[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 11 09:12:25 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6f2da4b3 by security tracker role at 2023-09-11T08:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-4816 (A vulnerability exists in the Equipment Tag Out authentication, when c ...)
+ TODO: check
+CVE-2023-42471 (The wave.ai.browser application through 1.0.35 for Android allows a re ...)
+ TODO: check
+CVE-2023-42470 (The Imou Life com.mm.android.smartlifeiot application through 6.8.0 fo ...)
+ TODO: check
+CVE-2023-42467 (QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset ...)
+ TODO: check
+CVE-2023-40040 (An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" ...)
+ TODO: check
+CVE-2023-40039 (An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. ...)
+ TODO: check
+CVE-2023-35845 (Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certifica ...)
+ TODO: check
CVE-2023-4879 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...)
NOT-FOR-US: icms2
CVE-2023-4878 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...)
@@ -97,7 +111,7 @@ CVE-2023-40924 (SolarView Compact < 6.00 is vulnerable to Directory Traversal.)
NOT-FOR-US: SolarView Compact
CVE-2023-39712 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
NOT-FOR-US: Free and Open Source Inventory Management System
-CVE-2023-39676 (SimpleImportProduct Prestashop Module v1.0.0 was discovered to contain ...)
+CVE-2023-39676 (FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contai ...)
NOT-FOR-US: SimpleImportProduct Prestashop Module
CVE-2023-39584 (Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file re ...)
NOT-FOR-US: Hexo
@@ -1652,6 +1666,7 @@ CVE-2023-39267 (An authenticated remote code execution vulnerability exists in t
CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface could a ...)
NOT-FOR-US: Aruba
CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...)
+ {DSA-5495-1}
- frr 8.4.4-1.1
NOTE: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
NOTE: https://github.com/FRRouting/frr/pull/14290
@@ -1665,7 +1680,7 @@ CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass v
NOT-FOR-US: VMware
CVE-2023-4586
NOT-FOR-US: Infinispan
-CVE-2023-4585
+CVE-2023-4585 (Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thun ...)
- firefox 117.0-1
- firefox-esr 115.2.0esr-1
[bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
@@ -1678,7 +1693,7 @@ CVE-2023-4585
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4585
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4585
-CVE-2023-4584
+CVE-2023-4584 (Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ...)
{DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
@@ -1687,7 +1702,7 @@ CVE-2023-4584
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4584
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4584
-CVE-2023-4583
+CVE-2023-4583 (When checking if the Browsing Context had been discarded in `HttpBaseC ...)
- firefox 117.0-1
- firefox-esr 115.2.0esr-1
[bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
@@ -1700,7 +1715,7 @@ CVE-2023-4583
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4583
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4583
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4583
-CVE-2023-4582
+CVE-2023-4582 (Due to large allocation checks in Angle for glsl shaders being too len ...)
- firefox-esr <not-affected> (MacOS-specific)
- firefox <not-affected> (MacOS-specific)
- thunderbird <not-affected> (MacOS-specific)
@@ -1708,7 +1723,7 @@ CVE-2023-4582
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4582
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4582
-CVE-2023-4581
+CVE-2023-4581 (Excel `.xll` add-in files did not have a blocklist entry in Firefox's ...)
{DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
@@ -1717,7 +1732,7 @@ CVE-2023-4581
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4581
-CVE-2023-4580
+CVE-2023-4580 (Push notifications stored on disk in private browsing mode were not be ...)
- firefox 117.0-1
- firefox-esr 115.2.0esr-1
[bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
@@ -1730,10 +1745,10 @@ CVE-2023-4580
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4580
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4580
-CVE-2023-4579
+CVE-2023-4579 (Search queries in the default search engine could appear to have been ...)
- firefox 117.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4579
-CVE-2023-4578
+CVE-2023-4578 (When calling `JS::CheckRegExpSyntax` a Syntax Error could have been se ...)
- firefox 117.0-1
- firefox-esr 115.2.0esr-1
[bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
@@ -1746,7 +1761,7 @@ CVE-2023-4578
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4578
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4578
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4578
-CVE-2023-4577
+CVE-2023-4577 (When `UpdateRegExpStatics` attempted to access `initialStringHeap` it ...)
- firefox-esr 115.2.0esr-1
[bookworm] - firefox-esr <not-affected> (ESR 102 not affected)
[bullseye] - firefox-esr <not-affected> (ESR 102 not affected)
@@ -1760,7 +1775,7 @@ CVE-2023-4577
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4577
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4577
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4577
-CVE-2023-4576
+CVE-2023-4576 (On Windows, an integer overflow could occur in `RecordedSourceSurfaceC ...)
- firefox-esr <not-affected> (Windows-specific)
- firefox <not-affected> (Windows-specific)
- thunderbird <not-affected> (Windows-specific)
@@ -1768,7 +1783,7 @@ CVE-2023-4576
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4576
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4576
-CVE-2023-4575
+CVE-2023-4575 (When creating a callback over IPC for showing the File Picker window, ...)
{DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
@@ -1777,7 +1792,7 @@ CVE-2023-4575
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4575
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4575
-CVE-2023-4574
+CVE-2023-4574 (When creating a callback over IPC for showing the Color Picker window, ...)
{DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
@@ -1786,7 +1801,7 @@ CVE-2023-4574
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4574
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4574
-CVE-2023-4573
+CVE-2023-4573 (When receiving rendering data over IPC `mStream` could have been destr ...)
{DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1}
- firefox-esr 115.2.0esr-1
- firefox 117.0-1
@@ -1819,6 +1834,7 @@ CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is a
NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14268
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/460ee930d6dbce6e96ecbfcd568a291f31bae24e
CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...)
+ {DSA-5495-1}
- frr 8.4.4-1.1
NOTE: https://github.com/FRRouting/frr/pull/14260
NOTE: Fixed by: https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38
@@ -5280,7 +5296,7 @@ CVE-2023-32764 (Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to esc
NOT-FOR-US: Fabasoft Cloud Enterprise Client
CVE-2023-2754 (The Cloudflare WARP client for Windows assigns loopback IPv4 addresses ...)
NOT-FOR-US: Cloudflare WARP client for Windows
-CVE-2023-4104
+CVE-2023-4104 (An invalid Polkit Authentication check and missing authentication requ ...)
- mozillavpn <unfixed> (bug #1043004)
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/1
NOTE: https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055
@@ -15089,6 +15105,7 @@ CVE-2023-31800 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.1
CVE-2023-31799 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...)
NOT-FOR-US: Chamilo LMS
CVE-2023-31490 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...)
+ {DSA-5495-1}
- frr 8.4.4-1 (bug #1036062)
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13099
@@ -61007,6 +61024,7 @@ CVE-2022-43683
CVE-2022-43682
RESERVED
CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...)
+ {DSA-5495-1}
- frr 8.4.1-1 (bug #1035829)
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
@@ -70346,6 +70364,7 @@ CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based
CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...)
NOT-FOR-US: LISTSERV
CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
+ {DSA-5495-1}
- frr 8.4.1-1 (bug #1035829)
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
@@ -70413,6 +70432,7 @@ CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 (v2.10.3)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336
CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...)
+ {DSA-5495-1}
- frr 8.4.1-1 (bug #1035829)
[buster] - frr <no-dsa> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13427
@@ -80859,6 +80879,7 @@ CVE-2022-36442 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19.
CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gb ...)
NOT-FOR-US: Zebra Enterprise Home Screen
CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...)
+ {DSA-5495-1}
- frr 8.4.1-1
[buster] - frr <ignored> (Minor issue)
NOTE: https://github.com/FRRouting/frr/issues/13202
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2da4b3dbaa3198f1ae0e36f1cee9f2a9413daa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f2da4b3dbaa3198f1ae0e36f1cee9f2a9413daa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230911/82de364f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list