[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 15 20:12:20 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2b12a32c by security tracker role at 2023-11-15T20:12:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2023-6079
+ REJECTED
+CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly sanitize artif ...)
+ TODO: check
+CVE-2023-5676 (In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an ...)
+ TODO: check
+CVE-2023-5245 (FileUtil.extract() enumerates all zip file entries and extracts each f ...)
+ TODO: check
+CVE-2023-4602 (The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2023-48219 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...)
+ TODO: check
+CVE-2023-48089 (xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via / ...)
+ TODO: check
+CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /x ...)
+ TODO: check
+CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job ...)
+ TODO: check
+CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...)
+ TODO: check
+CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...)
+ TODO: check
+CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...)
+ TODO: check
+CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...)
+ TODO: check
+CVE-2023-47636 (The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Fu ...)
+ TODO: check
+CVE-2023-41699 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
+ TODO: check
+CVE-2023-34982 (This external control vulnerability, if exploited, could allow a local ...)
+ TODO: check
+CVE-2023-34062 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...)
+ TODO: check
+CVE-2023-33873 (This privilege escalation vulnerability, if exploited, cloud allow a l ...)
+ TODO: check
CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6032 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
@@ -230,10 +266,10 @@ CVE-2023-44441 [GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Exe
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/9dda8139e4d07e3a273436eda993fef32555edbe (GIMP_2_10_36)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e92f279c97282a2b20dca0d923db7465f2057703 (GIMP_2_10_36)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10069 (restricted)
-CVE-2023-6112
+CVE-2023-6112 (Use after free in Navigation in Google Chrome prior to 119.0.6045.159 ...)
- chromium 119.0.6045.159-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5997
+CVE-2023-5997 (Use after free in Garbage Collection in Google Chrome prior to 119.0.6 ...)
- chromium 119.0.6045.159-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-6131 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...)
@@ -808,6 +844,7 @@ CVE-2023-4804 (Anunauthorized user could access debug features in Quantum HD Uni
CVE-2023-47122 (Gitsign is software for keyless Git signing using Sigstore. In version ...)
- gitsign <itp> (bug #1019518)
CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined ...)
+ {DSA-5555-1}
- openvpn 2.6.7-1 (bug #1055805)
[bullseye] - openvpn <not-affected> (Vulnerable code not present)
[buster] - openvpn <not-affected> (Vulnerable code not present)
@@ -816,6 +853,7 @@ CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to und
NOTE: Introduced by: https://github.com/OpenVPN/openvpn/commit/9a7b95fda56127df6de6fe7c60e08fb5b67a9919 (v2.6_beta1)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/57a5cd1e12f193927c9b7429f8778fec7e04c50a (v2.6.7)
CVE-2023-46849 (Using the --fragment option in certain configuration setups OpenVPN ve ...)
+ {DSA-5555-1}
- openvpn 2.6.7-1 (bug #1055805)
[bullseye] - openvpn <not-affected> (Vulnerable code not present)
[buster] - openvpn <not-affected> (Vulnerable code not present)
@@ -12614,7 +12652,7 @@ CVE-2023-4526
REJECTED
CVE-2023-4525
REJECTED
-CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions starting ...)
+CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions before 1 ...)
- gitlab <unfixed>
CVE-2023-4296 (If an attacker tricks an admin user of PTC Codebeamer into clicking on ...)
NOT-FOR-US: PTC Codebeamer
@@ -13498,7 +13536,7 @@ CVE-2023-39583
CVE-2023-39441 (Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provide ...)
NOT-FOR-US: Apache Airflow SMTP Provider
CVE-2023-40477
- {DLA-3543-1 DLA-3542-1}
+ {DLA-3653-1 DLA-3543-1 DLA-3542-1}
- rar 2:6.23-1
[bookworm] - rar 2:6.23-1~deb12u1
[bullseye] - rar 2:6.23-1~deb11u1
@@ -27583,8 +27621,8 @@ CVE-2023-30956 (A security defect was identified in Foundry Comments that enable
NOT-FOR-US: Palantir
CVE-2023-30955 (A security defect was identified in Foundry workspace-server that enab ...)
NOT-FOR-US: Palantir
-CVE-2023-30954
- RESERVED
+CVE-2023-30954 (The Gotham video-application-server service contained a race condition ...)
+ TODO: check
CVE-2023-30953
RESERVED
CVE-2023-30952 (A security defect was discovered in Foundry Issues that enabled users ...)
@@ -49578,8 +49616,8 @@ CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [C
NOT-FOR-US: Fortinet
CVE-2023-23775
RESERVED
-CVE-2023-23549
- RESERVED
+CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 ...)
+ TODO: check
CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...)
- check-mk <removed>
CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...)
@@ -52980,8 +53018,8 @@ CVE-2023-22820
RESERVED
CVE-2023-22819
RESERVED
-CVE-2023-22818
- RESERVED
+CVE-2023-22818 (Multiple DLL Search Order Hijack vulnerabilities were addressed in the ...)
+ TODO: check
CVE-2023-22817
RESERVED
CVE-2023-22816 (A post-authentication remote command injection vulnerability in a CGI ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b12a32c4cb92c3df165662ba7396279a73c1fe5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b12a32c4cb92c3df165662ba7396279a73c1fe5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231115/800ed883/attachment.htm>
More information about the debian-security-tracker-commits
mailing list