[Git][security-tracker-team/security-tracker][master] automatic update

Thu, 30 Nov 2023 00:12:18 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9ccc48bc by security tracker role at 2023-11-30T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-5772 (The Debug Log Manager plugin for WordPress is vulnerable to 
Cross-Site ...)
+       TODO: check
+CVE-2023-5247 (Malicious Code Execution Vulnerability due to External Control 
of File ...)
+       TODO: check
+CVE-2023-4474 (The improper neutralization of special elements in the WSGI 
server of  ...)
+       TODO: check
+CVE-2023-4473 (A command injection vulnerability in the web server of the 
Zyxel NAS32 ...)
+       TODO: check
+CVE-2023-49701 (Memory Corruption in SIM management while USIMPhase2init)
+       TODO: check
+CVE-2023-49700 (Security best practices violations, a string operation in 
Streamingmed ...)
+       TODO: check
+CVE-2023-49699 (Memory Corruption in IMS while calling VoLTE Streamingmedia 
Interface)
+       TODO: check
+CVE-2023-49694 (A low-privileged OS user with access to a Windows host where 
NETGEAR P ...)
+       TODO: check
+CVE-2023-49693 (NETGEAR ProSAFE Network Management System has Java Debug Wire 
Protocol ...)
+       TODO: check
+CVE-2023-49097 (ZITADEL is an identity infrastructure system. ZITADEL uses the 
notific ...)
+       TODO: check
+CVE-2023-49095 (nexkey is a microblogging platform. Insufficient validation of 
Activit ...)
+       TODO: check
+CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces 
and min ...)
+       TODO: check
+CVE-2023-49087 (xml-security is a library that implements XML signatures and 
encryptio ...)
+       TODO: check
+CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for 
asyncio an ...)
+       TODO: check
+CVE-2023-49077 (Mailcow: dockerized is an open source groupware/email suite 
based on d ...)
+       TODO: check
+CVE-2023-49076 (Customer-data-framework allows management of customer data 
within Pimc ...)
+       TODO: check
+CVE-2023-49052 (File Upload vulnerability in Microweber v.2.0.4 allows a 
remote attack ...)
+       TODO: check
+CVE-2023-48952 (An issue in the box_deserialize_reusing function in openlink 
virtuoso- ...)
+       TODO: check
+CVE-2023-48951 (An issue in the box_equal function in openlink 
virtuoso-opensource v7. ...)
+       TODO: check
+CVE-2023-48950 (An issue in the box_col_len function in openlink 
virtuoso-opensource v ...)
+       TODO: check
+CVE-2023-48949 (An issue in the box_add function in openlink 
virtuoso-opensource v7.2. ...)
+       TODO: check
+CVE-2023-48948 (An issue in the box_div function in openlink 
virtuoso-opensource v7.2. ...)
+       TODO: check
+CVE-2023-48947 (An issue in the cha_cmp function of openlink 
virtuoso-opensource v7.2. ...)
+       TODO: check
+CVE-2023-48946 (An issue in the box_mpy function of openlink 
virtuoso-opensource v7.2. ...)
+       TODO: check
+CVE-2023-48945 (A stack overflow in openlink virtuoso-opensource v7.2.11 
allows attack ...)
+       TODO: check
+CVE-2023-47464 (Insecure Permissions vulnerability in GL.iNet AX1800 version 
4.0.0 bef ...)
+       TODO: check
+CVE-2023-47463 (Insecure Permissions vulnerability in GL.iNet AX1800 version 
4.0.0 bef ...)
+       TODO: check
+CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version 
8.1.2 and be ...)
+       TODO: check
+CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') 
vulnerability i ...)
+       TODO: check
+CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 
and DT900 ...)
+       TODO: check
+CVE-2023-37928 (A post-authentication command injection vulnerability in the 
WSGI serv ...)
+       TODO: check
+CVE-2023-37927 (The improper neutralization of special elements in the CGI 
program of  ...)
+       TODO: check
+CVE-2023-35138 (A command injection vulnerability in the 
\u201cshow_zysync_server_cont ...)
+       TODO: check
+CVE-2023-35137 (An improper authentication vulnerability in the authentication 
module  ...)
+       TODO: check
 CVE-2023-6378 (A serialization vulnerability in logback receiver component 
part of  l ...)
        - logback <unfixed>
        NOTE: https://logback.qos.ch/news.html#1.3.12
@@ -111,7 +181,7 @@ CVE-2023-48848 (An arbitrary file read vulnerability in 
ureport v2.2.9 allows a
        NOT-FOR-US: ureport
 CVE-2023-48121 (An authentication bypass vulnerability in the Direct 
Connection Module ...)
        NOT-FOR-US: Direct Connection Module in Ezviz
-CVE-2023-48042 (Amazzing Filter for Prestashop through 3.2.2 is vulnerable to 
Cross-Si ...)
+CVE-2023-48042 (Cross Site Scripting (XSS) in Search filters in Prestashop 
Amazzing fi ...)
        NOT-FOR-US: Amazzing Filter for Prestashop
 CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, 
which mig ...)
        - haproxy 2.6.15-1
@@ -313,7 +383,7 @@ CVE-2023-4297 (The Mmm Simple File List WordPress plugin 
through 2.3 does not va
        NOT-FOR-US: WordPress plugin
 CVE-2023-4252 (The EventPrime WordPress plugin through 3.2.9 specifies the 
price of a ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-49316 (In Math/BinaryField.php in phpseclib before 3.0.34, 
excessively large  ...)
+CVE-2023-49316 (In Math/BinaryField.php in phpseclib 3 before 3.0.34, 
excessively larg ...)
        - php-phpseclib3 3.0.34-1 (bug #1057008)
        [bookworm] - php-phpseclib3 <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
 (3.0.34)
@@ -77589,18 +77659,18 @@ CVE-2022-42543 (In fdt_path_offset_namelen of 
fdt_ro.c, there is a possible out
        NOT-FOR-US: Android
 CVE-2022-42542 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a 
possible ...)
        NOT-FOR-US: Android
-CVE-2022-42541
-       RESERVED
-CVE-2022-42540
-       RESERVED
-CVE-2022-42539
-       RESERVED
-CVE-2022-42538
-       RESERVED
-CVE-2022-42537
-       RESERVED
-CVE-2022-42536
-       RESERVED
+CVE-2022-42541 (Remote code execution)
+       TODO: check
+CVE-2022-42540 (Elevation of privilege)
+       TODO: check
+CVE-2022-42539 (Information disclosure)
+       TODO: check
+CVE-2022-42538 (Elevation of privilege)
+       TODO: check
+CVE-2022-42537 (Remote code execution)
+       TODO: check
+CVE-2022-42536 (Remote code execution)
+       TODO: check
 CVE-2022-42535 (In a query in MmsSmsProvider.java, there is a possible access 
to restr ...)
        NOT-FOR-US: Android
 CVE-2022-42534 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a 
possible  ...)
@@ -115574,7 +115644,8 @@ CVE-2022-28959 (Multiple cross-site scripting (XSS) 
vulnerabilities in the compo
        NOTE: https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/
        NOTE: 
https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 
(v4.0.0)
        NOTE: 
https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
-CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote 
code execut ...)
+CVE-2022-28958
+       REJECTED
        NOT-FOR-US: D-Link
 CVE-2022-28957
        RESERVED



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ccc48bc26caeba7ef3e0d69a908c7873b09e322

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ccc48bc26caeba7ef3e0d69a908c7873b09e322
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to