[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 7 21:12:36 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
808af986 by security tracker role at 2023-06-07T20:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,68 @@
-CVE-2023-33865 [symlink vulnerability in /tmp/RenderDoc]
+CVE-2023-3152 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2023-3151 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...)
+	TODO: check
+CVE-2023-3150 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...)
+	TODO: check
+CVE-2023-3149 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...)
+	TODO: check
+CVE-2023-3148 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...)
+	TODO: check
+CVE-2023-3147 (A vulnerability has been found in SourceCodester Online Discussion For ...)
+	TODO: check
+CVE-2023-3146 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2023-3145 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2023-3144 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2023-3143 (A vulnerability classified as problematic has been found in SourceCode ...)
+	TODO: check
+CVE-2023-3142 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+	TODO: check
+CVE-2023-3140 (Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNI ...)
+	TODO: check
+CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A design fla ...)
+	TODO: check
+CVE-2023-34234 (OpenZeppelin Contracts is a library for smart contract development. By ...)
+	TODO: check
+CVE-2023-34109 (zxcvbn-ts is an open source password strength estimator written in typ ...)
+	TODO: check
+CVE-2023-34108 (mailcow is a mail server suite based on Dovecot, Postfix and other ope ...)
+	TODO: check
+CVE-2023-33595 (CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ...)
+	TODO: check
+CVE-2023-33556 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
+	TODO: check
+CVE-2023-33553 (An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attacker ...)
+	TODO: check
+CVE-2023-33510 (Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary file ...)
+	TODO: check
+CVE-2023-33498 (alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privileg ...)
+	TODO: check
+CVE-2023-33284 (Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution  ...)
+	TODO: check
+CVE-2023-33283 (Marval MSM through 14.19.0.12476 uses a static encryption key for secr ...)
+	TODO: check
+CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account with de ...)
+	TODO: check
+CVE-2023-2530 (A privilege escalation allowing remote code execution was discovered i ...)
+	TODO: check
+CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+	TODO: check
+CVE-2021-4380 (The Pinterest Automatic plugin for WordPress is vulnerable to authoriz ...)
+	TODO: check
+CVE-2021-4379 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to a ...)
+	TODO: check
+CVE-2021-4337 (Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to ...)
+	TODO: check
+CVE-2021-46889 (The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS ...)
+	TODO: check
+CVE-2020-36728 (The Adning Advertising plugin for WordPress is vulnerable to file dele ...)
+	TODO: check
+CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to arbitrary ...)
+	TODO: check
+CVE-2023-33865 (RenderDoc through 1.26 allows local privilege escalation via a symlink ...)
 	- renderdoc <unfixed> (bug #1037208)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
@@ -6,7 +70,7 @@ CVE-2023-33865 [symlink vulnerability in /tmp/RenderDoc]
 	NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27)
-CVE-2023-33864 [integer underflow to heap-based buffer overflow]
+CVE-2023-33864 (RenderDoc through 1.26 allows an Integer Overflow with a resultant Buf ...)
 	- renderdoc <unfixed> (bug #1037208)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
@@ -14,7 +78,7 @@ CVE-2023-33864 [integer underflow to heap-based buffer overflow]
 	NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27)
 	NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27)
-CVE-2023-33863 [integer overflow to heap-based buffer overflow]
+CVE-2023-33863 (RenderDoc through 1.26 allows an Integer Overflow with a resultant Buf ...)
 	- renderdoc <unfixed> (bug #1037208)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
 	NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)
@@ -374,9 +438,9 @@ CVE-2013-10030 (A vulnerability, which was classified as problematic, has been f
 	NOT-FOR-US: WordPress plugin
 CVE-2013-10029 (A vulnerability classified as problematic was found in Exit Box Lite P ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-2589
+CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
-CVE-2023-2485
+CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate in fs/ ...)
 	- linux 5.19.6-1
@@ -1166,6 +1230,7 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0.
 CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
 	NOT-FOR-US: OpenEMR
 CVE-2023-3079 (Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed  ...)
+	{DSA-5420-1}
 	- chromium 114.0.5735.106-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome prior  ...)
@@ -1522,7 +1587,7 @@ CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of Mite
 	NOT-FOR-US: Mitel
 CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel MiVoice  ...)
 	NOT-FOR-US: Mitel
-CVE-2023-2878
+CVE-2023-2878 (Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses ...)
 	NOT-FOR-US: secrets-store-csi-driver
 CVE-2023-2875 (A vulnerability, which was classified as problematic, was found in eSc ...)
 	NOT-FOR-US: eScan Antivirus
@@ -4358,11 +4423,9 @@ CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injecti
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2200
 	RESERVED
-CVE-2023-2199
-	RESERVED
+CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
-CVE-2023-2198
-	RESERVED
+CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2023-30912
 	RESERVED
@@ -5554,13 +5617,11 @@ CVE-2023-2017 (Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0
 	NOT-FOR-US: Shopware
 CVE-2023-2016
 	RESERVED
-CVE-2023-2015
-	RESERVED
+CVE-2023-2015 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository microweber/m ...)
 	NOT-FOR-US: microweber
-CVE-2023-2013
-	RESERVED
+CVE-2023-2013 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2023-2012
 	RESERVED
@@ -5756,8 +5817,7 @@ CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due t
 	NOTE: Fixed by: https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18
 	NOTE: Fixed by: https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2000@pku.edu.cn/
 	NOTE: Hardening: https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000@pku.edu.cn/
-CVE-2023-2001
-	RESERVED
+CVE-2023-2001 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
 	- gitlab <unfixed>
 CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redirecti ...)
 	NOT-FOR-US: Mattermost Desktop App
@@ -8823,8 +8883,8 @@ CVE-2023-29347
 	RESERVED
 CVE-2023-29346
 	RESERVED
-CVE-2023-29345
-	RESERVED
+CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
+	TODO: check
 CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege Vulnerability)
@@ -9124,8 +9184,7 @@ CVE-2023-1827 (A vulnerability has been found in SourceCodester Centralized Covi
 	NOT-FOR-US: SourceCodester Centralized Covid Vaccination Records System
 CVE-2023-1826 (A vulnerability, which was classified as critical, was found in Source ...)
 	NOT-FOR-US: SourceCodester Online Computer and Laptop Store
-CVE-2023-1825
-	RESERVED
+CVE-2023-1825 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2022-48435 (In JetBrains PhpStorm before 2023.1 source code could be logged in the ...)
 	NOT-FOR-US: JetBrains PhpStorm
@@ -23577,8 +23636,7 @@ CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::deco
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708
 CVE-2023-0509 (Improper Certificate Validation in GitHub repository pyload/pyload pri ...)
 	- pyload <itp> (bug #1001980)
-CVE-2023-0508
-	RESERVED
+CVE-2023-0508 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
 	- gitlab <unfixed>
 CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with access to t ...)
 	- uptimed <not-affected> (Gentoo-specific)
@@ -28734,8 +28792,7 @@ CVE-2023-22459
 	RESERVED
 CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe func ...)
 	- linux <not-affected> (Vulnerable code not present in any released Debian version)
-CVE-2023-0121
-	RESERVED
+CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affecting all ...)
 	- gitlab <unfixed>
 CVE-2023-0120
 	RESERVED
@@ -43942,12 +43999,12 @@ CVE-2023-20891
 	RESERVED
 CVE-2023-20890
 	RESERVED
-CVE-2023-20889
-	RESERVED
-CVE-2023-20888
-	RESERVED
-CVE-2023-20887
-	RESERVED
+CVE-2023-20889 (Aria Operations for Networks contains an information disclosure vulner ...)
+	TODO: check
+CVE-2023-20888 (Aria Operations for Networks contains an authenticated deserialization ...)
+	TODO: check
+CVE-2023-20887 (Aria Operations for Networks contains a command injection vulnerabilit ...)
+	TODO: check
 CVE-2023-20886
 	RESERVED
 CVE-2023-20885
@@ -80912,8 +80969,8 @@ CVE-2022-31695
 	RESERVED
 CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22.10 try ...)
 	NOT-FOR-US: InstallBuilder Qt installers
-CVE-2022-31693
-	RESERVED
+CVE-2022-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) c ...)
+	TODO: check
 CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...)
 	- libspring-security-2.0-java <removed>
 CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode  ...)
@@ -153352,7 +153409,7 @@ CVE-2021-31695
 	RESERVED
 CVE-2021-31694
 	RESERVED
-CVE-2021-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) c ...)
+CVE-2021-31693 (The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS ...)
 	NOT-FOR-US: VMware Tools for Windows
 CVE-2021-31692
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/808af986e5b88d5d4f6c2aef8037f4035cb94800

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/808af986e5b88d5d4f6c2aef8037f4035cb94800
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230607/a18e5f37/attachment.htm>

More information about the debian-security-tracker-commits mailing list