[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 5 21:12:12 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a363670a by security tracker role at 2023-10-05T20:11:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-5423 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
+ TODO: check
+CVE-2023-4570 (An improper access restriction in NI MeasurementLink Python services c ...)
+ TODO: check
+CVE-2023-4401 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Co ...)
+ TODO: check
+CVE-2023-45160 (In the affected version of the 1E Client, an ordinary user could subve ...)
+ TODO: check
+CVE-2023-45159 (1E Client installer can perform arbitrary file deletion on protected f ...)
+ TODO: check
+CVE-2023-44839 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44838 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44837 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44836 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44835 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44834 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44833 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44832 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44831 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44830 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44829 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44828 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...)
+ TODO: check
+CVE-2023-44390 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...)
+ TODO: check
+CVE-2023-44387 (Gradle is a build tool with a focus on build automation and support fo ...)
+ TODO: check
+CVE-2023-44386 (Vapor is an HTTP web framework for Swift. There is a denial of service ...)
+ TODO: check
+CVE-2023-44024 (SQL injection vulnerability in KnowBand Module One Page Checkout, Soci ...)
+ TODO: check
+CVE-2023-43983 (Presto Changeo attributegrid up to 2.0.3 was discovered to contain a S ...)
+ TODO: check
+CVE-2023-43981 (Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a ...)
+ TODO: check
+CVE-2023-43284 (An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firm ...)
+ TODO: check
+CVE-2023-43260 (Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovere ...)
+ TODO: check
+CVE-2023-43073 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an Impro ...)
+ TODO: check
+CVE-2023-43072 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an impro ...)
+ TODO: check
+CVE-2023-43071 (Dell SmartFabric Storage Software v1.4 (and earlier) contains possible ...)
+ TODO: check
+CVE-2023-43070 (Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path T ...)
+ TODO: check
+CVE-2023-43069 (Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS ...)
+ TODO: check
+CVE-2023-43068 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Co ...)
+ TODO: check
+CVE-2023-40920 (Prixan prixanconnect up to v1.62 was discovered to contain a SQL injec ...)
+ TODO: check
+CVE-2023-32485 (Dell SmartFabric Storage Software version 1.3 and lower contain an imp ...)
+ TODO: check
CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about the host ...)
NOT-FOR-US: NetBSD ftpd
CVE-2023-44389 (Zope is an open-source web application server. The title property, ava ...)
@@ -391,19 +457,23 @@ CVE-2023-4911 (A buffer overflow was discovered in the GNU C Library's dynamic l
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
NOTE: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
CVE-2023-43789 [libXpm: out of bounds read on XPM with corrupted colormap]
+ {DSA-5516-1 DLA-3603-1}
- libxpm 1:3.5.17-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51
CVE-2023-43788 [libXpm: out of bounds read in XpmCreateXpmImageFromBuffer()]
+ {DSA-5516-1 DLA-3603-1}
- libxpm 1:3.5.17-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0
CVE-2023-43787 [ibX11: integer overflow in XCreateImage() leading to a heap overflow]
+ {DSA-5517-1 DLA-3602-1}
- libx11 2:1.8.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/7916869d16bdd115ac5be30a67c3749907aea6a0
NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/91f887b41bf75648df725a4ed3be036da02e911e
CVE-2023-43786 [libX11: stack exhaustion from infinite recursion in PutSubImage()]
+ {DSA-5517-1 DLA-3602-1}
- libx11 2:1.8.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/204c3393c4c90a29ed6bef64e43849536e863a86
@@ -411,10 +481,11 @@ CVE-2023-43786 [libX11: stack exhaustion from infinite recursion in PutSubImage(
NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/b4031fc023816aca07fbd592ed97010b9b48784b
NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/84fb14574c039f19ad7face87eb9acc31a50701c
CVE-2023-43785 [libX11: out-of-bounds memory access in _XkbReadKeySyms()]
+ {DSA-5517-1 DLA-3602-1}
- libx11 2:1.8.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f
-CVE-2023-5346
+CVE-2023-5346 (Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed ...)
{DSA-5515-1}
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
@@ -712,7 +783,7 @@ CVE-2023-5300 (A vulnerability classified as critical has been found in TTSPlann
CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting all versi ...)
- gitlab <unfixed>
CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...)
- {DLA-3598-1}
+ {DSA-5518-1 DLA-3598-1}
- libvpx 1.12.0-1.2
NOTE: https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f (main)
NOTE: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1)
@@ -1962,7 +2033,7 @@ CVE-2023-42756 (A flaw was found in the Netfilter subsystem of the Linux kernel.
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/27/2
NOTE: https://git.kernel.org/linus/7433b6d2afd512d04398c73aa984d1e285be125b (6.6-rc3)
-CVE-2023-42755 [wild pointer access in rsvp classifer in the Linux kernel]
+CVE-2023-42755 (A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) clas ...)
- linux 6.3.7-1
NOTE: https://lore.kernel.org/all/CADW8OBtkAf+nGokhD9zCFcmiebL1SM8bJp_oo=pE02BknG9qnQ@mail.gmail.com/
NOTE: https://git.kernel.org/linus/265b4da82dbf5df04bee5a5d46b7474b1aaf326a (6.3-rc1)
@@ -2317,7 +2388,7 @@ CVE-2023-42335 (Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37
NOT-FOR-US: Fl3xx Dispatch
CVE-2023-42334 (An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3x ...)
NOT-FOR-US: Fl3xx Dispatch
-CVE-2023-42331 (A file upload vulnerability in EliteCMS 1.01 allows a remote attacker ...)
+CVE-2023-42331 (A file upload vulnerability in EliteCMS v1.01 allows a remote attacker ...)
NOT-FOR-US: EliteCMS
CVE-2023-42147 (An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sens ...)
NOT-FOR-US: CloudExplorer Lite
@@ -2527,7 +2598,7 @@ CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When creatin
- ansible <unfixed>
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
-CVE-2023-42754 [ipv4: fix null-deref in ipv4_link_failure]
+CVE-2023-42754 (A NULL pointer dereference flaw was found in the Linux kernel ipv4 sta ...)
- linux <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2023/10/02/8
NOTE: https://git.kernel.org/linus/0113d9c9d1ccc07f5a3710dac4aa24b6d711278c (6.6-rc3)
@@ -8887,6 +8958,7 @@ CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer Overf
CVE-2023-3329 (SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable t ...)
NOT-FOR-US: SpiderControl SCADA Webserver
CVE-2023-3180 (A flaw was found in the QEMU virtual crypto device while handling data ...)
+ {DLA-3604-1}
- qemu 1:8.0.4+dfsg-1
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -10137,13 +10209,13 @@ CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Window
NOT-FOR-US: Vasion
CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...)
NOT-FOR-US: Vasion
-CVE-2023-41175 [libtiff: potential integer overflow in raw2tiff.c]
+CVE-2023-41175 (A vulnerability was found in libtiff due to multiple potential integer ...)
{DLA-3513-1}
- tiff 4.5.1+git230720-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235264
-CVE-2023-40745 [libtiff: integer overflow in tiffcp.c]
+CVE-2023-40745 (LibTIFF is vulnerable to an integer overflow. This flaw allows remote ...)
{DLA-3513-1}
- tiff 4.5.1+git230720-1
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
@@ -19392,8 +19464,8 @@ CVE-2023-2308
RESERVED
CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik ...)
NOT-FOR-US: builderio/qwik
-CVE-2023-2306
- RESERVED
+CVE-2023-2306 (Qognify NiceVision versions 3.1 and prior are vulnerable to exposing s ...)
+ TODO: check
CVE-2023-2305 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -42630,6 +42702,7 @@ CVE-2023-23638 (A deserialization vulnerability existed when dubbo generic invok
CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest version of ...)
+ {DLA-3604-1}
- qemu 1:8.0.2+dfsg-1 (bug #1029155)
[bookworm] - qemu 1:7.2+dfsg-7+deb12u1
[bullseye] - qemu <no-dsa> (Minor issue)
@@ -55710,8 +55783,7 @@ CVE-2022-45912 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and
NOT-FOR-US: Zimbra
CVE-2022-45911 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...)
NOT-FOR-US: Zimbra
-CVE-2022-4145
- RESERVED
+CVE-2022-4145 (A content spoofing flaw was found in OpenShift's OAuth endpoint. This ...)
NOT-FOR-US: OpenShift
CVE-2022-45910 (Improper neutralization of special elements used in an LDAP query ('LD ...)
NOT-FOR-US: Apache ManifoldCF
@@ -72190,8 +72262,8 @@ CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in G
- rdiffweb <itp> (bug #969974)
CVE-2022-3249 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sa ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3248
- RESERVED
+CVE-2022-3248 (A flaw was found in OpenShift API, as admission checks do not enforce ...)
+ TODO: check
CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3246 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...)
@@ -221628,6 +221700,7 @@ CVE-2020-24167
CVE-2020-24166
RESERVED
CVE-2020-24165 (An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local ...)
+ {DLA-3604-1}
- qemu 1:5.0-1
NOTE: https://bugs.launchpad.net/qemu/+bug/1863025
NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=886cc68943ebe8cf7e5f970be33459f95068a441 (v5.0.0-rc0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a363670acf6a4469be26c291cedbb3269a20e462
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a363670acf6a4469be26c291cedbb3269a20e462
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231005/fd73b22b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list