[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 17 21:13:28 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50bcadf2 by security tracker role at 2023-08-17T20:13:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,91 @@
+CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/ ...)
+ TODO: check
+CVE-2023-4030 (A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen ...)
+ TODO: check
+CVE-2023-4029 (A buffer overflow has been identified in the BoardUpdateAcpiDxe driver ...)
+ TODO: check
+CVE-2023-4028 (A buffer overflow has been identified in the SystemUserMasterHddPwdDxe ...)
+ TODO: check
+CVE-2023-40315 (In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related ...)
+ TODO: check
+CVE-2023-40313 (A BeanShell interpreter in remote server mode runs in OpenMNS Horizon ...)
+ TODO: check
+CVE-2023-40272 (Apache Airflow Spark Provider, versions before 4.1.3, is affected by a ...)
+ TODO: check
+CVE-2023-40168 (TurboWarp is a desktop application that compiles scratch projects to J ...)
+ TODO: check
+CVE-2023-40165 (rubygems.org is the Ruby community's primary gem (library) hosting ser ...)
+ TODO: check
+CVE-2023-3698 (Printer service fails to adequately handle user input, allowing an rem ...)
+ TODO: check
+CVE-2023-3697 (Printer service fails to adequately handle user input, allowing an rem ...)
+ TODO: check
+CVE-2023-3078 (An uncontrolled search path vulnerability was reported in the Lenovo U ...)
+ TODO: check
+CVE-2023-39974 (Exposure of Sensitive Information vulnerability in AcyMailing Enterpri ...)
+ TODO: check
+CVE-2023-39973 (Improper Access Control vulnerability in AcyMailing Enterprise compone ...)
+ TODO: check
+CVE-2023-39972 (Improper Access Control vulnerability in AcyMailing Enterprise compone ...)
+ TODO: check
+CVE-2023-39971 (Improper Neutralization of Input During Web Page Generation vulnerabil ...)
+ TODO: check
+CVE-2023-39970 (Unrestricted Upload of File with Dangerous Type vulnerability in AcyMa ...)
+ TODO: check
+CVE-2023-39743 (lrzip-next LZMA v23.01 was discovered to contain an access violation v ...)
+ TODO: check
+CVE-2023-39741 (lrzip v0.651 was discovered to contain a heap overflow via the libzpaq ...)
+ TODO: check
+CVE-2023-38905 (SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a ...)
+ TODO: check
+CVE-2023-38902 (An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204 ...)
+ TODO: check
+CVE-2023-38843 (An issue in Atlos v.1.0 allows an authenticated attacker to execute ar ...)
+ TODO: check
+CVE-2023-38838 (SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote ...)
+ TODO: check
+CVE-2023-37914 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ TODO: check
+CVE-2023-36847 (A Missing Authentication for Critical Function vulnerability in Junipe ...)
+ TODO: check
+CVE-2023-36846 (A Missing Authentication for Critical Function vulnerability in Junipe ...)
+ TODO: check
+CVE-2023-36845 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...)
+ TODO: check
+CVE-2023-36844 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...)
+ TODO: check
+CVE-2023-36106 (An incorrect access control vulnerability in powerjob 4.3.2 and earlie ...)
+ TODO: check
+CVE-2023-34419 (A buffer overflow has been identified in the SetupUtility driver in so ...)
+ TODO: check
+CVE-2023-34412 (A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX ...)
+ TODO: check
+CVE-2023-31946 (File Upload vulnerability found in Online Travel Agency System v.1.0 a ...)
+ TODO: check
+CVE-2023-31945 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...)
+ TODO: check
+CVE-2023-31944 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...)
+ TODO: check
+CVE-2023-31943 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...)
+ TODO: check
+CVE-2023-31942 (Cross Site Scripting vulnerability found in Online Travel Agency Syste ...)
+ TODO: check
+CVE-2023-31941 (File Upload vulnerability found in Online Travel Agency System v.1.0 a ...)
+ TODO: check
+CVE-2023-31940 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...)
+ TODO: check
+CVE-2023-31939 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...)
+ TODO: check
+CVE-2023-31938 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...)
+ TODO: check
+CVE-2023-2917 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...)
+ TODO: check
+CVE-2023-2915 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...)
+ TODO: check
+CVE-2023-2914 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...)
+ TODO: check
+CVE-2023-2910 (Improper neutralization of special elements used in a command ('Comman ...)
+ TODO: check
CVE-2023-4395 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...)
TODO: check
CVE-2023-4392 (A vulnerability was found in Control iD Gerencia Web 1.30 and classifi ...)
@@ -155,72 +243,94 @@ CVE-2023-39851 (webchess v1.0 was discovered to contain a SQL injection vulnerab
NOT-FOR-US: webchess
CVE-2023-39850 (Schoolmate v1.3 was discovered to contain multiple SQL injection vulne ...)
NOT-FOR-US: Schoolmate
-CVE-2023-39849 (Pikachu v1.0 was discovered to contain a SQL injection vulnerability v ...)
+CVE-2023-39849
+ REJECTED
NOT-FOR-US: Pikachu
-CVE-2023-39848 (DVWA v1.0 was discovered to contain a SQL injection vulnerability via ...)
+CVE-2023-39848
+ REJECTED
NOT-FOR-US: DVWA
CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as prob ...)
NOT-FOR-US: phpRecDB
CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...)
NOT-FOR-US: Systems Extensions in Google Chrome on ChromeOS
CVE-2023-4368 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4367 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4366 (Use after free in Extensions in Google Chrome prior to 116.0.5845.96 a ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4365 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4364 (Inappropriate implementation in Permission Prompts in Google Chrome pr ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4363 (Inappropriate implementation in WebShare in Google Chrome on Android p ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4362 (Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845 ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4361 (Inappropriate implementation in Autofill in Google Chrome on Android p ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4360 (Inappropriate implementation in Color in Google Chrome prior to 116.0. ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4359 (Inappropriate implementation in App Launcher in Google Chrome on iOS p ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4358 (Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4357 (Insufficient validation of untrusted input in XML in Google Chrome pri ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4356 (Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowe ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4355 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4354 (Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 a ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4353 (Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4352 (Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4351 (Use after free in Network in Google Chrome prior to 116.0.5845.96 allo ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4350 (Inappropriate implementation in Fullscreen in Google Chrome on Android ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4349 (Use after free in Device Trust Connectors in Google Chrome prior to 11 ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4345 (Broadcom RAID Controller web interface is vulnerable client-side contr ...)
@@ -355,7 +465,7 @@ CVE-2023-38851 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote a
NOTE: Negligible security impact
CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an ...)
NOT-FOR-US: Codedoc
-CVE-2023-38840 (An issue in Bitwarden Bitwarden Desktop v.2023.5.1 allows a local atta ...)
+CVE-2023-38840 (Bitwarden Windows Desktop v2023.5.1 and below allows an attacker with ...)
NOT-FOR-US: Bitwarden
CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual IntranetAccess (VI ...)
NOT-FOR-US: HPE
@@ -1688,6 +1798,7 @@ CVE-2023-33907 (In Contacts Service, there is a possible missing permission chec
CVE-2023-33906 (In Contacts Service, there is a possible missing permission check.This ...)
NOT-FOR-US: Unisoc
CVE-2022-48579 (UnRAR before 6.2.3 allows extraction of files outside of the destinati ...)
+ {DLA-3535-1}
- unrar-nonfree 1:6.2.3-1
[bullseye] - unrar-nonfree <no-dsa> (Non-free not supported)
NOTE: https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee
@@ -12435,6 +12546,7 @@ CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windo
- chromium 112.0.5615.49-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2312 (Use after free in Offline in Google Chrome on Android prior to 116.0.5 ...)
+ {DSA-5479-1}
- chromium 116.0.5845.96-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
@@ -12893,8 +13005,8 @@ CVE-2023-31093
RESERVED
CVE-2023-31092
RESERVED
-CVE-2023-31091
- RESERVED
+CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prad ...)
+ TODO: check
CVE-2023-31090
RESERVED
CVE-2023-31089
@@ -12926,24 +13038,24 @@ CVE-2023-31081 (An issue was discovered in drivers/media/test-drivers/vidtv/vidt
NOTE: CONFIG_DVB_VIDTV (vidtv driver) not enabled in Debian official configuration
CVE-2023-31080
RESERVED
-CVE-2023-31079
- RESERVED
+CVE-2023-31079 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-31078
RESERVED
CVE-2023-31077
RESERVED
-CVE-2023-31076
- RESERVED
+CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really S ...)
+ TODO: check
CVE-2023-31075
RESERVED
-CVE-2023-31074
- RESERVED
+CVE-2023-31074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 E ...)
+ TODO: check
CVE-2023-31073
RESERVED
-CVE-2023-31072
- RESERVED
-CVE-2023-31071
- RESERVED
+CVE-2023-31072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen ...)
+ TODO: check
+CVE-2023-31071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick ...)
+ TODO: check
CVE-2023-31070
RESERVED
CVE-2023-31069
@@ -13478,14 +13590,14 @@ CVE-2023-30879
RESERVED
CVE-2023-30878
RESERVED
-CVE-2023-30877
- RESERVED
+CVE-2023-30877 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...)
+ TODO: check
CVE-2023-30876 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave ...)
TODO: check
CVE-2023-30875
RESERVED
-CVE-2023-30874
- RESERVED
+CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stev ...)
+ TODO: check
CVE-2023-30873
RESERVED
CVE-2023-30872
@@ -18479,8 +18591,8 @@ CVE-2023-29184
RESERVED
CVE-2023-29183
RESERVED
-CVE-2023-29182
- RESERVED
+CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in Fortinet Forti ...)
+ TODO: check
CVE-2023-29181
RESERVED
CVE-2023-29180
@@ -19868,8 +19980,8 @@ CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
NOT-FOR-US: WordPress plugin
CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-28783
- RESERVED
+CVE-2023-28783 (Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
CVE-2023-28782
RESERVED
CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Con ...)
@@ -20228,8 +20340,8 @@ CVE-2023-28695 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-28694
RESERVED
-CVE-2023-28693
- RESERVED
+CVE-2023-28693 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasahe ...)
+ TODO: check
CVE-2023-28692
RESERVED
CVE-2023-28691
@@ -26731,8 +26843,8 @@ CVE-2023-26532
RESERVED
CVE-2023-26531
RESERVED
-CVE-2023-26530
- RESERVED
+CVE-2023-26530 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Keh ...)
+ TODO: check
CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dupe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...)
@@ -26934,8 +27046,8 @@ CVE-2023-26471 (XWiki Platform is a generic wiki platform. Starting in version 1
NOT-FOR-US: XWiki
CVE-2023-26470 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
-CVE-2023-26469
- RESERVED
+CVE-2023-26469 (In Jorani 1.0.0, an attacker could leverage path traversal to access f ...)
+ TODO: check
CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id during creat ...)
NOT-FOR-US: Cerebrate
CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server in a co ...)
@@ -40847,6 +40959,7 @@ CVE-2021-4278 (A vulnerability classified as problematic has been found in cronv
CVE-2019-25084 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: Hide Files on GitHub Chrome extension
CVE-2022-47952 (lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may al ...)
+ {DLA-3533-1}
- lxc 1:5.0.2-1
[bullseye] - lxc 1:4.0.6-2+deb11u2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157281
@@ -94734,6 +94847,7 @@ CVE-2022-1617
CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity is used ...)
- brave-browser <itp> (bug #864795)
CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal ...)
+ {DLA-3534-1}
- unrar-nonfree 1:6.1.7-1 (bug #1010837)
[bullseye] - unrar-nonfree 1:6.0.3-1+deb11u1
[buster] - unrar-nonfree 1:5.6.6-1+deb10u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bcadf2008577f7786e93e9a9cff3a6ac3f276e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bcadf2008577f7786e93e9a9cff3a6ac3f276e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/57b88147/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list