[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 2 09:13:28 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4efff819 by security tracker role at 2023-10-02T08:12:24+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,55 @@
+CVE-2023-5329 (A vulnerability classified as problematic was found in Field Logic Dat ...)
+ TODO: check
+CVE-2023-5328 (A vulnerability classified as critical has been found in SATO CL4NX-J ...)
+ TODO: check
+CVE-2023-5327 (A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has ...)
+ TODO: check
+CVE-2023-5326 (A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has ...)
+ TODO: check
+CVE-2023-5324 (A vulnerability has been found in eeroOS up to 6.16.4-11 and classifie ...)
+ TODO: check
+CVE-2023-4211 (A local non-privileged user can make improper GPU memory processing op ...)
+ TODO: check
+CVE-2023-42132 (FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly ...)
+ TODO: check
+CVE-2023-41737 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGe ...)
+ TODO: check
+CVE-2023-41736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
+ TODO: check
+CVE-2023-41734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in niga ...)
+ TODO: check
+CVE-2023-41733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin YYDev ...)
+ TODO: check
+CVE-2023-41731 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...)
+ TODO: check
+CVE-2023-41729 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Send ...)
+ TODO: check
+CVE-2023-41728 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-41692 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennesse ...)
+ TODO: check
+CVE-2023-32830 (In TVAPI, there is a possible out of bounds write due to a missing bou ...)
+ TODO: check
+CVE-2023-32829 (In apusys, there is a possible out of bounds write due to an integer o ...)
+ TODO: check
+CVE-2023-32828 (In vpu, there is a possible out of bounds write due to an integer over ...)
+ TODO: check
+CVE-2023-32827 (In camera middleware, there is a possible out of bounds write due to a ...)
+ TODO: check
+CVE-2023-32826 (In camera middleware, there is a possible out of bounds write due to a ...)
+ TODO: check
+CVE-2023-32824 (In rpmb , there is a possible double free due to improper locking. Thi ...)
+ TODO: check
+CVE-2023-32823 (In rpmb , there is a possible memory corruption due to a missing bound ...)
+ TODO: check
+CVE-2023-32822 (In ftm, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2023-32821 (In video, there is a possible out of bounds write due to a permissions ...)
+ TODO: check
+CVE-2023-32820 (In wlan firmware, there is a possible firmware assertion due to improp ...)
+ TODO: check
+CVE-2023-32819 (In display, there is a possible information disclosure due to a missin ...)
+ TODO: check
CVE-2023-5323 (Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dol ...)
- dolibarr <removed>
CVE-2023-5322 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...)
@@ -76,6 +128,7 @@ CVE-2023-5300 (A vulnerability classified as critical has been found in TTSPlann
CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting all versi ...)
TODO: check
CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...)
+ {DLA-3598-1}
- libvpx 1.12.0-1.2
NOTE: https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f (main)
NOTE: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1)
@@ -516,7 +569,7 @@ CVE-2023-5222 (A vulnerability classified as critical was found in Viessmann Vit
CVE-2023-5221 (A vulnerability classified as critical has been found in ForU CMS. Thi ...)
NOT-FOR-US: ForU CMS
CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior ...)
- {DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3591-1}
+ {DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3598-1 DLA-3591-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox <unfixed> (unimportant)
@@ -27748,6 +27801,7 @@ CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are
CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ( ...)
NOT-FOR-US: TP-Link
CVE-2023-28366 (The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a ...)
+ {DSA-5511-1}
- mosquitto 2.0.17-1
NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/
NOTE: https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9 (v2.0.16)
@@ -35587,11 +35641,13 @@ CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayse
NOT-FOR-US: btcpayserver
CVE-2023-0809
RESERVED
+ {DSA-5511-1}
- mosquitto 2.0.17-1
[buster] - mosquitto <not-affected> (The vulnerable code was introduced later)
NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/
NOTE: Fixed by https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad
CVE-2023-3592
+ {DSA-5511-1}
- mosquitto 2.0.17-1
[buster] - mosquitto <not-affected> (The vulnerable code was introduced later)
NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/
@@ -59995,7 +60051,7 @@ CVE-2023-20902
CVE-2023-20901
RESERVED
CVE-2023-20900 (A malicious actor that has been granted Guest Operation Privileges ht ...)
- {DSA-5493-1}
+ {DSA-5493-1 DLA-3597-1}
- open-vm-tools 2:12.3.0-1 (bug #1050970)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1
NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
@@ -61637,8 +61693,8 @@ CVE-2023-20821 (In nvram, there is a possible out of bounds write due to a missi
NOT-FOR-US: MediaTek
CVE-2023-20820 (In wlan service, there is a possible command injection due to improper ...)
NOT-FOR-US: MediaTek
-CVE-2023-20819
- RESERVED
+CVE-2023-20819 (In CDMA PPP protocol, there is a possible out of bounds write due to a ...)
+ TODO: check
CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to imprope ...)
NOT-FOR-US: MediaTek
CVE-2023-20817 (In wlan service, there is a possible out of bounds write due to improp ...)
@@ -162502,6 +162558,7 @@ CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the d
CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...)
NOT-FOR-US: Eclipse Theia
CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
+ {DSA-5511-1}
- mosquitto 2.0.15-1 (bug #993400)
[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4efff819ef35d99b6a18bc83aeb0ec207820130b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4efff819ef35d99b6a18bc83aeb0ec207820130b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231002/82965223/attachment.htm>
More information about the debian-security-tracker-commits
mailing list