[Git][security-tracker-team/security-tracker][master] automatic update

Tue, 28 Nov 2023 00:21:41 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
94a863e9 by security tracker role at 2023-11-28T08:21:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2024-0070
+       REJECTED
+CVE-2024-0069
+       REJECTED
+CVE-2023-6226 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for 
WordPre ...)
+       TODO: check
+CVE-2023-6225 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for 
WordPre ...)
+       TODO: check
+CVE-2023-6219 (The BookingPress plugin for WordPress is vulnerable to 
arbitrary file  ...)
+       TODO: check
+CVE-2023-5960 (An improper privilege management vulnerability in the hotspot 
feature  ...)
+       TODO: check
+CVE-2023-5885 (The discontinued FFS Colibri product allows a remote user to 
access fi ...)
+       TODO: check
+CVE-2023-5797 (An improper privilege management vulnerability in the debug CLI 
comman ...)
+       TODO: check
+CVE-2023-5773
+       REJECTED
+CVE-2023-5650 (An improper privilege management vulnerability in the ZySH of 
the Zyxe ...)
+       TODO: check
+CVE-2023-4667 (The web interface of the PAC Device allows the device 
administrator us ...)
+       TODO: check
+CVE-2023-4398 (An integer overflow vulnerability in the source code of the 
QuickSec I ...)
+       TODO: check
+CVE-2023-4397 (A buffer overflow vulnerability in the Zyxel ATP series 
firmware versi ...)
+       TODO: check
+CVE-2023-4226 (Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in 
Chamilo  ...)
+       TODO: check
+CVE-2023-4225 (Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` 
in Cham ...)
+       TODO: check
+CVE-2023-4224 (Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` 
in Chami ...)
+       TODO: check
+CVE-2023-4223 (Unrestricted file upload in `/main/inc/ajax/document.ajax.php` 
in Cham ...)
+       TODO: check
+CVE-2023-4222 (Command injection in 
`main/lp/openoffice_text_document.class.php` in C ...)
+       TODO: check
+CVE-2023-4221 (Command injection in 
`main/lp/openoffice_presentation.class.php` in Ch ...)
+       TODO: check
+CVE-2023-4220 (Unrestricted file upload in big file upload functionality in 
`/main/in ...)
+       TODO: check
+CVE-2023-49145 (Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON 
Process ...)
+       TODO: check
+CVE-2023-49075 (The Admin Classic Bundle provides a Backend UI for Pimcore. 
`AdminBund ...)
+       TODO: check
+CVE-2023-49044 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows 
a remote ...)
+       TODO: check
+CVE-2023-49030 (SQL Injection vulnerability in32ns KLive v.2019-1-19 and 
before allows ...)
+       TODO: check
+CVE-2023-48713 (Knative Serving builds on Kubernetes to support deploying and 
serving  ...)
+       TODO: check
+CVE-2023-48188 (SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 
thru v.4 ...)
+       TODO: check
+CVE-2023-48034 (An issue discovered in Acer Wireless Keyboard SK-9662 allows 
attacker  ...)
+       TODO: check
+CVE-2023-48023 (Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the 
vendor' ...)
+       TODO: check
+CVE-2023-48022 (Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to 
execute arbit ...)
+       TODO: check
+CVE-2023-47503 (An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker 
to exec ...)
+       TODO: check
+CVE-2023-47437 (A vulnerability has been identified in Pachno 1.0.6 allowing 
an authen ...)
+       TODO: check
+CVE-2023-46480 (An issue in OwnCast v.0.1.1 allows a remote attacker to 
execute arbitr ...)
+       TODO: check
+CVE-2023-46355 (In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl 
Modules for P ...)
+       TODO: check
+CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" 
(updateprod ...)
+       TODO: check
+CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in 
the next_ ...)
+       TODO: check
+CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox 
v.1.36.1 via  ...)
+       TODO: check
+CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows 
attackers to ...)
+       TODO: check
+CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf 
function in ...)
+       TODO: check
+CVE-2023-3545 (Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in 
Chamilo  ...)
+       TODO: check
+CVE-2023-3533 (Path traversal in file upload functionality in 
`/main/webservices/addi ...)
+       TODO: check
+CVE-2023-3368 (Command injection in 
`/main/webservices/additional_webservices.php` in ...)
+       TODO: check
+CVE-2023-37926 (A buffer overflow vulnerability in the Zyxel ATP series 
firmware versi ...)
+       TODO: check
+CVE-2023-37925 (An improper privilege management vulnerability in the debug 
CLI comman ...)
+       TODO: check
+CVE-2023-35139 (A cross-site scripting (XSS) vulnerability in the CGI program 
of the Z ...)
+       TODO: check
+CVE-2023-35136 (An improper input validation vulnerability in the 
\u201cQuagga\u201d p ...)
+       TODO: check
+CVE-2023-34054 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 
and versi ...)
+       TODO: check
+CVE-2023-34053 (In Spring Framework versions 6.0.0 - 6.0.13, it is possible 
for a user ...)
+       TODO: check
+CVE-2023-32065 (OroCommerce is an open-source Business to Business Commerce 
applicatio ...)
+       TODO: check
+CVE-2023-32064 (OroCommerce package with customer portal and non authenticated 
visitor ...)
+       TODO: check
+CVE-2023-32063 (OroCalendarBundle enables a Calendar feature and related 
functionality ...)
+       TODO: check
+CVE-2023-32062 (OroPlatform is a package that assists system and user calendar 
managem ...)
+       TODO: check
 CVE-2023-6329 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on 
[PLATF ...)
        NOT-FOR-US: Control iD iDSecure
 CVE-2023-6287 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance 
before ...)
@@ -7033,6 +7135,7 @@ CVE-2023-45856 (qdPM 9.2 allows remote code execution by 
using the Add Attachmen
 CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and 
directories by n ...)
        NOT-FOR-US: qdPM
 CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and 
resultant heap ...)
+       {DLA-3670-1}
        - zlib 1:1.3.dfsg-2 (bug #1054290)
        [bookworm] - zlib <ignored> (contrib/minizip not built and producing 
binary packages)
        [bullseye] - zlib <ignored> (contrib/minizip not built and producing 
binary packages)
@@ -30411,8 +30514,7 @@ CVE-2023-30587
 CVE-2023-30586 (A privilege escalation vulnerability exists in Node.js 20 that 
allowed ...)
        - nodejs <not-affected> (Vulnerable code introduced in 20.x)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#openssl-engines-can-be-used-to-bypass-the-permission-model-medium-cve-2023-30586
-CVE-2023-30585
-       RESERVED
+CVE-2023-30585 (A vulnerability has been identified in the Node.js (.msi 
version) inst ...)
        - nodejs <not-affected> (Only affects installation process on Windows)
        NOTE: 
https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#privilege-escalation-via-malicious-registry-key-manipulation-during-nodejs-installer-repair-process-medium-cve-2023-30585
 CVE-2023-30584
@@ -32576,8 +32678,8 @@ CVE-2023-29772 (A Cross-site scripting (XSS) 
vulnerability in the System Log/Gen
        NOT-FOR-US: ASUS
 CVE-2023-29771
        RESERVED
-CVE-2023-29770
-       RESERVED
+CVE-2023-29770 (In Sentrifugo 3.5, the AssetsController::uploadsaveAction 
function all ...)
+       TODO: check
 CVE-2023-29769
        RESERVED
 CVE-2023-29768
@@ -50535,8 +50637,8 @@ CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum 
Cryptography Selected Algori
        NOT-FOR-US: CRYSTALS-DILITHIUM
 CVE-2023-24024
        RESERVED
-CVE-2023-24023
-       RESERVED
+CVE-2023-24023 (Bluetooth BR/EDR devices with Secure Simple Pairing and Secure 
Connect ...)
+       TODO: check
 CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB 
devices with  ...)
        NOT-FOR-US: Baicells
 CVE-2023-0432 (The web configuration service of the affected device contains 
an authe ...)
@@ -78947,8 +79049,8 @@ CVE-2022-41952 (Synapse before 1.52.0 with URL preview 
functionality enabled wil
        NOTE: https://github.com/matrix-org/synapse/pull/11784
        NOTE: https://github.com/matrix-org/synapse/pull/11936
        NOTE: First bugfix in 1.52.0 but 1.53.0 does fully fix the issue.
-CVE-2022-41951
-       RESERVED
+CVE-2022-41951 (OroPlatform is a PHP Business Application Platform (BAP) 
designed to m ...)
+       TODO: check
 CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning 
tool xray ...)
        NOT-FOR-US: super-xray
 CVE-2022-41949 (DHIS 2 is an open source information system for data capture, 
manageme ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94a863e9a7967bee9ceb9a45357650144cd9bb35

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94a863e9a7967bee9ceb9a45357650144cd9bb35
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to