[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc653405 by security tracker role at 2023-08-07T20:11:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2023-4205 (An out-of-bounds memory access flaw was found in the Linux 
kernel\u201 ...)
+       TODO: check
+CVE-2023-4201 (A vulnerability was found in SourceCodester Inventory 
Management Syste ...)
+       TODO: check
+CVE-2023-4200 (A vulnerability has been found in SourceCodester Inventory 
Management  ...)
+       TODO: check
+CVE-2023-4199 (A vulnerability, which was classified as critical, was found in 
Source ...)
+       TODO: check
+CVE-2023-3896 (Divide By Zero in vim/vim from9.0.1367-1 to9.0.1367-3)
+       TODO: check
+CVE-2023-3671 (The MultiParcels Shipping For WooCommerce WordPress plugin 
before 1.15 ...)
+       TODO: check
+CVE-2023-3650 (The Bubble Menu WordPress plugin before 3.0.5 does not sanitize 
and es ...)
+       TODO: check
+CVE-2023-3575 (The Quiz And Survey Master WordPress plugin before 8.1.11 does 
not pro ...)
+       TODO: check
+CVE-2023-3524 (The WPCode WordPress plugin before 2.0.13.1 does not escape 
generated  ...)
+       TODO: check
+CVE-2023-3492 (The WP Shopping Pages WordPress plugin through 1.14 does not 
have CSRF ...)
+       TODO: check
+CVE-2023-3365 (The MultiParcels Shipping For WooCommerce WordPress plugin 
before 1.14 ...)
+       TODO: check
+CVE-2023-39550 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 
v0.4.0. ...)
+       TODO: check
+CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior 
to vers ...)
+       TODO: check
+CVE-2023-39520 (Cryptomator encrypts data being stored on cloud 
infrastructure. The MS ...)
+       TODO: check
+CVE-2023-39363 (Vyer is a Pythonic Smart Contract Language for the Ethereum 
Virtual Ma ...)
+       TODO: check
+CVE-2023-39349 (Sentry is an error tracking and performance monitoring 
platform. Start ...)
+       TODO: check
+CVE-2023-38940 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) 
were di ...)
+       TODO: check
+CVE-2023-38939 (Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-38938 (Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and 
FH1202 V1.2. ...)
+       TODO: check
+CVE-2023-38937 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 
V16.03.34.06 ...)
+       TODO: check
+CVE-2023-38936 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 
V15.03.06. ...)
+       TODO: check
+CVE-2023-38935 (Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 
V15.03.06.28, ...)
+       TODO: check
+CVE-2023-38934 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) 
was dis ...)
+       TODO: check
+CVE-2023-38933 (Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 
V2.0.1.6, AC ...)
+       TODO: check
+CVE-2023-38932 (Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and 
FH1202 V1.2. ...)
+       TODO: check
+CVE-2023-38931 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 
V16.03.34.06 ...)
+       TODO: check
+CVE-2023-38930 (Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 
V1.0,V15.03.06.28, AC ...)
+       TODO: check
+CVE-2023-38929 (Tenda 4G300 v1.01.42 was discovered to contain a stack 
overflow via th ...)
+       TODO: check
+CVE-2023-38928 (Netgear R7100LG 1.0.0.78 was discovered to contain a command 
injection ...)
+       TODO: check
+CVE-2023-38926 (Netgear EX6200 v1.0.3.94 was discovered to contain a buffer 
overflow v ...)
+       TODO: check
+CVE-2023-38925 (Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 
were disc ...)
+       TODO: check
+CVE-2023-38924 (Netgear DGN3500 1.1.00.37 was discovered to contain a buffer 
overflow  ...)
+       TODO: check
+CVE-2023-38922 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 
v0.4.0. ...)
+       TODO: check
+CVE-2023-38921 (Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to 
contain ...)
+       TODO: check
+CVE-2023-38704 (`import-in-the-middle` is a module loading interceptor 
specifically fo ...)
+       TODO: check
+CVE-2023-38591 (Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple 
buffer o ...)
+       TODO: check
+CVE-2023-38412 (Netgear R6900P v1.3.3.154 was discovered to contain multiple 
buffer ov ...)
+       TODO: check
+CVE-2023-38392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Hiroaki  ...)
+       TODO: check
+CVE-2023-38157 (Microsoft Edge (Chromium-based) Security Feature Bypass 
Vulnerability)
+       TODO: check
+CVE-2023-38045 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2023-38044 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-36499 (Netgear XR300 v1.0.3.78 was discovered to contain multiple 
buffer over ...)
+       TODO: check
+CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8 
allows a r ...)
+       TODO: check
+CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 
1.20.2 an ...)
+       TODO: check
+CVE-2023-34477 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-34476 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-32783 (The event analysis component in Zoho ManageEngine ADAudit Plus 
7.1.1 a ...)
+       TODO: check
+CVE-2023-32090 (Pega platform clients who are using versions 6.1 through 7.3.1 
may be  ...)
+       TODO: check
+CVE-2023-2843 (The MultiParcels Shipping For WooCommerce WordPress plugin 
before 1.14 ...)
+       TODO: check
 CVE-2023-4193 (A vulnerability has been found in SourceCodester Resort 
Reservation Sy ...)
        NOT-FOR-US: SourceCodester Resort Reservation System
 CVE-2023-4192 (A vulnerability, which was classified as critical, was found in 
Source ...)
@@ -135,7 +233,7 @@ CVE-2023-39379 (Fujitsu Software Infrastructure Manager 
(ISM) stores sensitive i
        NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM)
 CVE-2023-39344 (social-media-skeleton is an uncompleted social media project. 
A SQL in ...)
        NOT-FOR-US: social-media-skeleton
-CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to 
path trave ...)
+CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 on Windows allow 
path traver ...)
        NOT-FOR-US: PaperCut
 CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion 
vulnerability in th ...)
        NOT-FOR-US: ECShop
@@ -282,7 +380,7 @@ CVE-2023-38497 (Cargo downloads the Rust project\u2019s 
dependencies and compile
        NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
        NOTE: 
https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497
        NOTE: 
https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87
-CVE-2023-4147 [netfilter: nf_tables: disallow rule addition to bound chain via 
NFTA_RULE_CHAIN_ID]
+CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s 
Netfilter f ...)
        - linux <unfixed>
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 (6.5-rc4)
@@ -662,6 +760,7 @@ CVE-2023-38560 (An integer overflow flaw was found in 
pcl/pl/plfont.c:418 in pl_
        NOTE: 
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174cb25a0cd44a1c0706c2ed73fc95bef
        NOTE: Issue in PCL support shipped sourcewise in src:ghostscript
 CVE-2023-38559 (A buffer overflow flaw was found in base/gdevdevn.c:1973 in 
devn_pcx_w ...)
+       {DLA-3519-1}
        - ghostscript <unfixed> (bug #1043033)
        [bookworm] - ghostscript <postponed> (Minor issue; can be batched 
together in a later update)
        [bullseye] - ghostscript <postponed> (Minor issue; can be batched 
together in a later update)
@@ -963,7 +1062,7 @@ CVE-2023-32226 (Sysaid -  CWE-552: Files or Directories 
Accessible to External P
        NOT-FOR-US: SysAid
 CVE-2023-32225 (Sysaid - CWE-434: Unrestricted Upload of File with Dangerous 
Type -  A ...)
        NOT-FOR-US: SysAid
-CVE-2023-4012 [crash on NTS requests]
+CVE-2023-4012 (ntpd will crash if the server is not NTS-enabled (no 
certificate) and  ...)
        {DSA-5466-1}
        - ntpsec 1.2.2+dfsg1-2 (bug #1038422)
        [bullseye] - ntpsec <not-affected> (Vulnerable code introduced later)
@@ -6387,6 +6486,7 @@ CVE-2023-34750 (bloofox v0.5.2.1 was discovered to 
contain a SQL injection vulne
 CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via 
/api/backend/core/web-fil ...)
        NOT-FOR-US: ujcms
 CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows 
attackers to ca ...)
+       {DSA-5471-1 DLA-3520-1}
        - libhtmlcleaner-java 2.29-1
        NOTE: https://github.com/amplafi/htmlcleaner/issues/13
 CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to 
cause a de ...)
@@ -14040,7 +14140,7 @@ CVE-2023-30148
        RESERVED
 CVE-2023-30147
        RESERVED
-CVE-2023-30146 (Assmann Digitus Plug&View IP Camera family allows 
unauthenticated atta ...)
+CVE-2023-30146 (Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 
2.000.022 all ...)
        NOT-FOR-US: Assmann Digitus Plug&View IP Camera
 CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side 
Template I ...)
        NOT-FOR-US: Camaleon CMS
@@ -22885,8 +22985,8 @@ CVE-2023-27375
        RESERVED
 CVE-2023-27374
        RESERVED
-CVE-2023-27373
-       RESERVED
+CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 
through 5. ...)
+       TODO: check
 CVE-2023-27308
        RESERVED
 CVE-2023-27302
@@ -23234,7 +23334,7 @@ CVE-2023-1077 (In the Linux kernel, 
pick_next_rt_entity() may return a type conf
        [bullseye] - linux 5.10.178-1
        NOTE: 
https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
        NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
-CVE-2023-4194
+CVE-2023-4194 (A flaw was found in the Linux kernel's TUN/TAP functionality. 
This iss ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/9bc3047374d5bec163e83e743709e23753376f0c (6.5-rc5)
        NOTE: 
https://git.kernel.org/linus/5c9241f3ceab3257abe2923a59950db0dc8bb737 (6.5-rc5)
@@ -30145,8 +30245,8 @@ CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected 
in GitHub repository ampac
        - ampache <removed>
 CVE-2023-0605 (The Auto Rename Media On Upload WordPress plugin before 1.1.0 
does not ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-0604
-       RESERVED
+CVE-2023-0604 (The WP Food Manager WordPress plugin before 1.0.4 does not 
sanitise an ...)
+       TODO: check
 CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does 
not have ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not 
properl ...)
@@ -33421,10 +33521,10 @@ CVE-2023-23760 (A path traversal vulnerability was 
identified in GitHub Enterpri
        NOT-FOR-US: Github Enterprise Server
 CVE-2023-23759 (There is a vulnerability in the fizz library prior to 
v2023.01.30.00 w ...)
        NOT-FOR-US: Facebook fizz
-CVE-2023-23758
-       RESERVED
-CVE-2023-23757
-       RESERVED
+CVE-2023-23758 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-23757 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
 CVE-2023-23756 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: Joomla addon
 CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The 
lack of ra ...)
@@ -69021,8 +69121,8 @@ CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, 
MIT krb5-appl through 1.0.
        [bullseye] - inetutils 2:2.0-1+deb11u1
        NOTE: 
https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
        NOTE: 
https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
-CVE-2022-38795
-       RESERVED
+CVE-2022-38795 (In Gitea through 1.17.1, repo cloning can occur in the 
migration funct ...)
+       TODO: check
 CVE-2022-38794 (Zaver through 2020-12-15 allows directory traversal via the 
GET /.. su ...)
        NOT-FOR-US: Zaver
 CVE-2022-38793
@@ -178758,8 +178858,8 @@ CVE-2021-24918 (The Smash Balloon Social Post Feed 
WordPress plugin before 4.0.1
        NOT-FOR-US: WordPress plugin
 CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug 
which allow ...)
        NOT-FOR-US: WordPress plugin
-CVE-2021-24916
-       RESERVED
+CVE-2021-24916 (The Qubely WordPress plugin before 1.8.6 allows 
unauthenticated user t ...)
+       TODO: check
 CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not 
have cap ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not 
have capa ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc65340534c31896d54e11287bc33f0a3e5ab76c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc65340534c31896d54e11287bc33f0a3e5ab76c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits