[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for clamav issues
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0479af6 by Salvatore Bonaccorso at 2023-08-19T06:40:29+02:00 Add Debian bug reference for clamav issues - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -56696,7 +56696,7 @@ CVE-2023-20214 (A vulnerability in the request authentication validation for the CVE-2023-20213 RESERVED CVE-2023-20212 (A vulnerability in the AutoIt module of ClamAV could allow an unauthen ...) - - clamav + - clamav (bug #1050057) [bookworm] - clamav (clamav is updated via -updates) [bullseye] - clamav (clamav is updated via -updates) NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html @@ -56729,7 +56729,7 @@ CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS CVE-2023-20198 RESERVED CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...) - - clamav + - clamav (bug #1050057) [bookworm] - clamav (clamav is updated via -updates) [bullseye] - clamav (clamav is updated via -updates) NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0479af6e38b906653fb4750560b5ad4aaa6f5c5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0479af6e38b906653fb4750560b5ad4aaa6f5c5 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-20212 and CVE-2023-20197 for clamav
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: c1517f54 by Salvatore Bonaccorso at 2023-08-19T06:33:10+02:00 Add CVE-2023-20212 and CVE-2023-20197 for clamav - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -56696,7 +56696,10 @@ CVE-2023-20214 (A vulnerability in the request authentication validation for the CVE-2023-20213 RESERVED CVE-2023-20212 (A vulnerability in the AutoIt module of ClamAV could allow an unauthen ...) - TODO: check + - clamav + [bookworm] - clamav (clamav is updated via -updates) + [bullseye] - clamav (clamav is updated via -updates) + NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html CVE-2023-20211 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated, loca ...) @@ -56726,8 +56729,10 @@ CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS CVE-2023-20198 RESERVED CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...) - NOT-FOR-US: Cisco - NOTE: CVE for underlying ClamAV issue is CVE-2023-20032 + - clamav + [bookworm] - clamav (clamav is updated via -updates) + [bullseye] - clamav (clamav is updated via -updates) + NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html CVE-2023-20196 RESERVED CVE-2023-20195 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1517f54c53c1e3106309d34901fd43f8fad8fe9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c1517f54c53c1e3106309d34901fd43f8fad8fe9 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Tag CVE-2022-36440 as ignored for frr
Aron Xu pushed to branch master at Debian Security Tracker / security-tracker Commits: 607af70e by Aron Xu at 2023-08-19T11:37:20+08:00 Tag CVE-2022-36440 as ignored for frr - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -77647,7 +77647,8 @@ CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. NOT-FOR-US: Zebra Enterprise Home Screen CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...) - frr 8.4.1-1 - [buster] - frr (Minor issue) + [bullseye] - frr (Minor issue, requires untrivial porting) + [buster] - frr (Minor issue) NOTE: https://github.com/FRRouting/frr/issues/13202 NOTE: https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4) NOTE: https://github.com/spwpun/pocs/blob/main/frr-bgpd.md View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/607af70e1df9589cd77c801adc4ebc07c607a132 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/607af70e1df9589cd77c801adc4ebc07c607a132 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2023-40359 as no-dsa for Buster
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker Commits: 228f3630 by Thorsten Alteholz at 2023-08-19T00:35:25+02:00 mark CVE-2023-40359 as no-dsa for Buster - - - - - 5754ac62 by Thorsten Alteholz at 2023-08-19T00:40:23+02:00 mark CVE-2023-4413 as no-dsa for Buster - - - - - 22b8191c by Thorsten Alteholz at 2023-08-19T00:46:49+02:00 add python-mechanicalsoup - - - - - fd067cd0 by Thorsten Alteholz at 2023-08-19T01:00:22+02:00 mark CVE-2023-39976 as not-addected for Buster - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: = data/CVE/list = @@ -8,6 +8,7 @@ CVE-2023-4413 (A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. - rkhunter [bookworm] - rkhunter (Minor issue) [bullseye] - rkhunter (Minor issue) + [buster] - rkhunter (Minor issue) NOTE: https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7 CVE-2023-4412 (A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B2020102 ...) NOT-FOR-US: TOTOLINK @@ -612,6 +613,7 @@ CVE-2023-40359 (xterm before 380 supports ReGIS reporting for character-set name - xterm 382-2 [bookworm] - xterm (Minor issue) [bullseye] - xterm (Minor issue) + [buster] - xterm (Minor issue) NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380 CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A user ent ...) NOT-FOR-US: Maxscale @@ -1721,6 +1723,7 @@ CVE-2023-39976 (log_blackbox.c in libqb before 2.0.8 allows a buffer overflow vi - libqb 2.0.8-1 [bookworm] - libqb (Minor issue) [bullseye] - libqb (Minor issue) + [buster] - libqb (Vulnerable code introduced later) NOTE: https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8 (v2.0.8) NOTE: https://github.com/ClusterLabs/libqb/pull/490 CVE-2023-39530 (PrestaShop is an open source e-commerce web application. Prior to vers ...) = data/dla-needed.txt = @@ -148,6 +148,9 @@ python-glance-store NOTE: 20230705: pushed a patched version to: https://salsa.debian.org/lts-team/packages/python-glance-store (jspricke) NOTE: 20230705: upstream patch looks fine to me but should probably be tested and released together with the other affected packages. (jspricke) -- +python-mechanicalsoup + NOTE: 20230819: Added by Front-Desk (ta) +-- python-os-brick NOTE: 20230525: Added by Front-Desk (lamby) NOTE: 20230525: NB. CVE-2023-2088 filed against python-glance-store, python-os-brick, nova and cinder. View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82507747f4977d38a8e817192a856370ee8973f7...fd067cd0c991ccea80b9d433beed4c56f717c902 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82507747f4977d38a8e817192a856370ee8973f7...fd067cd0c991ccea80b9d433beed4c56f717c902 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-27576/phplist
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82507747 by Salvatore Bonaccorso at 2023-08-18T23:02:01+02:00 Add CVE-2023-27576/phplist - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -24246,7 +24246,7 @@ CVE-2023-27578 (Galaxy is an open-source platform for data analysis. All support CVE-2023-27577 (flarum is a forum software package for building communities. In versio ...) NOT-FOR-US: Flarum CVE-2023-27576 (An issue was discovered in phpList 3.6.12. Due to an access error, it ...) - TODO: check + - phplist (bug #612288) CVE-2023-27575 RESERVED CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow en ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82507747f4977d38a8e817192a856370ee8973f7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82507747f4977d38a8e817192a856370ee8973f7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8dbc11b1 by Salvatore Bonaccorso at 2023-08-18T23:01:37+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -12639,7 +12639,7 @@ CVE-2023-31234 CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...) NOT-FOR-US: WordPress plugin CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31231 RESERVED CVE-2023-31230 @@ -12647,7 +12647,7 @@ CVE-2023-31230 CVE-2023-31229 RESERVED CVE-2023-31228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling verification. ...) NOT-FOR-US: Huawei CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper permission ...) @@ -12763,7 +12763,7 @@ CVE-2023-31220 CVE-2023-31219 RESERVED CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31217 RESERVED CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plu ...) @@ -13121,7 +13121,7 @@ CVE-2023-31096 CVE-2023-31095 RESERVED CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Ka ...) - TODO: check + NOT-FOR-US: WooCommerce plugin CVE-2023-31093 RESERVED CVE-2023-31092 @@ -15190,7 +15190,7 @@ CVE-2022-48437 (An issue was discovered in x509/x509_verify.c in LibreSSL before CVE-2023-30500 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms ...) NOT-FOR-US: WordPress plugin CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVis ...) - TODO: check + NOT-FOR-US: WordPress Plugin CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...) NOT-FOR-US: WordPress Plugin CVE-2023-30497 @@ -18038,7 +18038,7 @@ CVE-2023-29389 (Toyota RAV4 2021 vehicles automatically trust messages from othe CVE-2023-29388 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCod ...) NOT-FOR-US: WordPress plugin CVE-2023-29387 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-29386 RESERVED CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...) @@ -24642,7 +24642,7 @@ CVE-2023-27473 CVE-2023-27472 (quickentity-editor-next is an open source, system local, video game as ...) NOT-FOR-US: quickentity-editor-next CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) - TODO: check + NOT-FOR-US: Insyde CVE-2023-27470 RESERVED CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file de ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dbc11b1619c6589977f4ea467b4ddccc179d71f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8dbc11b1619c6589977f4ea467b4ddccc179d71f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add CVE-2023-4413/rkhunter
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 82e73840 by Salvatore Bonaccorso at 2023-08-18T22:56:20+02:00 Add CVE-2023-4413/rkhunter - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,10 @@ CVE-2023-4415 (A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It CVE-2023-4414 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-4413 (A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It h ...) - TODO: check + - rkhunter + [bookworm] - rkhunter (Minor issue) + [bullseye] - rkhunter (Minor issue) + NOTE: https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7 CVE-2023-4412 (A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B2020102 ...) NOT-FOR-US: TOTOLINK CVE-2023-4411 (A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82e73840559dde3ccc38c3aaf2f042b7c6d657a6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82e73840559dde3ccc38c3aaf2f042b7c6d657a6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e3eb0473 by Salvatore Bonaccorso at 2023-08-18T22:21:37+02:00 Process several NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,67 +1,67 @@ CVE-2023-4422 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) - TODO: check + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) CVE-2023-4415 (A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has b ...) - TODO: check + NOT-FOR-US: Ruijie CVE-2023-4414 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) - TODO: check + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform CVE-2023-4413 (A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It h ...) TODO: check CVE-2023-4412 (A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B2020102 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-4411 (A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-4410 (A vulnerability, which was classified as critical, was found in TOTOLI ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2023-4409 (A vulnerability, which was classified as critical, has been found in N ...) - TODO: check + NOT-FOR-US: NBS CVE-2023-4407 (A vulnerability classified as critical was found in Codecanyon Credit ...) - TODO: check + NOT-FOR-US: Codecanyon Credit Lite CVE-2023-40072 (OS command injection vulnerability in WAB-S600-PS all versions, and WA ...) - TODO: check + NOT-FOR-US: WAB-S600-PS CVE-2023-40069 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) - TODO: check + NOT-FOR-US: ELECOM wireless LAN routers CVE-2023-39944 (OS command injection vulnerability in WRC-F1167ACF all versions, and W ...) - TODO: check + NOT-FOR-US: WRC-F1167ACF CVE-2023-39455 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) - TODO: check + NOT-FOR-US: ELECOM wireless LAN routers CVE-2023-39454 (Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC- ...) - TODO: check + NOT-FOR-US: WRC-X1800GS-B CVE-2023-39445 (Hidden functionality vulnerability in LAN-WH300N/RE all versions provi ...) - TODO: check + NOT-FOR-US: LAN-WH300N/RE CVE-2023-39416 (Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gatew ...) - TODO: check + NOT-FOR-US: Proself Enterprise/Standard Edition CVE-2023-39415 (Improper authentication vulnerability in Proself Enterprise/Standard E ...) - TODO: check + NOT-FOR-US: Proself Enterprise/Standard Edition CVE-2023-38911 (A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows att ...) - TODO: check + NOT-FOR-US: CSZ CMS CVE-2023-38910 (CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allow ...) - TODO: check + NOT-FOR-US: CSZ CMS CVE-2023-38890 (Online Shopping Portal Project 3.1 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Online Shopping Portal Project CVE-2023-38576 (Hidden functionality vulnerability in LAN-WH300N/RE all versions provi ...) - TODO: check + NOT-FOR-US: LAN-WH300N/RE CVE-2023-38132 (LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an i ...) - TODO: check + NOT-FOR-US: LAN-W451NGR CVE-2023-35991 (Hidden functionality vulnerability in LOGITEC wireless LAN routers all ...) - TODO: check + NOT-FOR-US: LOGITEC wireless LAN routers CVE-2023-32626 (Hidden functionality vulnerability in LAN-W300N/RS all versions, and L ...) - TODO: check + NOT-FOR-US: LAN-W300N/PR5 CVE-2023-32130 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dani ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32122 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32109 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32108 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32107 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Ga ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32106 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Ma ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-32105 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a1e69eab by security tracker role at 2023-08-18T20:12:26+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,67 @@ +CVE-2023-4422 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) + TODO: check +CVE-2023-4415 (A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has b ...) + TODO: check +CVE-2023-4414 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + TODO: check +CVE-2023-4413 (A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It h ...) + TODO: check +CVE-2023-4412 (A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B2020102 ...) + TODO: check +CVE-2023-4411 (A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20 ...) + TODO: check +CVE-2023-4410 (A vulnerability, which was classified as critical, was found in TOTOLI ...) + TODO: check +CVE-2023-4409 (A vulnerability, which was classified as critical, has been found in N ...) + TODO: check +CVE-2023-4407 (A vulnerability classified as critical was found in Codecanyon Credit ...) + TODO: check +CVE-2023-40072 (OS command injection vulnerability in WAB-S600-PS all versions, and WA ...) + TODO: check +CVE-2023-40069 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) + TODO: check +CVE-2023-39944 (OS command injection vulnerability in WRC-F1167ACF all versions, and W ...) + TODO: check +CVE-2023-39455 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) + TODO: check +CVE-2023-39454 (Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC- ...) + TODO: check +CVE-2023-39445 (Hidden functionality vulnerability in LAN-WH300N/RE all versions provi ...) + TODO: check +CVE-2023-39416 (Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gatew ...) + TODO: check +CVE-2023-39415 (Improper authentication vulnerability in Proself Enterprise/Standard E ...) + TODO: check +CVE-2023-38911 (A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows att ...) + TODO: check +CVE-2023-38910 (CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allow ...) + TODO: check +CVE-2023-38890 (Online Shopping Portal Project 3.1 allows remote attackers to execute ...) + TODO: check +CVE-2023-38576 (Hidden functionality vulnerability in LAN-WH300N/RE all versions provi ...) + TODO: check +CVE-2023-38132 (LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an i ...) + TODO: check +CVE-2023-35991 (Hidden functionality vulnerability in LOGITEC wireless LAN routers all ...) + TODO: check +CVE-2023-32626 (Hidden functionality vulnerability in LAN-W300N/RS all versions, and L ...) + TODO: check +CVE-2023-32130 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dani ...) + TODO: check +CVE-2023-32122 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy P ...) + TODO: check +CVE-2023-32109 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) + TODO: check +CVE-2023-32108 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) + TODO: check +CVE-2023-32107 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Ga ...) + TODO: check +CVE-2023-32106 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Ma ...) + TODO: check +CVE-2023-32105 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach ...) + TODO: check +CVE-2023-32103 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + TODO: check CVE-2023-4040 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress CVE-2023-40171 (Dispatch is an open source security incident management tool. The serv ...) @@ -70,7 +134,7 @@ CVE-2023-39741 (lrzip v0.651 was discovered to contain a heap overflow via the l NOTE: https://github.com/ckolivas/lrzip/issues/246 CVE-2023-38905 (SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a ...) NOT-FOR-US: JeecgBoot -CVE-2023-38902 (An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204 ...) +CVE-2023-38902 (A command injection vulnerability in RG-EW series home routers and rep ...) NOT-FOR-US: RG-EW CVE-2023-38843 (An issue in Atlos v.1.0 allows an authenticated attacker to execute ar ...) NOT-FOR-US: Atlos @@ -625,6 +689,7 @@ CVE-2023-40292 (Harman Infotainment 20190525031613 and later discloses the IP ad CVE-2023-40291 (Harman
[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2023-40283/linux via unstable
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 818c263f by Salvatore Bonaccorso at 2023-08-18T20:36:34+02:00 Track fixed version for CVE-2023-40283/linux via unstable - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -625,7 +625,7 @@ CVE-2023-40292 (Harman Infotainment 20190525031613 and later discloses the IP ad CVE-2023-40291 (Harman Infotainment 20190525031613 allows root access via SSH over a U ...) NOT-FOR-US: Harman Infotainment CVE-2023-40283 (An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_s ...) - - linux + - linux 6.4.11-1 NOTE: https://git.kernel.org/linus/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 (6.5-rc1) CVE-2023-40274 (An issue was discovered in zola 0.13.0 through 0.17.2. The custom impl ...) - zola (bug #976052) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/818c263fe4036fc33fdb687821db1fda9ba12837 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/818c263fe4036fc33fdb687821db1fda9ba12837 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Reserve DSA number for linux update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
da99307d by Salvatore Bonaccorso at 2023-08-18T20:27:37+02:00
Reserve DSA number for linux update
- - - - -
1 changed file:
- data/DSA/list
Changes:
=
data/DSA/list
=
@@ -1,3 +1,6 @@
+[18 Aug 2023] DSA-5480-1 linux - security update
+ {CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380 CVE-2023-2002
CVE-2023-2007 CVE-2023-2124 CVE-2023-2269 CVE-2023-2898 CVE-2023-3090
CVE-2023-3111 CVE-2023-3212 CVE-2023-3268 CVE-2023-3338 CVE-2023-3389
CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3863 CVE-2023-4004
CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273
CVE-2023-20588 CVE-2023-21255 CVE-2023-21400 CVE-2023-31084 CVE-2023-34319
CVE-2023-35788 CVE-2023-40283}
+ [bullseye] - linux 5.10.191-1
[17 Aug 2023] DSA-5479-1 chromium - security update
{CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352
CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357
CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
CVE-2023-4363 CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367
CVE-2023-4368}
[bookworm] - chromium 116.0.5845.96-1~deb12u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da99307d4c9cac1bf12872cd4972223bb7a900d2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da99307d4c9cac1bf12872cd4972223bb7a900d2
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Remove notes from two rejected CVEs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: bdc5d1ec by Salvatore Bonaccorso at 2023-08-18T19:44:56+02:00 Remove notes from two rejected CVEs They were withdrawn by the assigning CNA as further investigation showed that it was not a security issue in both cases of the CVE assignments. - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -277,10 +277,8 @@ CVE-2023-39850 (Schoolmate v1.3 was discovered to contain multiple SQL injection NOT-FOR-US: Schoolmate CVE-2023-39849 REJECTED - NOT-FOR-US: Pikachu CVE-2023-39848 REJECTED - NOT-FOR-US: DVWA CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as prob ...) NOT-FOR-US: phpRecDB CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdc5d1ec55c251cb91a2ee15fd6096b497e9127a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdc5d1ec55c251cb91a2ee15fd6096b497e9127a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Add note for CVE-2021-28025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 285fc045 by Salvatore Bonaccorso at 2023-08-18T19:43:39+02:00 Add note for CVE-2021-28025 - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -173006,6 +173006,8 @@ CVE-2021-28025 - qt4-x11 NOTE: https://bugreports.qt.io/browse/QTBUG-91507 NOTE: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=7bbf88403fd2d1fe79fab7c8e469f8aeafeb7372 (v5.15.4-lts-lgpl) + NOTE: Potentially to be considered a duplicte of CVE-2021-3481, ongoing clarification + NOTE: with the two involved CNAs. CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk ...) NOT-FOR-US: ServiceTonic CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic Helpde ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/285fc045ced30677dcd7bb173f1a281b518ab191 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/285fc045ced30677dcd7bb173f1a281b518ab191 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] dla: retake suricata
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker Commits: abcdb057 by Adrian Bunk at 2023-08-18T17:11:29+03:00 dla: retake suricata - - - - - 1 changed file: - data/dla-needed.txt Changes: = data/dla-needed.txt = @@ -210,7 +210,7 @@ samba (Lee Garrett) NOTE: 20230807: functional test framework is however needed (WIP) as most NOTE: 20230807: CVEs/bugfixes don't have test coverage. -- -suricata +suricata (Adrian Bunk) NOTE: 20230620: Added by Front-Desk (Beuc) NOTE: 20230620: 15+ CVEs marked no-dsa; since the package is supported, with last LTS update in Jessie, NOTE: 20230620: I'd suggest reviewing the CVEs, precise the triage (postponed/ignored), View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abcdb057717634b0eda876ee68fecc07eb31d6dd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abcdb057717634b0eda876ee68fecc07eb31d6dd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] "new" chromium issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
197436e1 by Moritz Muehlenhoff at 2023-08-18T14:08:26+02:00
new chromium issue
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=
data/CVE/list
=
@@ -2030,7 +2030,8 @@ CVE-2023-33373 (Connected IO v2.1.0 and prior keeps
passwords and credentials in
CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded
username/password pair ...)
NOT-FOR-US: Connected IO
CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior
to 108 ...)
- TODO: check
+ - chromium 108.0.5359.71-1
+ [buster] - chromium (see DSA 5046)
CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress
CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable
to Rem ...)
=
data/DSA/list
=
@@ -598,7 +598,7 @@
{CVE-2021-34055 CVE-2022-41751}
[bullseye] - jhead 1:3.04-6+deb11u1
[03 Dec 2022] DSA-5293-1 chromium - security update
- {CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178
CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183
CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188
CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193
CVE-2022-4194 CVE-2022-4195 CVE-2022-4906 CVE-2022-4907}
+ {CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177 CVE-2022-4178
CVE-2022-4179 CVE-2022-4180 CVE-2022-4181 CVE-2022-4182 CVE-2022-4183
CVE-2022-4184 CVE-2022-4185 CVE-2022-4186 CVE-2022-4187 CVE-2022-4188
CVE-2022-4189 CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193
CVE-2022-4194 CVE-2022-4195 CVE-2022-4906 CVE-2022-4907 CVE-2022-4955}
[bullseye] - chromium 108.0.5359.71-2~deb11u1
[01 Dec 2022] DSA-5292-1 snapd - security update
{CVE-2022-3328}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197436e19b47e0395f26b07a4e08171ad4e7c8cb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/197436e19b47e0395f26b07a4e08171ad4e7c8cb
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7bcc269e by Moritz Muehlenhoff at 2023-08-18T14:06:08+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -23,7 +23,7 @@ CVE-2023-39666 (D-Link DIR-842 fw_revA_1-02_eu_multi_20151008
was discovered to
CVE-2023-39665 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered
to conta ...)
NOT-FOR-US: D-Link
CVE-2023-39125 (NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write
in load ...)
- TODO: check
+ NOT-FOR-US: NTSC-CRT
CVE-2023-31492 (Incorrect access control in Zoho ManageEngine ADManager Plus
Build 718 ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path
in fs/ ...)
@@ -44,7 +44,7 @@ CVE-2023-40313 (A BeanShell interpreter in remote server mode
runs in OpenMNS Ho
CVE-2023-40272 (Apache Airflow Spark Provider, versions before 4.1.3, is
affected by a ...)
NOT-FOR-US: Apache Airflow Spark Provider
CVE-2023-40168 (TurboWarp is a desktop application that compiles scratch
projects to J ...)
- TODO: check
+ NOT-FOR-US: TurboWarp
CVE-2023-40165 (rubygems.org is the Ruby community's primary gem (library)
hosting ser ...)
TODO: check
CVE-2023-3698 (Printer service fails to adequately handle user input, allowing
an rem ...)
@@ -87,7 +87,7 @@ CVE-2023-36845 (A PHP External Variable Modification
vulnerability in J-Web of J
CVE-2023-36844 (A PHP External Variable Modification vulnerability in J-Web of
Juniper ...)
NOT-FOR-US: Juniper
CVE-2023-36106 (An incorrect access control vulnerability in powerjob 4.3.2
and earlie ...)
- TODO: check
+ NOT-FOR-US: powerjob
CVE-2023-34419 (A buffer overflow has been identified in the SetupUtility
driver in so ...)
NOT-FOR-US: Lenovo
CVE-2023-34412 (A vulnerability in Red Lion Europe mbNET/mbNET.rokey and
Helmholz REX ...)
@@ -129,7 +129,7 @@ CVE-2023-40252 (Improper Control of Generation of Code
('Code Injection') vulner
CVE-2023-40251 (Missing Encryption of Sensitive DataCAPEC- vulnerability in
Genians Ge ...)
NOT-FOR-US: Genians
CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In
affected ver ...)
- TODO: check
+ NOT-FOR-US: Woodpecker
CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by
a vulne ...)
NOT-FOR-US: Flarum
CVE-2023-40021 (Oppia is an online learning platform. When comparing a
received CSRF t ...)
@@ -615,7 +615,7 @@ CVE-2023-40303 (GNU inetutils through 2.4 may allow
privilege escalation because
NOTE:
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6
NOTE:
https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg0.html
CVE-2023-40296 (async-sockets-cpp through 0.3.1 has a stack-based buffer
overflow in R ...)
- TODO: check
+ NOT-FOR-US: async-sockets-cpp
CVE-2023-40295 (libboron in Boron 2.0.8 has a heap-based buffer overflow in
ur_strInit ...)
NOT-FOR-US: libboron
CVE-2023-40294 (libboron in Boron 2.0.8 has a heap-based buffer overflow in
ur_parseBl ...)
@@ -1242,7 +1242,7 @@ CVE-2023-4239 (The Real Estate Manager plugin for
WordPress is vulnerable to pri
CVE-2023-3632 (Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes
Educati ...)
NOT-FOR-US: Sifir Bes Education and Informatics Kunduz Homework Helper
App
CVE-2023-39951 (OpenTelemetry Java Instrumentation provides OpenTelemetry
auto-instrum ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry Java Instrumentation
CVE-2023-39910 (The cryptocurrency wallet entropy seeding mechanism used in
Libbitcoin ...)
NOT-FOR-US: Libbitcoin Explorer
CVE-2023-39341 ("FFRI yarai", "FFRI yarai Home and Business Edition" and their
OEM pro ...)
@@ -1293,7 +1293,7 @@ CVE-2023-33934 (Improper Input Validation vulnerability
in Apache Software Found
- trafficserver (bug #1043430)
NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc
CVE-2023-2905 (Due to a failure in validating the length of a provided
MQTT_CMD_PUBLI ...)
- TODO: check
+ NOT-FOR-US: Cesanta Mongoose
CVE-2023-3223
- undertow
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209689
@@ -1330,9 +1330,9 @@ CVE-2023-3386 (Improper Neutralization of Special
Elements used in an SQL Comman
CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
NOT-FOR-US: Siemens Solid Edge
CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking
Stack. Pri ...)
- TODO: check
+ NOT-FOR-US: go-libp2pC
CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of
arbitrar ...)
- TODO: check
+
[Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: b66eade7 by Moritz Muehlenhoff at 2023-08-18T13:05:32+02:00 NFU (concludes external check) - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -56637,7 +56637,8 @@ CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS CVE-2023-20198 RESERVED CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...) - TODO: check + NOT-FOR-US: Cisco + NOTE: CVE for underlying ClamAV issue is CVE-2023-20032 CVE-2023-20196 RESERVED CVE-2023-20195 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b66eade7dc8e04e36226545f4ebc9b38d6315c9c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b66eade7dc8e04e36226545f4ebc9b38d6315c9c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] new qtsvg issue
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 45ecdfa6 by Moritz Muehlenhoff at 2023-08-18T12:28:40+02:00 new qtsvg issue - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -172997,8 +172997,13 @@ CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. NOT-FOR-US: Rust crate bam CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...) - jpeg-xl (Fixed before initial release) -CVE-2021-28025 (Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions ...) - TODO: check +CVE-2021-28025 + - qt6-svg (Fixed before initial upload to the archive) + - qtsvg-opensource-src 5.15.4-2 + [bullseye] - qtsvg-opensource-src (Minor issue) + - qt4-x11 + NOTE: https://bugreports.qt.io/browse/QTBUG-91507 + NOTE: https://code.qt.io/cgit/qt/qtsvg.git/commit/?id=7bbf88403fd2d1fe79fab7c8e469f8aeafeb7372 (v5.15.4-lts-lgpl) CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk ...) NOT-FOR-US: ServiceTonic CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic Helpde ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45ecdfa68a8d7e99287fd2ea207c2fd1a382d854 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45ecdfa68a8d7e99287fd2ea207c2fd1a382d854 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] more fastdds references
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker Commits: 1c837903 by Moritz Muehlenhoff at 2023-08-18T12:11:10+02:00 more fastdds references - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -726,20 +726,27 @@ CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data Distributi [bullseye] - fastdds (Minor issue) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 + NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1) + NOTE: https://github.com/eProsima/Fast-DDS/pull/3670 CVE-2023-39946 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1) + NOTE: https://github.com/eProsima/Fast-DDS/pull/3670 CVE-2023-39945 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) - fastdds 2.10.1+ds-3 (bug #1043548) NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 + NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 + NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) - fastdds 2.10.1+ds-2 NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp + NOTE: https://github.com/eProsima/Fast-DDS/commit/2674fdd93793fd314fcb81b795f9f62b8fcb1ea0 + NOTE: https://github.com/eProsima/Fast-DDS/pull/3343 CVE-2023-32267 (A potential vulnerability has been identified in OpenText / Micro Focu ...) NOT-FOR-US: Micro Focus CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8379032b93c2c3cad4d42bfde77d3ad1383ea7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8379032b93c2c3cad4d42bfde77d3ad1383ea7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9d7f2a1c by Salvatore Bonaccorso at 2023-08-18T11:22:58+02:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,31 +1,31 @@ CVE-2023-4040 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress CVE-2023-40171 (Dispatch is an open source security incident management tool. The serv ...) - TODO: check + NOT-FOR-US: Netflix Dispatch CVE-2023-39674 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overfl ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-39673 (Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-39672 (Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-39671 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overfl ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-39670 (Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffe ...) - TODO: check + NOT-FOR-US: Tenda CVE-2023-39669 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-39668 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-39667 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-39666 (D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contai ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-39665 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-39125 (NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in load ...) TODO: check CVE-2023-31492 (Incorrect access control in Zoho ManageEngine ADManager Plus Build 718 ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/ ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d7f2a1c24201e5eed075bdf97a4100e53932a67 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d7f2a1c24201e5eed075bdf97a4100e53932a67 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cb79308a by security tracker role at 2023-08-18T08:12:12+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,3 +1,31 @@ +CVE-2023-4040 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) + TODO: check +CVE-2023-40171 (Dispatch is an open source security incident management tool. The serv ...) + TODO: check +CVE-2023-39674 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overfl ...) + TODO: check +CVE-2023-39673 (Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a ...) + TODO: check +CVE-2023-39672 (Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via ...) + TODO: check +CVE-2023-39671 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overfl ...) + TODO: check +CVE-2023-39670 (Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffe ...) + TODO: check +CVE-2023-39669 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer ...) + TODO: check +CVE-2023-39668 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) + TODO: check +CVE-2023-39667 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) + TODO: check +CVE-2023-39666 (D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contai ...) + TODO: check +CVE-2023-39665 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) + TODO: check +CVE-2023-39125 (NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in load ...) + TODO: check +CVE-2023-31492 (Incorrect access control in Zoho ManageEngine ADManager Plus Build 718 ...) + TODO: check CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/ ...) - linux 5.19.6-1 [bullseye] - linux (Vulnerable code not present) @@ -13600,8 +13628,8 @@ CVE-2023-30877 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ma NOT-FOR-US: WordPress plugin CVE-2023-30876 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave ...) NOT-FOR-US: WordPress plugin -CVE-2023-30875 - RESERVED +CVE-2023-30875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All ...) + TODO: check CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stev ...) NOT-FOR-US: WordPress plugin CVE-2023-30873 @@ -20352,8 +20380,8 @@ CVE-2023-28692 RESERVED CVE-2023-28691 RESERVED -CVE-2023-28690 - RESERVED +CVE-2023-28690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + TODO: check CVE-2023-28689 RESERVED CVE-2023-28688 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb79308a38c7665fe085ffac662e2a9f53d57c25 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cb79308a38c7665fe085ffac662e2a9f53d57c25 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
