[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jul 27 09:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
73e6e86c by security tracker role at 2023-07-27T08:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,97 @@
+CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable to unau ...)
+ TODO: check
+CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2023-3451
+ REJECTED
+CVE-2023-38611 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-38608 (The issue was addressed with additional permissions checks. This issue ...)
+ TODO: check
+CVE-2023-38606 (This issue was addressed with improved state management. This issue is ...)
+ TODO: check
+CVE-2023-38603 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-38602 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2023-38580 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-38565 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2023-38564 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-38425 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-38424 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-38421 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-38410 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ...)
+ TODO: check
+CVE-2023-38261 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-38259 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2023-38258 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-38136 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixed in i ...)
+ TODO: check
+CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm ...)
+ TODO: check
+CVE-2023-37692 (An arbitrary file upload vulnerability in October CMS v3.4.4 allows at ...)
+ TODO: check
+CVE-2023-36862 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...)
+ TODO: check
+CVE-2023-36854 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-35993 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-35983 (This issue was addressed with improved data protection. This issue is ...)
+ TODO: check
+CVE-2023-32734 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-32450 (Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access C ...)
+ TODO: check
+CVE-2023-32443 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2023-32442 (An access issue was addressed with improved access restrictions. This ...)
+ TODO: check
+CVE-2023-32441 (The issue was addressed with improved memory handling. This issue is f ...)
+ TODO: check
+CVE-2023-32437 (The issue was addressed with improvements to the file handling protoco ...)
+ TODO: check
+CVE-2023-32433 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-32429 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-32418 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ TODO: check
+CVE-2023-32416 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2023-32381 (A use-after-free issue was addressed with improved memory management. ...)
+ TODO: check
+CVE-2023-32364 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform that al ...)
NOT-FOR-US: SolarWinds
CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper Initial ...)
- NOT-FOR-US: B&R Industrial Automation
+ NOT-FOR-US: B&R Industrial Automation
CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesti ...)
TODO: check
CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. This resul ...)
@@ -562,7 +652,7 @@ CVE-2023-31462 (An issue was discovered in SteelSeries GG 36.0.0. An attacker ca
NOT-FOR-US: SteelSeries
CVE-2023-31461 (Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to ...)
NOT-FOR-US: SteelSeries
-CVE-2023-37450 [Processing web content may lead to arbitrary code execution]
+CVE-2023-37450 (The issue was addressed with improved checks. This issue is fixed in i ...)
{DSA-5457-1}
- webkit2gtk 2.40.4-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
@@ -628,7 +718,7 @@ CVE-2023-3760 (A vulnerability has been found in Intergard SGS 8.7.0 and classif
NOT-FOR-US: Intergard SGS
CVE-2023-3759 (A vulnerability, which was classified as critical, was found in Interg ...)
NOT-FOR-US: Intergard SGS
-CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ Script ...)
+CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ Scripts ...)
NOT-FOR-US: GZ Script Car Rental Script
CVE-2023-3756 (A vulnerability was found in Creativeitem Atlas Business Directory Lis ...)
NOT-FOR-US: Creativeitem Atlas Business Directory Listing
@@ -731,7 +821,7 @@ CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters ma
NOTE: https://github.com/openssl/openssl/commit/9e0094e2aa1b3428a12d5095132f133c078d3c3d (master)
NOTE: https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb (openssl-3.0)
NOTE: https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528 (OpenSSL_1_1_1-stable)
-CVE-2023-32001 [fopen race condition]
+CVE-2023-32001 (libcurl can be told to save cookie, HSTS and/or alt-svc data to files. ...)
{DSA-5460-1}
- curl <unfixed> (bug #1041812)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -4107,7 +4197,7 @@ CVE-2023-32419 (The issue was addressed with improved bounds checks. This issue
NOT-FOR-US: Apple
CVE-2023-32417 (This issue was addressed by restricting options offered on a locked de ...)
NOT-FOR-US: Apple
-CVE-2023-32415 (This issue was addressed with improved redaction of sensitive informat ...)
+CVE-2023-32415 (This issue was addressed with improved redaction of sensitive informa ...)
NOT-FOR-US: Apple
CVE-2023-32414 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
@@ -4127,7 +4217,7 @@ CVE-2023-32405 (A logic issue was addressed with improved checks. This issue is
NOT-FOR-US: Apple
CVE-2023-32404 (This issue was addressed with improved entitlements. This issue is fix ...)
NOT-FOR-US: Apple
-CVE-2023-32403 (This issue was addressed with improved redaction of sensitive informat ...)
+CVE-2023-32403 (This issue was addressed with improved redaction of sensitive informa ...)
NOT-FOR-US: Apple
CVE-2023-32402 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
@@ -4143,7 +4233,7 @@ CVE-2023-32395 (A logic issue was addressed with improved state management. This
NOT-FOR-US: Apple
CVE-2023-32394 (The issue was addressed with improved checks. This issue is fixed in i ...)
NOT-FOR-US: Apple
-CVE-2023-32393 [Processing web content may lead to arbitrary code execution]
+CVE-2023-32393 (The issue was addressed with improved memory handling. This issue is f ...)
{DSA-5396-1}
- webkit2gtk 2.40.0-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
@@ -4156,7 +4246,7 @@ CVE-2023-32391 (The issue was addressed with improved checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2023-32390 (The issue was addressed with improved checks. This issue is fixed in i ...)
NOT-FOR-US: Apple
-CVE-2023-32389 (This issue was addressed with improved redaction of sensitive informat ...)
+CVE-2023-32389 (This issue was addressed with improved redaction of sensitive informa ...)
NOT-FOR-US: Apple
CVE-2023-32388 (A privacy issue was addressed with improved private data redaction for ...)
NOT-FOR-US: Apple
@@ -12197,8 +12287,8 @@ CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.)
NOT-FOR-US: Tenda
CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWe ...)
NOT-FOR-US: Tenda
-CVE-2023-30367
- RESERVED
+CVE-2023-30367 (mRemoteNG configuration files can be stored in an encrypted state on d ...)
+ TODO: check
CVE-2023-30366
RESERVED
CVE-2023-30365
@@ -19492,12 +19582,12 @@ CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare M
NOT-FOR-US: HCL
CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...)
NOT-FOR-US: HCL
-CVE-2023-28014
- RESERVED
-CVE-2023-28013
- RESERVED
-CVE-2023-28012
- RESERVED
+CVE-2023-28014 (HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An a ...)
+ TODO: check
+CVE-2023-28013 (HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An a ...)
+ TODO: check
+CVE-2023-28012 (HCL BigFix Mobile is vulnerable to a command injection attack. An auth ...)
+ TODO: check
CVE-2023-28011
RESERVED
CVE-2023-28010
@@ -49111,7 +49201,8 @@ CVE-2023-21263
RESERVED
CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...)
NOT-FOR-US: Android
-CVE-2023-21261 (In ft_open_face_internal of ftobjs.c, there is a possible out of bound ...)
+CVE-2023-21261
+ REJECTED
NOTE: Duplicate of CVE-2022-27405 and CVE-2022-27406, contacted Google to reject
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 (VER-2-12-0)
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2 (VER-2-12-0)
@@ -88080,8 +88171,8 @@ CVE-2022-31457 (RTX TRAP v1.0 allows attackers to perform a directory traversal
TODO: check
CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows a ...)
TODO: check
-CVE-2022-31455
- RESERVED
+CVE-2022-31455 (* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows ...)
+ TODO: check
CVE-2022-31454
RESERVED
CVE-2022-31453
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73e6e86cb4f1785b122809ed34a023449b07d17b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73e6e86cb4f1785b122809ed34a023449b07d17b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230727/71fc7a20/attachment.htm>
More information about the debian-security-tracker-commits
mailing list