Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1e69eab by security tracker role at 2023-08-18T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2023-4422 (Cross-site Scripting (XSS) - Stored in GitHub repository
cockpit-hq/co ...)
+ TODO: check
+CVE-2023-4415 (A vulnerability was found in Ruijie RG-EW1200G 07161417 r483.
It has b ...)
+ TODO: check
+CVE-2023-4414 (A vulnerability was found in Beijing Baichuo Smart S85F
Management Pla ...)
+ TODO: check
+CVE-2023-4413 (A vulnerability was found in rkhunter Rootkit Hunter
1.4.4/1.4.6. It h ...)
+ TODO: check
+CVE-2023-4412 (A vulnerability was found in TOTOLINK EX1200L
EN_V9.3.5u.6146_B2020102 ...)
+ TODO: check
+CVE-2023-4411 (A vulnerability has been found in TOTOLINK EX1200L
EN_V9.3.5u.6146_B20 ...)
+ TODO: check
+CVE-2023-4410 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
+ TODO: check
+CVE-2023-4409 (A vulnerability, which was classified as critical, has been
found in N ...)
+ TODO: check
+CVE-2023-4407 (A vulnerability classified as critical was found in Codecanyon
Credit ...)
+ TODO: check
+CVE-2023-40072 (OS command injection vulnerability in WAB-S600-PS all
versions, and WA ...)
+ TODO: check
+CVE-2023-40069 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
+ TODO: check
+CVE-2023-39944 (OS command injection vulnerability in WRC-F1167ACF all
versions, and W ...)
+ TODO: check
+CVE-2023-39455 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
+ TODO: check
+CVE-2023-39454 (Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and
earlier, WRC- ...)
+ TODO: check
+CVE-2023-39445 (Hidden functionality vulnerability in LAN-WH300N/RE all
versions provi ...)
+ TODO: check
+CVE-2023-39416 (Proself Enterprise/Standard Edition Ver5.61 and earlier,
Proself Gatew ...)
+ TODO: check
+CVE-2023-39415 (Improper authentication vulnerability in Proself
Enterprise/Standard E ...)
+ TODO: check
+CVE-2023-38911 (A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0
allows att ...)
+ TODO: check
+CVE-2023-38910 (CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS),
which allow ...)
+ TODO: check
+CVE-2023-38890 (Online Shopping Portal Project 3.1 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2023-38576 (Hidden functionality vulnerability in LAN-WH300N/RE all
versions provi ...)
+ TODO: check
+CVE-2023-38132 (LAN-W451NGR all versions provided by LOGITEC CORPORATION
contains an i ...)
+ TODO: check
+CVE-2023-35991 (Hidden functionality vulnerability in LOGITEC wireless LAN
routers all ...)
+ TODO: check
+CVE-2023-32626 (Hidden functionality vulnerability in LAN-W300N/RS all
versions, and L ...)
+ TODO: check
+CVE-2023-32130 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Dani ...)
+ TODO: check
+CVE-2023-32122 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Spiffy P ...)
+ TODO: check
+CVE-2023-32109 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ignazio ...)
+ TODO: check
+CVE-2023-32108 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Ignazio ...)
+ TODO: check
+CVE-2023-32107 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Photo Ga ...)
+ TODO: check
+CVE-2023-32106 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Fahad Ma ...)
+ TODO: check
+CVE-2023-32105 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ollybach ...)
+ TODO: check
+CVE-2023-32103 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-4040 (The Stripe Payment Plugin for WooCommerce plugin for WordPress
is vuln ...)
NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress
CVE-2023-40171 (Dispatch is an open source security incident management tool.
The serv ...)
@@ -70,7 +134,7 @@ CVE-2023-39741 (lrzip v0.651 was discovered to contain a
heap overflow via the l
NOTE: https://github.com/ckolivas/lrzip/issues/246
CVE-2023-38905 (SQL injection vulnerability in Jeecg-boot v.3.5.0 and before
allows a ...)
NOT-FOR-US: JeecgBoot
-CVE-2023-38902 (An issue in RG-EW series home routers and repeaters
v.EW_3.0(1)B11P204 ...)
+CVE-2023-38902 (A command injection vulnerability in RG-EW series home routers
and rep ...)
NOT-FOR-US: RG-EW
CVE-2023-38843 (An issue in Atlos v.1.0 allows an authenticated attacker to
execute ar ...)
NOT-FOR-US: Atlos
@@ -625,6 +689,7 @@ CVE-2023-40292 (Harman Infotainment 20190525031613 and
later discloses the IP ad
CVE-2023-40291 (Harman Infotainment 20190525031613 allows root access via SSH
over a U ...)
NOT-FOR-US: Harman Infotainment
CVE-2023-40283 (An issue was discovered in l2cap_sock_release in
net/bluetooth/l2cap_s ...)
+ {DSA-5480-1}
- linux 6.4.11-1
NOTE:
https://git.kernel.org/linus/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 (6.5-rc1)
CVE-2023-40274 (An issue was discovered in zola 0.13.0 through 0.17.2. The
custom impl ...)
@@ -876,6 +941,7 @@ CVE-2023-4282 (The EmbedPress plugin for WordPress is
vulnerable to unauthorized
CVE-2023-4275
REJECTED
CVE-2023-4128 (A use-after-free flaw was found in net/sched/cls_fw.c in
classifiers ( ...)
+ {DSA-5480-1}
- linux 6.4.11-1
NOTE:
https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (6.5-rc5)
NOTE:
https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5)
@@ -1111,6 +1177,7 @@ CVE-2023-38710 [Invalid IKEv2 REKEY proposal causes
restart]
NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.txt
NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.patch
CVE-2023-4273 (A flaw was found in the exFAT driver of the Linux kernel. The
vulnerab ...)
+ {DSA-5480-1}
- linux 6.4.11-1
NOTE:
https://git.kernel.org/linus/d42334578eba1390859012ebb91e1e556d51db49 (6.5-rc5)
CVE-2023-40012 (uthenticode is a small cross-platform library for partially
verifying ...)
@@ -1626,6 +1693,7 @@ CVE-2023-32292 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor
PowerF ...)
NOT-FOR-US: Rockwell Automation
CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
+ {DSA-5480-1}
- linux 6.4.11-1
NOTE:
https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
NOTE: https://xenbits.xen.org/xsa/advisory-432.html
@@ -2028,6 +2096,7 @@ CVE-2023-33373 (Connected IO v2.1.0 and prior keeps
passwords and credentials in
CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded
username/password pair ...)
NOT-FOR-US: Connected IO
CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior
to 108 ...)
+ {DSA-5293-1}
- chromium 108.0.5359.71-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
@@ -2103,6 +2172,7 @@ CVE-2023-38497 (Cargo downloads the Rust project\u2019s
dependencies and compile
NOTE:
https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497
NOTE:
https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87
CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s
Netfilter f ...)
+ {DSA-5480-1}
- linux 6.4.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 (6.5-rc4)
@@ -2120,6 +2190,7 @@ CVE-2023-4133 (A use-after-free vulnerability was found
in the cxgb4 driver in t
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3)
CVE-2023-4132 (A use-after-free vulnerability was found in the siano smsusb
module in ...)
+ {DSA-5480-1}
- linux 6.4.4-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221707
NOTE:
https://git.kernel.org/linus/ebad8e731c1c06adf04621d6fd327b860c0861b5 (6.3-rc1)
@@ -2774,6 +2845,7 @@ CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an
unauthenticated DoS condi
CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS
condition. ...)
NOT-FOR-US: ASUS
CVE-2023-4004 (A use-after-free flaw was found in the Linux kernel's netfilter
in the ...)
+ {DSA-5480-1}
- linux 6.4.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/87b5a5c209405cb6b57424cdfa226a6dbd349232 (6.5-rc3)
@@ -3412,6 +3484,7 @@ CVE-2023-38288 [libtiff: integer overflow in tiffcp.c]
CVE-2023-3870
REJECTED
CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in
net/nfc/llcp ...)
+ {DSA-5480-1}
- linux 6.4.4-1
NOTE:
https://git.kernel.org/linus/6709d4b7bc2e079241fdef15d1160581c5261c10 (6.5-rc1)
CVE-2023-3344 (The Auto Location for WP Job Manager via Google WordPress
plugin befor ...)
@@ -3529,9 +3602,11 @@ CVE-2023-38195 (Datalust Seq before 2023.2.9489 allows
insertion of sensitive in
CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified
as crit ...)
NOT-FOR-US: IBOS OA
CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched:
cls_fw ...)
+ {DSA-5480-1}
- linux 6.4.4-2
NOTE:
https://git.kernel.org/linus/0323bce598eea038714f941ce2b22541c46d488f (6.5-rc2)
CVE-2023-3611 (An out-of-bounds write vulnerability in the Linux kernel's
net/sched: ...)
+ {DSA-5480-1}
- linux 6.4.4-2
NOTE:
https://git.kernel.org/linus/3e337087c3b5805fe0b8a46ba622a962880b5d64 (6.5-rc2)
CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
@@ -3541,6 +3616,7 @@ CVE-2023-3610 (A use-after-free vulnerability in the
Linux kernel's netfilter: n
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4bedf9eee016286c835e3d8fa981ddece5338795 (6.4)
CVE-2023-3609 (A use-after-free vulnerability in the Linux kernel's net/sched:
cls_u3 ...)
+ {DSA-5480-1}
- linux 6.3.11-1
[bookworm] - linux 6.1.37-1
NOTE:
https://git.kernel.org/linus/04c55383fa5689357bcdd2c8036725a55ed632bc (6.4-rc7)
@@ -4664,15 +4740,15 @@ CVE-2023-38197 (An issue was discovered in Qt before
5.15.15, 6.x before 6.2.10,
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/488960
CVE-2023-37568 (ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier,
and WRC- ...)
NOT-FOR-US: ELECOM
-CVE-2023-37567 (ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier
allows a ...)
+CVE-2023-37567 (Command injection vulnerability in ELECOM and LOGITEC wireless
LAN rou ...)
NOT-FOR-US: ELECOM
-CVE-2023-37566 (ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier,
and WRC ...)
+CVE-2023-37566 (Command injection vulnerability in ELECOM and LOGITEC wireless
LAN rou ...)
NOT-FOR-US: ELECOM
CVE-2023-37565 (Code injection vulnerability in ELECOM wireless LAN routers
allows a n ...)
NOT-FOR-US: ELECOM
CVE-2023-37564 (OS command injection vulnerability in ELECOM wireless LAN
routers allo ...)
NOT-FOR-US: ELECOM
-CVE-2023-37563 (Exposure of sensitive information to an unauthorized actor
issue exist ...)
+CVE-2023-37563 (ELECOM wireless LAN routers are vulnerable to sensitive
information ex ...)
NOT-FOR-US: ELECOM
CVE-2023-37562 (Cross-site request forgery (CSRF) vulnerability in exists in
WTC-C1167 ...)
NOT-FOR-US: ELECOM
@@ -6794,12 +6870,13 @@ CVE-2023-3390 (A use-after-free vulnerability was found
in the Linux kernel's ne
NOTE:
https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97 (6.4-rc7)
NOTE: https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97
CVE-2023-3389 (A use-after-free vulnerability in the Linux Kernel io_uring
subsystem ...)
+ {DSA-5480-1}
- linux 6.0.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8
NOTE: https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel
ipvlan ne ...)
- {DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2)
CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the
/admin fun ...)
@@ -7654,7 +7731,7 @@ CVE-2023-34340 (Improper Authentication vulnerability in
Apache Software Foundat
CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees
System ...)
NOT-FOR-US: SourceCodester Online School Fees System
CVE-2023-3338 (A null pointer dereference flaw was found in the Linux kernel's
DECnet ...)
- {DLA-3508-1}
+ {DSA-5480-1 DLA-3508-1}
- linux 6.1.4-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/24/3
NOTE:
https://git.kernel.org/linus/1202cdd665315c525b5237e96e0bedc76d7e754f (6.1-rc1)
@@ -8006,7 +8083,7 @@ CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub
repository saleor/reac
CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository
salesagility/ ...)
NOT-FOR-US: salesagility/suitecrm-core
CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in
net/sched/cls_flower.c ...)
- {DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
NOTE:
https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
@@ -8073,7 +8150,7 @@ CVE-2023-3269 (A vulnerability exists in the memory
management subsystem of the
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/1
NOTE: https://www.openwall.com/lists/oss-security/2023/07/28/1
CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the
Linux kerne ...)
- {DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1)
CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6
(13.1.6 ...)
@@ -8618,7 +8695,7 @@ CVE-2023-2563 (The WordPress Contact Forms by Cimatti
plugin for WordPress is vu
CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to
unauthorize ...)
NOT-FOR-US: WP Directory Kit plugin for WordPress
CVE-2023-3212 (A NULL pointer dereference issue was found in the gfs2 file
system in ...)
- {DSA-5448-1}
+ {DSA-5480-1 DSA-5448-1}
- linux 6.3.7-1
NOTE:
https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636 (6.4-rc2)
CVE-2023-3208 (A vulnerability, which was classified as critical, has been
found in R ...)
@@ -9445,7 +9522,7 @@ CVE-2023-2589 (An issue has been discovered in GitLab EE
affecting all versions
CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab 15.10.8+ds1-2
CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate
in fs/ ...)
- {DLA-3508-1}
+ {DSA-5480-1 DLA-3508-1}
- linux 5.19.6-1
NOTE:
https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2)
CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository
admidio/admid ...)
@@ -10398,6 +10475,7 @@ CVE-2023-2922 (A vulnerability classified as
problematic has been found in Sourc
CVE-2023-2825 (An issue has been discovered in GitLab CE/EE affecting only
version 16 ...)
- gitlab <not-affected> (Only affects 16.x)
CVE-2023-2898 (There is a null-pointer-dereference flaw found in
f2fs_write_end_io in ...)
+ {DSA-5480-1}
- linux 6.4.4-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-c...@kernel.org/
@@ -12557,16 +12635,16 @@ CVE-2023-31234
RESERVED
CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Haoq ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31232
- RESERVED
+CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Davi ...)
+ TODO: check
CVE-2023-31231
RESERVED
CVE-2023-31230
RESERVED
CVE-2023-31229
RESERVED
-CVE-2023-31228
- RESERVED
+CVE-2023-31228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Crea ...)
+ TODO: check
CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling
verification. ...)
NOT-FOR-US: Huawei
CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper
permission ...)
@@ -12681,8 +12759,8 @@ CVE-2023-31220
RESERVED
CVE-2023-31219
RESERVED
-CVE-2023-31218
- RESERVED
+CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site
Scripti ...)
+ TODO: check
CVE-2023-31217
RESERVED
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate
Member plu ...)
@@ -12923,7 +13001,7 @@ CVE-2023-24476 (An attacker with local access to the
machine could record the tr
CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges
accepts ...)
NOT-FOR-US: Netskope
CVE-2023-2269 (A denial of service problem was found, due to a possible
recursive loc ...)
- {DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388
CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view
all sto ...)
@@ -13039,8 +13117,8 @@ CVE-2023-31096
RESERVED
CVE-2023-31095
RESERVED
-CVE-2023-31094
- RESERVED
+CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Lauri Ka ...)
+ TODO: check
CVE-2023-31093
RESERVED
CVE-2023-31092
@@ -13062,7 +13140,7 @@ CVE-2023-31085 (An issue was discovered in
drivers/mtd/ubi/cdev.c in the Linux k
NOTE:
https://lore.kernel.org/all/687864524.118195.1681799447034.javamail.zim...@nod.at/
NOTE: Negligible security impact
CVE-2023-31084 (An issue was discovered in
drivers/media/dvb-core/dvb_frontend.c in th ...)
- {DSA-5448-1 DLA-3508-1}
+ {DSA-5480-1 DSA-5448-1 DLA-3508-1}
- linux 6.3.7-1
NOTE:
https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+odyq85tzy1x+tkt-6ovbl6k...@mail.gmail.com/
CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in
the Linux ...)
@@ -14036,7 +14114,7 @@ CVE-2023-2126
CVE-2023-2125
RESERVED
CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux
kernel\u201 ...)
- {DSA-5448-1}
+ {DSA-5480-1 DSA-5448-1}
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2
NOTE:
https://lore.kernel.org/linux-xfs/20230412214034.gl3223...@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
@@ -14964,7 +15042,7 @@ CVE-2023-2008 (A flaw was found in the Linux kernel's
udmabuf device driver. The
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-441/
NOTE:
https://git.kernel.org/linus/05b252cccb2e5c3f56119d25de684b4f810ba40a (5.19-rc4)
CVE-2023-2007 (The specific flaw exists within the DPT I2O Controller driver.
The iss ...)
- {DLA-3508-1}
+ {DSA-5480-1 DLA-3508-1}
- linux 6.0.2-1
NOTE:
https://git.kernel.org/linus/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 (6.0-rc1)
CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network
protoco ...)
@@ -14980,7 +15058,7 @@ CVE-2023-2004
CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the
build 5 of ...)
NOT-FOR-US: Vision120
CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due
to a m ...)
- {DLA-3508-1}
+ {DSA-5480-1 DLA-3508-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3
NOTE: Fixed by:
https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18
@@ -15108,8 +15186,8 @@ CVE-2022-48437 (An issue was discovered in
x509/x509_verify.c in LibreSSL before
- libressl <itp> (bug #754513)
CVE-2023-30500 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WPForms ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30499
- RESERVED
+CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
FolioVis ...)
+ TODO: check
CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
CodeFlav ...)
NOT-FOR-US: WordPress Plugin
CVE-2023-30497
@@ -17956,8 +18034,8 @@ CVE-2023-29389 (Toyota RAV4 2021 vehicles automatically
trust messages from othe
NOT-FOR-US: Toyota
CVE-2023-29388 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
impleCod ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-29387
- RESERVED
+CVE-2023-29387 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-29386
RESERVED
CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kevon Ad ...)
@@ -22259,7 +22337,7 @@ CVE-2023-28159 (The fullscreen notification could have
been hidden on Firefox fo
- firefox <not-affected> (Android-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159
CVE-2023-1380 (A slab-out-of-bound read problem was found in
brcmf_get_assoc_ies in d ...)
- {DLA-3508-1}
+ {DSA-5480-1 DLA-3508-1}
- linux 6.1.27-1
NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1
NOTE:
https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.j...@yonsei.ac.kr/T/#u
@@ -23452,6 +23530,7 @@ CVE-2023-1208 (This HTTP Headers WordPress plugin
before 1.18.11 allows arbitrar
CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import
functio ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1206 (A hash collision flaw was found in the IPv6 connection lookup
table in ...)
+ {DSA-5480-1}
- linux 6.4.11-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2175903
NOTE:
https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc (6.5-rc4)
@@ -24163,8 +24242,8 @@ CVE-2023-27578 (Galaxy is an open-source platform for
data analysis. All support
NOT-FOR-US: Galaxy
CVE-2023-27577 (flarum is a forum software package for building communities.
In versio ...)
NOT-FOR-US: Flarum
-CVE-2023-27576
- RESERVED
+CVE-2023-27576 (An issue was discovered in phpList 3.6.12. Due to an access
error, it ...)
+ TODO: check
CVE-2023-27575
RESERVED
CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with
com.apple.security.get-task-allow en ...)
@@ -24559,8 +24638,8 @@ CVE-2023-27473
RESERVED
CVE-2023-27472 (quickentity-editor-next is an open source, system local, video
game as ...)
NOT-FOR-US: quickentity-editor-next
-CVE-2023-27471
- RESERVED
+CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0
through 5. ...)
+ TODO: check
CVE-2023-27470
RESERVED
CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary
file de ...)
@@ -25143,6 +25222,7 @@ CVE-2023-1077 (In the Linux kernel,
pick_next_rt_entity() may return a type conf
NOTE:
https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
CVE-2023-4194 (A flaw was found in the Linux kernel's TUN/TAP functionality.
This iss ...)
+ {DSA-5480-1}
- linux 6.4.11-1
NOTE:
https://git.kernel.org/linus/9bc3047374d5bec163e83e743709e23753376f0c (6.5-rc5)
NOTE:
https://git.kernel.org/linus/5c9241f3ceab3257abe2923a59950db0dc8bb737 (6.5-rc5)
@@ -47152,6 +47232,7 @@ CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected
in GitHub repository ostic
CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files
Web ver ...)
NOT-FOR-US: M-Files Web
CVE-2022-4269 (A flaw was found in the Linux kernel Traffic Control (TC)
subsystem. U ...)
+ {DSA-5480-1}
- linux 6.1.20-2
NOTE:
https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcara...@redhat.com/
CVE-2022-4268 (The Plugin Logic WordPress plugin before 1.0.8 does not
sanitise and e ...)
@@ -52297,6 +52378,7 @@ CVE-2023-21402
CVE-2023-21401
RESERVED
CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible
kernel memor ...)
+ {DSA-5480-1}
- linux 5.18.2-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://source.android.com/security/bulletin/pixel/2023-07-01
@@ -52597,6 +52679,7 @@ CVE-2023-21257 (In updateSettingsInternalLI of
InstallPackageHelper.java, there
CVE-2023-21256 (In SettingsHomepageActivity.java, there is a possible way to
launch ar ...)
NOT-FOR-US: Android
CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory
corrupti ...)
+ {DSA-5480-1}
- linux 6.3.7-1
[bookworm] - linux 6.1.37-1
NOTE:
https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4)
@@ -55830,6 +55913,7 @@ CVE-2023-20590
CVE-2023-20589 (An attacker with specialized hardware and physical access to
an impact ...)
NOT-FOR-US: AMD
CVE-2023-20588 (A division-by-zero error on some AMD processors can
potentially return ...)
+ {DSA-5480-1}
- linux 6.4.11-1
NOTE:
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
NOTE:
https://git.kernel.org/linus/77245f1c3c6495521f6a3af082696ee2f8ce3921
@@ -56605,8 +56689,8 @@ CVE-2023-20214 (A vulnerability in the request
authentication validation for the
NOT-FOR-US: Cisco
CVE-2023-20213
RESERVED
-CVE-2023-20212
- RESERVED
+CVE-2023-20212 (A vulnerability in the AutoIt module of ClamAV could allow an
unauthen ...)
+ TODO: check
CVE-2023-20211 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an
authenticated, loca ...)
@@ -69999,6 +70083,7 @@ CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is
vulnerable when data from
CVE-2022-3083 (All versions of Landis+Gyr E850 (ZMQ200) are vulnerable
toCWE-784: Rel ...)
NOT-FOR-US: Landis+Gyr E850
CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux
kernel befo ...)
+ {DSA-5480-1}
- linux 5.19.6-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
NOTE:
https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2)
@@ -172997,7 +173082,7 @@ CVE-2021-28027 (An issue was discovered in the bam
crate before 0.1.3 for Rust.
NOT-FOR-US: Rust crate bam
CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in
/lib/jxl/coeff ...)
- jpeg-xl <not-affected> (Fixed before initial release)
-CVE-2021-28025
+CVE-2021-28025 (Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg
versions ...)
- qt6-svg <not-affected> (Fixed before initial upload to the archive)
- qtsvg-opensource-src 5.15.4-2
[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1e69eab5920d8e738d844865b85394342159be6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1e69eab5920d8e738d844865b85394342159be6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
