Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
162b0be9 by security tracker role at 2023-10-12T08:11:34+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-5531 (The Thumbnail Slider With Lightbox plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2023-5470 (The Etsy Shop plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2023-45132 (NAXSI is an open-source maintenance web application firewall
(WAF) for ...)
+ TODO: check
+CVE-2023-44793
+ REJECTED
+CVE-2023-44190 (An Origin Validation vulnerability in MAC address validation
of Junipe ...)
+ TODO: check
+CVE-2023-44189 (An Origin Validation vulnerability in MAC address validation
of Junipe ...)
+ TODO: check
+CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in t ...)
+ TODO: check
+CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the
'file copy' ...)
+ TODO: check
+CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local
attacker to ca ...)
+ TODO: check
+CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to
gain pr ...)
+ TODO: check
+CVE-2023-40829 (There is an interface unauthorized access vulnerability in the
backgro ...)
+ TODO: check
+CVE-2023-3781 (there is a possible use-after-free write due to improper
locking. This ...)
+ TODO: check
+CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This
leads to ...)
+ TODO: check
+CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.)
+ TODO: check
+CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer
overflow ...)
+ TODO: check
+CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in
the Maps ...)
+ TODO: check
CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.)
- vim <unfixed> (unimportant)
NOTE: https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f
@@ -170,53 +202,53 @@ CVE-2023-36127 (User enumeration is found in in
PHPJabbers Appointment Scheduler
NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2023-36126 (There is a Cross Site Scripting (XSS) vulnerability in the
"theme" par ...)
NOT-FOR-US: PHPJabbers Appointment Scheduler
-CVE-2023-39325
+CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and
immediate ...)
- golang-1.21 1.21.3-1
- golang-1.20 1.20.10-1
- golang-1.19 <unfixed>
- golang-1.15 <removed>
- golang-1.11 <removed>
NOTE: https://github.com/golang/go/issues/63417
-CVE-2023-5473
+CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70
allowed ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5486
+CVE-2023-5486 (Inappropriate implementation in Input in Google Chrome prior to
118.0. ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5477
+CVE-2023-5477 (Inappropriate implementation in Installer in Google Chrome
prior to 11 ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5478
+CVE-2023-5478 (Inappropriate implementation in Autofill in Google Chrome prior
to 118 ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5485
+CVE-2023-5485 (Inappropriate implementation in Autofill in Google Chrome prior
to 118 ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5479
+CVE-2023-5479 (Inappropriate implementation in Extensions API in Google Chrome
prior ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5476
+CVE-2023-5476 (Use after free in Blink History in Google Chrome prior to
118.0.5993.7 ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5474
+CVE-2023-5474 (Heap buffer overflow in PDF in Google Chrome prior to
118.0.5993.70 al ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5475
+CVE-2023-5475 (Inappropriate implementation in DevTools in Google Chrome prior
to 118 ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5481
+CVE-2023-5481 (Inappropriate implementation in Downloads in Google Chrome
prior to 11 ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5483
+CVE-2023-5483 (Inappropriate implementation in Intents in Google Chrome prior
to 118. ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5484
+CVE-2023-5484 (Inappropriate implementation in Navigation in Google Chrome
prior to 1 ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5487
+CVE-2023-5487 (Inappropriate implementation in Fullscreen in Google Chrome
prior to 1 ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5218
+CVE-2023-5218 (Use after free in Site Isolation in Google Chrome prior to
118.0.5993. ...)
- chromium 118.0.5993.70-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4421
@@ -925,7 +957,7 @@ CVE-2023-39189 (A flaw was found in the Netfilter subsystem
in the Linux kernel.
CVE-2023-36820 (Micronaut Security is a security solution for applications.
Prior to v ...)
NOT-FOR-US: Micronaut Security
CVE-2023-43641 (libcue provides an API for parsing and extracting data from
CUE sheets ...)
- {DSA-5524-1}
+ {DSA-5524-1 DLA-3615-1}
- libcue 2.2.1-4.1
NOTE:
https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj
NOTE: https://www.openwall.com/lists/oss-security/2023/10/09/3
@@ -25502,8 +25534,7 @@ CVE-2023-1945 (Unexpected data returned from the Safe
Browsing API could have le
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1945
CVE-2023-1944 (This vulnerability enables ssh access to minikube container
using a de ...)
NOT-FOR-US: minikube
-CVE-2023-1943
- RESERVED
+CVE-2023-1943 (Privilege Escalation in kOps using GCE/GCP Provider in Gossip
Mode.)
NOT-FOR-US: Kubernetes Operations (kOps)
CVE-2015-10099 (A vulnerability classified as critical has been found in CP
Appointmen ...)
NOT-FOR-US: WordPress plugin
@@ -25809,8 +25840,8 @@ CVE-2023-29454 (Stored or persistent cross-site
scripting (XSS) is a type of XSS
[bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-22985
-CVE-2023-29453
- RESERVED
+CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript
string ...)
+ TODO: check
CVE-2023-29452 (Currently, geomap configuration (Administration -> General ->
Geograph ...)
- zabbix <unfixed>
[bookworm] - zabbix <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/162b0be9fa499fc5b2f1e87e8d20f674811543a5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/162b0be9fa499fc5b2f1e87e8d20f674811543a5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
