[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 19 09:12:33 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4936cf80 by security tracker role at 2023-06-19T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,22 +1,90 @@
-CVE-2023-35828 [usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition]
+CVE-2023-3311 (A vulnerability, which was classified as problematic, was found in Pun ...)
+	TODO: check
+CVE-2023-3310 (A vulnerability, which was classified as critical, has been found in c ...)
+	TODO: check
+CVE-2023-3309 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2023-3308 (A vulnerability classified as problematic has been found in whaleal Ic ...)
+	TODO: check
+CVE-2023-3307 (A vulnerability was found in miniCal 1.0.0. It has been rated as criti ...)
+	TODO: check
+CVE-2023-35866 (In KeePassXC through 2.7.5, a local attacker can make changes to the D ...)
+	TODO: check
+CVE-2023-35862 (libcoap 4.3.1 contains a buffer over-read via the function coap_parse_ ...)
+	TODO: check
+CVE-2023-35857 (In Siren Investigate before 13.2.2, session keys remain active even af ...)
+	TODO: check
+CVE-2023-35856 (A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, a ...)
+	TODO: check
+CVE-2023-35855 (A buffer overflow in Counter-Strike through 8684 allows a game server  ...)
+	TODO: check
+CVE-2023-35853 (In Suricata before 6.0.13, an adversary who controls an external sourc ...)
+	TODO: check
+CVE-2023-35852 (In Suricata before 6.0.13 (when there is an adversary who controls an  ...)
+	TODO: check
+CVE-2023-35849 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly c ...)
+	TODO: check
+CVE-2023-35848 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size  ...)
+	TODO: check
+CVE-2023-35847 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MS ...)
+	TODO: check
+CVE-2023-35846 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the  ...)
+	TODO: check
+CVE-2023-35844 (packages/backend/src/routers in Lightdash before 0.510.3 has insecure  ...)
+	TODO: check
+CVE-2023-35840 (_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder befor ...)
+	TODO: check
+CVE-2023-35839 (Solon before 2.3.3 allows Deserialization of Untrusted Data.)
+	TODO: check
+CVE-2023-35829 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
+	TODO: check
+CVE-2023-34657 (A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 al ...)
+	TODO: check
+CVE-2023-34642 (KioWare for Windows through v8.33 was discovered to contain an incompl ...)
+	TODO: check
+CVE-2023-34641 (KioWare for Windows through v8.33 was discovered to contain an incompl ...)
+	TODO: check
+CVE-2023-34603 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vuln ...)
+	TODO: check
+CVE-2023-34602 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vuln ...)
+	TODO: check
+CVE-2023-32542 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS ...)
+	TODO: check
+CVE-2023-32538 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
+	TODO: check
+CVE-2023-32288 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS ...)
+	TODO: check
+CVE-2023-32276 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
+	TODO: check
+CVE-2023-32273 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
+	TODO: check
+CVE-2023-32270 (Access of memory location after end of buffer issue exists in TELLUS v ...)
+	TODO: check
+CVE-2023-32201 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...)
+	TODO: check
+CVE-2023-31239 (Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V- ...)
+	TODO: check
+CVE-2023-30759 (The driver installation package created by Printer Driver Packager NX  ...)
+	TODO: check
+CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
 	- linux 6.3.7-1 (unimportant)
 	NOTE: https://git.kernel.org/linus/2b947f8769be8b8181dc795fd292d3e7120f5204 (6.4-rc1)
 	NOTE: USB_RENESAS_USB3 not enabled in Debian
-CVE-2023-35827 [net: ravb: Fix possible UAF bug in ravb_remove]
+CVE-2023-35827 (An issue was discovered in the Linux kernel through 6.3.8. A use-after ...)
 	- linux <unfixed>
 	NOTE: https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1%40huawei.com/T/
-CVE-2023-35826 [media: cedrus: fix use after free bug in cedrus_remove due to race condition]
+CVE-2023-35826 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
 	- linux 6.3.7-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/50d0a7aea4809cef87979d4669911276aa23b71f (6.4-rc1)
-CVE-2023-35825 [memstick: r592: Fix UAF bug in r592_remove due to race condition]
+CVE-2023-35825 (An issue was discovered in the Linux kernel before 6.3.4. A use-after- ...)
 	- linux 6.3.7-1
 	NOTE: https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1)
-CVE-2023-35824 [media: dm1105: Fix use after free bug in dm1105_remove due to race condition]
+CVE-2023-35824 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
 	- linux 6.3.7-1
 	NOTE: https://git.kernel.org/linus/5abda7a16698d4d1f47af1168d8fa2c640116b4a (6.4-rc1)
-CVE-2023-35823 [media: saa7134: fix use after free bug in saa7134_finidev due to race condition]
+CVE-2023-35823 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
 	- linux 6.3.7-1
 	NOTE: https://git.kernel.org/linus/30cf57da176cca80f11df0d9b7f71581fe601389 (6.4-rc1)
 CVE-2023-35005
@@ -2616,6 +2684,7 @@ CVE-2023-32685 (Kanboard is project management software that focuses on the Kanb
 	[bookworm] - kanboard <no-dsa> (Minor issue)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv
 CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has been le ...)
+	{DLA-3456-1}
 	- requests <unfixed> (bug #1036693)
 	[bookworm] - requests <no-dsa> (Minor issue)
 	[bullseye] - requests <no-dsa> (Minor issue)
@@ -13218,8 +13287,8 @@ CVE-2023-27507 (MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path trav
 	NOT-FOR-US: MicroEngine
 CVE-2023-27397 (Unrestricted upload of file with dangerous type exists in MicroEngine  ...)
 	NOT-FOR-US: MicroEngine
-CVE-2023-27396
-	RESERVED
+CVE-2023-27396 (FINS (Factory Interface Network Service) is a message communication pr ...)
+	TODO: check
 CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...)
 	NOT-FOR-US: CX-Drive All
 CVE-2023-27384 (Operation restriction bypass vulnerability in MultiReport of Cybozu Ga ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4936cf8025fdf9d67de2fee9c0c01e921660b3eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4936cf8025fdf9d67de2fee9c0c01e921660b3eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230619/0b2940ce/attachment.htm>

More information about the debian-security-tracker-commits mailing list