[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Aug 20 21:12:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
175a39c1 by security tracker role at 2023-08-20T20:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-4451 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...)
+	TODO: check
 CVE-2023-4435 (Improper Input Validation in GitHub repository hamza417/inure prior to ...)
 	NOT-FOR-US: hamza417/inure
 CVE-2023-4434 (Missing Authorization in GitHub repository hamza417/inure prior to bui ...)
@@ -819,31 +821,37 @@ CVE-2023-3937 (Cross site scripting vulnerability in web portal in Snow Software
 CVE-2023-3864 (Blind SQL injection in a service running in Snow Software license mana ...)
 	NOT-FOR-US: Snow Software
 CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
+	{DSA-5481-1}
 	- fastdds 2.9.1+ds-1
 	[bullseye] - fastdds 2.1.0+ds-9+deb11u1
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg
 	NOTE: https://github.com/eProsima/Fast-DDS/issues/3236
 CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
+	{DSA-5481-1}
 	- fastdds 2.10.1+ds-2
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f
 	NOTE: https://github.com/eProsima/Fast-DDS/issues/3422
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562
 CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
+	{DSA-5481-1}
 	- fastdds 2.10.1+ds-3 (bug #1043548)
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1)
 	NOTE: https://github.com/eProsima/Fast-DDS/pull/3670
 CVE-2023-39946 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
+	{DSA-5481-1}
 	- fastdds 2.10.1+ds-3 (bug #1043548)
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1)
 	NOTE: https://github.com/eProsima/Fast-DDS/pull/3670
 CVE-2023-39945 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
+	{DSA-5481-1}
 	- fastdds 2.10.1+ds-3 (bug #1043548)
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9
 	NOTE: https://github.com/eProsima/Fast-DDS/issues/3422
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562
 CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...)
+	{DSA-5481-1}
 	- fastdds 2.10.1+ds-2
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/2674fdd93793fd314fcb81b795f9f62b8fcb1ea0
@@ -6511,7 +6519,7 @@ CVE-2023-35073
 	REJECTED
 CVE-2023-34211
 	REJECTED
-CVE-2023-36674 [Manualthumb bypasses badFile lookup]
+CVE-2023-36674 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...)
 	{DSA-5447-1}
 	- mediawiki 1:1.39.4-1
 	[buster] - mediawiki <not-affected> (BadFileLookup was introduced in version 1.35)
@@ -13836,7 +13844,7 @@ CVE-2023-2168 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-
 CVE-2023-2167
 	RESERVED
 CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When all of the ...)
-	{DSA-5442-1}
+	{DSA-5442-1 DLA-3536-1}
 	- flask 2.2.2-3 (bug #1035670)
 	NOTE: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq
 	NOTE: https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d (2.2.5)
@@ -110743,8 +110751,8 @@ CVE-2022-24991
 	RESERVED
 CVE-2022-24990 (TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover ...)
 	NOT-FOR-US: TerraMaster NAS
-CVE-2022-24989
-	RESERVED
+CVE-2022-24989 (TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute  ...)
+	TODO: check
 CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...)
 	NOT-FOR-US: galois_2p8
 CVE-2022-24987



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175a39c103e38add03dfe5abfa8df3982babb664

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175a39c103e38add03dfe5abfa8df3982babb664
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230820/3ed8f9c3/attachment.htm>

More information about the debian-security-tracker-commits mailing list