Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c75df9f2 by security tracker role at 2023-08-23T08:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-4404 (The Donation Forms by Charitable plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2023-4041 (Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') ...)
+ TODO: check
+CVE-2023-41105 (An issue was discovered in Python 3.11 through 3.11.4. If a
path conta ...)
+ TODO: check
+CVE-2023-41104 (libvmod-digest before 1.0.3, as used in Varnish Enterprise
6.0.x befor ...)
+ TODO: check
+CVE-2023-41100 (An issue was discovered in the hcaptcha (aka hCaptcha for
EXT:form) ex ...)
+ TODO: check
+CVE-2023-41098 (An issue was discovered in MISP 2.4.174. In
app/Controller/DashboardsC ...)
+ TODO: check
+CVE-2023-40370 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime
is vuln ...)
+ TODO: check
+CVE-2023-40282 (Improper authentication vulnerability in Rakuten WiFi Pocket
all versi ...)
+ TODO: check
+CVE-2023-40158 (Hidden functionality vulnerability in the CBC products allows
a remote ...)
+ TODO: check
+CVE-2023-40144 (OS command injection vulnerability in the CBC products allows
a remote ...)
+ TODO: check
+CVE-2023-3495 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write
vulnerability in H ...)
+ TODO: check
+CVE-2023-39986 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read
vulnerability in Hi ...)
+ TODO: check
+CVE-2023-39985 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write
vulnerability in H ...)
+ TODO: check
+CVE-2023-39984 (** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of
Operations wit ...)
+ TODO: check
+CVE-2023-39026 (Directory Traversal vulnerability in FileMage Gateway Windows
Deployme ...)
+ TODO: check
+CVE-2023-38734 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and
23.0.0 thro ...)
+ TODO: check
+CVE-2023-38733 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and
23.0.0 thro ...)
+ TODO: check
+CVE-2023-38585 (Improper authentication vulnerability in the CBC products
allows a rem ...)
+ TODO: check
+CVE-2023-33850 (IBM GSKit-Crypto could allow a remote attacker to obtain
sensitive inf ...)
+ TODO: check
CVE-2023-4475 (An Arbitrary File Movement vulnerability was found in ASUSTOR
Data Mas ...)
NOT-FOR-US: ASUSTOR
CVE-2023-4303 (Jenkins Fortify Plugin 22.1.38 and earlier does not escape the
error m ...)
@@ -257,19 +295,19 @@ CVE-2023-4433 (Cross-site Scripting (XSS) - Stored in
GitHub repository cockpit-
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-4432 (Cross-site Scripting (XSS) - Reflected in GitHub repository
cockpit-hq ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
-CVE-2023-4431
+CVE-2023-4431 (Out of bounds memory access in Fonts in Google Chrome prior to
116.0.5 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4430
+CVE-2023-4430 (Use after free in Vulkan in Google Chrome prior to
116.0.5845.110 allo ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4429
+CVE-2023-4429 (Use after free in Loader in Google Chrome prior to
116.0.5845.110 allo ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4428
+CVE-2023-4428 (Out of bounds memory access in CSS in Google Chrome prior to
116.0.584 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4427
+CVE-2023-4427 (Out of bounds memory access in V8 in Google Chrome prior to
116.0.5845 ...)
- chromium <unfixed>
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to
version ...)
@@ -384,7 +422,7 @@ CVE-2023-39665 (D-Link DIR-868L
fw_revA_1-12_eu_multi_20170316 was discovered to
NOT-FOR-US: D-Link
CVE-2023-39125 (NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write
in load ...)
NOT-FOR-US: NTSC-CRT
-CVE-2023-31492 (Incorrect access control in Zoho ManageEngine ADManager Plus
Build 718 ...)
+CVE-2023-31492 (Zoho ManageEngine ADManager Plus version 7182 and prior
disclosed the ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path
in fs/ ...)
- linux 5.19.6-1
@@ -3324,6 +3362,7 @@ CVE-2023-32444 (A logic issue was addressed with improved
validation. This issue
CVE-2023-32427 (This issue was addressed by using HTTPS when sending
information over ...)
NOT-FOR-US: Apple
CVE-2023-37369 (In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through
6.5.x before ...)
+ {DLA-3539-1}
- qt6-base <unfixed>
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src-gles <unfixed>
@@ -5040,6 +5079,7 @@ CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core
Rule Set) through 3.3.4
CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote
server via ...)
NOT-FOR-US: acme.sh
CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before
6.2.10, and 6 ...)
+ {DLA-3539-1}
- qt6-base <unfixed> (bug #1041104)
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src-gles <unfixed> (bug #1041106)
@@ -9939,6 +9979,7 @@ CVE-2023-34411 (The xml-rs crate before 0.8.14 for Rust
and Crab allows a denial
NOTE: Introduced by:
https://github.com/netvl/xml-rs/commit/014d808be900c85a0afc5ccdfe668be040d175aa
(0.8.9)
NOTE: Fixed by:
https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c
(0.8.14)
CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before
6.2.9, and 6. ...)
+ {DLA-3539-1}
- qt6-base 6.4.2+dfsg-11 (bug #1037209)
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210)
@@ -11450,6 +11491,7 @@ CVE-2023-2757 (The Waiting: One-click countdowns plugin
for WordPress is vulnera
CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote
Code Exe ...)
NOT-FOR-US: Umbraco CMS
CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before
6.2.9, and 6. ...)
+ {DLA-3539-1}
- qt6-base 6.4.2+dfsg-8
- qtbase-opensource-src 5.15.8+dfsg-10
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
@@ -12249,6 +12291,7 @@ CVE-2023-2630 (Cross-site Scripting (XSS) - Stored in
GitHub repository pimcore/
CVE-2023-2629 (Improper Neutralization of Formula Elements in a CSV File in
GitHub re ...)
NOT-FOR-US: pimcore
CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and
6.3.x thro ...)
+ {DLA-3539-1}
- qt6-svg 6.4.2-2
- qtsvg-opensource-src 5.15.8-3
[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -19169,7 +19212,7 @@ CVE-2023-29143
CVE-2023-29142
RESERVED
CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x
through 1. ...)
- {DSA-5447-1}
+ {DSA-5447-1 DLA-3540-1}
- mediawiki 1:1.39.4-1
NOTE:
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
NOTE: https://phabricator.wikimedia.org/T285159
@@ -44678,7 +44721,7 @@ CVE-2023-21720 (Microsoft Edge (Chromium-based)
Tampering Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-21718 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability)
+CVE-2023-21718 (Microsoft ODBC Driver for SQL Server Remote Code Execution
Vulnerabili ...)
NOT-FOR-US: Microsoft
CVE-2023-21717 (Microsoft SharePoint Server Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
@@ -121494,7 +121537,7 @@ CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds
write in hb_bit_set_invertib
NOTE: introduced in
https://github.com/harfbuzz/harfbuzz/commit/f0c3804fa292ef3be41cc8d1cdea8239f00e2295
(2.9.1)
NOTE: vulnerable code not present in 2.9.0 git tag, error in CVE
description
CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has
an out-o ...)
- {DLA-2895-1 DLA-2885-1}
+ {DLA-3539-1 DLA-2895-1 DLA-2885-1}
- qtsvg-opensource-src 5.15.2-4 (bug #1002991)
[bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
@@ -168575,7 +168618,7 @@ CVE-2021-3482 (A flaw was found in Exiv2 in versions
before and including 0.27.4
NOTE:
https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
NOTE:
https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
CVE-2021-3481 (A flaw was found in Qt. An out-of-bounds read vulnerability was
found ...)
- {DLA-2895-1 DLA-2885-1}
+ {DLA-3539-1 DLA-2895-1 DLA-2885-1}
- qtsvg-opensource-src 5.15.2-3 (bug #986798)
[buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
- qt4-x11 <removed>
@@ -214904,8 +214947,8 @@ CVE-2020-24115 (In projectworlds Online Book Store
1.0 Use of Hard-coded Credent
NOT-FOR-US: projectworlds Online Book Store
CVE-2020-24114
RESERVED
-CVE-2020-24113
- RESERVED
+CVE-2020-24113 (Directory Traversal vulnerability in Contacts File Upload
Interface in ...)
+ TODO: check
CVE-2020-24112
RESERVED
CVE-2020-24111
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c75df9f28c4f5f73d139fd474478cf175007ba89
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c75df9f28c4f5f73d139fd474478cf175007ba89
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
