[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 11 Sep 2023 13:13:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
12e6e598 by security tracker role at 2023-09-11T20:12:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-4881 (A stack based out-of-bounds write flaw was found in the 
netfilter subs ...)
+       TODO: check
+CVE-2023-4318 (The Herd Effects WordPress plugin before 5.2.4 does not have 
CSRF when ...)
+       TODO: check
+CVE-2023-4314 (The wpDataTables WordPress plugin before 2.1.66 does not 
validate the  ...)
+       TODO: check
+CVE-2023-4307 (The Lock User Account WordPress plugin through 1.0.3 does not 
have CSR ...)
+       TODO: check
+CVE-2023-4294 (The URL Shortify WordPress plugin before 1.7.6 does not 
properly escap ...)
+       TODO: check
+CVE-2023-4278 (The MasterStudy LMS WordPress Plugin WordPress plugin before 
3.0.18 do ...)
+       TODO: check
+CVE-2023-4270 (The Min Max Control WordPress plugin before 4.6 does not 
sanitise and  ...)
+       TODO: check
+CVE-2023-4060 (The WP Adminify WordPress plugin before 3.1.6 does not sanitise 
and es ...)
+       TODO: check
+CVE-2023-4022 (The Herd Effects WordPress plugin before 5.2.3 does not 
sanitise and e ...)
+       TODO: check
+CVE-2023-41609 (An open redirect vulnerability in the sanitize_url() parameter 
of Couc ...)
+       TODO: check
+CVE-2023-41593 (Multiple cross-site scripting (XSS) vulnerabilities in Dairy 
Farm Shop ...)
+       TODO: check
+CVE-2023-41336 (ux-autocomplete is a JavaScript Autocomplete functionality for 
Symfony ...)
+       TODO: check
+CVE-2023-41256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration 
versions  ...)
+       TODO: check
+CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) 
attacks in  ...)
+       TODO: check
+CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the 
function  ...)
+       TODO: check
+CVE-2023-40946 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable 
$usernam ...)
+       TODO: check
+CVE-2023-40945 (Sourcecodester Doctor Appointment System 1.0 is vulnerable to 
SQL Inje ...)
+       TODO: check
+CVE-2023-40944 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable 
$schooln ...)
+       TODO: check
+CVE-2023-40786 (HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting 
(XSS) allowi ...)
+       TODO: check
+CVE-2023-40150 (Softneta MedDream PACS does not perform an authentication 
check and pe ...)
+       TODO: check
+CVE-2023-40032 (libvips is a demand-driven, horizontally threaded image 
processing lib ...)
+       TODO: check
+CVE-2023-3612 (Govee Home app has unprotected access to WebView component 
which can b ...)
+       TODO: check
+CVE-2023-3510 (The FTP Access WordPress plugin through 1.0 does not have 
authorisatio ...)
+       TODO: check
+CVE-2023-3170 (The tagDiv Composer WordPress plugin before 4.2, used as a 
companion b ...)
+       TODO: check
+CVE-2023-3169 (The tagDiv Composer WordPress plugin before 4.2, used as a 
companion b ...)
+       TODO: check
+CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an 
authentic ...)
+       TODO: check
+CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in 
plaintext. The ...)
+       TODO: check
+CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to 
execute arbit ...)
+       TODO: check
+CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC 
v.YK_HZXM_NBD80S09S-KLC ...)
+       TODO: check
+CVE-2023-39067 (Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and 
v.5.0 allo ...)
+       TODO: check
+CVE-2023-39063 (Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a 
local at ...)
+       TODO: check
+CVE-2023-38829 (An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote 
attacker ...)
+       TODO: check
+CVE-2023-38743 (Zoho ManageEngine ADManager Plus before Build 7200 allows 
admin users  ...)
+       TODO: check
+CVE-2023-38256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration 
versions  ...)
+       TODO: check
+CVE-2023-36980 (An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause 
the balanc ...)
+       TODO: check
+CVE-2023-36497 (Dover Fueling Solutions MAGLINK LX Web Console Configuration 
versions  ...)
+       TODO: check
+CVE-2023-36161 (An issue was discovered in Qubo Smart Plug 10A version 
HSP02_01_01_14_ ...)
+       TODO: check
+CVE-2023-36140 (In PHPJabbers Cleaning Business Software 1.0, there is no 
encryption o ...)
+       TODO: check
+CVE-2023-31468 (An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 
(Runtime ...)
+       TODO: check
+CVE-2023-2705 (The gAppointments WordPress plugin before 1.10.0 does not 
sanitise and ...)
+       TODO: check
 CVE-2023-4816 (A vulnerability exists in the Equipment Tag Out authentication, 
when c ...)
        TODO: check
 CVE-2023-42471 (The wave.ai.browser application through 1.0.35 for Android 
allows a re ...)
@@ -212,6 +292,7 @@ CVE-2023-41053 (Redis is an in-memory database that 
persists on disk. Redis does
        NOTE: Fixed by: 
https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5 
(7.0.13)
        NOTE: 
https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc
 CVE-2023-40397 (The issue was addressed with improved checks. This issue is 
fixed in m ...)
+       {DSA-5468-1}
        - webkit2gtk 2.40.5-1
        - wpewebkit 2.40.5-1
        [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
@@ -434,6 +515,7 @@ CVE-2023-32425 (The issue was addressed with improved 
memory handling. This issu
 CVE-2023-32379 (A buffer overflow issue was addressed with improved memory 
handling. T ...)
        NOT-FOR-US: Apple
 CVE-2023-32370 (A logic issue was addressed with improved validation. This 
issue is fi ...)
+       {DSA-5396-1}
        - webkit2gtk 2.40.1-1
        - wpewebkit 2.40.2-2
        [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
@@ -1129,7 +1211,7 @@ CVE-2023-4018 (An issue has been discovered in GitLab 
affecting all versions sta
        - gitlab <unfixed>
 CVE-2023-4638
        - gitlab <unfixed>
-CVE-2023-4630
+CVE-2023-4630 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all 
versions fr ...)
        - gitlab <not-affected> (Specific to EE)
@@ -16183,12 +16265,12 @@ CVE-2023-31071 (Unauth. Reflected Cross-Site 
Scripting (XSS) vulnerability in Ya
        NOT-FOR-US: WordPress plugin
 CVE-2023-31070
        RESERVED
-CVE-2023-31069
-       RESERVED
-CVE-2023-31068
-       RESERVED
-CVE-2023-31067
-       RESERVED
+CVE-2023-31069 (An issue was discovered in TSplus Remote Access through 
16.0.2.14. Cre ...)
+       TODO: check
+CVE-2023-31068 (An issue was discovered in TSplus Remote Access through 
16.0.2.14. The ...)
+       TODO: check
+CVE-2023-31067 (An issue was discovered in TSplus Remote Access through 
16.0.2.14. The ...)
+       TODO: check
 CVE-2023-31066 (Files or Directories Accessible to External Parties 
vulnerability in A ...)
        NOT-FOR-US: Apache InLong
 CVE-2023-31065 (Insufficient Session Expiration vulnerability in Apache 
Software Found ...)
@@ -19212,8 +19294,8 @@ CVE-2023-30060
        RESERVED
 CVE-2023-30059
        RESERVED
-CVE-2023-30058
-       RESERVED
+CVE-2023-30058 (novel-plus 3.6.2 is vulnerable to SQL Injection.)
+       TODO: check
 CVE-2023-30057 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
FICO Ori ...)
        NOT-FOR-US: FICO
 CVE-2023-30056 (A session takeover vulnerability exists in FICO Origination 
Manager De ...)
@@ -25314,6 +25396,7 @@ CVE-2023-28200 (A validation issue was addressed with 
improved input sanitizatio
 CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure 
of kern ...)
        NOT-FOR-US: Apple
 CVE-2023-28198 (A use-after-free issue was addressed with improved memory 
management.  ...)
+       {DSA-5396-1}
        - webkit2gtk 2.40.1-1
        - wpewebkit 2.40.2-2
        [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security 
support in Bookworm)
@@ -27738,8 +27821,8 @@ CVE-2023-27472 (quickentity-editor-next is an open 
source, system local, video g
        NOT-FOR-US: quickentity-editor-next
 CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 
through 5. ...)
        NOT-FOR-US: Insyde
-CVE-2023-27470
-       RESERVED
+CVE-2023-27470 (BASupSrvcUpdater.exe in N-able Take Control Agent through 
7.0.41.1141  ...)
+       TODO: check
 CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary 
file de ...)
        NOT-FOR-US: Malwarebytes Anti-Exploit
 CVE-2023-27468
@@ -87312,8 +87395,8 @@ CVE-2022-34240
        RESERVED
 CVE-2022-34239 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
-CVE-2022-34238
-       RESERVED
+CVE-2022-34238 (Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 (and  ...)
+       TODO: check
 CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
@@ -87334,14 +87417,14 @@ CVE-2022-34229 (Adobe Acrobat Reader versions 
22.001.20142 (and earlier), 20.005
        NOT-FOR-US: Adobe
 CVE-2022-34228 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
-CVE-2022-34227
-       RESERVED
+CVE-2022-34227 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
+       TODO: check
 CVE-2022-34226 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34225 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
-CVE-2022-34224
-       RESERVED
+CVE-2022-34224 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
+       TODO: check
 CVE-2022-34223 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
        NOT-FOR-US: Adobe
 CVE-2022-34222 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 
20.005.30334 ...)
@@ -102706,18 +102789,18 @@ CVE-2022-28838 (Acrobat Acrobat Pro DC version 
22.001.2011x (and earlier), 20.00
        NOT-FOR-US: Adobe
 CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 
20.005.3033x (and e ...)
        NOT-FOR-US: Adobe
-CVE-2022-28836
-       RESERVED
-CVE-2022-28835
-       RESERVED
-CVE-2022-28834
-       RESERVED
-CVE-2022-28833
-       RESERVED
-CVE-2022-28832
-       RESERVED
-CVE-2022-28831
-       RESERVED
+CVE-2022-28836 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and 
earlier)  are ...)
+       TODO: check
+CVE-2022-28835 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and 
earlier)  are ...)
+       TODO: check
+CVE-2022-28834 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and 
earlier)  are ...)
+       TODO: check
+CVE-2022-28833 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and 
earlier) ar ...)
+       TODO: check
+CVE-2022-28832 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and 
earlier) ar ...)
+       TODO: check
+CVE-2022-28831 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and 
earlier) ar ...)
+       TODO: check
 CVE-2022-28830 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and 
earlier ...)
        NOT-FOR-US: Adobe
 CVE-2022-28829 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and 
earlier ...)
@@ -111137,6 +111220,7 @@ CVE-2022-25903 (The package opcua from 0.0.0 are 
vulnerable to Denial of Service
 CVE-2022-25902
        RESERVED
 CVE-2022-25901 (Versions of the package cookiejar before 2.1.4 are vulnerable 
to Regul ...)
+       {DLA-3561-1}
        - node-cookiejar 2.1.4+~2.1.2-1
        [bullseye] - node-cookiejar 2.1.2-1+deb11u1
        NOTE: https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
@@ -119830,8 +119914,8 @@ CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site 
Request Forgery (CSRF) in
        NOT-FOR-US: YzmCMS
 CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without 
login, unaut ...)
        NOT-FOR-US: YzmCMS
-CVE-2022-23382
-       RESERVED
+CVE-2022-23382 (Shenzhen Hichip Vision Technology IP Camera Firmware 
V11.4.8.1.1-20170 ...)
+       TODO: check
 CVE-2022-23381
        RESERVED
 CVE-2022-23380 (There is a SQL injection vulnerability in the background of 
taocms 3.0 ...)
@@ -217985,8 +218069,8 @@ CVE-2020-24090
        RESERVED
 CVE-2020-24089
        RESERVED
-CVE-2020-24088
-       RESERVED
+CVE-2020-24088 (An issue was discovered in MmMapIoSpace routine in Foxconn 
Live Update ...)
+       TODO: check
 CVE-2020-24087
        RESERVED
 CVE-2020-24086
@@ -227761,8 +227845,8 @@ CVE-2020-19561
        RESERVED
 CVE-2020-19560
        RESERVED
-CVE-2020-19559
-       RESERVED
+CVE-2020-19559 (An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a 
remote at ...)
+       TODO: check
 CVE-2020-19558
        RESERVED
 CVE-2020-19557
@@ -228287,18 +228371,18 @@ CVE-2020-19325
        RESERVED
 CVE-2020-19324
        RESERVED
-CVE-2020-19323
-       RESERVED
+CVE-2020-19323 (An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 
2.06beta ...)
+       TODO: check
 CVE-2020-19322
        RESERVED
 CVE-2020-19321
        RESERVED
-CVE-2020-19320
-       RESERVED
-CVE-2020-19319
-       RESERVED
-CVE-2020-19318
-       RESERVED
+CVE-2020-19320 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta 
via the ...)
+       TODO: check
+CVE-2020-19319 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta 
via the ...)
+       TODO: check
+CVE-2020-19318 (Buffer Overflow vulnerability in D-Link DIR-605L, hardware 
version AX, ...)
+       TODO: check
 CVE-2020-19317
        RESERVED
 CVE-2020-19316 (OS Command injection vulnerability in function link in 
Filesystem.php  ...)
@@ -286964,10 +287048,10 @@ CVE-2019-16473
        RESERVED
 CVE-2019-16472
        RESERVED
-CVE-2019-16471
-       RESERVED
-CVE-2019-16470
-       RESERVED
+CVE-2019-16471 (Adobe Acrobat Reader versions 2019.021.20056 and earlier are 
affected  ...)
+       TODO: check
+CVE-2019-16470 (Adobe Acrobat Reader versions 2019.021.20056 and earlier are 
affected  ...)
+       TODO: check
 CVE-2019-16469 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 
6.0 hav ...)
        NOT-FOR-US: Adobe Experience Manager
 CVE-2019-16468 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 
6.0 hav ...)
@@ -314441,8 +314525,8 @@ CVE-2019-7821 (Adobe Acrobat and Reader versions 
2019.010.20100 and earlier, 201
        NOT-FOR-US: Adobe
 CVE-2019-7820 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 
2019.010 ...)
        NOT-FOR-US: Adobe
-CVE-2019-7819
-       RESERVED
+CVE-2019-7819 (Adobe Acrobat Reader versions 2019.010.20098 and earlier are 
affected  ...)
+       TODO: check
 CVE-2019-7818 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 
2019.010 ...)
        NOT-FOR-US: Adobe
 CVE-2019-7817 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 
2019.010 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12e6e5982d613c13e960329386e06681915cc999

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12e6e5982d613c13e960329386e06681915cc999
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to