[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 22 21:12:30 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7679d9e2 by security tracker role at 2023-07-22T20:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-3836 (A vulnerability classified as critical was found in Dahua Smart Park M ...)
+	TODO: check
+CVE-2023-3835 (A vulnerability classified as problematic has been found in Bug Finder ...)
+	TODO: check
+CVE-2023-3834 (A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated ...)
+	TODO: check
+CVE-2023-3833 (A vulnerability was found in Bug Finder Montage 1.0. It has been decla ...)
+	TODO: check
+CVE-2023-3832 (A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has be ...)
+	TODO: check
+CVE-2023-3831 (A vulnerability was found in Bug Finder Finounce 1.0 and classified as ...)
+	TODO: check
+CVE-2023-3830 (A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been r ...)
+	TODO: check
+CVE-2023-3829 (A vulnerability was found in Bug Finder ICOGenie 1.0. It has been decl ...)
+	TODO: check
+CVE-2023-3828 (A vulnerability was found in Bug Finder Listplace Directory Listing Pl ...)
+	TODO: check
+CVE-2023-3827 (A vulnerability was found in Bug Finder Listplace Directory Listing Pl ...)
+	TODO: check
+CVE-2023-38633 (A directory traversal problem in the URL decoder of librsvg before 2.5 ...)
+	TODO: check
+CVE-2023-38195 (Datalust Seq before 2023.2.9489 allows insertion of sensitive informat ...)
+	TODO: check
 CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...)
 	NOT-FOR-US: IBOS OA
 CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...)
@@ -189,6 +213,7 @@ CVE-2023-31462 (An issue was discovered in SteelSeries GG 36.0.0. An attacker ca
 CVE-2023-31461 (Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to ...)
 	NOT-FOR-US: SteelSeries
 CVE-2023-37450 [Processing web content may lead to arbitrary code execution]
+	{DSA-5457-1}
 	- webkit2gtk 2.40.4-1
 	[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
 	- wpewebkit 2.40.4-1
@@ -3748,6 +3773,7 @@ CVE-2023-32395 (A logic issue was addressed with improved state management. This
 CVE-2023-32394 (The issue was addressed with improved checks. This issue is fixed in i ...)
 	NOT-FOR-US: Apple
 CVE-2023-32393 [Processing web content may lead to arbitrary code execution]
+	{DSA-5396-1}
 	- webkit2gtk 2.40.0-1
 	[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
 	- wpewebkit 2.40.2-2
@@ -5385,7 +5411,7 @@ CVE-2020-36728 (The Adning Advertising plugin for WordPress is vulnerable to fil
 	NOT-FOR-US: Adning Advertising plugin for WordPress
 CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to arbitrary ...)
 	NOT-FOR-US: Adning Advertising plugin for WordPress
-CVE-2023-33865 (RenderDoc through 1.26 allows local privilege escalation via a symlink ...)
+CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a symlink  ...)
 	- renderdoc <unfixed> (bug #1037208)
 	[buster] - renderdoc <postponed> (Can wait for next update)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
@@ -5394,7 +5420,7 @@ CVE-2023-33865 (RenderDoc through 1.26 allows local privilege escalation via a s
 	NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27)
-CVE-2023-33864 (RenderDoc through 1.26 allows an Integer Overflow with a resultant Buf ...)
+CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Inte ...)
 	- renderdoc <unfixed> (bug #1037208)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
@@ -5402,7 +5428,7 @@ CVE-2023-33864 (RenderDoc through 1.26 allows an Integer Overflow with a resulta
 	NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27)
-CVE-2023-33863 (RenderDoc through 1.26 allows an Integer Overflow with a resultant Buf ...)
+CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow wit ...)
 	- renderdoc <unfixed> (bug #1037208)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7679d9e28d39d71d68623c7769bd5d6f8e1503a4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7679d9e28d39d71d68623c7769bd5d6f8e1503a4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230722/7cea141e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list