[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 28 21:12:43 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7411d10 by security tracker role at 2023-09-28T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output error backt ...)
+ TODO: check
+CVE-2023-5215 (A flaw was found in libnbd. A server can reply with a block size large ...)
+ TODO: check
+CVE-2023-43884 (A Cross-site scripting (XSS) vulnerability in Reference ID from the pa ...)
+ TODO: check
+CVE-2023-43879 (Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allow ...)
+ TODO: check
+CVE-2023-43878 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities t ...)
+ TODO: check
+CVE-2023-43876 (A Cross-Site Scripting (XSS) vulnerability in installation of October ...)
+ TODO: check
+CVE-2023-43874 (Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 ...)
+ TODO: check
+CVE-2023-43873 (A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows ...)
+ TODO: check
+CVE-2023-43872 (A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local a ...)
+ TODO: check
+CVE-2023-43871 (A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to ...)
+ TODO: check
+CVE-2023-43869 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...)
+ TODO: check
+CVE-2023-43868 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVa ...)
+ TODO: check
+CVE-2023-43867 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...)
+ TODO: check
+CVE-2023-43866 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...)
+ TODO: check
+CVE-2023-43865 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...)
+ TODO: check
+CVE-2023-43864 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...)
+ TODO: check
+CVE-2023-43863 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...)
+ TODO: check
+CVE-2023-43862 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLangu ...)
+ TODO: check
+CVE-2023-43861 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...)
+ TODO: check
+CVE-2023-43860 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...)
+ TODO: check
+CVE-2023-43664 (PrestaShop is an Open Source e-commerce web application. In the Presta ...)
+ TODO: check
+CVE-2023-43663 (PrestaShop is an Open Source e-commerce web application. In affected v ...)
+ TODO: check
+CVE-2023-43657 (discourse-encrypt is a plugin that provides a secure communication cha ...)
+ TODO: check
+CVE-2023-43323 (mooSocial 3.1.8 is vulnerable to external service interaction on post ...)
+ TODO: check
+CVE-2023-43226 (An arbitrary file upload vulnerability in dede/baidunews.php in DedeCM ...)
+ TODO: check
+CVE-2023-43044 (IBM License Metric Tool 9.2 could allow a remote attacker to traverse ...)
+ TODO: check
+CVE-2023-41911 (Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 ...)
+ TODO: check
+CVE-2023-40375 (Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contain ...)
+ TODO: check
+CVE-2023-40307 (An attacker with standard privileges on macOS when requesting administ ...)
+ TODO: check
+CVE-2023-39195
+ REJECTED
CVE-2023-5244 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
NOT-FOR-US: microweber
CVE-2023-5233 (The Font Awesome Integration plugin for WordPress is vulnerable to Sto ...)
@@ -113,7 +173,7 @@ CVE-2023-5222 (A vulnerability classified as critical was found in Viessmann Vit
NOT-FOR-US: Viessmann Vitogate
CVE-2023-5221 (A vulnerability classified as critical has been found in ForU CMS. Thi ...)
NOT-FOR-US: ForU CMS
-CVE-2023-5217
+CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior ...)
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox <unfixed>
@@ -124,10 +184,10 @@ CVE-2023-5217
NOTE: Fixed by (libvpx): https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590
NOTE: Fixed by (libvpx): https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282
NOTE: https://hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2
-CVE-2023-5187
+CVE-2023-5187 (Use after free in Extensions in Google Chrome prior to 117.0.5938.132 ...)
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5186
+CVE-2023-5186 (Use after free in Passwords in Google Chrome prior to 117.0.5938.132 a ...)
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5184 (Two potential signed to unsigned conversion errors and buffer overflow ...)
@@ -441,6 +501,7 @@ CVE-2023-40454 (A permissions issue was addressed with additional restrictions.
CVE-2023-40452 (The issue was addressed with improved bounds checks. This issue is fix ...)
TODO: check
CVE-2023-40451 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -514,6 +575,7 @@ CVE-2023-40384 (A permissions issue was addressed with improved redaction of sen
CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Pe ...)
TODO: check
CVE-2023-39434 (A use-after-free issue was addressed with improved memory management. ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -535,6 +597,7 @@ CVE-2023-35984 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-35793 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...)
TODO: check
CVE-2023-35074 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-5396-1}
- webkit2gtk 2.40.0-1
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -634,6 +697,7 @@ CVE-2023-34043 (VMware Aria Operations contains a local privilege escalation vul
CVE-2023-32541 (A use-after-free vulnerability exists in the footerr functionality of ...)
NOT-FOR-US: Hancom Office 2020 HWord
CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ...)
+ {DSA-5506-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -657,6 +721,7 @@ CVE-2023-5172 (A hashtable in the Ion Engine could have been mutated while ther
- firefox 118.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172
CVE-2023-5171 (During Ion compilation, a Garbage Collection could have resulted in a ...)
+ {DSA-5506-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -667,6 +732,7 @@ CVE-2023-5170 (In canvas rendering, a compromised content process could have cau
- firefox 118.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170
CVE-2023-5169 (A compromised content process could have provided malicious data in a ...)
+ {DSA-5506-1}
- firefox 118.0-1
- firefox-esr 115.3.0esr-1
- thunderbird 1:115.3.0-1
@@ -865,7 +931,7 @@ CVE-2023-32284 (An out-of-bounds write vulnerability exists in the tiff_planar_a
NOT-FOR-US: Accusoft ImageGear
CVE-2022-48605 (Input verification vulnerability in the fingerprint module. Successful ...)
NOT-FOR-US: Huawei
-CVE-2023-42756 [netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP]
+CVE-2023-42756 (A flaw was found in the Netfilter subsystem of the Linux kernel. A rac ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/09/27/2
@@ -21028,8 +21094,8 @@ CVE-2023-30417 (A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up
NOT-FOR-US: Pear-Admin-Boot
CVE-2023-30416
RESERVED
-CVE-2023-30415
- RESERVED
+CVE-2023-30415 (Sourcecodester Packers and Movers Management System v1.0 was discovere ...)
+ TODO: check
CVE-2023-30414 (Jerryscript commit 1a2c047 was discovered to contain a stack overflow ...)
- iotjs <removed>
[bullseye] - iotjs <ignored> (Minor issue)
@@ -50621,10 +50687,10 @@ CVE-2022-47189 (Generex UPS CS141 below 2.06 version, allows an attacker touploa
NOT-FOR-US: Generex UPS CS141
CVE-2022-47188 (There is an arbitrary file reading vulnerability in Generex UPS CS141 ...)
NOT-FOR-US: Generex UPS CS141
-CVE-2022-47187
- RESERVED
-CVE-2022-47186
- RESERVED
+CVE-2022-47187 (There is a file upload XSS vulnerability in Generex CS141 below 2.06 v ...)
+ TODO: check
+CVE-2022-47186 (There is an unrestricted upload of file vulnerability in Generex CS141 ...)
+ TODO: check
CVE-2022-47185 (Improper input validation vulnerability on the range header in Apache ...)
- trafficserver 9.2.2+ds-1 (bug #1043430)
NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
@@ -231200,6 +231266,7 @@ CVE-2020-19190 (Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_ha
NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
NOTE: CVE-2020-19190 seems to be a duplicate of CVE-2019-17594 but keep distinct for now
CVE-2020-19189 (Buffer Overflow vulnerability in postprocess_terminfo function in tinf ...)
+ {DLA-3586-1}
- ncurses 6.1+20191019-1
NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels
@@ -232121,6 +232188,7 @@ CVE-2020-18770 (An issue was discovered in function zzip_disk_entry_to_file_head
CVE-2020-18769
RESERVED
CVE-2020-18768 (There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in ...)
+ {DLA-2777-1}
- tiff 4.0.10+git190814-1
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2848
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/72
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7411d10e428b9b456bc89a13f03057ff26dbb5e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7411d10e428b9b456bc89a13f03057ff26dbb5e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230928/a4242a6d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list