[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jul 29 09:12:26 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a46c8625 by security tracker role at 2023-07-29T08:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,7 @@
+CVE-2023-38988 (An issue in the delete function in the OaNotifyController class of jee ...)
+	TODO: check
 CVE-2023-3598 (Out of bounds read and write in ANGLE in Google Chrome prior to 114.0. ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-3488 (Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and ear ...)
@@ -2575,7 +2578,7 @@ CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x t
 	NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148
 CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...)
 	- airflow <itp> (bug #819700)
-CVE-2023-36542
+CVE-2023-36542 (Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Ser ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability  ...)
 	- airflow <itp> (bug #819700)
@@ -9629,14 +9632,14 @@ CVE-2023-31194 (An improper array index validation vulnerability exists in the G
 	NOT-FOR-US: Diagon
 CVE-2023-27390 (A heap-based buffer overflow vulnerability exists in the Sequence::Dra ...)
 	NOT-FOR-US: Diagon
-CVE-2023-2314
-	RESERVED
-CVE-2023-2313
-	RESERVED
+CVE-2023-2314 (Insufficient data validation in DevTools in Google Chrome prior to 111 ...)
+	TODO: check
+CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windows pr ...)
+	TODO: check
 CVE-2023-2312
 	RESERVED
-CVE-2023-2311
-	RESERVED
+CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+	TODO: check
 CVE-2023-2310 (A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer E ...)
 	NOT-FOR-US: Schweitzer Engineering Laboratories
 CVE-2023-2309 (The wpForo Forum WordPress plugin before 2.1.9 does not escape some re ...)
@@ -21753,8 +21756,8 @@ CVE-2023-1111
 	RESERVED
 CVE-2023-1110
 	RESERVED
-CVE-2022-4926
-	RESERVED
+CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on Android ...)
+	TODO: check
 CVE-2021-4327 (A vulnerability was found in SerenityOS. It has been rated as critical ...)
 	NOT-FOR-US: SerenityOS
 CVE-2023-27381
@@ -26468,68 +26471,68 @@ CVE-2023-0795 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiff
 	- tiff 4.5.0-5 (bug #1031632)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/493
-CVE-2022-4925
-	RESERVED
-CVE-2022-4924
-	RESERVED
-CVE-2022-4923
-	RESERVED
-CVE-2022-4922
-	RESERVED
-CVE-2022-4921
-	RESERVED
-CVE-2022-4920
-	RESERVED
-CVE-2022-4919
-	RESERVED
-CVE-2022-4918
-	RESERVED
-CVE-2022-4917
-	RESERVED
-CVE-2022-4916
-	RESERVED
-CVE-2022-4915
-	RESERVED
-CVE-2022-4914
-	RESERVED
-CVE-2022-4913
-	RESERVED
-CVE-2022-4912
-	RESERVED
-CVE-2022-4911
-	RESERVED
-CVE-2022-4910
-	RESERVED
-CVE-2022-4909
-	RESERVED
-CVE-2022-4908
-	RESERVED
-CVE-2022-4907
-	RESERVED
-CVE-2022-4906
-	RESERVED
+CVE-2022-4925 (Insufficient validation of untrusted input in QUIC in Google Chrome pr ...)
+	TODO: check
+CVE-2022-4924 (Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowe ...)
+	TODO: check
+CVE-2022-4923 (Inappropriate implementation in Omnibox in Google Chrome prior to 99.0 ...)
+	TODO: check
+CVE-2022-4922 (Inappropriate implementation in Blink in Google Chrome prior to 99.0.4 ...)
+	TODO: check
+CVE-2022-4921 (Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 ...)
+	TODO: check
+CVE-2022-4920 (Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41  ...)
+	TODO: check
+CVE-2022-4919 (Use after free in Base Internals in Google Chrome prior to 101.0.4951. ...)
+	TODO: check
+CVE-2022-4918 (Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a ...)
+	TODO: check
+CVE-2022-4917 (Incorrect security UI in Notifications in Google Chrome on Android pri ...)
+	TODO: check
+CVE-2022-4916 (Use after free in Media in Google Chrome prior to 103.0.5060.53 allowe ...)
+	TODO: check
+CVE-2022-4915 (Inappropriate implementation in URL Formatting in Google Chrome prior  ...)
+	TODO: check
+CVE-2022-4914 (Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5 ...)
+	TODO: check
+CVE-2022-4913 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+	TODO: check
+CVE-2022-4912 (Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allow ...)
+	TODO: check
+CVE-2022-4911 (Insufficient data validation in DevTools in Google Chrome prior to 106 ...)
+	TODO: check
+CVE-2022-4910 (Inappropriate implementation in Autofill in Google Chrome prior to 107 ...)
+	TODO: check
+CVE-2022-4909 (Inappropriate implementation in XML in Google Chrome prior to 107.0.53 ...)
+	TODO: check
+CVE-2022-4908 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior  ...)
+	TODO: check
+CVE-2022-4907 (Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 al ...)
+	TODO: check
+CVE-2022-4906 (Inappropriate implementation in Blink in Google Chrome prior to 108.0. ...)
+	TODO: check
 CVE-2022-48323 (Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0. ...)
 	NOT-FOR-US: Sunlogin Sunflower Simplified
 CVE-2022-48322 (NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stac ...)
 	NOT-FOR-US: NETGEAR
-CVE-2021-4324
-	RESERVED
-CVE-2021-4323
-	RESERVED
-CVE-2021-4322
-	RESERVED
-CVE-2021-4321
-	RESERVED
-CVE-2021-4320
-	RESERVED
-CVE-2021-4319
-	RESERVED
-CVE-2021-4318
-	RESERVED
-CVE-2021-4317
-	RESERVED
-CVE-2021-4316
-	RESERVED
+CVE-2021-4324 (Insufficient policy enforcement in Google Update in Google Chrome prio ...)
+	TODO: check
+CVE-2021-4323 (Insufficient validation of untrusted input in Extensions in Google Chr ...)
+	TODO: check
+CVE-2021-4322 (Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allo ...)
+	TODO: check
+CVE-2021-4321 (Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed  ...)
+	TODO: check
+CVE-2021-4320 (Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowe ...)
+	TODO: check
+CVE-2021-4319 (Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed ...)
+	TODO: check
+CVE-2021-4318 (Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allo ...)
+	TODO: check
+CVE-2021-4317 (Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed ...)
+	TODO: check
+CVE-2021-4316 (Inappropriate implementation in Cast UI in Google Chrome prior to 96.0 ...)
+	TODO: check
 CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rat ...)
 	NOT-FOR-US: juju2143 WalrusIRC
 CVE-2023-25690 (Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 thr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a46c8625d424359cf5cae048ad22babbc01bd1e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a46c8625d424359cf5cae048ad22babbc01bd1e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230729/20e5df64/attachment.htm>

More information about the debian-security-tracker-commits mailing list