[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Sep 10 09:12:32 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bf6301e5 by security tracker role at 2023-09-10T08:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-4877 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
+CVE-2023-4876 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
+CVE-2023-4873 (A vulnerability, which was classified as critical, was found in Beijin ...)
+ TODO: check
+CVE-2023-4872 (A vulnerability, which was classified as critical, has been found in S ...)
+ TODO: check
+CVE-2023-4871 (A vulnerability classified as critical was found in SourceCodester Con ...)
+ TODO: check
+CVE-2023-4870 (A vulnerability classified as problematic has been found in SourceCode ...)
+ TODO: check
+CVE-2023-4869 (A vulnerability was found in SourceCodester Contact Manager App 1.0. I ...)
+ TODO: check
+CVE-2023-4868 (A vulnerability was found in SourceCodester Contact Manager App 1.0. I ...)
+ TODO: check
+CVE-2023-4867 (A vulnerability was found in Xintian Smart Table Integrated Management ...)
+ TODO: check
+CVE-2023-4866 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...)
+ TODO: check
+CVE-2023-4865 (A vulnerability has been found in SourceCodester Take-Note App 1.0 and ...)
+ TODO: check
+CVE-2023-4864 (A vulnerability, which was classified as problematic, was found in Sou ...)
+ TODO: check
+CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to ...)
+ TODO: check
CVE-2023-4875 (Null pointer dereference when composing from a specially crafted draft ...)
- mutt <unfixed> (bug #1051563)
NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel)
@@ -199,6 +225,7 @@ CVE-2023-4623 (A use-after-free vulnerability in the Linux kernel's net/sched: s
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b3d26c5702c7d6c45456326e56d2ccf3f103e60f
CVE-2023-4622 (A use-after-free vulnerability in the Linux kernel's af_unix component ...)
+ {DSA-5492-1}
- linux 6.4.13-1
NOTE: https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c
CVE-2023-4621
@@ -212,14 +239,17 @@ CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated a
CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
NOTE: Duplicate of CVE-2023-4563 (RedHat assigned)
CVE-2023-4208 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...)
+ {DSA-5492-1}
- linux 6.4.11-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (6.5-rc5)
CVE-2023-4207 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...)
+ {DSA-5492-1}
- linux 6.4.11-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
CVE-2023-4206 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_ro ...)
+ {DSA-5492-1}
- linux 6.4.11-1
[bullseye] - linux 5.10.191-1
NOTE: https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5)
@@ -729,11 +759,13 @@ CVE-2023-41164
NOTE: https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9 (4.2.5)
NOTE: https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e (3.2.21)
CVE-2023-4015 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+ {DSA-5492-1}
- linux 6.4.11-1
[bullseye] - linux <not-affected> (Vulnerable code not in a Debian released version)
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0a771f7b266b02d262900c75f1e175c7fe76fec2 (6.5-rc4)
CVE-2023-3777 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+ {DSA-5492-1}
- linux 6.4.11-1
[bullseye] - linux 5.10.191-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -1832,6 +1864,7 @@ CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.
CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper ...)
NOT-FOR-US: Dell
CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/netfilte ...)
+ {DSA-5492-1}
- linux 6.4.13-1
NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7)
CVE-2023-4567
@@ -3537,7 +3570,7 @@ CVE-2023-40292 (Harman Infotainment 20190525031613 and later discloses the IP ad
CVE-2023-40291 (Harman Infotainment 20190525031613 allows root access via SSH over a U ...)
NOT-FOR-US: Harman Infotainment
CVE-2023-40283 (An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_s ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 (6.5-rc1)
CVE-2023-40274 (An issue was discovered in zola 0.13.0 through 0.17.2. The custom impl ...)
@@ -3800,7 +3833,7 @@ CVE-2023-4282 (The EmbedPress plugin for WordPress is vulnerable to unauthorized
CVE-2023-4275
REJECTED
CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in classifiers ( ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (6.5-rc5)
NOTE: https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
@@ -4039,7 +4072,7 @@ CVE-2023-38710 (An issue was discovered in Libreswan before 4.12. When an IKEv2
NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.txt
NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.patch
CVE-2023-4273 (A flaw was found in the exFAT driver of the Linux kernel. The vulnerab ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/d42334578eba1390859012ebb91e1e556d51db49 (6.5-rc5)
NOTE: https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/
@@ -4559,7 +4592,7 @@ CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
NOTE: https://xenbits.xen.org/xsa/advisory-432.html
@@ -4642,6 +4675,7 @@ CVE-2023-4200 (A vulnerability has been found in SourceCodester Inventory Manage
CVE-2023-4199 (A vulnerability, which was classified as critical, was found in Source ...)
NOT-FOR-US: SourceCodester Inventory Management System
CVE-2023-4155
+ {DSA-5492-1}
- linux 6.4.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -5042,7 +5076,7 @@ CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compile
CVE-2023-3995
REJECTED
CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s Netfilter f ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 (6.5-rc4)
@@ -5060,7 +5094,7 @@ CVE-2023-4133 (A use-after-free vulnerability was found in the cxgb4 driver in t
- linux 6.3.7-1
NOTE: https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3)
CVE-2023-4132 (A use-after-free vulnerability was found in the siano smsusb module in ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.4-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221707
NOTE: https://git.kernel.org/linus/ebad8e731c1c06adf04621d6fd327b860c0861b5 (6.3-rc1)
@@ -5735,7 +5769,7 @@ CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condi
CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. ...)
NOT-FOR-US: ASUS
CVE-2023-4004 (A use-after-free flaw was found in the Linux kernel's netfilter in the ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/87b5a5c209405cb6b57424cdfa226a6dbd349232 (6.5-rc3)
@@ -6284,10 +6318,12 @@ CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE:
CVE-2023-2626 (There exists an authentication bypass vulnerability in OpenThread bord ...)
NOT-FOR-US: OpenThread
CVE-2023-3773 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
+ {DSA-5492-1}
- linux 6.4.13-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u
CVE-2023-3772 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...)
+ {DSA-5492-1}
- linux 6.4.13-1
NOTE: https://lore.kernel.org/netdev/20230721145103.2714073-1-linma@zju.edu.cn/
NOTE: https://www.openwall.com/lists/oss-security/2023/08/10/1
@@ -6377,7 +6413,7 @@ CVE-2023-40745 [libtiff: integer overflow in tiffcp.c]
CVE-2023-3870
REJECTED
CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.4-1
NOTE: https://git.kernel.org/linus/6709d4b7bc2e079241fdef15d1160581c5261c10 (6.5-rc1)
CVE-2023-3344 (The Auto Location for WP Job Manager via Google WordPress plugin befor ...)
@@ -6498,11 +6534,11 @@ CVE-2023-38195 (Datalust Seq before 2023.2.9489 allows insertion of sensitive in
CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...)
NOT-FOR-US: IBOS OA
CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.4-2
NOTE: https://git.kernel.org/linus/0323bce598eea038714f941ce2b22541c46d488f (6.5-rc2)
CVE-2023-3611 (An out-of-bounds write vulnerability in the Linux kernel's net/sched: ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.4-2
NOTE: https://git.kernel.org/linus/3e337087c3b5805fe0b8a46ba622a962880b5d64 (6.5-rc2)
CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
@@ -13401,7 +13437,7 @@ CVE-2023-2922 (A vulnerability classified as problematic has been found in Sourc
CVE-2023-2825 (An issue has been discovered in GitLab CE/EE affecting only version 16 ...)
- gitlab <not-affected> (Only affects 16.x)
CVE-2023-2898 (There is a null-pointer-dereference flaw found in f2fs_write_end_io in ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.4-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/
@@ -15263,6 +15299,7 @@ CVE-2015-10105 (A vulnerability, which was classified as critical, was found in
CVE-2015-10104 (A vulnerability, which was classified as problematic, has been found i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-2430 (A vulnerability was found due to missing lock for IOPOLL flaw in io_cq ...)
+ {DSA-5492-1}
- linux 6.3.7-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -18193,7 +18230,7 @@ CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-
NOTE: STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C, NFC_ST_NCI_SPI) not
NOTE: enabled in Debian
CVE-2023-1989 (A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\ ...)
- {DLA-3404-1 DLA-3403-1}
+ {DSA-5492-1 DLA-3404-1 DLA-3403-1}
- linux 6.3.7-1
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/1e9ac114c4428fdb7ff4635b45d4f46017e8916f (6.3-rc4)
@@ -26544,7 +26581,7 @@ CVE-2023-1208 (This HTTP Headers WordPress plugin before 1.18.11 allows arbitrar
CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1206 (A hash collision flaw was found in the IPv6 connection lookup table in ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2175903
NOTE: https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc (6.5-rc4)
@@ -28249,7 +28286,7 @@ CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type conf
NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
CVE-2023-4194 (A flaw was found in the Linux kernel's TUN/TAP functionality. This iss ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
NOTE: https://git.kernel.org/linus/9bc3047374d5bec163e83e743709e23753376f0c (6.5-rc5)
NOTE: https://git.kernel.org/linus/5c9241f3ceab3257abe2923a59950db0dc8bb737 (6.5-rc5)
@@ -59028,7 +59065,7 @@ CVE-2023-20590
CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...)
NOT-FOR-US: AMD
CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...)
- {DSA-5480-1}
+ {DSA-5492-1 DSA-5480-1}
- linux 6.4.13-1
NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
NOTE: https://git.kernel.org/linus/77245f1c3c6495521f6a3af082696ee2f8ce3921
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf6301e51829f9007a59b43300306344caa68723
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf6301e51829f9007a59b43300306344caa68723
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230910/7bbc688c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list