[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 15 20:12:20 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b12a32c by security tracker role at 2023-11-15T20:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2023-6079
+	REJECTED
+CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly sanitize artif ...)
+	TODO: check
+CVE-2023-5676 (In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an ...)
+	TODO: check
+CVE-2023-5245 (FileUtil.extract() enumerates all zip file entries and extracts each f ...)
+	TODO: check
+CVE-2023-4602 (The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross ...)
+	TODO: check
+CVE-2023-48219 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...)
+	TODO: check
+CVE-2023-48089 (xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via / ...)
+	TODO: check
+CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /x ...)
+	TODO: check
+CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job ...)
+	TODO: check
+CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...)
+	TODO: check
+CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...)
+	TODO: check
+CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...)
+	TODO: check
+CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...)
+	TODO: check
+CVE-2023-47636 (The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Fu ...)
+	TODO: check
+CVE-2023-41699 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
+	TODO: check
+CVE-2023-34982 (This external control vulnerability, if exploited, could allow a local ...)
+	TODO: check
+CVE-2023-34062 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...)
+	TODO: check
+CVE-2023-33873 (This privilege escalation vulnerability, if exploited, cloud allow a l ...)
+	TODO: check
 CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-6032 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
@@ -230,10 +266,10 @@ CVE-2023-44441 [GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Exe
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/9dda8139e4d07e3a273436eda993fef32555edbe (GIMP_2_10_36)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e92f279c97282a2b20dca0d923db7465f2057703 (GIMP_2_10_36)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10069 (restricted)
-CVE-2023-6112
+CVE-2023-6112 (Use after free in Navigation in Google Chrome prior to 119.0.6045.159  ...)
 	- chromium 119.0.6045.159-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5997
+CVE-2023-5997 (Use after free in Garbage Collection in Google Chrome prior to 119.0.6 ...)
 	- chromium 119.0.6045.159-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-6131 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...)
@@ -808,6 +844,7 @@ CVE-2023-4804 (Anunauthorized user could access debug features in Quantum HD Uni
 CVE-2023-47122 (Gitsign is software for keyless Git signing using Sigstore. In version ...)
 	- gitsign <itp> (bug #1019518)
 CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined ...)
+	{DSA-5555-1}
 	- openvpn 2.6.7-1 (bug #1055805)
 	[bullseye] - openvpn <not-affected> (Vulnerable code not present)
 	[buster] - openvpn <not-affected> (Vulnerable code not present)
@@ -816,6 +853,7 @@ CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to und
 	NOTE: Introduced by: https://github.com/OpenVPN/openvpn/commit/9a7b95fda56127df6de6fe7c60e08fb5b67a9919 (v2.6_beta1)
 	NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/57a5cd1e12f193927c9b7429f8778fec7e04c50a (v2.6.7)
 CVE-2023-46849 (Using the --fragment option in certain configuration setups OpenVPN ve ...)
+	{DSA-5555-1}
 	- openvpn 2.6.7-1 (bug #1055805)
 	[bullseye] - openvpn <not-affected> (Vulnerable code not present)
 	[buster] - openvpn <not-affected> (Vulnerable code not present)
@@ -12614,7 +12652,7 @@ CVE-2023-4526
 	REJECTED
 CVE-2023-4525
 	REJECTED
-CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions starting ...)
+CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions before 1 ...)
 	- gitlab <unfixed>
 CVE-2023-4296 (If an attacker tricks an admin user of PTC Codebeamer into clicking on ...)
 	NOT-FOR-US: PTC Codebeamer
@@ -13498,7 +13536,7 @@ CVE-2023-39583
 CVE-2023-39441 (Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provide ...)
 	NOT-FOR-US: Apache Airflow SMTP Provider
 CVE-2023-40477
-	{DLA-3543-1 DLA-3542-1}
+	{DLA-3653-1 DLA-3543-1 DLA-3542-1}
 	- rar 2:6.23-1
 	[bookworm] - rar 2:6.23-1~deb12u1
 	[bullseye] - rar 2:6.23-1~deb11u1
@@ -27583,8 +27621,8 @@ CVE-2023-30956 (A security defect was identified in Foundry Comments that enable
 	NOT-FOR-US: Palantir
 CVE-2023-30955 (A security defect was identified in Foundry workspace-server that enab ...)
 	NOT-FOR-US: Palantir
-CVE-2023-30954
-	RESERVED
+CVE-2023-30954 (The Gotham video-application-server service contained a race condition ...)
+	TODO: check
 CVE-2023-30953
 	RESERVED
 CVE-2023-30952 (A security defect was discovered in Foundry Issues that enabled users  ...)
@@ -49578,8 +49616,8 @@ CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [C
 	NOT-FOR-US: Fortinet
 CVE-2023-23775
 	RESERVED
-CVE-2023-23549
-	RESERVED
+CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39  ...)
+	TODO: check
 CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...)
 	- check-mk <removed>
 CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...)
@@ -52980,8 +53018,8 @@ CVE-2023-22820
 	RESERVED
 CVE-2023-22819
 	RESERVED
-CVE-2023-22818
-	RESERVED
+CVE-2023-22818 (Multiple DLL Search Order Hijack vulnerabilities were addressed in the ...)
+	TODO: check
 CVE-2023-22817
 	RESERVED
 CVE-2023-22816 (A post-authentication remote command injection vulnerability in a CGI  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b12a32c4cb92c3df165662ba7396279a73c1fe5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b12a32c4cb92c3df165662ba7396279a73c1fe5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231115/800ed883/attachment.htm>

More information about the debian-security-tracker-commits mailing list