[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Oct 19 09:12:29 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3577dcc by security tracker role at 2023-10-19T08:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,59 @@
+CVE-2023-5639 (The Team Showcase plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2023-5638 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2023-5336 (The iPanorama 360 \u2013 WordPress Virtual Tour Builder plugin for Wor ...)
+ TODO: check
+CVE-2023-5254 (The ChatBot plugin for WordPress is vulnerable to Sensitive Informatio ...)
+ TODO: check
+CVE-2023-5241 (The AI ChatBot for WordPress is vulnerable to Directory Traversal in v ...)
+ TODO: check
+CVE-2023-5212 (The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File De ...)
+ TODO: check
+CVE-2023-5204 (The ChatBot plugin for WordPress is vulnerable to SQL Injection via th ...)
+ TODO: check
+CVE-2023-4645 (The Ad Inserter for WordPress is vulnerable to Sensitive Information E ...)
+ TODO: check
+CVE-2023-46229 (LangChain before 0.0.317 allows SSRF via document_loaders/recursive_ur ...)
+ TODO: check
+CVE-2023-46228 (zchunk before 1.3.2 has multiple integer overflows via malformed zchun ...)
+ TODO: check
+CVE-2023-45958 (Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-si ...)
+ TODO: check
+CVE-2023-45909 (zzzcms v2.2.0 was discovered to contain an open redirect vulnerability ...)
+ TODO: check
+CVE-2023-45814 (Bunkum is an open-source protocol-agnostic request server for custom g ...)
+ TODO: check
+CVE-2023-45813 (Torbot is an open source tor network intelligence tool. In affected ve ...)
+ TODO: check
+CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph router wri ...)
+ TODO: check
+CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With it, a T ...)
+ TODO: check
+CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...)
+ TODO: check
+CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino development. ...)
+ TODO: check
+CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino development. ...)
+ TODO: check
+CVE-2023-43801 (Arduino Create Agent is a package to help manage Arduino development. ...)
+ TODO: check
+CVE-2023-43800 (Arduino Create Agent is a package to help manage Arduino development. ...)
+ TODO: check
+CVE-2023-37504 (HCL Compass is vulnerable to failure to invalidate sessions. The appli ...)
+ TODO: check
+CVE-2023-37503 (HCL Compass is vulnerable to insecure password requirements. An attack ...)
+ TODO: check
+CVE-2023-37502 (HCL Compass is vulnerable to lack of file upload security. An attacker ...)
+ TODO: check
+CVE-2023-36857 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...)
+ TODO: check
+CVE-2023-34441 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...)
+ TODO: check
+CVE-2023-34437 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...)
+ TODO: check
+CVE-2023-34050 (In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed l ...)
+ TODO: check
CVE-2023-5642 (Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker t ...)
NOT-FOR-US: Advantech R-SeeNet
CVE-2023-5632 (In Eclipse Mosquito before and including 2.0.5, establishing a connect ...)
@@ -4292,6 +4348,7 @@ CVE-2023-32284 (An out-of-bounds write vulnerability exists in the tiff_planar_a
CVE-2022-48605 (Input verification vulnerability in the fingerprint module. Successful ...)
NOT-FOR-US: Huawei
CVE-2023-42756 (A flaw was found in the Netfilter subsystem of the Linux kernel. A rac ...)
+ {DLA-3623-1}
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -4299,6 +4356,7 @@ CVE-2023-42756 (A flaw was found in the Netfilter subsystem of the Linux kernel.
NOTE: https://www.openwall.com/lists/oss-security/2023/09/27/2
NOTE: https://git.kernel.org/linus/7433b6d2afd512d04398c73aa984d1e285be125b (6.6-rc3)
CVE-2023-42755 (A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) clas ...)
+ {DLA-3623-1}
- linux 6.3.7-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -4878,6 +4936,7 @@ CVE-2023-42754 (A NULL pointer dereference flaw was found in the Linux kernel ip
NOTE: https://www.openwall.com/lists/oss-security/2023/10/02/8
NOTE: https://git.kernel.org/linus/0113d9c9d1ccc07f5a3710dac4aa24b6d711278c (6.6-rc3)
CVE-2023-42753 (An array indexing vulnerability was found in the netfilter subsystem o ...)
+ {DLA-3623-1}
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -5516,6 +5575,7 @@ CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is calle
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b25508dd774b617f99419bdc3cf2ace4560cd2d6 (release/2.38/master branch)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/25/1
CVE-2023-4921 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_qf ...)
+ {DLA-3623-1}
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -6254,12 +6314,13 @@ CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble' rule,
CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable to Loca ...)
NOT-FOR-US: Media Library Assistant plugin for WordPress
CVE-2023-4623 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_hf ...)
+ {DLA-3623-1}
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/b3d26c5702c7d6c45456326e56d2ccf3f103e60f
CVE-2023-4622 (A use-after-free vulnerability in the Linux kernel's af_unix component ...)
- {DSA-5492-1}
+ {DSA-5492-1 DLA-3623-1}
- linux 6.4.13-1
[bullseye] - linux 5.10.197-1
NOTE: https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c
@@ -6272,6 +6333,7 @@ CVE-2023-4588 (File accessibility vulnerability in Delinea Secret Server, in its
CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access ...)
NOT-FOR-US: Tenda
CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+ {DLA-3623-1}
- linux 6.4.13-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux 5.10.197-1
@@ -9674,7 +9736,7 @@ CVE-2023-40292 (Harman Infotainment 20190525031613 and later discloses the IP ad
CVE-2023-40291 (Harman Infotainment 20190525031613 allows root access via SSH over a U ...)
NOT-FOR-US: Harman Infotainment
CVE-2023-40283 (An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_s ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 (6.5-rc1)
CVE-2023-40274 (An issue was discovered in zola 0.13.0 through 0.17.2. The custom impl ...)
@@ -9937,7 +9999,7 @@ CVE-2023-4282 (The EmbedPress plugin for WordPress is vulnerable to unauthorized
CVE-2023-4275
REJECTED
CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in classifiers ( ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (6.5-rc5)
NOTE: https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
@@ -10178,7 +10240,7 @@ CVE-2023-38710 (An issue was discovered in Libreswan before 4.12. When an IKEv2
NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.txt
NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.patch
CVE-2023-4273 (A flaw was found in the exFAT driver of the Linux kernel. The vulnerab ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/d42334578eba1390859012ebb91e1e556d51db49 (6.5-rc5)
NOTE: https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/
@@ -10699,7 +10761,7 @@ CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-34319 (The fix for XSA-423 added logic to Linux'es netback driver to deal wit ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
NOTE: https://xenbits.xen.org/xsa/advisory-432.html
@@ -11184,7 +11246,7 @@ CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compile
CVE-2023-3995
REJECTED
CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s Netfilter f ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 (6.5-rc4)
@@ -11202,7 +11264,7 @@ CVE-2023-4133 (A use-after-free vulnerability was found in the cxgb4 driver in t
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3)
CVE-2023-4132 (A use-after-free vulnerability was found in the siano smsusb module in ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.4-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221707
NOTE: https://git.kernel.org/linus/ebad8e731c1c06adf04621d6fd327b860c0861b5 (6.3-rc1)
@@ -11877,7 +11939,7 @@ CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condi
CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. ...)
NOT-FOR-US: ASUS
CVE-2023-4004 (A use-after-free flaw was found in the Linux kernel's netfilter in the ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/87b5a5c209405cb6b57424cdfa226a6dbd349232 (6.5-rc3)
@@ -12428,13 +12490,13 @@ CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE:
CVE-2023-2626 (There exists an authentication bypass vulnerability in OpenThread bord ...)
NOT-FOR-US: OpenThread
CVE-2023-3773 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
- {DSA-5492-1}
+ {DSA-5492-1 DLA-3623-1}
- linux 6.4.13-1
[bullseye] - linux 5.10.197-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u
CVE-2023-3772 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
- {DSA-5492-1}
+ {DSA-5492-1 DLA-3623-1}
- linux 6.4.13-1
[bullseye] - linux 5.10.197-1
NOTE: https://lore.kernel.org/netdev/20230721145103.2714073-1-linma@zju.edu.cn/
@@ -12525,7 +12587,7 @@ CVE-2023-40745 (LibTIFF is vulnerable to an integer overflow. This flaw allows r
CVE-2023-3870
REJECTED
CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.4-1
NOTE: https://git.kernel.org/linus/6709d4b7bc2e079241fdef15d1160581c5261c10 (6.5-rc1)
CVE-2023-3344 (The Auto Location for WP Job Manager via Google WordPress plugin befor ...)
@@ -12646,11 +12708,11 @@ CVE-2023-38195 (Datalust Seq before 2023.2.9489 allows insertion of sensitive in
CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...)
NOT-FOR-US: IBOS OA
CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.4-2
NOTE: https://git.kernel.org/linus/0323bce598eea038714f941ce2b22541c46d488f (6.5-rc2)
CVE-2023-3611 (An out-of-bounds write vulnerability in the Linux kernel's net/sched: ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.4-2
NOTE: https://git.kernel.org/linus/3e337087c3b5805fe0b8a46ba622a962880b5d64 (6.5-rc2)
CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
@@ -12660,7 +12722,7 @@ CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter: n
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4bedf9eee016286c835e3d8fa981ddece5338795 (6.4)
CVE-2023-3609 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...)
- {DSA-5480-1}
+ {DSA-5480-1 DLA-3623-1}
- linux 6.3.11-1
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/04c55383fa5689357bcdd2c8036725a55ed632bc (6.4-rc7)
@@ -15945,13 +16007,13 @@ CVE-2023-3390 (A use-after-free vulnerability was found in the Linux kernel's ne
NOTE: https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97 (6.4-rc7)
NOTE: https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97
CVE-2023-3389 (A use-after-free vulnerability in the Linux Kernel io_uring subsystem ...)
- {DSA-5480-1}
+ {DSA-5480-1 DLA-3623-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8
NOTE: https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan ne ...)
- {DSA-5480-1 DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)
CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the /admin fun ...)
@@ -16806,7 +16868,7 @@ CVE-2023-34340 (Improper Authentication vulnerability in Apache Software Foundat
CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees System ...)
NOT-FOR-US: SourceCodester Online School Fees System
CVE-2023-3338 (A null pointer dereference flaw was found in the Linux kernel's DECnet ...)
- {DSA-5480-1 DLA-3508-1}
+ {DSA-5480-1 DLA-3623-1 DLA-3508-1}
- linux 6.1.4-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/24/3
NOTE: https://git.kernel.org/linus/1202cdd665315c525b5237e96e0bedc76d7e754f (6.1-rc1)
@@ -17099,14 +17161,14 @@ CVE-2023-35826 (An issue was discovered in the Linux kernel before 6.3.2. A use-
CVE-2023-35825
REJECTED
CVE-2023-35824 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
- {DLA-3508-1}
+ {DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/5abda7a16698d4d1f47af1168d8fa2c640116b4a (6.4-rc1)
NOTE: Only "exploitable" by removing the module which needs root privileges
CVE-2023-35823 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...)
- {DLA-3508-1}
+ {DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
@@ -17158,7 +17220,7 @@ CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/reac
CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...)
NOT-FOR-US: salesagility/suitecrm-core
CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c ...)
- {DSA-5480-1 DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
NOTE: https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
@@ -17225,7 +17287,7 @@ CVE-2023-3269 (A vulnerability exists in the memory management subsystem of the
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/1
NOTE: https://www.openwall.com/lists/oss-security/2023/07/28/1
CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the Linux kerne ...)
- {DSA-5480-1 DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6 ...)
@@ -17770,7 +17832,7 @@ CVE-2023-2563 (The WordPress Contact Forms by Cimatti plugin for WordPress is vu
CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...)
NOT-FOR-US: WP Directory Kit plugin for WordPress
CVE-2023-3212 (A NULL pointer dereference issue was found in the gfs2 file system in ...)
- {DSA-5480-1 DSA-5448-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3623-1}
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636 (6.4-rc2)
CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...)
@@ -17907,7 +17969,7 @@ CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Managem
CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...)
NOT-FOR-US: SourceCodester Performance Indicator System
CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...)
- {DLA-3508-1}
+ {DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
@@ -18600,7 +18662,7 @@ CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all versions
CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
- gitlab 15.10.8+ds1-2
CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate in fs/ ...)
- {DSA-5480-1 DLA-3508-1}
+ {DSA-5480-1 DLA-3623-1 DLA-3508-1}
- linux 5.19.6-1
NOTE: https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2)
CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admid ...)
@@ -19065,7 +19127,7 @@ CVE-2023-34258 (An issue was discovered in BMC Patrol before 22.1.00. The agent'
CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The agent's con ...)
NOT-FOR-US: BMC Patrol
CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3. There is an ...)
- {DLA-3508-1}
+ {DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1 (unimportant)
[bookworm] - linux 6.1.37-1
[bullseye] - linux 5.10.191-1
@@ -19555,7 +19617,7 @@ CVE-2023-2922 (A vulnerability classified as problematic has been found in Sourc
CVE-2023-2825 (An issue has been discovered in GitLab CE/EE affecting only version 16 ...)
- gitlab <not-affected> (Only affects 16.x)
CVE-2023-2898 (There is a null-pointer-dereference flaw found in f2fs_write_end_io in ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.4-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/
@@ -22086,7 +22148,7 @@ CVE-2023-24476 (An attacker with local access to the machine could record the tr
CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts ...)
NOT-FOR-US: Netskope
CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...)
- {DSA-5480-1 DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view all sto ...)
@@ -22232,7 +22294,7 @@ CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux k
NOTE: https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/
NOTE: Negligible security impact
CVE-2023-31084 (An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in th ...)
- {DSA-5480-1 DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux ...)
@@ -23209,7 +23271,7 @@ CVE-2023-2126
CVE-2023-2125
RESERVED
CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...)
- {DSA-5480-1 DSA-5448-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3623-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE: https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
@@ -24140,7 +24202,7 @@ CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-441/
NOTE: https://git.kernel.org/linus/05b252cccb2e5c3f56119d25de684b4f810ba40a (5.19-rc4)
CVE-2023-2007 (The specific flaw exists within the DPT I2O Controller driver. The iss ...)
- {DSA-5480-1 DLA-3508-1}
+ {DSA-5480-1 DLA-3623-1 DLA-3508-1}
- linux 6.0.2-1
NOTE: https://git.kernel.org/linus/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 (6.0-rc1)
CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network protoco ...)
@@ -24156,7 +24218,7 @@ CVE-2023-2004
CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the build 5 of ...)
NOT-FOR-US: Vision120
CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due to a m ...)
- {DSA-5480-1 DLA-3508-1}
+ {DSA-5480-1 DLA-3623-1 DLA-3508-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3
NOTE: Fixed by: https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18
@@ -24352,7 +24414,7 @@ CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-
NOTE: STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C, NFC_ST_NCI_SPI) not
NOTE: enabled in Debian
CVE-2023-1989 (A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\ ...)
- {DSA-5492-1 DLA-3404-1 DLA-3403-1}
+ {DSA-5492-1 DLA-3623-1 DLA-3404-1 DLA-3403-1}
- linux 6.3.7-1
[bullseye] - linux 5.10.197-1
NOTE: https://git.kernel.org/linus/1e9ac114c4428fdb7ff4635b45d4f46017e8916f (6.3-rc4)
@@ -31526,7 +31588,7 @@ CVE-2023-28159 (The fullscreen notification could have been hidden on Firefox fo
- firefox <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159
CVE-2023-1380 (A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in d ...)
- {DSA-5480-1 DLA-3508-1}
+ {DSA-5480-1 DLA-3623-1 DLA-3508-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1
NOTE: https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u
@@ -32718,7 +32780,7 @@ CVE-2023-1208 (This HTTP Headers WordPress plugin before 1.18.11 allows arbitrar
CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1206 (A hash collision flaw was found in the IPv6 connection lookup table in ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2175903
NOTE: https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc (6.5-rc4)
@@ -34423,7 +34485,7 @@ CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type conf
NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
CVE-2023-4194 (A flaw was found in the Linux kernel's TUN/TAP functionality. This iss ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/9bc3047374d5bec163e83e743709e23753376f0c (6.5-rc5)
NOTE: https://git.kernel.org/linus/5c9241f3ceab3257abe2923a59950db0dc8bb737 (6.5-rc5)
@@ -56525,7 +56587,7 @@ CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository ostic
CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...)
NOT-FOR-US: M-Files Web
CVE-2022-4269 (A flaw was found in the Linux kernel Traffic Control (TC) subsystem. U ...)
- {DSA-5480-1}
+ {DSA-5480-1 DLA-3623-1}
- linux 6.1.20-2
NOTE: https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/
CVE-2022-4268 (The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and e ...)
@@ -61713,7 +61775,7 @@ CVE-2023-21402
CVE-2023-21401
RESERVED
CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...)
- {DSA-5480-1}
+ {DSA-5480-1 DLA-3623-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://source.android.com/security/bulletin/pixel/2023-07-01
@@ -62014,7 +62076,7 @@ CVE-2023-21257 (In updateSettingsInternalLI of InstallPackageHelper.java, there
CVE-2023-21256 (In SettingsHomepageActivity.java, there is a possible way to launch ar ...)
NOT-FOR-US: Android
CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory corrupti ...)
- {DSA-5480-1}
+ {DSA-5480-1 DLA-3623-1}
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
NOTE: https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4)
@@ -65254,7 +65316,7 @@ CVE-2023-20590
CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...)
NOT-FOR-US: AMD
CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...)
- {DSA-5492-1 DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1 DLA-3623-1}
- linux 6.4.13-1
[bullseye] - linux 5.10.197-1
- xen <unfixed>
@@ -79473,7 +79535,7 @@ CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from
CVE-2022-3083 (All versions of Landis+Gyr E850 (ZMQ200) are vulnerable toCWE-784: Rel ...)
NOT-FOR-US: Landis+Gyr E850
CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kernel befo ...)
- {DSA-5480-1}
+ {DSA-5480-1 DLA-3623-1}
- linux 5.19.6-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
NOTE: https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3577dccea2644dcc0a8ee31f3b618ddbc8e4beb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3577dccea2644dcc0a8ee31f3b618ddbc8e4beb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231019/6d38cce0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list