[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 20 Aug 2023 13:12:46 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
175a39c1 by security tracker role at 2023-08-20T20:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-4451 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
cockpit-hq ...)
+       TODO: check
 CVE-2023-4435 (Improper Input Validation in GitHub repository hamza417/inure 
prior to ...)
        NOT-FOR-US: hamza417/inure
 CVE-2023-4434 (Missing Authorization in GitHub repository hamza417/inure prior 
to bui ...)
@@ -819,31 +821,37 @@ CVE-2023-3937 (Cross site scripting vulnerability in web 
portal in Snow Software
 CVE-2023-3864 (Blind SQL injection in a service running in Snow Software 
license mana ...)
        NOT-FOR-US: Snow Software
 CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data 
Distribution Ser ...)
+       {DSA-5481-1}
        - fastdds 2.9.1+ds-1
        [bullseye] - fastdds 2.1.0+ds-9+deb11u1
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg
        NOTE: https://github.com/eProsima/Fast-DDS/issues/3236
 CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data 
Distribution Ser ...)
+       {DSA-5481-1}
        - fastdds 2.10.1+ds-2
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f
        NOTE: https://github.com/eProsima/Fast-DDS/issues/3422
        NOTE: 
https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562
 CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data 
Distribution Ser ...)
+       {DSA-5481-1}
        - fastdds 2.10.1+ds-3 (bug #1043548)
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv
        NOTE: 
https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb
 (v2.11.1)
        NOTE: https://github.com/eProsima/Fast-DDS/pull/3670
 CVE-2023-39946 (eprosima Fast DDS is a C++ implementation of the Data 
Distribution Ser ...)
+       {DSA-5481-1}
        - fastdds 2.10.1+ds-3 (bug #1043548)
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx
        NOTE: 
https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb
 (v2.11.1)
        NOTE: https://github.com/eProsima/Fast-DDS/pull/3670
 CVE-2023-39945 (eprosima Fast DDS is a C++ implementation of the Data 
Distribution Ser ...)
+       {DSA-5481-1}
        - fastdds 2.10.1+ds-3 (bug #1043548)
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9
        NOTE: https://github.com/eProsima/Fast-DDS/issues/3422
        NOTE: 
https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562
 CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data 
Distribution Ser ...)
+       {DSA-5481-1}
        - fastdds 2.10.1+ds-2
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp
        NOTE: 
https://github.com/eProsima/Fast-DDS/commit/2674fdd93793fd314fcb81b795f9f62b8fcb1ea0
@@ -6511,7 +6519,7 @@ CVE-2023-35073
        REJECTED
 CVE-2023-34211
        REJECTED
-CVE-2023-36674 [Manualthumb bypasses badFile lookup]
+CVE-2023-36674 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x 
through 1. ...)
        {DSA-5447-1}
        - mediawiki 1:1.39.4-1
        [buster] - mediawiki <not-affected> (BadFileLookup was introduced in 
version 1.35)
@@ -13836,7 +13844,7 @@ CVE-2023-2168 (The TaxoPress plugin for WordPress is 
vulnerable to Stored Cross-
 CVE-2023-2167
        RESERVED
 CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When 
all of the ...)
-       {DSA-5442-1}
+       {DSA-5442-1 DLA-3536-1}
        - flask 2.2.2-3 (bug #1035670)
        NOTE: 
https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq
        NOTE: 
https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d
 (2.2.5)
@@ -110743,8 +110751,8 @@ CVE-2022-24991
        RESERVED
 CVE-2022-24990 (TerraMaster NAS 4.2.29 and earlier allows remote attackers to 
discover ...)
        NOT-FOR-US: TerraMaster NAS
-CVE-2022-24989
-       RESERVED
+CVE-2022-24989 (TerraMaster NAS through 4.2.30 allows remote WAN attackers to 
execute  ...)
+       TODO: check
 CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has 
an off-b ...)
        NOT-FOR-US: galois_2p8
 CVE-2022-24987



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175a39c103e38add03dfe5abfa8df3982babb664

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175a39c103e38add03dfe5abfa8df3982babb664
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to