[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 15 21:12:44 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9290ebc5 by security tracker role at 2023-08-15T20:12:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,163 @@
+CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as prob ...)
+ TODO: check
+CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...)
+ TODO: check
+CVE-2023-4368 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
+ TODO: check
+CVE-2023-4367 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
+ TODO: check
+CVE-2023-4366 (Use after free in Extensions in Google Chrome prior to 116.0.5845.96 a ...)
+ TODO: check
+CVE-2023-4365 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...)
+ TODO: check
+CVE-2023-4364 (Inappropriate implementation in Permission Prompts in Google Chrome pr ...)
+ TODO: check
+CVE-2023-4363 (Inappropriate implementation in WebShare in Google Chrome on Android p ...)
+ TODO: check
+CVE-2023-4362 (Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845 ...)
+ TODO: check
+CVE-2023-4361 (Inappropriate implementation in Autofill in Google Chrome on Android p ...)
+ TODO: check
+CVE-2023-4360 (Inappropriate implementation in Color in Google Chrome prior to 116.0. ...)
+ TODO: check
+CVE-2023-4359 (Inappropriate implementation in App Launcher in Google Chrome on iOS p ...)
+ TODO: check
+CVE-2023-4358 (Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed ...)
+ TODO: check
+CVE-2023-4357 (Insufficient validation of untrusted input in XML in Google Chrome pri ...)
+ TODO: check
+CVE-2023-4356 (Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowe ...)
+ TODO: check
+CVE-2023-4355 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...)
+ TODO: check
+CVE-2023-4354 (Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 a ...)
+ TODO: check
+CVE-2023-4353 (Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 ...)
+ TODO: check
+CVE-2023-4352 (Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a ...)
+ TODO: check
+CVE-2023-4351 (Use after free in Network in Google Chrome prior to 116.0.5845.96 allo ...)
+ TODO: check
+CVE-2023-4350 (Inappropriate implementation in Fullscreen in Google Chrome on Android ...)
+ TODO: check
+CVE-2023-4349 (Use after free in Device Trust Connectors in Google Chrome prior to 11 ...)
+ TODO: check
+CVE-2023-4345 (Broadcom RAID Controller web interface is vulnerable client-side contr ...)
+ TODO: check
+CVE-2023-4344 (Broadcom RAID Controller web interface is vulnerable to insufficient r ...)
+ TODO: check
+CVE-2023-4343 (Broadcom RAID Controller web interface is vulnerable due to exposure o ...)
+ TODO: check
+CVE-2023-4342 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...)
+ TODO: check
+CVE-2023-4341 (Broadcom RAID Controller is vulnerable to Privilege escalation to root ...)
+ TODO: check
+CVE-2023-4340 (Broadcom RAID Controller is vulnerable to Privilege escalation by taki ...)
+ TODO: check
+CVE-2023-4339 (Broadcom RAID Controller web interface is vulnerable to exposure of pr ...)
+ TODO: check
+CVE-2023-4338 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...)
+ TODO: check
+CVE-2023-4337 (Broadcom RAID Controller web interface is vulnerable to improper sessi ...)
+ TODO: check
+CVE-2023-4336 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...)
+ TODO: check
+CVE-2023-4335 (Broadcom RAID Controller Web server (nginx) is serving private server- ...)
+ TODO: check
+CVE-2023-4334 (Broadcom RAID Controller Web server (nginx) is serving private files w ...)
+ TODO: check
+CVE-2023-4333 (Broadcom RAID Controller web interface is vulnerable to exposure of s ...)
+ TODO: check
+CVE-2023-4332 (Broadcom RAID Controller web interface is vulnerable due to Improper p ...)
+ TODO: check
+CVE-2023-4331 (Broadcom RAID Controller web interface is vulnerable has an insecure d ...)
+ TODO: check
+CVE-2023-4330 (Broadcom RAID Controller web interface is vulnerable Denial of Service ...)
+ TODO: check
+CVE-2023-4329 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...)
+ TODO: check
+CVE-2023-4328 (Broadcom RAID Controller web interface is vulnerable to exposure of s ...)
+ TODO: check
+CVE-2023-4327 (Broadcom RAID Controller web interface is vulnerable to exposure of se ...)
+ TODO: check
+CVE-2023-4326 (Broadcom RAID Controller web interface is vulnerable has an insecure d ...)
+ TODO: check
+CVE-2023-4325 (Broadcom RAID Controller web interface is vulnerable due to usage of L ...)
+ TODO: check
+CVE-2023-4324 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...)
+ TODO: check
+CVE-2023-4323 (Broadcom RAID Controller web interface is vulnerable to improper sessi ...)
+ TODO: check
+CVE-2023-40028 (Ghost is an open source content management system. Versions prior to 5 ...)
+ TODO: check
+CVE-2023-40027 (Keystone is an open source headless CMS for Node.js \u2014 built with ...)
+ TODO: check
+CVE-2023-39843 (Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1 ...)
+ TODO: check
+CVE-2023-39842 (Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Securit ...)
+ TODO: check
+CVE-2023-39841 (Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock ...)
+ TODO: check
+CVE-2023-39662 (An issue in llama_index v.0.7.13 and before allows a remote attacker t ...)
+ TODO: check
+CVE-2023-39661 (An issue in pandas-ai v.0.9.1 and before allows a remote attacker to e ...)
+ TODO: check
+CVE-2023-39659 (An issue in langchain langchain-ai v.0.0.232 and before allows a remot ...)
+ TODO: check
+CVE-2023-39438 (A missing authorization check allows an arbitrary authenticated user t ...)
+ TODO: check
+CVE-2023-38916 (SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote ...)
+ TODO: check
+CVE-2023-38915 (File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote ...)
+ TODO: check
+CVE-2023-38898 (An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ...)
+ TODO: check
+CVE-2023-38896 (An issue in Harrison Chase langchain v.0.0.194 and before allows a rem ...)
+ TODO: check
+CVE-2023-38889 (An issue in Alluxio v.2.9.3 and before allows an attacker to execute a ...)
+ TODO: check
+CVE-2023-38866 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected ...)
+ TODO: check
+CVE-2023-38865 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected ...)
+ TODO: check
+CVE-2023-38864 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
+ TODO: check
+CVE-2023-38863 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
+ TODO: check
+CVE-2023-38862 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...)
+ TODO: check
+CVE-2023-38861 (An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote a ...)
+ TODO: check
+CVE-2023-38860 (An issue in LangChain v.0.0.231 allows a remote attacker to execute ar ...)
+ TODO: check
+CVE-2023-38858 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...)
+ TODO: check
+CVE-2023-38857 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...)
+ TODO: check
+CVE-2023-38856 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...)
+ TODO: check
+CVE-2023-38855 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...)
+ TODO: check
+CVE-2023-38854 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...)
+ TODO: check
+CVE-2023-38853 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...)
+ TODO: check
+CVE-2023-38852 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...)
+ TODO: check
+CVE-2023-38851 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...)
+ TODO: check
+CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an ...)
+ TODO: check
+CVE-2023-38840 (An issue in Bitwarden Bitwarden Desktop v.2023.5.1 allows a local atta ...)
+ TODO: check
+CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual IntranetAccess (VI ...)
+ TODO: check
+CVE-2023-38401 (A vulnerability in the HPE Aruba Networking Virtual Intranet Access (V ...)
+ TODO: check
+CVE-2023-35082 (An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, ...)
+ TODO: check
+CVE-2023-2916 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...)
+ TODO: check
CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...)
NOT-FOR-US: LibreNMS
CVE-2023-4308 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...)
@@ -557,7 +717,7 @@ CVE-2023-32559
CVE-2023-32558
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558
-CVE-2023-32006
+CVE-2023-32006 (The use of `module.constructor.createRequire()` can bypass the policy ...)
- nodejs <unfixed>
[buster] - nodejs <not-affected> (v10.x doesn't support policy manifests)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006
@@ -566,10 +726,10 @@ CVE-2023-32006
CVE-2023-32005
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsstatfs-can-retrive-stats-from-files-restricted-by-the-permission-model-lowcve-2023-32005
-CVE-2023-32004
+CVE-2023-32004 (A vulnerability has been discovered in Node.js version 20, specificall ...)
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permission-model-bypass-by-specifying-a-path-traversal-sequence-in-a-buffer-highcve-2023-32004
-CVE-2023-32003
+CVE-2023-32003 (`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permis ...)
- nodejs <not-affected> (Only affects 20.x and later)
NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsmkdtemp-and-fsmkdtempsync-are-missing-getvalidatedpath-checks-lowcve-2023-32003
CVE-2023-32002
@@ -2150,6 +2310,7 @@ CVE-2023-3997 (Splunk SOAR versions 6.0.2 and earlier are indirectly affected by
CVE-2023-3983 (An authenticated SQL injection vulnerability exists in Advantech iView ...)
NOT-FOR-US: Advantech iView
CVE-2023-3817 (Issue summary: Checking excessively long DH keys or parameters may be ...)
+ {DLA-3530-1}
- openssl 3.0.10-1
[bookworm] - openssl <postponed> (Minor issue, fix along with future DSA)
[bullseye] - openssl <postponed> (Minor issue, fix along with future DSA)
@@ -3373,6 +3534,7 @@ CVE-2023-3745 (A heap-based buffer overflow issue was found in ImageMagick's Pus
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73 (6.9.11-0)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b (6.9.11-0)
CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters may be ...)
+ {DLA-3530-1}
- openssl 3.0.10-1 (bug #1041817)
[bookworm] - openssl <postponed> (Minor issue, fix along with future DSA)
[bullseye] - openssl <postponed> (Minor issue, fix along with future DSA)
@@ -12053,8 +12215,8 @@ CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windo
{DSA-5386-1}
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-2312
- RESERVED
+CVE-2023-2312 (Use after free in Offline in Google Chrome on Android prior to 116.0.5 ...)
+ TODO: check
CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
{DSA-5386-1}
- chromium 112.0.5615.49-1
@@ -13485,8 +13647,8 @@ CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-30779
RESERVED
-CVE-2023-30778
- RESERVED
+CVE-2023-30778 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-30777 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engin ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30776 (An authenticated user with specific data permissions could access data ...)
@@ -13680,8 +13842,8 @@ CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-30748
RESERVED
-CVE-2023-30747
- RESERVED
+CVE-2023-30747 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem Wo ...)
+ TODO: check
CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30745 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan ...)
@@ -14576,8 +14738,8 @@ CVE-2023-30500 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP
NOT-FOR-US: WordPress plugin
CVE-2023-30499
RESERVED
-CVE-2023-30498
- RESERVED
+CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...)
+ TODO: check
CVE-2023-30497
RESERVED
CVE-2023-30496
@@ -20651,8 +20813,8 @@ CVE-2023-28481 (An issue was discovered in Tigergraph Enterprise 3.7.0. There is
TODO: check
CVE-2023-28480 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...)
TODO: check
-CVE-2023-28479
- RESERVED
+CVE-2023-28479 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...)
+ TODO: check
CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Bu ...)
NOT-FOR-US: TP-Link
CVE-2023-28477 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored ...)
@@ -23295,7 +23457,7 @@ CVE-2023-27708
RESERVED
CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...)
NOT-FOR-US: DedeCMS
-CVE-2023-27706 (Bitwarden Desktop v1.20.0 and above stores the biometric key in plaint ...)
+CVE-2023-27706 (Bitwarden Windows desktop application versions prior to v2023.4.0 stor ...)
NOT-FOR-US: Bitwarden
CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer overflow via th ...)
NOT-FOR-US: APNG Optimizer
@@ -24182,8 +24344,8 @@ CVE-2023-26591
RESERVED
CVE-2023-25080
RESERVED
-CVE-2023-24478
- RESERVED
+CVE-2023-24478 (Use of insufficiently random values for some Intel Agilex(R) software ...)
+ TODO: check
CVE-2023-24463
RESERVED
CVE-2023-22312 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...)
@@ -183540,6 +183702,7 @@ CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion vu
CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable from ...)
NOT-FOR-US: Node handsontable
CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...)
+ {DLA-3529-1}
- datatables.js 1.10.21+dfsg-3 (bug #995229)
[bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
[stretch] - datatables.js <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9290ebc57031e9c1c9881d8b56606e463f8bb2aa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9290ebc57031e9c1c9881d8b56606e463f8bb2aa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230815/7b168dd8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list