Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
73e6e86c by security tracker role at 2023-07-27T08:12:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,97 @@
+CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
+CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2023-3451
+ REJECTED
+CVE-2023-38611 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-38608 (The issue was addressed with additional permissions checks.
This issue ...)
+ TODO: check
+CVE-2023-38606 (This issue was addressed with improved state management. This
issue is ...)
+ TODO: check
+CVE-2023-38603 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-38602 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2023-38600 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-38597 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-38595 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-38594 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-38593 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2023-38580 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-38572 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-38565 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2023-38564 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-38425 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-38424 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-38421 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-38410 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient
Algorithmic Co ...)
+ TODO: check
+CVE-2023-38261 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-38259 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2023-38258 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-38136 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-38133 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ TODO: check
+CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in
/libyasm ...)
+ TODO: check
+CVE-2023-37692 (An arbitrary file upload vulnerability in October CMS v3.4.4
allows at ...)
+ TODO: check
+CVE-2023-36862 (A downgrade issue affecting Intel-based Mac computers was
addressed wi ...)
+ TODO: check
+CVE-2023-36854 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-35993 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2023-35983 (This issue was addressed with improved data protection. This
issue is ...)
+ TODO: check
+CVE-2023-32734 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-32450 (Dell Power Manager, Versions 3.3 to 3.14 contains an Improper
Access C ...)
+ TODO: check
+CVE-2023-32443 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2023-32442 (An access issue was addressed with improved access
restrictions. This ...)
+ TODO: check
+CVE-2023-32441 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
+CVE-2023-32437 (The issue was addressed with improvements to the file handling
protoco ...)
+ TODO: check
+CVE-2023-32433 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2023-32429 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-32418 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-32416 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
+CVE-2023-32381 (A use-after-free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2023-32364 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ TODO: check
CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform
that al ...)
NOT-FOR-US: SolarWinds
CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper
Initial ...)
- NOT-FOR-US: B&R Industrial Automation
+ NOT-FOR-US: B&R Industrial Automation
CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was
requesti ...)
TODO: check
CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py.
This resul ...)
@@ -562,7 +652,7 @@ CVE-2023-31462 (An issue was discovered in SteelSeries GG
36.0.0. An attacker ca
NOT-FOR-US: SteelSeries
CVE-2023-31461 (Attackers can exploit an open API listener on SteelSeries GG
36.0.0 to ...)
NOT-FOR-US: SteelSeries
-CVE-2023-37450 [Processing web content may lead to arbitrary code execution]
+CVE-2023-37450 (The issue was addressed with improved checks. This issue is
fixed in i ...)
{DSA-5457-1}
- webkit2gtk 2.40.4-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
@@ -628,7 +718,7 @@ CVE-2023-3760 (A vulnerability has been found in Intergard
SGS 8.7.0 and classif
NOT-FOR-US: Intergard SGS
CVE-2023-3759 (A vulnerability, which was classified as critical, was found in
Interg ...)
NOT-FOR-US: Intergard SGS
-CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ
Script ...)
+CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ
Scripts ...)
NOT-FOR-US: GZ Script Car Rental Script
CVE-2023-3756 (A vulnerability was found in Creativeitem Atlas Business
Directory Lis ...)
NOT-FOR-US: Creativeitem Atlas Business Directory Listing
@@ -731,7 +821,7 @@ CVE-2023-3446 (Issue summary: Checking excessively long DH
keys or parameters ma
NOTE:
https://github.com/openssl/openssl/commit/9e0094e2aa1b3428a12d5095132f133c078d3c3d
(master)
NOTE:
https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb
(openssl-3.0)
NOTE:
https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528
(OpenSSL_1_1_1-stable)
-CVE-2023-32001 [fopen race condition]
+CVE-2023-32001 (libcurl can be told to save cookie, HSTS and/or alt-svc data
to files. ...)
{DSA-5460-1}
- curl <unfixed> (bug #1041812)
[bullseye] - curl <not-affected> (Vulnerable code not present)
@@ -4107,7 +4197,7 @@ CVE-2023-32419 (The issue was addressed with improved
bounds checks. This issue
NOT-FOR-US: Apple
CVE-2023-32417 (This issue was addressed by restricting options offered on a
locked de ...)
NOT-FOR-US: Apple
-CVE-2023-32415 (This issue was addressed with improved redaction of sensitive
informat ...)
+CVE-2023-32415 (This issue was addressed with improved redaction of sensitive
informa ...)
NOT-FOR-US: Apple
CVE-2023-32414 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
@@ -4127,7 +4217,7 @@ CVE-2023-32405 (A logic issue was addressed with improved
checks. This issue is
NOT-FOR-US: Apple
CVE-2023-32404 (This issue was addressed with improved entitlements. This
issue is fix ...)
NOT-FOR-US: Apple
-CVE-2023-32403 (This issue was addressed with improved redaction of sensitive
informat ...)
+CVE-2023-32403 (This issue was addressed with improved redaction of sensitive
informa ...)
NOT-FOR-US: Apple
CVE-2023-32402 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
@@ -4143,7 +4233,7 @@ CVE-2023-32395 (A logic issue was addressed with improved
state management. This
NOT-FOR-US: Apple
CVE-2023-32394 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
-CVE-2023-32393 [Processing web content may lead to arbitrary code execution]
+CVE-2023-32393 (The issue was addressed with improved memory handling. This
issue is f ...)
{DSA-5396-1}
- webkit2gtk 2.40.0-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
@@ -4156,7 +4246,7 @@ CVE-2023-32391 (The issue was addressed with improved
checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2023-32390 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
-CVE-2023-32389 (This issue was addressed with improved redaction of sensitive
informat ...)
+CVE-2023-32389 (This issue was addressed with improved redaction of sensitive
informa ...)
NOT-FOR-US: Apple
CVE-2023-32388 (A privacy issue was addressed with improved private data
redaction for ...)
NOT-FOR-US: Apple
@@ -12197,8 +12287,8 @@ CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable
to Buffer Overflow.)
NOT-FOR-US: Tenda
CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via
the initWe ...)
NOT-FOR-US: Tenda
-CVE-2023-30367
- RESERVED
+CVE-2023-30367 (mRemoteNG configuration files can be stored in an encrypted
state on d ...)
+ TODO: check
CVE-2023-30366
RESERVED
CVE-2023-30365
@@ -19492,12 +19582,12 @@ CVE-2023-28016 (Host Header Injection vulnerability
in the HCL BigFix OSD Bare M
NOT-FOR-US: HCL
CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a
User Accoun ...)
NOT-FOR-US: HCL
-CVE-2023-28014
- RESERVED
-CVE-2023-28013
- RESERVED
-CVE-2023-28012
- RESERVED
+CVE-2023-28014 (HCL BigFix Mobile is vulnerable to a cross-site scripting
attack. An a ...)
+ TODO: check
+CVE-2023-28013 (HCL BigFix Mobile is vulnerable to a cross-site scripting
attack. An a ...)
+ TODO: check
+CVE-2023-28012 (HCL BigFix Mobile is vulnerable to a command injection attack.
An auth ...)
+ TODO: check
CVE-2023-28011
RESERVED
CVE-2023-28010
@@ -49111,7 +49201,8 @@ CVE-2023-21263
RESERVED
CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a
possible way ...)
NOT-FOR-US: Android
-CVE-2023-21261 (In ft_open_face_internal of ftobjs.c, there is a possible out
of bound ...)
+CVE-2023-21261
+ REJECTED
NOTE: Duplicate of CVE-2022-27405 and CVE-2022-27406, contacted Google
to reject
NOTE:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
(VER-2-12-0)
NOTE:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2
(VER-2-12-0)
@@ -88080,8 +88171,8 @@ CVE-2022-31457 (RTX TRAP v1.0 allows attackers to
perform a directory traversal
TODO: check
CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2
allows a ...)
TODO: check
-CVE-2022-31455
- RESERVED
+CVE-2022-31455 (* A cross-site scripting (XSS) vulnerability in Truedesk
v1.2.2 allows ...)
+ TODO: check
CVE-2022-31454
RESERVED
CVE-2022-31453
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73e6e86cb4f1785b122809ed34a023449b07d17b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73e6e86cb4f1785b122809ed34a023449b07d17b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
