[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Sep 30 21:12:53 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d8d8aac by security tracker role at 2023-09-30T20:12:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-5321 (Missing Authorization in GitHub repository hamza417/inure prior to bui ...)
+ TODO: check
+CVE-2023-5313 (A vulnerability classified as problematic was found in phpkobo Ajax Po ...)
+ TODO: check
+CVE-2023-5305 (A vulnerability was found in Online Banquet Booking System 1.0 and cla ...)
+ TODO: check
+CVE-2023-5304 (A vulnerability has been found in Online Banquet Booking System 1.0 an ...)
+ TODO: check
+CVE-2023-5303 (A vulnerability, which was classified as problematic, was found in Onl ...)
+ TODO: check
+CVE-2023-5302 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-5301 (A vulnerability classified as critical was found in DedeCMS 5.7.111. T ...)
+ TODO: check
+CVE-2023-5300 (A vulnerability classified as critical has been found in TTSPlanning u ...)
+ TODO: check
+CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting all versi ...)
+ TODO: check
+CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...)
+ TODO: check
+CVE-2022-4956 (A vulnerability classified as critical has been found in Caphyon Advan ...)
+ TODO: check
CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...)
NOT-FOR-US: phpmyfaq
CVE-2023-5319 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
@@ -420,7 +442,7 @@ CVE-2023-5222 (A vulnerability classified as critical was found in Viessmann Vit
CVE-2023-5221 (A vulnerability classified as critical has been found in ForU CMS. Thi ...)
NOT-FOR-US: ForU CMS
CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior ...)
- {DSA-5510-1 DSA-5509-1 DSA-5508-1}
+ {DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3591-1}
- chromium 117.0.5938.132-1
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox <unfixed> (unimportant)
@@ -1586,6 +1608,7 @@ CVE-2023-34047 (A batch loader function in Spring for GraphQL versions 1.1.0 - 1
CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application allows an ...)
NOT-FOR-US: PaperCutNG
CVE-2023-4504 (Due to failure in validating the length provided by an attacker-crafte ...)
+ {DLA-3594-1}
- cups 2.4.2-6
[bookworm] - cups <no-dsa> (Minor issue)
[bullseye] - cups <no-dsa> (Minor issue)
@@ -2076,7 +2099,7 @@ CVE-2023-40868 (Cross Site Request Forgery vulnerability in mooSocial MooSocial
CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to version 3.1. ...)
NOT-FOR-US: Discourse
CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to versions ...)
- {DSA-5507-1}
+ {DSA-5507-1 DLA-3592-1}
- jetty9 9.4.52-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6
NOTE: https://github.com/eclipse/jetty.project/pull/10329
@@ -2120,7 +2143,7 @@ CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996.
CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built ...)
NOT-FOR-US: OPSWAT MetaDefender KIOSK
CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository for the ...)
- {DSA-5507-1}
+ {DSA-5507-1 DLA-3592-1}
- jetty9 9.4.52-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
NOTE: https://github.com/eclipse/jetty.project/pull/9888
@@ -5009,6 +5032,7 @@ CVE-2023-4534 (A vulnerability, which was classified as problematic, was found i
CVE-2023-4520 (The FV Flowplayer Video Player plugin for WordPress is vulnerable to S ...)
NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
CVE-2023-4508 (A user able to control file input to Gerbv, between versions 2.4.0 and ...)
+ {DLA-3593-1}
- gerbv 2.10.0-1 (bug #1050560)
[bookworm] - gerbv <no-dsa> (Minor issue)
[bullseye] - gerbv <no-dsa> (Minor issue)
@@ -7188,6 +7212,7 @@ CVE-2023-37856 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior
CVE-2023-37855 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...)
NOT-FOR-US: PHOENIX
CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software Foundation ...)
+ {DLA-3595-1}
- trafficserver 9.2.2+ds-1 (bug #1043430)
NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
CVE-2023-2905 (Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ...)
@@ -13389,6 +13414,7 @@ CVE-2023-32365 (The issue was addressed with improved checks. This issue is fixe
CVE-2023-32363 (A permissions issue was addressed by removing vulnerable code and addi ...)
NOT-FOR-US: Apple
CVE-2023-32360 (An authentication issue was addressed with improved state management. ...)
+ {DLA-3594-1}
- cups 2.4.2-6 (bug #1051953)
[bookworm] - cups <no-dsa> (Workaround exist; patch changes only default cupsd.conf; can be fixed via point release)
[bullseye] - cups <no-dsa> (Workaround exist; patch changes only default cupsd.conf; can be fixed via point release)
@@ -34450,14 +34476,14 @@ CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering perso
CVE-2023-26050
RESERVED
CVE-2023-26049 (Jetty is a java based web server and servlet engine. Nonstandard cooki ...)
- {DSA-5507-1}
+ {DSA-5507-1 DLA-3592-1}
[experimental] - jetty9 9.4.51-1
- jetty9 9.4.52-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
NOTE: https://github.com/eclipse/jetty.project/pull/9339
NOTE: https://github.com/eclipse/jetty.project/pull/9352
CVE-2023-26048 (Jetty is a java based web server and servlet engine. In affected versi ...)
- {DSA-5507-1}
+ {DSA-5507-1 DLA-3592-1}
[experimental] - jetty9 9.4.51-1
- jetty9 9.4.52-1
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8
@@ -50966,6 +50992,7 @@ CVE-2022-47187 (There is a file upload XSS vulnerability in Generex CS141 below
CVE-2022-47186 (There is an unrestricted upload of file vulnerability in Generex CS141 ...)
NOT-FOR-US: Generex CS141
CVE-2022-47185 (Improper input validation vulnerability on the range header in Apache ...)
+ {DLA-3595-1}
- trafficserver 9.2.2+ds-1 (bug #1043430)
NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
NOTE: https://github.com/apache/trafficserver/issues/9265
@@ -52645,6 +52672,7 @@ CVE-2022-46647
CVE-2022-46646
RESERVED
CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi so ...)
+ {DLA-3596-1}
- firmware-nonfree <unfixed> (bug #1051892)
[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
@@ -70182,6 +70210,7 @@ CVE-2022-40971 (Incorrect default permissions for the Intel(R) HDMI Firmware Upd
CVE-2022-40970
RESERVED
CVE-2022-40964 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
+ {DLA-3596-1}
- firmware-nonfree <unfixed> (bug #1051892)
[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
@@ -79576,6 +79605,7 @@ CVE-2022-38092
CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some Intel(R ...)
NOT-FOR-US: Intel
CVE-2022-38076 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...)
+ {DLA-3596-1}
- firmware-nonfree <unfixed> (bug #1051892)
[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
@@ -79593,6 +79623,7 @@ CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro a
CVE-2022-36406
RESERVED
CVE-2022-36351 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...)
+ {DLA-3596-1}
- firmware-nonfree <unfixed> (bug #1051892)
[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
@@ -109357,6 +109388,7 @@ CVE-2022-1042 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulner
CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...)
NOT-FOR-US: Zyphyr
CVE-2022-27635 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...)
+ {DLA-3596-1}
- firmware-nonfree <unfixed> (bug #1051892)
[bookworm] - firmware-nonfree <no-dsa> (Non-free not supported)
[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
@@ -147535,14 +147567,14 @@ CVE-2021-40396 (A privilege escalation vulnerability exists in the installation
CVE-2021-40395
REJECTED
CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
- {DSA-5306-1}
+ {DSA-5306-1 DLA-3593-1}
- gerbv 2.8.1-1
[stretch] - gerbv <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405
NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28
NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1)
CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
- {DSA-5306-1}
+ {DSA-5306-1 DLA-3593-1}
- gerbv 2.8.2-1
[stretch] - gerbv <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8d8aac74872b4e6f29aae98af166a991ab67d6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d8d8aac74872b4e6f29aae98af166a991ab67d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230930/f8df9773/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list