[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 26 09:11:54 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ab201e08 by security tracker role at 2023-09-26T08:11:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2023-5192 (Excessive Data Query Operations in a Large Data Table in GitHub reposi ...)
+ TODO: check
+CVE-2023-5162 (The Options for Twenty Seventeen plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-5161 (The Modal Window plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2023-5135 (The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-5129 (With a specially crafted WebP lossless file, libwebp may write data ou ...)
+ TODO: check
+CVE-2023-4565 (Broadcast permission control vulnerability in the framework module. Su ...)
+ TODO: check
+CVE-2023-4506 (The Active Directory Integration / LDAP Integration plugin for WordPre ...)
+ TODO: check
+CVE-2023-4505 (The Staff / Employee Business Directory for Active Directory plugin fo ...)
+ TODO: check
+CVE-2023-4259 (Two potential buffer overflow vulnerabilities at the following locatio ...)
+ TODO: check
+CVE-2023-4258 (In Bluetooth mesh implementation If provisionee has a public key that ...)
+ TODO: check
+CVE-2023-43457 (An issue in Service Provider Management System v.1.0 allows a remote a ...)
+ TODO: check
+CVE-2023-43326 (mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS ...)
+ TODO: check
+CVE-2023-43325 (A reflected cross-site scripting (XSS) vulnerability in the data[redir ...)
+ TODO: check
+CVE-2023-43278 (A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up ...)
+ TODO: check
+CVE-2023-43132 (szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remo ...)
+ TODO: check
+CVE-2023-42426 (Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1 ...)
+ TODO: check
+CVE-2023-41861 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict ...)
+ TODO: check
+CVE-2023-41860 (Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin < ...)
+ TODO: check
+CVE-2023-41312 (Permission control vulnerability in the audio module. Successful explo ...)
+ TODO: check
+CVE-2023-41311 (Permission control vulnerability in the audio module. Successful explo ...)
+ TODO: check
+CVE-2023-41310 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...)
+ TODO: check
+CVE-2023-41309 (Permission control vulnerability in the MediaPlaybackController module ...)
+ TODO: check
+CVE-2023-41308 (Screenshot vulnerability in the input module. Successful exploitation ...)
+ TODO: check
+CVE-2023-41307 (Memory overwriting vulnerability in the security module. Successful ex ...)
+ TODO: check
+CVE-2023-41306 (Vulnerability of mutex management in the bone voice ID trusted applica ...)
+ TODO: check
+CVE-2023-41305 (Vulnerability of 5G messages being sent without being encrypted in a V ...)
+ TODO: check
+CVE-2023-3767 (An OS command injection vulnerability has been found on EasyPHP Webse ...)
+ TODO: check
+CVE-2023-38907 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...)
+ TODO: check
+CVE-2022-48606 (Stability-related vulnerability in the binder background management an ...)
+ TODO: check
CVE-2023-5166 (Docker Desktop before 4.23.0 allows Access Token theft via a crafted e ...)
NOT-FOR-US: Docker Desktop
CVE-2023-5165 (Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enh ...)
@@ -591,9 +649,9 @@ CVE-2023-38356 (MiniTool Power Data Recovery 11.6 contains an insecure installat
NOT-FOR-US: MiniTool Power Data Recovery
CVE-2023-38355 (MiniTool Movie Maker 6.1.0 contains an insecure installation process t ...)
NOT-FOR-US: MiniTool Movie Maker
-CVE-2023-38354 (MiniTool Movie Maker 4.1 contains an insecure installation process tha ...)
+CVE-2023-38354 (MiniTool Shadow Maker version 4.1 contains an insecure installation pr ...)
NOT-FOR-US: MiniTool Movie Maker
-CVE-2023-38353 (MiniTool Power Data Recovery 11.5 contains an insecure in-app payment ...)
+CVE-2023-38353 (MiniTool Power Data Recovery version 11.6 and before contains an insec ...)
NOT-FOR-US: MiniTool Power Data Recovery
CVE-2023-38352 (MiniTool Partition Wizard 12.8 contains an insecure update mechanism t ...)
NOT-FOR-US: MiniTool Partition Wizard
@@ -661,7 +719,7 @@ CVE-2023-4237 [ec2_key module prints out the private key directly to the standar
- ansible <unfixed>
[buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979
-CVE-2023-42753 [netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c]
+CVE-2023-42753 (An array indexing vulnerability was found in the netfilter subsystem o ...)
- linux 6.5.3-1
NOTE: https://www.openwall.com/lists/oss-security/2023/09/22/10
NOTE: https://git.kernel.org/linus/050d91c03b28ca479df13dfb02bcd2c60dd6a878 (6.6-rc1)
@@ -2439,7 +2497,7 @@ CVE-2023-4059 (The Profile Builder WordPress plugin before 3.9.8 lacks authorisa
CVE-2023-4019 (The Media from FTP WordPress plugin before 11.17 does not properly lim ...)
NOT-FOR-US: WordPress plugin
CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU ...)
- {DLA-3578-1}
+ {DSA-5505-1 DLA-3578-1}
- lldpd 1.0.17-1
NOTE: Fixed by: https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b (1.0.17)
CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_f ...)
@@ -8694,7 +8752,7 @@ CVE-2023-34968 (A path disclosure vulnerability was found in Samba. As part of t
- samba 2:4.18.5+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html
CVE-2023-42464 (A Type Confusion vulnerability was found in the Spotlight RPC function ...)
- {DSA-5503-1}
+ {DSA-5503-1 DLA-3584-1}
- netatalk 3.1.17~ds-1 (bug #1052087)
NOTE: https://github.com/Netatalk/netatalk/issues/486
NOTE: https://github.com/Netatalk/netatalk/pull/485
@@ -17370,8 +17428,8 @@ CVE-2023-2317 (DOM-based XSS in updater/update.html in Typora before 1.6.7 on Wi
NOT-FOR-US: Typora
CVE-2023-2316 (Improper path handling in Typora before 1.6.7 on Windows and Linux all ...)
NOT-FOR-US: Typora
-CVE-2023-2315
- RESERVED
+CVE-2023-2315 (Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authe ...)
+ TODO: check
CVE-2023-31269
RESERVED
CVE-2023-31268
@@ -139518,28 +139576,33 @@ CVE-2021-42534 (The affected product\u2019s web application does not properly ne
CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a double free ...)
NOT-FOR-US: Adobe
CVE-2021-42532 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-42531 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
CVE-2021-42530 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
CVE-2021-42529 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://github.com/adobe/XMP-Toolkit-SDK/compare/v2021.07...v2021.08
CVE-2021-42528 (XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer derefe ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
@@ -145438,6 +145501,7 @@ CVE-2021-40734 (Adobe Audition version 14.4 (and earlier) is affected by a memor
CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
NOT-FOR-US: Adobe
CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html
@@ -145474,6 +145538,7 @@ CVE-2021-40718
CVE-2021-40717
RESERVED
CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html
@@ -147762,6 +147827,7 @@ CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00
CVE-2021-39848
RESERVED
CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
@@ -157418,6 +157484,7 @@ CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and e
CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...)
NOT-FOR-US: Adobe
CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
@@ -157434,54 +157501,63 @@ CVE-2021-36060 (Adobe Media Encoder version 15.2 (and earlier) is affected by an
CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
@@ -157490,24 +157566,28 @@ CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a bu
CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
NOT-FOR-US: Adobe
CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases
CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
+ {DLA-3585-1}
- exempi 2.6.0-1
[bullseye] - exempi <no-dsa> (Minor issue)
NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html
@@ -231547,10 +231627,12 @@ CVE-2020-18654 (Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote att
CVE-2020-18653
RESERVED
CVE-2020-18652 (Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and ...)
+ {DLA-3585-1}
- exempi 2.5.1-1
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/12
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/commit/acee2894ceb91616543927c2a6e45050c60f98f7 (2.5.1)
CVE-2020-18651 (Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::get ...)
+ {DLA-3585-1}
- exempi 2.5.1-1
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/13
NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/commit/fdd4765a699f9700850098b43b9798b933acb32f (2.5.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab201e08b0db3685fdfce8601ee3c11bf3d84da1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab201e08b0db3685fdfce8601ee3c11bf3d84da1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230926/4ddacfbe/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list