Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
628927ab by security tracker role at 2023-08-01T08:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4033 (OS Command Injection in GitHub repository mlflow/mlflow prior
to 2.6.0 ...)
+ TODO: check
+CVE-2023-3825 (PTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable
to bein ...)
+ TODO: check
+CVE-2023-3462 (HashiCorp's Vault and Vault Enterprise are vulnerable to user
enumerat ...)
+ TODO: check
+CVE-2023-39122 (BMC Control-M Software v9.0.20.200 was discovered to contain a
SQL inj ...)
+ TODO: check
+CVE-2023-37772 (Online Shopping Portal Project v3.1 was discovered to contain
a SQL in ...)
+ TODO: check
+CVE-2023-37496 (HCL Verse is susceptible to a Stored Cross Site Scripting
(XSS) vulner ...)
+ TODO: check
+CVE-2023-36984 (LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.)
+ TODO: check
+CVE-2023-36983 (LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.)
+ TODO: check
+CVE-2023-34960 (A command injection vulnerability in the wsConvertPpt
component of Cha ...)
+ TODO: check
CVE-2023-4026
REJECTED
CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in
the Li ...)
@@ -685,10 +703,12 @@ CVE-2023-32232 (An issue was discovered in Vasion
PrinterLogic Client for Window
CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for
Windows befo ...)
NOT-FOR-US: Vasion
CVE-2023-38289 [libtiff: potential integer overflow in raw2tiff.c]
+ {DLA-3513-1}
- tiff 4.5.1+git230720-1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee
CVE-2023-38288 [libtiff: integer overflow in tiffcp.c]
+ {DLA-3513-1}
- tiff 4.5.1+git230720-1
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591
@@ -815,7 +835,7 @@ CVE-2023-3611 (An out-of-bounds write vulnerability in the
Linux kernel's net/sc
- linux 6.4.4-2
NOTE:
https://git.kernel.org/linus/3e337087c3b5805fe0b8a46ba622a962880b5d64 (6.5-rc2)
CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tab ...)
- {DSA-5461-1}
+ {DSA-5461-1 DLA-3512-1}
- linux 6.3.11-1
[bookworm] - linux 6.1.37-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -2161,6 +2181,7 @@ CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and
earlier ignores the "Re
CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10
and earl ...)
NOT-FOR-US: Jenkins plugin
CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can
lead to ...)
+ {DLA-3513-1}
- tiff 4.5.1~rc3-1 (bug #1040945)
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -3433,12 +3454,12 @@ CVE-2021-46891 (Vulnerability of incomplete read and
write permission verificati
CVE-2021-46890 (Vulnerability of incomplete read and write permission
verification in ...)
NOT-FOR-US: Huawei
CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability;
nft_byte ...)
- {DSA-5453-1}
+ {DSA-5453-1 DLA-3512-1}
- linux 6.4.4-1
[bookworm] - linux 6.1.38-1
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3
CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege
Escalation Vulner ...)
- {DSA-5453-1}
+ {DSA-5453-1 DLA-3512-1}
- linux 6.4.4-1
[bookworm] - linux 6.1.38-1
[buster] - linux <not-affected> (Vulnerable code not present)
@@ -4026,7 +4047,7 @@ CVE-2023-3439 (A flaw was found in the MCTP protocol in
the Linux kernel. The fu
NOTE:
https://git.kernel.org/linus/b561275d633bcd8e0e8055ab86f1a13df75a0269 (5.18-rc5)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/02/1
CVE-2023-3390 (A use-after-free vulnerability was found in the Linux kernel's
netfilt ...)
- {DSA-5461-1 DSA-5448-1}
+ {DSA-5461-1 DSA-5448-1 DLA-3512-1}
- linux 6.3.11-1
NOTE:
https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97 (6.4-rc7)
NOTE: https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97
@@ -4955,6 +4976,7 @@ CVE-2023-3317 (A use-after-free flaw was found in
mt7921_check_offload_capabilit
- linux <not-affected> (Vulnerable code never in released version in
unstable)
NOTE:
https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6)
CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a
failure to op ...)
+ {DLA-3513-1}
- tiff 4.5.1~rc3-1
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -5005,6 +5027,7 @@ CVE-2023-31411 (A remote unprivileged attacker can modify
and access configurati
CVE-2023-31410 (A remote unprivileged attacker can intercept the communication
via e.g ...)
NOT-FOR-US: SICK
CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's
tif_dir.c file ...)
+ {DLA-3513-1}
- tiff 4.5.1~rc3-1
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -11119,7 +11142,7 @@ CVE-2023-2157 (A heap-based buffer overflow
vulnerability was found in the Image
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b
(7.1.1-7)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673
(6.9.12-85)
CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux
kernel withi ...)
- {DSA-5453-1 DSA-5448-1}
+ {DSA-5453-1 DSA-5448-1 DLA-3512-1}
- linux 6.3.11-1
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/
@@ -19954,7 +19977,7 @@ CVE-2023-28025
RESERVED
CVE-2023-28024
RESERVED
-CVE-2023-28023 (HCL Verse is susceptible to a Stored Cross Site Scripting
(XSS) vulner ...)
+CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI
Softwar ...)
NOT-FOR-US: HCL
CVE-2023-28022
RESERVED
@@ -23010,6 +23033,7 @@ CVE-2023-26968 (In Atrocore 1.5.25, the Create Import
Feed option with glyphicon
CVE-2023-26967
RESERVED
CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode()
when lib ...)
+ {DLA-3513-1}
- tiff 4.5.1~rc3-1
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -23017,6 +23041,7 @@ CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer
Overflow in uv_encode() wh
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/473
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9
(v4.5.1rc1)
CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a
heap-ba ...)
+ {DLA-3513-1}
- tiff 4.5.1~rc3-1
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -25168,8 +25193,8 @@ CVE-2023-26141
RESERVED
CVE-2023-26140
RESERVED
-CVE-2023-26139
- RESERVED
+CVE-2023-26139 (Versions of the package underscore-keypath from 0.0.11 are
vulnerable ...)
+ TODO: check
CVE-2023-26138 (All versions of the package drogonframework/drogon are
vulnerable to C ...)
NOT-FOR-US: Drogon
CVE-2023-26137 (All versions of the package drogonframework/drogon are
vulnerable to H ...)
@@ -27628,6 +27653,7 @@ CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer
Overflow via extractContig
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38
(v4.5.1rc1)
NOTE: Same fix as CVE-2023-0795.
CVE-2023-25433 (libtiff 4.5.0 is vulnerable to Buffer Overflow via
/libtiff/tools/tiff ...)
+ {DLA-3513-1}
- tiff 4.5.1~rc3-1
[bookworm] - tiff <no-dsa> (Minor issue)
[bullseye] - tiff <no-dsa> (Minor issue)
@@ -52817,7 +52843,7 @@ CVE-2023-20595
CVE-2023-20594
RESERVED
CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific
microarchitectural ...)
- {DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3511-1 DLA-3508-1}
+ {DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3512-1 DLA-3511-1 DLA-3508-1}
- linux 6.4.4-2
- amd64-microcode 3.20230719.1 (bug #1041863)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1
@@ -145858,7 +145884,7 @@ CVE-2021-37388 (A buffer overflow in D-Link DIR-615
C2 3.03WW. The ping_ipaddr p
NOT-FOR-US: D-Link
CVE-2021-37387
RESERVED
-CVE-2021-37386 (Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3
were dis ...)
+CVE-2021-37386 (Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W
before ...)
NOT-FOR-US: Furukawa
CVE-2021-37385
RESERVED
@@ -243751,8 +243777,8 @@ CVE-2020-10964 (Serendipity before 2.3.4 on Windows
allows remote attackers to e
- serendipity <removed>
CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows
unrestricted fi ...)
NOT-FOR-US: FrozenNode Laravel-Administrator
-CVE-2020-10962
- RESERVED
+CVE-2020-10962 (In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit)
through ...)
+ TODO: check
CVE-2020-10961
RESERVED
CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading
Style Shee ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628927ab169e55947bce49fe27407c3ea3224be2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/628927ab169e55947bce49fe27407c3ea3224be2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
