[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 23 09:12:53 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c75df9f2 by security tracker role at 2023-08-23T08:12:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-4404 (The Donation Forms by Charitable plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2023-4041 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+	TODO: check
+CVE-2023-41105 (An issue was discovered in Python 3.11 through 3.11.4. If a path conta ...)
+	TODO: check
+CVE-2023-41104 (libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x befor ...)
+	TODO: check
+CVE-2023-41100 (An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) ex ...)
+	TODO: check
+CVE-2023-41098 (An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsC ...)
+	TODO: check
+CVE-2023-40370 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vuln ...)
+	TODO: check
+CVE-2023-40282 (Improper authentication vulnerability in Rakuten WiFi Pocket all versi ...)
+	TODO: check
+CVE-2023-40158 (Hidden functionality vulnerability in the CBC products allows a remote ...)
+	TODO: check
+CVE-2023-40144 (OS command injection vulnerability in the CBC products allows a remote ...)
+	TODO: check
+CVE-2023-3495 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in H ...)
+	TODO: check
+CVE-2023-39986 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hi ...)
+	TODO: check
+CVE-2023-39985 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in H ...)
+	TODO: check
+CVE-2023-39984 (** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations wit ...)
+	TODO: check
+CVE-2023-39026 (Directory Traversal vulnerability in FileMage Gateway Windows Deployme ...)
+	TODO: check
+CVE-2023-38734 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 thro ...)
+	TODO: check
+CVE-2023-38733 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 thro ...)
+	TODO: check
+CVE-2023-38585 (Improper authentication vulnerability in the CBC products allows a rem ...)
+	TODO: check
+CVE-2023-33850 (IBM GSKit-Crypto could allow a remote attacker to obtain sensitive inf ...)
+	TODO: check
 CVE-2023-4475 (An Arbitrary File Movement vulnerability was found in ASUSTOR Data Mas ...)
 	NOT-FOR-US: ASUSTOR
 CVE-2023-4303 (Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error m ...)
@@ -257,19 +295,19 @@ CVE-2023-4433 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-
 	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
 CVE-2023-4432 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...)
 	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
-CVE-2023-4431
+CVE-2023-4431 (Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5 ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4430
+CVE-2023-4430 (Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allo ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4429
+CVE-2023-4429 (Use after free in Loader in Google Chrome prior to 116.0.5845.110 allo ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4428
+CVE-2023-4428 (Out of bounds memory access in CSS in Google Chrome prior to 116.0.584 ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4427
+CVE-2023-4427 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to version ...)
@@ -384,7 +422,7 @@ CVE-2023-39665 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to
 	NOT-FOR-US: D-Link
 CVE-2023-39125 (NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in load ...)
 	NOT-FOR-US: NTSC-CRT
-CVE-2023-31492 (Incorrect access control in Zoho ManageEngine ADManager Plus Build 718 ...)
+CVE-2023-31492 (Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the  ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/ ...)
 	- linux 5.19.6-1
@@ -3324,6 +3362,7 @@ CVE-2023-32444 (A logic issue was addressed with improved validation. This issue
 CVE-2023-32427 (This issue was addressed by using HTTPS when sending information over  ...)
 	NOT-FOR-US: Apple
 CVE-2023-37369 (In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before ...)
+	{DLA-3539-1}
 	- qt6-base <unfixed>
 	[bookworm] - qt6-base <no-dsa> (Minor issue)
 	- qtbase-opensource-src-gles <unfixed>
@@ -5040,6 +5079,7 @@ CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4
 CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote server via  ...)
 	NOT-FOR-US: acme.sh
 CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6 ...)
+	{DLA-3539-1}
 	- qt6-base <unfixed> (bug #1041104)
 	[bookworm] - qt6-base <no-dsa> (Minor issue)
 	- qtbase-opensource-src-gles <unfixed> (bug #1041106)
@@ -9939,6 +9979,7 @@ CVE-2023-34411 (The xml-rs crate before 0.8.14 for Rust and Crab allows a denial
 	NOTE: Introduced by: https://github.com/netvl/xml-rs/commit/014d808be900c85a0afc5ccdfe668be040d175aa (0.8.9)
 	NOTE: Fixed by: https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c (0.8.14)
 CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...)
+	{DLA-3539-1}
 	- qt6-base 6.4.2+dfsg-11 (bug #1037209)
 	[bookworm] - qt6-base <no-dsa> (Minor issue)
 	- qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210)
@@ -11450,6 +11491,7 @@ CVE-2023-2757 (The Waiting: One-click countdowns plugin for WordPress is vulnera
 CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Exe ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...)
+	{DLA-3539-1}
 	- qt6-base 6.4.2+dfsg-8
 	- qtbase-opensource-src 5.15.8+dfsg-10
 	[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -12249,6 +12291,7 @@ CVE-2023-2630 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/
 CVE-2023-2629 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
 	NOT-FOR-US: pimcore
 CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x thro ...)
+	{DLA-3539-1}
 	- qt6-svg 6.4.2-2
 	- qtsvg-opensource-src 5.15.8-3
 	[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -19169,7 +19212,7 @@ CVE-2023-29143
 CVE-2023-29142
 	RESERVED
 CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...)
-	{DSA-5447-1}
+	{DSA-5447-1 DLA-3540-1}
 	- mediawiki 1:1.39.4-1
 	NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
 	NOTE: https://phabricator.wikimedia.org/T285159
@@ -44678,7 +44721,7 @@ CVE-2023-21720 (Microsoft Edge (Chromium-based) Tampering Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2023-21718 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability)
+CVE-2023-21718 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...)
 	NOT-FOR-US: Microsoft
 CVE-2023-21717 (Microsoft SharePoint Server Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -121494,7 +121537,7 @@ CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertib
 	NOTE: introduced in https://github.com/harfbuzz/harfbuzz/commit/f0c3804fa292ef3be41cc8d1cdea8239f00e2295 (2.9.1)
 	NOTE: vulnerable code not present in 2.9.0 git tag, error in CVE description
 CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...)
-	{DLA-2895-1 DLA-2885-1}
+	{DLA-3539-1 DLA-2895-1 DLA-2885-1}
 	- qtsvg-opensource-src 5.15.2-4 (bug #1002991)
 	[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -168575,7 +168618,7 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4
 	NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
 	NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
 CVE-2021-3481 (A flaw was found in Qt. An out-of-bounds read vulnerability was found  ...)
-	{DLA-2895-1 DLA-2885-1}
+	{DLA-3539-1 DLA-2895-1 DLA-2885-1}
 	- qtsvg-opensource-src 5.15.2-3 (bug #986798)
 	[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
 	- qt4-x11 <removed>
@@ -214904,8 +214947,8 @@ CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded Credent
 	NOT-FOR-US: projectworlds Online Book Store
 CVE-2020-24114
 	RESERVED
-CVE-2020-24113
-	RESERVED
+CVE-2020-24113 (Directory Traversal vulnerability in Contacts File Upload Interface in ...)
+	TODO: check
 CVE-2020-24112
 	RESERVED
 CVE-2020-24111



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c75df9f28c4f5f73d139fd474478cf175007ba89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c75df9f28c4f5f73d139fd474478cf175007ba89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230823/eb6effa8/attachment.htm>

More information about the debian-security-tracker-commits mailing list