Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f606ee7 by security tracker role at 2023-09-22T20:12:40+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-43640 (TaxonWorks is a web-based workbench designed for taxonomists
and biodi ...)
+ TODO: check
+CVE-2023-43270 (dst-admin v1.5.0 was discovered to contain a remote command
execution ...)
+ TODO: check
+CVE-2023-43144 (Projectworldsl Assets-management-system-in-php 1.0 is
vulnerable to SQ ...)
+ TODO: check
+CVE-2023-42821 (The package `github.com/gomarkdown/markdown` is a Go library
for parsi ...)
+ TODO: check
+CVE-2023-42812 (Galaxy is an open-source platform for FAIR data analysis.
Prior to ver ...)
+ TODO: check
+CVE-2023-42811 (aes-gcm is a pure Rust implementation of the AES-GCM. Starting
in vers ...)
+ TODO: check
+CVE-2023-42798 (AutomataCI is a template git repository equipped with a native
built-i ...)
+ TODO: check
+CVE-2023-41031 (Command injection inhomemng.htminJuplink RX4-1500 versions
V1.0.2,V1.0 ...)
+ TODO: check
+CVE-2023-41029 (Command injection vulnerability in thehomemng.htm
endpointinJuplink RX ...)
+ TODO: check
+CVE-2023-41027 (Credential disclosure in the '/webs/userpasswd.htm' endpoint
in Juplin ...)
+ TODO: check
+CVE-2023-40989 (SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0,
3.5.3 that a ...)
+ TODO: check
+CVE-2023-38346 (An issue was discovered in Wind River VxWorks 6.9 and 7. The
function ...)
+ TODO: check
CVE-2023-5068 (Delta Electronics DIAScreen may write past the end of an
allocated bu ...)
NOT-FOR-US: Delta Electronics
CVE-2023-4774 (The WP-Matomo Integration (WP-Piwik) plugin for WordPress is
vulnerabl ...)
@@ -48,7 +72,7 @@ CVE-2023-31717 (A SQL Injection attack in FUXA <= 1.1.12
allows exfiltration of
NOT-FOR-US: FUXA
CVE-2023-31716 (FUXA <= 1.1.12 has a Local File Inclusion vulnerability via
file=fuxa. ...)
NOT-FOR-US: FUXA
-CVE-2023-5002
+CVE-2023-5002 (A flaw was found in pgAdmin. This issue occurs when the pgAdmin
server ...)
- pgadmin4 <itp> (bug #834129)
CVE-2023-3629
NOT-FOR-US: Infinispan
@@ -299,6 +323,7 @@ CVE-2023-4236 (A flaw in the networking code handling
DNS-over-TLS queries may c
NOTE: https://kb.isc.org/docs/cve-2023-4236
NOTE:
https://gitlab.isc.org/isc-projects/bind9/-/commit/18efa454a98759bf4f3ca806d9a6ef881ff9648d
(v9.18.19)
CVE-2023-3341 (The code that processes control channel messages sent to
`named` calls ...)
+ {DSA-5504-1}
- bind9 1:9.19.17-1 (bug #1052416)
NOTE: https://kb.isc.org/docs/cve-2023-3341
NOTE:
https://gitlab.isc.org/isc-projects/bind9/-/commit/432a49a7b089da6340e56d402034a586bc69f80e
(v9.18.19)
@@ -496,6 +521,7 @@ CVE-2020-36766 (An issue was discovered in the Linux kernel
before 5.8.6. driver
[buster] - linux 4.19.146-1
NOTE:
https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1)
CVE-2023-43770 (Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before
1.6.3 al ...)
+ {DLA-3577-1}
- roundcube 1.6.3+dfsg-1 (bug #1052059)
[bookworm] - roundcube <no-dsa> (Minor issue)
[bullseye] - roundcube <no-dsa> (Minor issue)
@@ -2212,6 +2238,7 @@ CVE-2023-4059 (The Profile Builder WordPress plugin
before 3.9.8 lacks authorisa
CVE-2023-4019 (The Media from FTP WordPress plugin before 11.17 does not
properly lim ...)
NOT-FOR-US: WordPress plugin
CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a
CDP PDU ...)
+ {DLA-3578-1}
- lldpd 1.0.17-1
NOTE: Fixed by:
https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b
(1.0.17)
CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0.
bgp_nlri_parse_f ...)
@@ -6174,7 +6201,7 @@ CVE-2023-32292 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor
PowerF ...)
NOT-FOR-US: Rockwell Automation
-CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
+CVE-2023-34319 (The fix for XSA-423 added logic to Linux'es netback driver to
deal wit ...)
{DSA-5492-1 DSA-5480-1}
- linux 6.4.11-1
NOTE:
https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
@@ -40090,8 +40117,8 @@ CVE-2023-23768
RESERVED
CVE-2023-23767
RESERVED
-CVE-2023-23766
- RESERVED
+CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
+ TODO: check
CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
NOT-FOR-US: Github Enterprise Server
CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub
Enterpr ...)
@@ -54779,8 +54806,7 @@ CVE-2022-4041 (Incorrect Privilege Assignment
vulnerability in Hitachi Storage P
NOT-FOR-US: Hitachi
CVE-2022-4040
RESERVED
-CVE-2022-4039
- RESERVED
+CVE-2022-4039 (A flaw was found in Red Hat Single Sign-On for OpenShift
container ima ...)
NOT-FOR-US: Keycloak
CVE-2022-4038
RESERVED
@@ -56355,8 +56381,7 @@ CVE-2022-3876 (A vulnerability, which was classified as
problematic, has been fo
NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser
Extension Chrome
CVE-2022-3875 (A vulnerability classified as critical was found in Click
Studios Pass ...)
NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser
Extension Chrome
-CVE-2022-3874
- RESERVED
+CVE-2022-3874 (A command injection flaw was found in foreman. This flaw allows
an aut ...)
- foreman <itp> (bug #663101)
CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository
jgraph/drawio pr ...)
NOT-FOR-US: jgraph/drawio
@@ -99230,7 +99255,7 @@ CVE-2022-29507 (Insufficiently protected credentials in
the Intel(R) Team Blue m
NOT-FOR-US: Intel
CVE-2022-29478
RESERVED
-CVE-2022-29470 (Improper access control in the Intel DTT Software before
version 8.7.1 ...)
+CVE-2022-29470 (Improper access control in the Intel\xae DTT Software before
version 8 ...)
NOT-FOR-US: Intel
CVE-2022-28693
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f606ee72475da111673869d7f61986ef5ef9b46
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f606ee72475da111673869d7f61986ef5ef9b46
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
