[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Oct 12 09:11:47 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
162b0be9 by security tracker role at 2023-10-12T08:11:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-5531 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2023-5470 (The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2023-45132 (NAXSI is an open-source maintenance web application firewall (WAF) for ...)
+	TODO: check
+CVE-2023-44793
+	REJECTED
+CVE-2023-44190 (An Origin Validation vulnerability in MAC address validation of Junipe ...)
+	TODO: check
+CVE-2023-44189 (An Origin Validation vulnerability in MAC address validation of Junipe ...)
+	TODO: check
+CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...)
+	TODO: check
+CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy'  ...)
+	TODO: check
+CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...)
+	TODO: check
+CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...)
+	TODO: check
+CVE-2023-40829 (There is an interface unauthorized access vulnerability in the backgro ...)
+	TODO: check
+CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...)
+	TODO: check
+CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to  ...)
+	TODO: check
+CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
+	TODO: check
+CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow  ...)
+	TODO: check
+CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps  ...)
+	TODO: check
 CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.)
 	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f
@@ -170,53 +202,53 @@ CVE-2023-36127 (User enumeration is found in in PHPJabbers Appointment Scheduler
 	NOT-FOR-US: PHPJabbers Appointment Scheduler
 CVE-2023-36126 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...)
 	NOT-FOR-US: PHPJabbers Appointment Scheduler
-CVE-2023-39325
+CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and immediate ...)
 	- golang-1.21 1.21.3-1
 	- golang-1.20 1.20.10-1
 	- golang-1.19 <unfixed>
 	- golang-1.15 <removed>
 	- golang-1.11 <removed>
 	NOTE: https://github.com/golang/go/issues/63417
-CVE-2023-5473
+CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5486
+CVE-2023-5486 (Inappropriate implementation in Input in Google Chrome prior to 118.0. ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5477
+CVE-2023-5477 (Inappropriate implementation in Installer in Google Chrome prior to 11 ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5478
+CVE-2023-5478 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5485
+CVE-2023-5485 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5479
+CVE-2023-5479 (Inappropriate implementation in Extensions API in Google Chrome prior  ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5476
+CVE-2023-5476 (Use after free in Blink History in Google Chrome prior to 118.0.5993.7 ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5474
+CVE-2023-5474 (Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 al ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5475
+CVE-2023-5475 (Inappropriate implementation in DevTools in Google Chrome prior to 118 ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5481
+CVE-2023-5481 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5483
+CVE-2023-5483 (Inappropriate implementation in Intents in Google Chrome prior to 118. ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5484
+CVE-2023-5484 (Inappropriate implementation in Navigation in Google Chrome prior to 1 ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5487
+CVE-2023-5487 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5218
+CVE-2023-5218 (Use after free in Site Isolation in Google Chrome prior to 118.0.5993. ...)
 	- chromium 118.0.5993.70-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4421
@@ -925,7 +957,7 @@ CVE-2023-39189 (A flaw was found in the Netfilter subsystem in the Linux kernel.
 CVE-2023-36820 (Micronaut Security is a security solution for applications. Prior to v ...)
 	NOT-FOR-US: Micronaut Security
 CVE-2023-43641 (libcue provides an API for parsing and extracting data from CUE sheets ...)
-	{DSA-5524-1}
+	{DSA-5524-1 DLA-3615-1}
 	- libcue 2.2.1-4.1
 	NOTE: https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj
 	NOTE: https://www.openwall.com/lists/oss-security/2023/10/09/3
@@ -25502,8 +25534,7 @@ CVE-2023-1945 (Unexpected data returned from the Safe Browsing API could have le
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1945
 CVE-2023-1944 (This vulnerability enables ssh access to minikube container using a de ...)
 	NOT-FOR-US: minikube
-CVE-2023-1943
-	RESERVED
+CVE-2023-1943 (Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.)
 	NOT-FOR-US: Kubernetes Operations (kOps)
 CVE-2015-10099 (A vulnerability classified as critical has been found in CP Appointmen ...)
 	NOT-FOR-US: WordPress plugin
@@ -25809,8 +25840,8 @@ CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS
 	[bookworm] - zabbix <no-dsa> (Minor issue)
 	[bullseye] - zabbix <no-dsa> (Minor issue)
 	NOTE: https://support.zabbix.com/browse/ZBX-22985
-CVE-2023-29453
-	RESERVED
+CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript string  ...)
+	TODO: check
 CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...)
 	- zabbix <unfixed>
 	[bookworm] - zabbix <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/162b0be9fa499fc5b2f1e87e8d20f674811543a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/162b0be9fa499fc5b2f1e87e8d20f674811543a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231012/de5f9782/attachment.htm>

More information about the debian-security-tracker-commits mailing list