Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c8dfbf51 by security tracker role at 2023-08-21T20:12:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,62 @@
-CVE-2023-4459 [net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup()]
+CVE-2023-4456 (A flaw was found in openshift-logging LokiStack. The key used
for cach ...)
+ TODO: check
+CVE-2023-4455 (Cross-Site Request Forgery (CSRF) in GitHub repository
wallabag/wallab ...)
+ TODO: check
+CVE-2023-4454 (Cross-Site Request Forgery (CSRF) in GitHub repository
wallabag/wallab ...)
+ TODO: check
+CVE-2023-4453 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
+ TODO: check
+CVE-2023-4417 (Improper access controls in the entry duplication component in
Devolut ...)
+ TODO: check
+CVE-2023-4373 (Inadequate validation of permissions when employing remote
tools and m ...)
+ TODO: check
+CVE-2023-40735 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
+ TODO: check
+CVE-2023-40352 (McAfee Safe Connect before 2.16.1.126 may allow an adversary
with syst ...)
+ TODO: check
+CVE-2023-40068 (Cross-site scripting vulnerability in Advanced Custom Fields
versions ...)
+ TODO: check
+CVE-2023-3954 (The MultiParcels Shipping For WooCommerce WordPress plugin
before 1.15 ...)
+ TODO: check
+CVE-2023-3936 (The Blog2Social WordPress plugin before 7.2.1 does not sanitise
and es ...)
+ TODO: check
+CVE-2023-3667 (The Bit Assist WordPress plugin before 1.1.9 does not sanitise
and esc ...)
+ TODO: check
+CVE-2023-3604 (The Change WP Admin Login WordPress plugin before 1.1.4
discloses the ...)
+ TODO: check
+CVE-2023-3481 (Critters versions 0.0.17-0.0.19 have an issue when parsing the
HTML, w ...)
+ TODO: check
+CVE-2023-3366 (The MultiParcels Shipping For WooCommerce WordPress plugin
before 1.15 ...)
+ TODO: check
+CVE-2023-39939 (SQL injection vulnerability in LuxCal Web Calendar prior to
5.2.3M (My ...)
+ TODO: check
+CVE-2023-39660 (An issue in Gaberiele Venturi pandasai v.0.8.0 and before
allows a rem ...)
+ TODO: check
+CVE-2023-39543 (Cross-site scripting vulnerability in LuxCal Web Calendar
prior to 5.2 ...)
+ TODO: check
+CVE-2023-39106 (An issue in Nacos Group Nacos Spring Project v.1.1.1 and
before allows ...)
+ TODO: check
+CVE-2023-39094 (Cross Site Scripting vulnerability in ZeroWdd studentmanager
v.1.0 all ...)
+ TODO: check
+CVE-2023-39061 (Cross Site Request Forgery (CSRF) vulnerability in Chamilo
v.1.11 thru ...)
+ TODO: check
+CVE-2023-38976 (An issue in weaviate v.1.20.0 allows a remote attacker to
cause a deni ...)
+ TODO: check
+CVE-2023-38961 (Buffer Overflwo vulnerability in JerryScript Project
jerryscript v.3.0 ...)
+ TODO: check
+CVE-2023-38899 (SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows
a local ...)
+ TODO: check
+CVE-2023-38836 (File Upload vulnerability in BoidCMS v.2.0.0 allows a remote
attacker ...)
+ TODO: check
+CVE-2023-38158 (Microsoft Edge (Chromium-based) Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2023-38035 (A security vulnerability in MICS Admin Portal in Ivanti
MobileIron Sen ...)
+ TODO: check
+CVE-2023-36787 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-31447 (user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4
(and on all ...)
+ TODO: check
+CVE-2023-4459 (A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup
in dri ...)
- linux 5.17.11-1
[bullseye] - linux 5.10.120-1
[buster] - linux 4.19.249-1
@@ -69,7 +127,7 @@ CVE-2023-4434 (Missing Authorization in GitHub repository
hamza417/inure prior t
NOT-FOR-US: hamza417/inure
CVE-2023-40711 (Veilid before 0.1.9 does not check the size of uncompressed
data durin ...)
NOT-FOR-US: Veilid
-CVE-2023-37250 (Unity Parsec before 8 has a TOCTOU race condition that permits
local a ...)
+CVE-2023-37250 (Unity Parsec has a TOCTOU race condition that permits local
attackers ...)
NOT-FOR-US: Unity Parsec
CVE-2023-4433 (Cross-site Scripting (XSS) - Stored in GitHub repository
cockpit-hq/co ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
@@ -661,7 +719,7 @@ CVE-2023-38851 (Buffer Overflow vulnerability in
libxlsv.1.6.2 allows a remote a
NOTE: Negligible security impact
CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7
allows an ...)
NOT-FOR-US: Codedoc
-CVE-2023-38840 (Bitwarden Windows Desktop v2023.5.1 and below allows an
attacker with ...)
+CVE-2023-38840 (Bitwarden Desktop 2023.7.0 and below allows an attacker with
local acc ...)
NOT-FOR-US: Bitwarden
CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual
IntranetAccess (VI ...)
NOT-FOR-US: HPE
@@ -1265,7 +1323,7 @@ CVE-2023-32004 (A vulnerability has been discovered in
Node.js version 20, speci
CVE-2023-32003 (`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass
the permis ...)
- nodejs <not-affected> (Only affects 20.x and later)
NOTE:
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsmkdtemp-and-fsmkdtempsync-are-missing-getvalidatedpath-checks-lowcve-2023-32003
-CVE-2023-32002
+CVE-2023-32002 (The use of `Module._load()` can bypass the policy mechanism
and requir ...)
- nodejs <unfixed>
[buster] - nodejs <not-affected> (v10.x doesn't support policy
manifests)
NOTE:
https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002
@@ -18305,7 +18363,7 @@ CVE-2023-29362 (Remote Desktop Client Remote Code
Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29361 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2023-29360 (Windows TPM Device Driver Elevation of Privilege Vulnerability)
+CVE-2023-29360 (Microsoft Streaming Service Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-29359 (GDI Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -46023,7 +46081,7 @@ CVE-2022-4369 (The WP-Lister Lite for Amazon WordPress
plugin before 2.4.4 does
CVE-2022-4368 (The WP CSV WordPress plugin through 1.8.0.0 does not sanitize
and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4367
- RESERVED
+ REJECTED
CVE-2022-43501 (KASAGO TCP/IP stack provided by Zuken Elmic generates
ISNs(Initial Seq ...)
NOT-FOR-US: Zuken Elmic
CVE-2022-43460 (Driver Distributor v2.2.3.1 and earlier contains a
vulnerability where ...)
@@ -199775,8 +199833,8 @@ CVE-2020-28717 (Cross Site Scripting (XSS)
vulnerability in content1 parameter i
NOT-FOR-US: kindsoft kindeditor
CVE-2020-28716
RESERVED
-CVE-2020-28715
- RESERVED
+CVE-2020-28715 (An issue was discovered in kdmserver service in LeEco LeTV X43
version ...)
+ TODO: check
CVE-2020-28714
RESERVED
CVE-2020-28713 (Incorrect access control in push notification service in Night
Owl Sma ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8dfbf51a965ae59d8366ebc85613a30ae374807
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8dfbf51a965ae59d8366ebc85613a30ae374807
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
