[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 28 Aug 2023 13:17:43 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f8ee6951 by security tracker role at 2023-08-28T20:17:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-41109 (SmartNode SN200 (aka SN200) 3.21.2-23021 allows 
unauthenticated OS Com ...)
+       TODO: check
+CVE-2023-40846 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is 
vulnerable to Bu ...)
+       TODO: check
+CVE-2023-40767 (User enumeration is found in in PHPJabbers Make an Offer 
Widget v1.0.  ...)
+       TODO: check
+CVE-2023-40766 (User enumeration is found in in PHPJabbers Ticket Support 
Script v3.2. ...)
+       TODO: check
+CVE-2023-40765 (User enumeration is found in PHPJabbers Event Booking Calendar 
v4.0. T ...)
+       TODO: check
+CVE-2023-40764 (User enumeration is found in PHP Jabbers Car Rental Script 
v3.0. This  ...)
+       TODO: check
+CVE-2023-40763 (User enumeration is found in PHPJabbers Taxi Booking Script 
v2.0. This ...)
+       TODO: check
+CVE-2023-40762 (User enumeration is found in PHPJabbers Fundraising Script 
v1.0. This  ...)
+       TODO: check
+CVE-2023-40761 (User enumeration is found in PHPJabbers Yacht Listing Script 
v2.0. Thi ...)
+       TODO: check
+CVE-2023-40760 (User enumeration is found in PHP Jabbers Hotel Booking System 
v4.0. Th ...)
+       TODO: check
+CVE-2023-40759 (User enumeration is found in PHP Jabbers Restaurant Booking 
Script v3. ...)
+       TODO: check
+CVE-2023-40758 (User enumeration is found in PHPJabbers Document Creator v1.0. 
This is ...)
+       TODO: check
+CVE-2023-40757 (User enumeration is found in PHPJabbers Food Delivery Script 
v3.1. Thi ...)
+       TODO: check
+CVE-2023-40756 (User enumeration is found in PHPJabbers Callback Widget v1.0. 
This iss ...)
+       TODO: check
+CVE-2023-40755 (There is a Cross Site Scripting (XSS) vulnerability in the 
"theme" par ...)
+       TODO: check
+CVE-2023-40754 (In PHPJabbers Car Rental Script 3.0, lack of verification when 
changin ...)
+       TODO: check
+CVE-2023-40753 (There is a Cross Site Scripting (XSS) vulnerability in the 
message par ...)
+       TODO: check
+CVE-2023-40752 (There is a Cross Site Scripting (XSS) vulnerability in the 
"action" pa ...)
+       TODO: check
+CVE-2023-40751 (PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site 
Scripti ...)
+       TODO: check
+CVE-2023-40750 (There is a Cross Site Scripting (XSS) vulnerability in the 
"action" pa ...)
+       TODO: check
+CVE-2023-40749 (PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL 
Injection in ...)
+       TODO: check
+CVE-2023-40748 (PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) 
vulnera ...)
+       TODO: check
+CVE-2023-40590 (GitPython is a python library used to interact with Git 
repositories.  ...)
+       TODO: check
+CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. 
Improper c ...)
+       TODO: check
+CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows 
attackers to ex ...)
+       TODO: check
+CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free 
and Open S ...)
+       TODO: check
+CVE-2023-39708 (A stored cross-site scripting (XSS) vulnerability in Free and 
Open Sou ...)
+       TODO: check
+CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to 
contain a SQL ...)
+       TODO: check
+CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the 
Create functi ...)
+       TODO: check
+CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to 
contain a hea ...)
+       TODO: check
+CVE-2023-39560 (ECTouch v2 was discovered to contain a SQL injection 
vulnerability via ...)
+       TODO: check
+CVE-2023-39348 (Spinnaker is an open source, multi-cloud continuous delivery 
platform. ...)
+       TODO: check
+CVE-2023-39062 (Cross Site Scripting vulnerability in Spipu HTML2PDF before 
v.5.2.8 al ...)
+       TODO: check
+CVE-2023-38289
+       REJECTED
+CVE-2023-38288
+       REJECTED
+CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and 
Wearabl ...)
+       TODO: check
+CVE-2023-35785 (Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 
2FA byp ...)
+       TODO: check
+CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic 
implementa ...)
+       TODO: check
+CVE-2018-25089 (A vulnerability was found in glb Meetup Tag Extension 0.1 on 
MediaWiki ...)
+       TODO: check
+CVE-2017-20186 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 
nikooo777 ...)
+       TODO: check
 CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository 
omeka/omeka-s ...)
        NOT-FOR-US: Omeka S
 CVE-2023-4560 (Improper Authorization of Index Containing Sensitive 
Information in Gi ...)
@@ -6593,7 +6673,8 @@ CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site 
Scripting (XSS) vulnerabi
        NOT-FOR-US: KodExplorer
 CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows 
unauthenticated us ...)
        NOT-FOR-US: Projectworlds Online Art Gallery Project
-CVE-2023-37151 (Sourcecodester Online Pizza Ordering System v1.0 allows the 
upload of  ...)
+CVE-2023-37151
+       REJECTED
        NOT-FOR-US: Sourcecodester Online Pizza Ordering System
 CVE-2023-37150 (Sourcecodester Online Pizza Ordering System v1.0 has a 
Cross-site scri ...)
        NOT-FOR-US: Sourcecodester Online Pizza Ordering System
@@ -15995,8 +16076,8 @@ CVE-2023-1999 (There exists a use after free/double 
free in libwebp. An attacker
        NOTE: Fixed by: 
https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129
 (v1.3.1-rc1)
        NOTE: Introduced by: 
https://github.com/webmproject/libwebp/commit/187d379db68839f76d1390be291c471f2f66644c
 (v0.5.0-rc1)
        NOTE: Introduced by: 
https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f
 (backport; v0.4.2-rc2)
-CVE-2023-1997
-       RESERVED
+CVE-2023-1997 (An OS Command Injection vulnerability exists in SIMULIA 
3DOrchestrate  ...)
+       TODO: check
 CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release 
3DEXPE ...)
        NOT-FOR-US: 3ds
 CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 
and earli ...)
@@ -29176,8 +29257,8 @@ CVE-2023-26097 (An issue was discovered in Telindus 
Apsal 3.14.2022.235 b. Unaut
        NOT-FOR-US: Telindus
 CVE-2023-26096
        RESERVED
-CVE-2023-26095
-       RESERVED
+CVE-2023-26095 (ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 
and 4.6 ...)
+       TODO: check
 CVE-2023-26094
        RESERVED
 CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL) 
injection,  ...)
@@ -47033,8 +47114,8 @@ CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition 
before 5.7.1 GA allows X
        NOT-FOR-US: SquaredUp Dashboard Server
 CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows 
open re ...)
        NOT-FOR-US: SquaredUp Dashboard Server
-CVE-2022-46783
-       RESERVED
+CVE-2022-46783 (An issue was discovered in Stormshield SSL VPN Client before 
3.2.0. If ...)
+       TODO: check
 CVE-2022-46782 (An issue was discovered in Stormshield SSL VPN Client before 
3.2.0. A  ...)
        NOT-FOR-US: Stormshield SSL VPN Client
 CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A 
non-privi ...)
@@ -185519,6 +185600,7 @@ CVE-2021-23387 (The package trailing-slash before 
2.0.1 are vulnerable to Open R
 CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates 
buffers w ...)
        NOT-FOR-US: Node dns-packet
 CVE-2021-23385 (This affects all versions of package Flask-Security. When 
using the ge ...)
+       {DLA-3545-1}
        - flask-security 5.0.2-1 (bug #1021279)
        [bullseye] - flask-security 4.0.0-1+deb11u1
        NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
@@ -207778,8 +207860,8 @@ CVE-2020-27368 (Directory Indexing in Login Portal of 
Login Portal of TOTOLINK-A
        NOT-FOR-US: TOTOLINK
 CVE-2020-27367
        RESERVED
-CVE-2020-27366
-       RESERVED
+CVE-2020-27366 (Cross Site Scripting (XSS) vulnerability in wlscanresults.html 
in Huma ...)
+       TODO: check
 CVE-2020-27365
        RESERVED
 CVE-2020-27364
@@ -243618,6 +243700,7 @@ CVE-2020-12274 (In TestLink 1.9.20, the 
lib/cfields/cfieldsExport.php goback_url
 CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter 
exposes clear ...)
        NOT-FOR-US: TestLink
 CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject 
authentic ...)
+       {DLA-3546-1}
        - opendmarc 1.4.0~beta1+dfsg-4 (bug #977767)
        [stretch] - opendmarc <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://sourceforge.net/p/opendmarc/tickets/237/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8ee6951ec1e66e33a88ddae5a5c53f2f9692639

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8ee6951ec1e66e33a88ddae5a5c53f2f9692639
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to