[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 22 Sep 2023 01:24:55 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1a0b402b by security tracker role at 2023-09-22T08:24:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-5068 (Delta Electronics DIAScreen may write past the end of an 
allocated  bu ...)
+       TODO: check
+CVE-2023-4774 (The WP-Matomo Integration (WP-Piwik) plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2023-4716 (The Media Library Assistant plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2023-43784 (Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields 
that are ...)
+       TODO: check
+CVE-2023-43783 (Cadence through 0.9.2 2023-08-21 uses an Insecure 
/tmp/cadence-wineasi ...)
+       TODO: check
+CVE-2023-43782 (Cadence through 0.9.2 2023-08-21 uses an Insecure 
/tmp/.cadence-aloop- ...)
+       TODO: check
+CVE-2023-43771 (In nqptp-message-handlers.c in nqptp before 1.2.3, crafted 
packets rec ...)
+       TODO: check
+CVE-2023-43767 (Certain WithSecure products allow Denial of Service via the 
aepack arc ...)
+       TODO: check
+CVE-2023-43766 (Certain WithSecure products allow Local privilege escalation 
via the l ...)
+       TODO: check
+CVE-2023-43765 (Certain WithSecure products allow Denial of Service in the 
aeelf compo ...)
+       TODO: check
+CVE-2023-43764 (Certain WithSecure products allow Unauthenticated Remote Code 
Executio ...)
+       TODO: check
+CVE-2023-43763 (Certain WithSecure products allow XSS via an unvalidated 
parameter in  ...)
+       TODO: check
+CVE-2023-43762 (Certain WithSecure products allow Unauthenticated Remote Code 
Executio ...)
+       TODO: check
+CVE-2023-43761 (Certain WithSecure products allow Denial of Service (infinite 
loop). T ...)
+       TODO: check
+CVE-2023-43760 (Certain WithSecure products allow Denial of Service via a 
fuzzed PE32  ...)
+       TODO: check
+CVE-2023-43128 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 
is vulner ...)
+       TODO: check
+CVE-2023-42261 (Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable 
to Insec ...)
+       TODO: check
+CVE-2023-41616 (A reflected cross-site scripting (XSS) vulnerability in the 
Search Stu ...)
+       TODO: check
+CVE-2023-41614 (A stored cross-site scripting (XSS) vulnerability in the Add 
Animal De ...)
+       TODO: check
+CVE-2023-38344 (An issue was discovered in Ivanti Endpoint Manager before 2022 
SU4. A  ...)
+       TODO: check
+CVE-2023-38343 (An XXE (XML external entity injection) vulnerability exists in 
the CSE ...)
+       TODO: check
+CVE-2023-31719 (FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.)
+       TODO: check
+CVE-2023-31718 (FUXA <= 1.1.12 is vulnerable to Local via Inclusion via 
/api/download.)
+       TODO: check
+CVE-2023-31717 (A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration 
of confid ...)
+       TODO: check
+CVE-2023-31716 (FUXA <= 1.1.12 has a Local File Inclusion vulnerability via 
file=fuxa. ...)
+       TODO: check
 CVE-2023-5002
        - pgadmin4 <itp> (bug #834129)
 CVE-2023-3629
@@ -58,7 +108,7 @@ CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory 
Traversal. The download
        TODO: check
 CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
        NOT-FOR-US: Dreamer CMS
-CVE-2023-41993 (The issue was addressed with improved checks. This issue is 
fixed in S ...)
+CVE-2023-41993 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
        TODO: check
 CVE-2023-41992 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
        TODO: check
@@ -227,7 +277,7 @@ CVE-2023-34047 (A batch loader function in Spring for 
GraphQL versions 1.1.0 - 1
        TODO: check
 CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application 
allows an ...)
        NOT-FOR-US: PaperCutNG
-CVE-2023-4504 [Postscript parsing heap-based buffer overflow]
+CVE-2023-4504 (Due to failure in validating the length provided by an 
attacker-crafte ...)
        - cups 2.4.2-6
        [bookworm] - cups <no-dsa> (Minor issue)
        [bullseye] - cups <no-dsa> (Minor issue)
@@ -440,7 +490,7 @@ CVE-2020-36766 (An issue was discovered in the Linux kernel 
before 5.8.6. driver
        - linux 5.8.7-1
        [buster] - linux 4.19.146-1
        NOTE: 
https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1)
-CVE-2023-43770 (cross-site scripting (XSS) vulnerability in handling of 
linkrefs in plain text messages)
+CVE-2023-43770 (Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 
1.6.3 al ...)
        - roundcube 1.6.3+dfsg-1 (bug #1052059)
        [bookworm] - roundcube <no-dsa> (Minor issue)
        [bullseye] - roundcube <no-dsa> (Minor issue)
@@ -537,7 +587,7 @@ CVE-2023-43091 [Code injection via service.json file]
        NOTE: https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588
        NOTE: Introduced with merge: 
https://gitlab.gnome.org/GNOME/gnome-maps/-/merge_requests/227 (v43.alpha)
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea
 (v45.rc)
-CVE-2023-43090 [Screenshot tool allows viewing open windows when session is 
locked]
+CVE-2023-43090 (A vulnerability was found in GNOME Shell. GNOME Shell's lock 
screen al ...)
        {DSA-5501-1}
        - gnome-shell 44.5-1 (bug #1052067)
        [bullseye] - gnome-shell <not-affected> (Vulnerable code introduced in 
42.beta)
@@ -41374,12 +41424,12 @@ CVE-2023-23366
        RESERVED
 CVE-2023-23365
        RESERVED
-CVE-2023-23364
-       RESERVED
-CVE-2023-23363
-       RESERVED
-CVE-2023-23362
-       RESERVED
+CVE-2023-23364 (A buffer copy without checking size of input vulnerability has 
been re ...)
+       TODO: check
+CVE-2023-23363 (A buffer copy without checking size of input vulnerability has 
been re ...)
+       TODO: check
+CVE-2023-23362 (An OS command injection vulnerability has been reported to 
affect QNAP ...)
+       TODO: check
 CVE-2023-23361
        RESERVED
 CVE-2023-23360



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0b402bd3cae8e88269efd1763a2f73710d91a6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0b402bd3cae8e88269efd1763a2f73710d91a6
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to