[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 19 09:12:32 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc96efbc by security tracker role at 2023-09-19T08:12:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...)
+ TODO: check
+CVE-2023-5054 (The Super Store Finder plugin for WordPress is vulnerable to unauthent ...)
+ TODO: check
+CVE-2023-5009 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2023-42454 (SQLpage is a SQL-only webapp builder. Someone using SQLpage versions p ...)
+ TODO: check
+CVE-2023-42446 (Pow is a authentication and user management solution for Phoenix and P ...)
+ TODO: check
+CVE-2023-42443 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
+ TODO: check
+CVE-2023-42441 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
+ TODO: check
+CVE-2023-42399 (Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0- ...)
+ TODO: check
+CVE-2023-41599 (An issue in the component /common/DownController.java of JFinalCMS v5. ...)
+ TODO: check
+CVE-2023-41443 (SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote atta ...)
+ TODO: check
+CVE-2023-40788 (SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to ...)
+ TODO: check
+CVE-2023-39058 (An information leak in THE_B_members card v13.6.1 allows attackers to ...)
+ TODO: check
+CVE-2023-39056 (An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain ...)
+ TODO: check
+CVE-2023-39049 (An information leak in youmart-tokunaga v13.6.1 allows attackers to ob ...)
+ TODO: check
+CVE-2023-39046 (An information leak in TonTon-Tei_waiting Line v13.6.1 allows attacker ...)
+ TODO: check
+CVE-2023-39043 (An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows at ...)
+ TODO: check
+CVE-2023-39040 (An information leak in Cheese Cafe Line v13.6.1 allows attackers to ob ...)
+ TODO: check
+CVE-2023-39039 (An information leak in Camp Style Project Line v13.6.1 allows attacker ...)
+ TODO: check
+CVE-2023-38582 (Persistent cross-site scripting (XSS) in the web application of MOD3GP ...)
+ TODO: check
+CVE-2023-38255 (A potential attacker with or without (cookie theft) access to the devi ...)
+ TODO: check
+CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a re ...)
+ TODO: check
CVE-2023-4237 [ec2_key module prints out the private key directly to the standard output]
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
@@ -142,6 +184,7 @@ CVE-2023-43091 [Code injection via service.json file]
NOTE: Introduced with merge: https://gitlab.gnome.org/GNOME/gnome-maps/-/merge_requests/227 (v43.alpha)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea (v45.rc)
CVE-2023-43090 [Screenshot tool allows viewing open windows when session is locked]
+ {DSA-5501-1}
- gnome-shell 44.5-1 (bug #1052067)
[bullseye] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
[buster] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
@@ -841,33 +884,43 @@ CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for WordPre
CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for WordPress ...)
NOT-FOR-US: Google Maps Plugin by Intergeo for WordPress plugin for WordPress
CVE-2023-4909 (Inappropriate implementation in Interstitials in Google Chrome prior t ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4908 (Inappropriate implementation in Picture in Picture in Google Chrome pr ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4907 (Inappropriate implementation in Intents in Google Chrome on Android pr ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4906 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4905 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4904 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4903 (Inappropriate implementation in Custom Mobile Tabs in Google Chrome on ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4902 (Inappropriate implementation in Input in Google Chrome prior to 117.0. ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4901 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...)
+ {DSA-5499-1}
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 ...)
@@ -5814,7 +5867,7 @@ CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior t
NOT-FOR-US: PrestaShop
CVE-2023-39520 (Cryptomator encrypts data being stored on cloud infrastructure. The MS ...)
NOT-FOR-US: Cryptomator
-CVE-2023-39363 (Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Ma ...)
+CVE-2023-39363 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...)
NOT-FOR-US: Vyer
CVE-2023-39349 (Sentry is an error tracking and performance monitoring platform. Start ...)
NOT-FOR-US: Sentry
@@ -32275,8 +32328,8 @@ CVE-2023-26145
RESERVED
CVE-2023-26144
RESERVED
-CVE-2023-26143
- RESERVED
+CVE-2023-26143 (Versions of the package blamer before 1.0.4 are vulnerable to Arbitrar ...)
+ TODO: check
CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...)
TODO: check
CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial ...)
@@ -42549,7 +42602,7 @@ CVE-2023-0127 (A command injection vulnerability in the firmware_update command,
NOT-FOR-US: Tenable
CVE-2023-0126 (Pre-authentication path traversal vulnerability in SMA1000 firmware ve ...)
NOT-FOR-US: SonicWall
-CVE-2023-0125 (A vulnerability was found in Control iD Panel. It has been declared as ...)
+CVE-2023-0125 (A vulnerability was found in Control iD Gerencia Web 1.30. It has been ...)
NOT-FOR-US: Control iD Panel
CVE-2023-0124 (Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable ...)
NOT-FOR-US: Delta Electronics DOPSoft
@@ -47199,7 +47252,7 @@ CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle G
CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
NOT-FOR-US: Oracle
CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1 DLA-3571-1}
- openjdk-8 8u382-ga-1
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
@@ -47210,7 +47263,7 @@ CVE-2023-22047 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.34-1 (bug #1041819)
CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1 DLA-3571-1}
- openjdk-8 8u382-ga-1
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
@@ -47223,7 +47276,7 @@ CVE-2023-22043 (Vulnerability in Oracle Java SE (component: JavaFX). The suppo
CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
NOT-FOR-US: Oracle
CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1 DLA-3571-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -47235,7 +47288,7 @@ CVE-2023-22038 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
NOT-FOR-US: Oracle
CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1 DLA-3571-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
@@ -47297,7 +47350,7 @@ CVE-2023-22008 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.34-1 (bug #1041819)
CVE-2023-22006 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5458-1}
+ {DSA-5478-1 DSA-5458-1 DLA-3571-1}
- openjdk-11 11.0.20+8-1
- openjdk-17 17.0.8+7-1
CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -47375,13 +47428,13 @@ CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analy
CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). Supp ...)
NOT-FOR-US: Oracle
CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1 DLA-3571-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1 DLA-3571-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -47411,7 +47464,7 @@ CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1 DLA-3571-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -47445,19 +47498,19 @@ CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analy
CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.33-1 (bug #1034719)
CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1 DLA-3571-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1 DLA-3571-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
- openjdk-20 20.0.1+9-2
CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1 DLA-3571-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -47475,7 +47528,7 @@ CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Service
CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- {DSA-5478-1 DSA-5430-1}
+ {DSA-5478-1 DSA-5430-1 DLA-3571-1}
- openjdk-8 8u372-ga-1
- openjdk-11 11.0.19+7-1 (bug #1036280)
- openjdk-17 17.0.7+7-1 (bug #1035957)
@@ -105108,8 +105161,8 @@ CVE-2022-28359
RESERVED
CVE-2022-28358
RESERVED
-CVE-2022-28357
- RESERVED
+CVE-2022-28357 (NATS nats-server 2.2.0 through 2.7.4 allows directory traversal becaus ...)
+ TODO: check
CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found in ne ...)
{DSA-5173-1 DSA-5127-1 DLA-3065-1}
- linux 5.16.18-1
@@ -120511,7 +120564,7 @@ CVE-2022-23494 (tinymce is an open source rich text editor. A cross-site scripti
NOTE: https://github.com/tinymce/tinymce/commit/8bb2d2646d4e1a718fce61a775fa22e9d317b32d
NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-gg8r-xjwq-4w92
CVE-2022-23493 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3370-1}
+ {DSA-5502-1 DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-59wp-3wq6-jh5v
NOTE: https://github.com/neutrinolabs/xrdp/commit/030db5524be7616967ae9e7d26b3d4477cf6082d
@@ -120534,41 +120587,42 @@ CVE-2022-23486 (libp2p-rust is the official rust language Implementation of the
CVE-2022-23485 (Sentry is an error tracking and performance monitoring platform. In ve ...)
NOT-FOR-US: Sentry
CVE-2022-23484 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3370-1}
+ {DSA-5502-1 DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rqfx-5fv8-q9c6
NOTE: https://github.com/neutrinolabs/xrdp/commit/c2c6efb1d377be6baaa4acbc9d3700490fe92887
CVE-2022-23483 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3370-1}
+ {DSA-5502-1 DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-38rw-9ch2-fcxq
NOTE: https://github.com/neutrinolabs/xrdp/commit/35cca701c753db65d3c05b7ea4fff9bd09e76661
CVE-2022-23482 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3375-1}
+ {DSA-5502-1 DLA-3375-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-56pq-2pm9-7fhm
NOTE: https://github.com/neutrinolabs/xrdp/commit/1e42426db59120c6596d673f1bb2dc8b0312e692
CVE-2022-23481 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3375-1}
+ {DSA-5502-1 DLA-3375-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hm75-9jcg-p7hq
NOTE: https://github.com/neutrinolabs/xrdp/commit/bc6b052959697b205d15108fb88e7c7e38c15bee
CVE-2022-23480 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3375-1}
+ {DSA-5502-1 DLA-3375-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-3jmx-f6hv-95wg
NOTE: https://github.com/neutrinolabs/xrdp/commit/ae7c17e1f629156cce21f7f1b568d849c63bdc3f
CVE-2022-23479 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3370-1}
+ {DSA-5502-1 DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-pgx2-3fjj-fqqh
NOTE: https://github.com/neutrinolabs/xrdp/commit/60864014b733c10881c078048560858067fe5d0f
CVE-2022-23478 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3370-1}
+ {DSA-5502-1 DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2f49-wwpm-78pj
NOTE: https://github.com/neutrinolabs/xrdp/commit/6cb54a1c26b53617e1c79a0abc96d03c4add1eb8
CVE-2022-23477 (xrdp is an open source project which provides a graphical login to rem ...)
+ {DSA-5502-1}
- xrdp 0.9.21.1-1 (bug #1025879)
[buster] - xrdp <not-affected> (Code not present)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hqw2-jx2c-wrr2
@@ -120597,7 +120651,7 @@ CVE-2022-23470 (Galaxy is an open-source platform for data analysis. An arbitrar
CVE-2022-23469 (Traefik is an open source HTTP reverse proxy and load balancer. Versio ...)
- traefik <itp> (bug #983289)
CVE-2022-23468 (xrdp is an open source project which provides a graphical login to rem ...)
- {DLA-3370-1}
+ {DSA-5502-1 DLA-3370-1}
- xrdp 0.9.21.1-1 (bug #1025879)
NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6
NOTE: https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382
@@ -180422,8 +180476,8 @@ CVE-2021-26839
RESERVED
CVE-2021-26838
RESERVED
-CVE-2021-26837
- RESERVED
+CVE-2021-26837 (SQL Injection vulnerability in SearchTextBox parameter in Fortra (Form ...)
+ TODO: check
CVE-2021-26836
RESERVED
CVE-2021-26835 (No filtering of cross-site scripting (XSS) payloads in the markdown-ed ...)
@@ -223093,6 +223147,7 @@ CVE-2020-22221
CVE-2020-22220
RESERVED
CVE-2020-22219 (Buffer Overflow vulnerability in function bitwriter_grow_ in flac befo ...)
+ {DSA-5500-1}
- flac 1.4.1-1
NOTE: https://github.com/xiph/flac/issues/215
NOTE: https://github.com/xiph/flac/pull/419 (1.4.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc96efbc9ae18693537d16367c1c08a945a94c99
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc96efbc9ae18693537d16367c1c08a945a94c99
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230919/4f67e640/attachment.htm>
More information about the debian-security-tracker-commits
mailing list