Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 175a39c1 by security tracker role at 2023-08-20T20:12:20+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,5 @@ +CVE-2023-4451 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...) + TODO: check CVE-2023-4435 (Improper Input Validation in GitHub repository hamza417/inure prior to ...) NOT-FOR-US: hamza417/inure CVE-2023-4434 (Missing Authorization in GitHub repository hamza417/inure prior to bui ...) @@ -819,31 +821,37 @@ CVE-2023-3937 (Cross site scripting vulnerability in web portal in Snow Software CVE-2023-3864 (Blind SQL injection in a service running in Snow Software license mana ...) NOT-FOR-US: Snow Software CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} - fastdds 2.9.1+ds-1 [bullseye] - fastdds 2.1.0+ds-9+deb11u1 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg NOTE: https://github.com/eProsima/Fast-DDS/issues/3236 CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} - fastdds 2.10.1+ds-2 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1) NOTE: https://github.com/eProsima/Fast-DDS/pull/3670 CVE-2023-39946 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1) NOTE: https://github.com/eProsima/Fast-DDS/pull/3670 CVE-2023-39945 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} - fastdds 2.10.1+ds-2 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp NOTE: https://github.com/eProsima/Fast-DDS/commit/2674fdd93793fd314fcb81b795f9f62b8fcb1ea0 @@ -6511,7 +6519,7 @@ CVE-2023-35073 REJECTED CVE-2023-34211 REJECTED -CVE-2023-36674 [Manualthumb bypasses badFile lookup] +CVE-2023-36674 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) {DSA-5447-1} - mediawiki 1:1.39.4-1 [buster] - mediawiki <not-affected> (BadFileLookup was introduced in version 1.35) @@ -13836,7 +13844,7 @@ CVE-2023-2168 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross- CVE-2023-2167 RESERVED CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When all of the ...) - {DSA-5442-1} + {DSA-5442-1 DLA-3536-1} - flask 2.2.2-3 (bug #1035670) NOTE: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq NOTE: https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d (2.2.5) @@ -110743,8 +110751,8 @@ CVE-2022-24991 RESERVED CVE-2022-24990 (TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover ...) NOT-FOR-US: TerraMaster NAS -CVE-2022-24989 - RESERVED +CVE-2022-24989 (TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute ...) + TODO: check CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...) NOT-FOR-US: galois_2p8 CVE-2022-24987 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175a39c103e38add03dfe5abfa8df3982babb664 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/175a39c103e38add03dfe5abfa8df3982babb664 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits