[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 01 Aug 2023 13:12:50 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
510617e6 by security tracker role at 2023-08-01T20:12:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,41 @@
-CVE-2023-4058
+CVE-2023-3718 (An authenticated command injection vulnerability exists in the 
AOS-CX  ...)
+       TODO: check
+CVE-2023-39147 (An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows 
attacker ...)
+       TODO: check
+CVE-2023-39110 (rconfig v3.9.4 was discovered to contain a Server-Side Request 
Forgery ...)
+       TODO: check
+CVE-2023-39109 (rconfig v3.9.4 was discovered to contain a Server-Side Request 
Forgery ...)
+       TODO: check
+CVE-2023-39108 (rconfig v3.9.4 was discovered to contain a Server-Side Request 
Forgery ...)
+       TODO: check
+CVE-2023-38560 (An integer overflow flaw was found in pcl/pl/plfont.c:418 in 
pl_glyph_ ...)
+       TODO: check
+CVE-2023-38559 (A buffer overflow flaw was found in base/gdevdevn.c:1973 in 
devn_pcx_w ...)
+       TODO: check
+CVE-2023-38357 (Session tokens in RWS WorldServer 11.7.3 and earlier have a 
low entrop ...)
+       TODO: check
+CVE-2023-37478 (pnpm is a package manager. It is possible to construct a 
tarball that, ...)
+       TODO: check
+CVE-2023-36211 (The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site 
Scripting  ...)
+       TODO: check
+CVE-2023-36210 (MotoCMS Version 3.4.3 Store Category Template was discovered 
to contai ...)
+       TODO: check
+CVE-2023-34634 (Greenshot 1.2.10 and below allows arbitrary code execution 
because .NE ...)
+       TODO: check
+CVE-2023-34552 (In certain EZVIZ products, two stack based buffer overflows in 
mulicas ...)
+       TODO: check
+CVE-2023-34551 (In certain EZVIZ products, two stack buffer overflows in 
netClientSetW ...)
+       TODO: check
+CVE-2023-33493 (An Unrestricted Upload of File with Dangerous Type 
vulnerability in th ...)
+       TODO: check
+CVE-2023-32302 (Silverstripe Framework is the MVC framework that powers 
Silverstripe C ...)
+       TODO: check
+CVE-2023-31710 (TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and 
AX21(US)_V3.6_1.1. ...)
+       TODO: check
+CVE-2023-4058 (Memory safety bugs present in Firefox 115. Some of these bugs 
showed e ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4058
-CVE-2023-4057
+CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, 
and Thun ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        [bookworm] - firefox-esr <not-affected> (Only affects Firefox ESR 115.1)
@@ -9,66 +43,66 @@ CVE-2023-4057
        [buster] - firefox-esr <not-affected> (Only affects Firefox ESR 115.1)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4057
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
-CVE-2023-4056
+CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, 
Firefox  ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4056
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4056
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056
-CVE-2023-4055
+CVE-2023-4055 (When the number of cookies per domain was exceeded in 
`document.cookie ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4055
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055
-CVE-2023-4054
+CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user 
that these ...)
        - firefox <not-affected> (Affects only Firefox on Windows)
        - firefox-esr <not-affected> (Affects only Firefox on Windows)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4054
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4054
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4054
-CVE-2023-4053
+CVE-2023-4053 (A website could have obscured the full screen notification by 
using a  ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053
-CVE-2023-4052
+CVE-2023-4052 (The Firefox updater created a directory writable by 
non-privileged use ...)
        - firefox <not-affected> (Affects only Firefox on Windows)
        - firefox-esr <not-affected> (Affects only Firefox ESR 115.0.1 on 
Windows)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4052
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4052
-CVE-2023-4051
+CVE-2023-4051 (A website could have obscured the full screen notification by 
using th ...)
        - firefox <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
-CVE-2023-4050
+CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack 
buffer  ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4050
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4050
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4050
-CVE-2023-4049
+CVE-2023-4049 (Race conditions in reference counting code were found through 
code ins ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4049
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4049
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4049
-CVE-2023-4048
+CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash 
when pars ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4048
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4048
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4048
-CVE-2023-4047
+CVE-2023-4047 (A bug in popup notifications delay calculation could have made 
it poss ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4047
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4047
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4047
-CVE-2023-4046
+CVE-2023-4046 (In some circumstances, a stale value could have been used for a 
global ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4046
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4046
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4046
-CVE-2023-4045
+CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, 
which c ...)
        - firefox <unfixed>
        - firefox-esr <unfixed>
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4045
@@ -3702,7 +3736,7 @@ CVE-2023-36183 (Buffer Overflow vulnerability in 
OpenImageIO v.2.4.12.0 and befo
        NOTE: https://github.com/OpenImageIO/oiio/issues/3871
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/aad99bad9a4f6b965f99a291f9c67458c8c982e8
 (master)
        NOTE: 
https://github.com/OpenImageIO/oiio/commit/749a557b5eed75a1b1c728e6287e4ca8e2e0be1e
 (v2.4.13.0)
-CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows 
a remot ...)
+CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 and 
earlier a ...)
        NOT-FOR-US: ZZCMS
 CVE-2023-35935
        REJECTED
@@ -3753,7 +3787,8 @@ CVE-2023-3491 (Unrestricted Upload of File with Dangerous 
Type in GitHub reposit
        NOT-FOR-US: fossbilling
 CVE-2023-3490 (SQL Injection in GitHub repository fossbilling/fossbilling 
prior to 0. ...)
        NOT-FOR-US: fossbilling
-CVE-2023-3117 (A use-after-free flaw was found in the Netfilter subsystem of 
the Linu ...)
+CVE-2023-3117
+       REJECTED
        NOTE: duplicate of CVE-2023-3390, see 
https://bugzilla.redhat.com/show_bug.cgi?id=2213260
 CVE-2023-36812 (OpenTSDB is a open source, distributed, scalable Time Series 
Database  ...)
        NOT-FOR-US: OpenTSDB
@@ -32472,8 +32507,8 @@ CVE-2023-23775
        RESERVED
 CVE-2023-23549
        RESERVED
-CVE-2023-23548
-       RESERVED
+CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, 
<2.1.0p32, ...)
+       TODO: check
 CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated 
attacker ...)
        - check-mk <removed>
 CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk 
versions < ...)
@@ -53045,8 +53080,8 @@ CVE-2023-20585
        RESERVED
 CVE-2023-20584
        RESERVED
-CVE-2023-20583
-       RESERVED
+CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors 
may all ...)
+       TODO: check
 CVE-2023-20582
        RESERVED
 CVE-2023-20581
@@ -65076,10 +65111,10 @@ CVE-2022-39989 (An issue was discovered in Fighting 
Cock Information System 1.0,
        NOT-FOR-US: Fighting Cock Information System
 CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 
allows  ...)
        - centreon-web <itp> (bug #913903)
-CVE-2022-39987
-       RESERVED
-CVE-2022-39986
-       RESERVED
+CVE-2022-39987 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 
allows an ...)
+       TODO: check
+CVE-2022-39986 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 
allows un ...)
+       TODO: check
 CVE-2022-39985
        RESERVED
 CVE-2022-39984
@@ -127091,7 +127126,7 @@ CVE-2021-43756 (Adobe Media Encoder versions 22.0, 
15.4.2 (and earlier) are affe
        NOT-FOR-US: Adobe
 CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 
(and earlie ...)
        NOT-FOR-US: Adobe
-CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by a 
memory cor ...)
+CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by an 
Out-of-bo ...)
        NOT-FOR-US: Adobe
 CVE-2021-43753
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510617e6dc5419d406e9505a6c917c4fab953469

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/510617e6dc5419d406e9505a6c917c4fab953469
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to