[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 07 Jun 2023 13:12:44 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
808af986 by security tracker role at 2023-06-07T20:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,68 @@
-CVE-2023-33865 [symlink vulnerability in /tmp/RenderDoc]
+CVE-2023-3152 (A vulnerability classified as critical has been found in 
SourceCodeste ...)
+       TODO: check
+CVE-2023-3151 (A vulnerability was found in SourceCodester Online Discussion 
Forum Si ...)
+       TODO: check
+CVE-2023-3150 (A vulnerability was found in SourceCodester Online Discussion 
Forum Si ...)
+       TODO: check
+CVE-2023-3149 (A vulnerability was found in SourceCodester Online Discussion 
Forum Si ...)
+       TODO: check
+CVE-2023-3148 (A vulnerability was found in SourceCodester Online Discussion 
Forum Si ...)
+       TODO: check
+CVE-2023-3147 (A vulnerability has been found in SourceCodester Online 
Discussion For ...)
+       TODO: check
+CVE-2023-3146 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
+CVE-2023-3145 (A vulnerability, which was classified as critical, has been 
found in S ...)
+       TODO: check
+CVE-2023-3144 (A vulnerability classified as problematic was found in 
SourceCodester  ...)
+       TODO: check
+CVE-2023-3143 (A vulnerability classified as problematic has been found in 
SourceCode ...)
+       TODO: check
+CVE-2023-3142 (Cross-site Scripting (XSS) - Stored in GitHub repository 
microweber/mi ...)
+       TODO: check
+CVE-2023-3140 (Missing HTTP headers (X-Frame-Options, Content-Security-Policy) 
in KNI ...)
+       TODO: check
+CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A 
design fla ...)
+       TODO: check
+CVE-2023-34234 (OpenZeppelin Contracts is a library for smart contract 
development. By ...)
+       TODO: check
+CVE-2023-34109 (zxcvbn-ts is an open source password strength estimator 
written in typ ...)
+       TODO: check
+CVE-2023-34108 (mailcow is a mail server suite based on Dovecot, Postfix and 
other ope ...)
+       TODO: check
+CVE-2023-33595 (CPython v3.12.0 alpha 7 was discovered to contain a heap 
use-after-fre ...)
+       TODO: check
+CVE-2023-33556 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to 
contain a com ...)
+       TODO: check
+CVE-2023-33553 (An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows 
attacker ...)
+       TODO: check
+CVE-2023-33510 (Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read 
arbitrary file ...)
+       TODO: check
+CVE-2023-33498 (alist <=3.16.3 is vulnerable to Incorrect Access Control. Low 
privileg ...)
+       TODO: check
+CVE-2023-33284 (Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code 
Execution  ...)
+       TODO: check
+CVE-2023-33283 (Marval MSM through 14.19.0.12476 uses a static encryption key 
for secr ...)
+       TODO: check
+CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account 
with de ...)
+       TODO: check
+CVE-2023-2530 (A privilege escalation allowing remote code execution was 
discovered i ...)
+       TODO: check
+CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
+       TODO: check
+CVE-2021-4380 (The Pinterest Automatic plugin for WordPress is vulnerable to 
authoriz ...)
+       TODO: check
+CVE-2021-4379 (The WooCommerce Multi Currency plugin for WordPress is 
vulnerable to a ...)
+       TODO: check
+CVE-2021-4337 (Sixteen XforWooCommerce Add-On Plugins for WordPress are 
vulnerable to ...)
+       TODO: check
+CVE-2021-46889 (The 10Web Photo Gallery plugin through 1.5.69 for WordPress 
allows XSS ...)
+       TODO: check
+CVE-2020-36728 (The Adning Advertising plugin for WordPress is vulnerable to 
file dele ...)
+       TODO: check
+CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to 
arbitrary ...)
+       TODO: check
+CVE-2023-33865 (RenderDoc through 1.26 allows local privilege escalation via a 
symlink ...)
        - renderdoc <unfixed> (bug #1037208)
        NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
        NOTE: 
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
 (v1.27)
@@ -6,7 +70,7 @@ CVE-2023-33865 [symlink vulnerability in /tmp/RenderDoc]
        NOTE: 
https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2
 (v1.27)
        NOTE: 
https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e
 (v1.27)
        NOTE: 
https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b
 (v1.27)
-CVE-2023-33864 [integer underflow to heap-based buffer overflow]
+CVE-2023-33864 (RenderDoc through 1.26 allows an Integer Overflow with a 
resultant Buf ...)
        - renderdoc <unfixed> (bug #1037208)
        NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
        NOTE: 
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
 (v1.27)
@@ -14,7 +78,7 @@ CVE-2023-33864 [integer underflow to heap-based buffer 
overflow]
        NOTE: 
https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2
 (v1.27)
        NOTE: 
https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e
 (v1.27)
        NOTE: 
https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b
 (v1.27)
-CVE-2023-33863 [integer overflow to heap-based buffer overflow]
+CVE-2023-33863 (RenderDoc through 1.26 allows an Integer Overflow with a 
resultant Buf ...)
        - renderdoc <unfixed> (bug #1037208)
        NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3
        NOTE: 
https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856
 (v1.27)
@@ -374,9 +438,9 @@ CVE-2013-10030 (A vulnerability, which was classified as 
problematic, has been f
        NOT-FOR-US: WordPress plugin
 CVE-2013-10029 (A vulnerability classified as problematic was found in Exit 
Box Lite P ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-2589
+CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
-CVE-2023-2485
+CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
 CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate 
in fs/ ...)
        - linux 5.19.6-1
@@ -1166,6 +1230,7 @@ CVE-2023-2943 (Code Injection in GitHub repository 
openemr/openemr prior to 7.0.
 CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr 
prior t ...)
        NOT-FOR-US: OpenEMR
 CVE-2023-3079 (Type confusion in V8 in Google Chrome prior to 114.0.5735.110 
allowed  ...)
+       {DSA-5420-1}
        - chromium 114.0.5735.106-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome 
prior  ...)
@@ -1522,7 +1587,7 @@ CVE-2023-31459 (A vulnerability in the Connect Mobility 
Router component of Mite
        NOT-FOR-US: Mitel
 CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel 
MiVoice  ...)
        NOT-FOR-US: Mitel
-CVE-2023-2878
+CVE-2023-2878 (Kubernetes secrets-store-csi-driver in versions before 1.3.3 
discloses ...)
        NOT-FOR-US: secrets-store-csi-driver
 CVE-2023-2875 (A vulnerability, which was classified as problematic, was found 
in eSc ...)
        NOT-FOR-US: eScan Antivirus
@@ -4358,11 +4423,9 @@ CVE-2023-2201 (The Web Directory Free for WordPress is 
vulnerable to SQL Injecti
        NOT-FOR-US: WordPress plugin
 CVE-2023-2200
        RESERVED
-CVE-2023-2199
-       RESERVED
+CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
-CVE-2023-2198
-       RESERVED
+CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
 CVE-2023-30912
        RESERVED
@@ -5554,13 +5617,11 @@ CVE-2023-2017 (Server-side Template Injection (SSTI) in 
Shopware 6 (<= v6.4.20.0
        NOT-FOR-US: Shopware
 CVE-2023-2016
        RESERVED
-CVE-2023-2015
-       RESERVED
+CVE-2023-2015 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
 CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository 
microweber/m ...)
        NOT-FOR-US: microweber
-CVE-2023-2013
-       RESERVED
+CVE-2023-2013 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
 CVE-2023-2012
        RESERVED
@@ -5756,8 +5817,7 @@ CVE-2023-2002 (A vulnerability was found in the HCI 
sockets implementation due t
        NOTE: Fixed by: 
https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18
        NOTE: Fixed by: 
https://lore.kernel.org/linux-bluetooth/[email protected]/
        NOTE: Hardening: 
https://lore.kernel.org/linux-bluetooth/[email protected]/
-CVE-2023-2001
-       RESERVED
+CVE-2023-2001 (An issue has been discovered in GitLab CE/EE affecting all 
versions be ...)
        - gitlab <unfixed>
 CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server 
redirecti ...)
        NOT-FOR-US: Mattermost Desktop App
@@ -8823,8 +8883,8 @@ CVE-2023-29347
        RESERVED
 CVE-2023-29346
        RESERVED
-CVE-2023-29345
-       RESERVED
+CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass 
Vulnerability)
+       TODO: check
 CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege 
Vulnerability)
@@ -9124,8 +9184,7 @@ CVE-2023-1827 (A vulnerability has been found in 
SourceCodester Centralized Covi
        NOT-FOR-US: SourceCodester Centralized Covid Vaccination Records System
 CVE-2023-1826 (A vulnerability, which was classified as critical, was found in 
Source ...)
        NOT-FOR-US: SourceCodester Online Computer and Laptop Store
-CVE-2023-1825
-       RESERVED
+CVE-2023-1825 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2022-48435 (In JetBrains PhpStorm before 2023.1 source code could be 
logged in the ...)
        NOT-FOR-US: JetBrains PhpStorm
@@ -23577,8 +23636,7 @@ CVE-2023-22845 (An out-of-bounds read vulnerability 
exists in the TGAInput::deco
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708
 CVE-2023-0509 (Improper Certificate Validation in GitHub repository 
pyload/pyload pri ...)
        - pyload <itp> (bug #1001980)
-CVE-2023-0508
-       RESERVED
+CVE-2023-0508 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
 CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with 
access to t ...)
        - uptimed <not-affected> (Gentoo-specific)
@@ -28734,8 +28792,7 @@ CVE-2023-22459
        RESERVED
 CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel 
NVMe func ...)
        - linux <not-affected> (Vulnerable code not present in any released 
Debian version)
-CVE-2023-0121
-       RESERVED
+CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE 
affecting all ...)
        - gitlab <unfixed>
 CVE-2023-0120
        RESERVED
@@ -43942,12 +43999,12 @@ CVE-2023-20891
        RESERVED
 CVE-2023-20890
        RESERVED
-CVE-2023-20889
-       RESERVED
-CVE-2023-20888
-       RESERVED
-CVE-2023-20887
-       RESERVED
+CVE-2023-20889 (Aria Operations for Networks contains an information 
disclosure vulner ...)
+       TODO: check
+CVE-2023-20888 (Aria Operations for Networks contains an authenticated 
deserialization ...)
+       TODO: check
+CVE-2023-20887 (Aria Operations for Networks contains a command injection 
vulnerabilit ...)
+       TODO: check
 CVE-2023-20886
        RESERVED
 CVE-2023-20885
@@ -80912,8 +80969,8 @@ CVE-2022-31695
        RESERVED
 CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 
22.10 try ...)
        NOT-FOR-US: InstallBuilder Qt installers
-CVE-2022-31693
-       RESERVED
+CVE-2022-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 
10.x.y) c ...)
+       TODO: check
 CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 
5.6.9 co ...)
        - libspring-security-2.0-java <removed>
 CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as 
VSCode  ...)
@@ -153352,7 +153409,7 @@ CVE-2021-31695
        RESERVED
 CVE-2021-31694
        RESERVED
-CVE-2021-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 
10.x.y) c ...)
+CVE-2021-31693 (The 10Web Photo Gallery plugin through 1.5.68 for WordPress 
allows XSS ...)
        NOT-FOR-US: VMware Tools for Windows
 CVE-2021-31692
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/808af986e5b88d5d4f6c2aef8037f4035cb94800

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/808af986e5b88d5d4f6c2aef8037f4035cb94800
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to