[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 5 09:12:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f7bebe9 by security tracker role at 2023-10-05T08:12:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about the host ...)
+	TODO: check
+CVE-2023-44389 (Zope is an open-source web application server. The title property, ava ...)
+	TODO: check
+CVE-2023-43877 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities t ...)
+	TODO: check
+CVE-2023-43809 (Soft Serve is a self-hostable Git server for the command line. Prior t ...)
+	TODO: check
+CVE-2023-43805 (Nexkey is a fork of Misskey, an open source, decentralized social medi ...)
+	TODO: check
+CVE-2023-43799 (Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL ...)
+	TODO: check
+CVE-2023-43793 (Misskey is an open source, decentralized social media platform. Prior  ...)
+	TODO: check
+CVE-2023-43321 (File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3. ...)
+	TODO: check
+CVE-2023-40299 (Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and a ...)
+	TODO: check
+CVE-2023-36619 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...)
+	TODO: check
+CVE-2023-36618 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...)
+	TODO: check
+CVE-2023-35803 (IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Ove ...)
+	TODO: check
 CVE-2023-3430
 	- openimageio 2.4.13.0+dfsg-1
 	NOTE: https://github.com/OpenImageIO/oiio/issues/3840
@@ -1148,7 +1172,7 @@ CVE-2023-5222 (A vulnerability classified as critical was found in Viessmann Vit
 CVE-2023-5221 (A vulnerability classified as critical has been found in ForU CMS. Thi ...)
 	NOT-FOR-US: ForU CMS
 CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior  ...)
-	{DSA-5513-1 DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3598-1 DLA-3591-1}
+	{DSA-5513-1 DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3601-1 DLA-3598-1 DLA-3591-1}
 	- chromium 117.0.5938.132-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	- firefox <unfixed> (unimportant)
@@ -1687,7 +1711,7 @@ CVE-2023-34043 (VMware Aria Operations contains a local privilege escalation vul
 CVE-2023-32541 (A use-after-free vulnerability exists in the footerr functionality of  ...)
 	NOT-FOR-US: Hancom Office 2020 HWord
 CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ...)
-	{DSA-5513-1 DSA-5506-1 DLA-3587-1}
+	{DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1}
 	- firefox 118.0-1
 	- firefox-esr 115.3.0esr-1
 	- thunderbird 1:115.3.0-1
@@ -1711,7 +1735,7 @@ CVE-2023-5172 (A hashtable  in the Ion Engine could have been mutated while ther
 	- firefox 118.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172
 CVE-2023-5171 (During Ion compilation, a Garbage Collection could have resulted in a  ...)
-	{DSA-5513-1 DSA-5506-1 DLA-3587-1}
+	{DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1}
 	- firefox 118.0-1
 	- firefox-esr 115.3.0esr-1
 	- thunderbird 1:115.3.0-1
@@ -1722,7 +1746,7 @@ CVE-2023-5170 (In canvas rendering, a compromised content process could have cau
 	- firefox 118.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170
 CVE-2023-5169 (A compromised content process could have provided malicious data in a  ...)
-	{DSA-5513-1 DSA-5506-1 DLA-3587-1}
+	{DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1}
 	- firefox 118.0-1
 	- firefox-esr 115.3.0esr-1
 	- thunderbird 1:115.3.0-1
@@ -34625,14 +34649,14 @@ CVE-2023-26241
 	RESERVED
 CVE-2023-26240
 	RESERVED
-CVE-2023-26239
-	RESERVED
-CVE-2023-26238
-	RESERVED
-CVE-2023-26237
-	RESERVED
-CVE-2023-26236
-	RESERVED
+CVE-2023-26239 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak  ...)
+	TODO: check
+CVE-2023-26238 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible ...)
+	TODO: check
+CVE-2023-26237 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible ...)
+	TODO: check
+CVE-2023-26236 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak  ...)
+	TODO: check
 CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.jav ...)
 	NOT-FOR-US: JD-GUI
 CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvide ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f7bebe969da6c1c1fdf93be3d9b7d43c9f6dcbd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f7bebe969da6c1c1fdf93be3d9b7d43c9f6dcbd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231005/df4b64d3/attachment.htm>

More information about the debian-security-tracker-commits mailing list