[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 28 Sep 2023 13:12:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b7411d10 by security tracker role at 2023-09-28T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output 
error backt ...)
+       TODO: check
+CVE-2023-5215 (A flaw was found in libnbd. A server can reply with a block 
size large ...)
+       TODO: check
+CVE-2023-43884 (A Cross-site scripting (XSS) vulnerability in Reference ID 
from the pa ...)
+       TODO: check
+CVE-2023-43879 (Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability 
that allow ...)
+       TODO: check
+CVE-2023-43878 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) 
vulnerabilities t ...)
+       TODO: check
+CVE-2023-43876 (A Cross-Site Scripting (XSS) vulnerability in installation of 
October  ...)
+       TODO: check
+CVE-2023-43874 (Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS 
v.2.3.2  ...)
+       TODO: check
+CVE-2023-43873 (A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 
allows  ...)
+       TODO: check
+CVE-2023-43872 (A File upload vulnerability in CMSmadesimple v.2.2.18 allows a 
local a ...)
+       TODO: check
+CVE-2023-43871 (A File upload vulnerability in WBCE v.1.6.1 allows a local 
attacker to ...)
+       TODO: check
+CVE-2023-43869 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formSetWA ...)
+       TODO: check
+CVE-2023-43868 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
websGetVa ...)
+       TODO: check
+CVE-2023-43867 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formSetWa ...)
+       TODO: check
+CVE-2023-43866 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formSetWA ...)
+       TODO: check
+CVE-2023-43865 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formSetWa ...)
+       TODO: check
+CVE-2023-43864 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formSetWA ...)
+       TODO: check
+CVE-2023-43863 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formSetWa ...)
+       TODO: check
+CVE-2023-43862 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formLangu ...)
+       TODO: check
+CVE-2023-43861 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formSetWa ...)
+       TODO: check
+CVE-2023-43860 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via 
formSetWa ...)
+       TODO: check
+CVE-2023-43664 (PrestaShop is an Open Source e-commerce web application. In 
the Presta ...)
+       TODO: check
+CVE-2023-43663 (PrestaShop is an Open Source e-commerce web application. In 
affected v ...)
+       TODO: check
+CVE-2023-43657 (discourse-encrypt is a plugin that provides a secure 
communication cha ...)
+       TODO: check
+CVE-2023-43323 (mooSocial 3.1.8 is vulnerable to external service interaction 
on post  ...)
+       TODO: check
+CVE-2023-43226 (An arbitrary file upload vulnerability in dede/baidunews.php 
in DedeCM ...)
+       TODO: check
+CVE-2023-43044 (IBM License Metric Tool 9.2 could allow a remote attacker to 
traverse  ...)
+       TODO: check
+CVE-2023-41911 (Samsung Mobile Processor Exynos 2200 allows a GPU Double Free 
(issue 1 ...)
+       TODO: check
+CVE-2023-40375 (Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 
contain ...)
+       TODO: check
+CVE-2023-40307 (An attacker with standard privileges on macOS when requesting 
administ ...)
+       TODO: check
+CVE-2023-39195
+       REJECTED
 CVE-2023-5244 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
microweber ...)
        NOT-FOR-US: microweber
 CVE-2023-5233 (The Font Awesome Integration plugin for WordPress is vulnerable 
to Sto ...)
@@ -113,7 +173,7 @@ CVE-2023-5222 (A vulnerability classified as critical was 
found in Viessmann Vit
        NOT-FOR-US: Viessmann Vitogate
 CVE-2023-5221 (A vulnerability classified as critical has been found in ForU 
CMS. Thi ...)
        NOT-FOR-US: ForU CMS
-CVE-2023-5217
+CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome 
prior  ...)
        - chromium 117.0.5938.132-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        - firefox <unfixed>
@@ -124,10 +184,10 @@ CVE-2023-5217
        NOTE: Fixed by (libvpx): 
https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590
        NOTE: Fixed by (libvpx): 
https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282
        NOTE: 
https://hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2
-CVE-2023-5187
+CVE-2023-5187 (Use after free in Extensions in Google Chrome prior to 
117.0.5938.132  ...)
        - chromium 117.0.5938.132-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5186
+CVE-2023-5186 (Use after free in Passwords in Google Chrome prior to 
117.0.5938.132 a ...)
        - chromium 117.0.5938.132-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-5184 (Two potential signed to unsigned conversion errors and buffer 
overflow ...)
@@ -441,6 +501,7 @@ CVE-2023-40454 (A permissions issue was addressed with 
additional restrictions.
 CVE-2023-40452 (The issue was addressed with improved bounds checks. This 
issue is fix ...)
        TODO: check
 CVE-2023-40451 (This issue was addressed with improved iframe sandbox 
enforcement. Thi ...)
+       {DSA-5468-1}
        - webkit2gtk 2.40.5-1
        - wpewebkit 2.40.5-1
        [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
@@ -514,6 +575,7 @@ CVE-2023-40384 (A permissions issue was addressed with 
improved redaction of sen
 CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Milan Pe ...)
        TODO: check
 CVE-2023-39434 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       {DSA-5468-1}
        - webkit2gtk 2.40.5-1
        - wpewebkit 2.40.5-1
        [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
@@ -535,6 +597,7 @@ CVE-2023-35984 (The issue was addressed with improved 
checks. This issue is fixe
 CVE-2023-35793 (An issue was discovered in Cassia Access Controller 
2.1.1.2303271039.  ...)
        TODO: check
 CVE-2023-35074 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       {DSA-5396-1}
        - webkit2gtk 2.40.0-1
        - wpewebkit 2.40.2-2
        [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
@@ -634,6 +697,7 @@ CVE-2023-34043 (VMware Aria Operations contains a local 
privilege escalation vul
 CVE-2023-32541 (A use-after-free vulnerability exists in the footerr 
functionality of  ...)
        NOT-FOR-US: Hancom Office 2020 HWord
 CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2, 
and Thun ...)
+       {DSA-5506-1}
        - firefox 118.0-1
        - firefox-esr 115.3.0esr-1
        - thunderbird 1:115.3.0-1
@@ -657,6 +721,7 @@ CVE-2023-5172 (A hashtable  in the Ion Engine could have 
been mutated while ther
        - firefox 118.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172
 CVE-2023-5171 (During Ion compilation, a Garbage Collection could have 
resulted in a  ...)
+       {DSA-5506-1}
        - firefox 118.0-1
        - firefox-esr 115.3.0esr-1
        - thunderbird 1:115.3.0-1
@@ -667,6 +732,7 @@ CVE-2023-5170 (In canvas rendering, a compromised content 
process could have cau
        - firefox 118.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170
 CVE-2023-5169 (A compromised content process could have provided malicious 
data in a  ...)
+       {DSA-5506-1}
        - firefox 118.0-1
        - firefox-esr 115.3.0esr-1
        - thunderbird 1:115.3.0-1
@@ -865,7 +931,7 @@ CVE-2023-32284 (An out-of-bounds write vulnerability exists 
in the tiff_planar_a
        NOT-FOR-US: Accusoft ImageGear
 CVE-2022-48605 (Input verification vulnerability in the fingerprint module. 
Successful ...)
        NOT-FOR-US: Huawei
-CVE-2023-42756 [netfilter: ipset: Fix race between IPSET_CMD_CREATE and 
IPSET_CMD_SWAP]
+CVE-2023-42756 (A flaw was found in the Netfilter subsystem of the Linux 
kernel. A rac ...)
        - linux <unfixed>
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: https://www.openwall.com/lists/oss-security/2023/09/27/2
@@ -21028,8 +21094,8 @@ CVE-2023-30417 (A cross-site scripting (XSS) 
vulnerability in Pear-Admin-Boot up
        NOT-FOR-US: Pear-Admin-Boot
 CVE-2023-30416
        RESERVED
-CVE-2023-30415
-       RESERVED
+CVE-2023-30415 (Sourcecodester Packers and Movers Management System v1.0 was 
discovere ...)
+       TODO: check
 CVE-2023-30414 (Jerryscript commit 1a2c047 was discovered to contain a stack 
overflow  ...)
        - iotjs <removed>
        [bullseye] - iotjs <ignored> (Minor issue)
@@ -50621,10 +50687,10 @@ CVE-2022-47189 (Generex UPS CS141 below 2.06 version, 
allows an attacker touploa
        NOT-FOR-US: Generex UPS CS141
 CVE-2022-47188 (There is an arbitrary file reading vulnerability in Generex 
UPS CS141  ...)
        NOT-FOR-US: Generex UPS CS141
-CVE-2022-47187
-       RESERVED
-CVE-2022-47186
-       RESERVED
+CVE-2022-47187 (There is a file upload XSS vulnerability in Generex CS141 
below 2.06 v ...)
+       TODO: check
+CVE-2022-47186 (There is an unrestricted upload of file vulnerability in 
Generex CS141 ...)
+       TODO: check
 CVE-2022-47185 (Improper input validation vulnerability on the range header in 
Apache  ...)
        - trafficserver 9.2.2+ds-1 (bug #1043430)
        NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
@@ -231200,6 +231266,7 @@ CVE-2020-19190 (Buffer Overflow vulnerability in 
_nc_find_entry in tinfo/comp_ha
        NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
        NOTE: CVE-2020-19190 seems to be a duplicate of CVE-2019-17594 but keep 
distinct for now
 CVE-2020-19189 (Buffer Overflow vulnerability in postprocess_terminfo function 
in tinf ...)
+       {DLA-3586-1}
        - ncurses 6.1+20191019-1
        NOTE: 
https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
        NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 
patchlevels
@@ -232121,6 +232188,7 @@ CVE-2020-18770 (An issue was discovered in function 
zzip_disk_entry_to_file_head
 CVE-2020-18769
        RESERVED
 CVE-2020-18768 (There exists one heap buffer overflow in _TIFFmemcpy in 
tif_unix.c in  ...)
+       {DLA-2777-1}
        - tiff 4.0.10+git190814-1
        NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2848
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/72



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7411d10e428b9b456bc89a13f03057ff26dbb5e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7411d10e428b9b456bc89a13f03057ff26dbb5e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to