[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 15 Nov 2023 12:12:31 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2b12a32c by security tracker role at 2023-11-15T20:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2023-6079
+       REJECTED
+CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly 
sanitize artif ...)
+       TODO: check
+CVE-2023-5676 (In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced 
into an ...)
+       TODO: check
+CVE-2023-5245 (FileUtil.extract() enumerates all zip file entries and extracts 
each f ...)
+       TODO: check
+CVE-2023-4602 (The Namaste! LMS plugin for WordPress is vulnerable to 
Reflected Cross ...)
+       TODO: check
+CVE-2023-48219 (TinyMCE is an open source rich text editor. A mutation 
cross-site scri ...)
+       TODO: check
+CVE-2023-48089 (xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution 
(RCE) via / ...)
+       TODO: check
+CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting 
(XSS) via /x ...)
+       TODO: check
+CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via 
/xxl-job ...)
+       TODO: check
+CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to 
contain a sta ...)
+       TODO: check
+CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to 
contain a dou ...)
+       TODO: check
+CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to 
contain a hea ...)
+       TODO: check
+CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management 
Platform. In af ...)
+       TODO: check
+CVE-2023-47636 (The Pimcore Admin Classic Bundle provides a Backend UI for 
Pimcore. Fu ...)
+       TODO: check
+CVE-2023-41699 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in P ...)
+       TODO: check
+CVE-2023-34982 (This external control vulnerability, if exploited, could allow 
a local ...)
+       TODO: check
+CVE-2023-34062 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 
and versi ...)
+       TODO: check
+CVE-2023-33873 (This privilege escalation vulnerability, if exploited, cloud 
allow a l ...)
+       TODO: check
 CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary 
file up ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-6032 (A CWE-22: Improper Limitation of a Pathname to a Restricted 
Directory  ...)
@@ -230,10 +266,10 @@ CVE-2023-44441 [GIMP DDS File Parsing Heap-based Buffer 
Overflow Remote Code Exe
        NOTE: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/9dda8139e4d07e3a273436eda993fef32555edbe
 (GIMP_2_10_36)
        NOTE: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/e92f279c97282a2b20dca0d923db7465f2057703
 (GIMP_2_10_36)
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10069 (restricted)
-CVE-2023-6112
+CVE-2023-6112 (Use after free in Navigation in Google Chrome prior to 
119.0.6045.159  ...)
        - chromium 119.0.6045.159-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-5997
+CVE-2023-5997 (Use after free in Garbage Collection in Google Chrome prior to 
119.0.6 ...)
        - chromium 119.0.6045.159-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-6131 (Code Injection in GitHub repository salesagility/suitecrm prior 
to 7.1 ...)
@@ -808,6 +844,7 @@ CVE-2023-4804 (Anunauthorized user could access debug 
features in Quantum HD Uni
 CVE-2023-47122 (Gitsign is software for keyless Git signing using Sigstore. In 
version ...)
        - gitsign <itp> (bug #1019518)
 CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to 
undefined ...)
+       {DSA-5555-1}
        - openvpn 2.6.7-1 (bug #1055805)
        [bullseye] - openvpn <not-affected> (Vulnerable code not present)
        [buster] - openvpn <not-affected> (Vulnerable code not present)
@@ -816,6 +853,7 @@ CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 
2.6.6 may lead to und
        NOTE: Introduced by: 
https://github.com/OpenVPN/openvpn/commit/9a7b95fda56127df6de6fe7c60e08fb5b67a9919
 (v2.6_beta1)
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/57a5cd1e12f193927c9b7429f8778fec7e04c50a
 (v2.6.7)
 CVE-2023-46849 (Using the --fragment option in certain configuration setups 
OpenVPN ve ...)
+       {DSA-5555-1}
        - openvpn 2.6.7-1 (bug #1055805)
        [bullseye] - openvpn <not-affected> (Vulnerable code not present)
        [buster] - openvpn <not-affected> (Vulnerable code not present)
@@ -12614,7 +12652,7 @@ CVE-2023-4526
        REJECTED
 CVE-2023-4525
        REJECTED
-CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions 
starting ...)
+CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions 
before 1 ...)
        - gitlab <unfixed>
 CVE-2023-4296 (If an attacker tricks an admin user of PTC Codebeamer into 
clicking on ...)
        NOT-FOR-US: PTC Codebeamer
@@ -13498,7 +13536,7 @@ CVE-2023-39583
 CVE-2023-39441 (Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP 
Provide ...)
        NOT-FOR-US: Apache Airflow SMTP Provider
 CVE-2023-40477
-       {DLA-3543-1 DLA-3542-1}
+       {DLA-3653-1 DLA-3543-1 DLA-3542-1}
        - rar 2:6.23-1
        [bookworm] - rar 2:6.23-1~deb12u1
        [bullseye] - rar 2:6.23-1~deb11u1
@@ -27583,8 +27621,8 @@ CVE-2023-30956 (A security defect was identified in 
Foundry Comments that enable
        NOT-FOR-US: Palantir
 CVE-2023-30955 (A security defect was identified in Foundry workspace-server 
that enab ...)
        NOT-FOR-US: Palantir
-CVE-2023-30954
-       RESERVED
+CVE-2023-30954 (The Gotham video-application-server service contained a race 
condition ...)
+       TODO: check
 CVE-2023-30953
        RESERVED
 CVE-2023-30952 (A security defect was discovered in Foundry Issues that 
enabled users  ...)
@@ -49578,8 +49616,8 @@ CVE-2023-23776 (An exposure of sensitive information to 
an unauthorized actor [C
        NOT-FOR-US: Fortinet
 CVE-2023-23775
        RESERVED
-CVE-2023-23549
-       RESERVED
+CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, 
<=2.0.0p39  ...)
+       TODO: check
 CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, 
<2.1.0p32, ...)
        - check-mk <removed>
 CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated 
attacker ...)
@@ -52980,8 +53018,8 @@ CVE-2023-22820
        RESERVED
 CVE-2023-22819
        RESERVED
-CVE-2023-22818
-       RESERVED
+CVE-2023-22818 (Multiple DLL Search Order Hijack vulnerabilities were 
addressed in the ...)
+       TODO: check
 CVE-2023-22817
        RESERVED
 CVE-2023-22816 (A post-authentication remote command injection vulnerability 
in a CGI  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b12a32c4cb92c3df165662ba7396279a73c1fe5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b12a32c4cb92c3df165662ba7396279a73c1fe5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to