CVE-2023-37478 (pnpm is a package manager. It is possible to construct a tarball that, ...)
+	TODO: check
+CVE-2023-36211 (The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting  ...)
+	TODO: check
+CVE-2023-36210 (MotoCMS Version 3.4.3 Store Category Template was discovered to contai ...)
+	TODO: check
+CVE-2023-34634 (Greenshot 1.2.10 and below allows arbitrary code execution because .NE ...)
+	TODO: check
+CVE-2023-34552 (In certain EZVIZ products, two stack based buffer overflows in mulicas ...)
+	TODO: check
+CVE-2023-34551 (In certain EZVIZ products, two stack buffer overflows in netClientSetW ...)
+	TODO: check
+CVE-2023-33493 (An Unrestricted Upload of File with Dangerous Type vulnerability in th ...)
+	TODO: check
+CVE-2023-32302 (Silverstripe Framework is the MVC framework that powers Silverstripe C ...)
+	TODO: check
+CVE-2023-31710 (TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1. ...)
+	TODO: check
+CVE-2023-4058 (Memory safety bugs present in Firefox 115. Some of these bugs showed e ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4058
-CVE-2023-4057
+CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thun ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	[bookworm] - firefox-esr <not-affected> (Only affects Firefox ESR 115.1)
@@ -9,66 +43,66 @@ CVE-2023-4057
 	[buster] - firefox-esr <not-affected> (Only affects Firefox ESR 115.1)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4057
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
-CVE-2023-4056
+CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4056
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4056
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056
-CVE-2023-4055
+CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4055
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055
-CVE-2023-4054
+CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that these ...)
 	- firefox <not-affected> (Affects only Firefox on Windows)
 	- firefox-esr <not-affected> (Affects only Firefox on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4054
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4054
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4054
-CVE-2023-4053
+CVE-2023-4053 (A website could have obscured the full screen notification by using a  ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053
-CVE-2023-4052
+CVE-2023-4052 (The Firefox updater created a directory writable by non-privileged use ...)
 	- firefox <not-affected> (Affects only Firefox on Windows)
 	- firefox-esr <not-affected> (Affects only Firefox ESR 115.0.1 on Windows)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4052
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4052
-CVE-2023-4051
+CVE-2023-4051 (A website could have obscured the full screen notification by using th ...)
 	- firefox <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
-CVE-2023-4050
+CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer  ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4050
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4050
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4050
-CVE-2023-4049
+CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4049
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4049
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4049
-CVE-2023-4048
+CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4048
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4048
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4048
-CVE-2023-4047
+CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4047
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4047
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4047
-CVE-2023-4046
+CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4046
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4046
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4046
-CVE-2023-4045
+CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4045
@@ -3702,7 +3736,7 @@ CVE-2023-36183 (Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and befo
 	NOTE: https://github.com/OpenImageIO/oiio/issues/3871
 	NOTE: https://github.com/OpenImageIO/oiio/commit/aad99bad9a4f6b965f99a291f9c67458c8c982e8 (master)
 	NOTE: https://github.com/OpenImageIO/oiio/commit/749a557b5eed75a1b1c728e6287e4ca8e2e0be1e (v2.4.13.0)
-CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remot ...)
+CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier a ...)
 	NOT-FOR-US: ZZCMS
 CVE-2023-35935
 	REJECTED
@@ -3753,7 +3787,8 @@ CVE-2023-3491 (Unrestricted Upload of File with Dangerous Type in GitHub reposit
 	NOT-FOR-US: fossbilling
 CVE-2023-3490 (SQL Injection in GitHub repository fossbilling/fossbilling prior to 0. ...)
 	NOT-FOR-US: fossbilling
-CVE-2023-3117 (A use-after-free flaw was found in the Netfilter subsystem of the Linu ...)
+CVE-2023-3117
+	REJECTED
 	NOTE: duplicate of CVE-2023-3390, see https://bugzilla.redhat.com/show_bug.cgi?id=2213260
 CVE-2023-36812 (OpenTSDB is a open source, distributed, scalable Time Series Database  ...)
 	NOT-FOR-US: OpenTSDB
@@ -32472,8 +32507,8 @@ CVE-2023-23775
 	RESERVED
 CVE-2023-23549
 	RESERVED
-CVE-2023-23548
-	RESERVED
+CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...)
+	TODO: check
 CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...)
 	- check-mk <removed>
 CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions < ...)
@@ -53045,8 +53080,8 @@ CVE-2023-20585
 	RESERVED
 CVE-2023-20584
 	RESERVED
-CVE-2023-20583
-	RESERVED
+CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors may all ...)
+	TODO: check
 CVE-2023-20582
 	RESERVED
 CVE-2023-20581
@@ -65076,10 +65111,10 @@ CVE-2022-39989 (An issue was discovered in Fighting Cock Information System 1.0,
 	NOT-FOR-US: Fighting Cock Information System
 CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows  ...)
 	- centreon-web <itp> (bug #913903)
-CVE-2022-39987
-	RESERVED
-CVE-2022-39986
-	RESERVED
+CVE-2022-39987 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an ...)
+	TODO: check
+CVE-2022-39986 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows un ...)
+	TODO: check
 CVE-2022-39985
 	RESERVED
 CVE-2022-39984
@@ -127091,7 +127126,7 @@ CVE-2021-43756 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affe
 	NOT-FOR-US: Adobe
 CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...)
 	NOT-FOR-US: Adobe
-CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by a memory cor ...)
+CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by an Out-of-bo ...)
 	NOT-FOR-US: Adobe
 CVE-2021-43753
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510617e6dc5419d406e9505a6c917c4fab953469

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510617e6dc5419d406e9505a6c917c4fab953469
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230801/f383b8c4/attachment.htm>

More information about the debian-security-tracker-commits mailing list