[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 7 21:12:00 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bc653405 by security tracker role at 2023-08-07T20:11:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2023-4205 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...)
+ TODO: check
+CVE-2023-4201 (A vulnerability was found in SourceCodester Inventory Management Syste ...)
+ TODO: check
+CVE-2023-4200 (A vulnerability has been found in SourceCodester Inventory Management ...)
+ TODO: check
+CVE-2023-4199 (A vulnerability, which was classified as critical, was found in Source ...)
+ TODO: check
+CVE-2023-3896 (Divide By Zero in vim/vim from9.0.1367-1 to9.0.1367-3)
+ TODO: check
+CVE-2023-3671 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15 ...)
+ TODO: check
+CVE-2023-3650 (The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and es ...)
+ TODO: check
+CVE-2023-3575 (The Quiz And Survey Master WordPress plugin before 8.1.11 does not pro ...)
+ TODO: check
+CVE-2023-3524 (The WPCode WordPress plugin before 2.0.13.1 does not escape generated ...)
+ TODO: check
+CVE-2023-3492 (The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF ...)
+ TODO: check
+CVE-2023-3365 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14 ...)
+ TODO: check
+CVE-2023-39550 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0. ...)
+ TODO: check
+CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior to vers ...)
+ TODO: check
+CVE-2023-39520 (Cryptomator encrypts data being stored on cloud infrastructure. The MS ...)
+ TODO: check
+CVE-2023-39363 (Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Ma ...)
+ TODO: check
+CVE-2023-39349 (Sentry is an error tracking and performance monitoring platform. Start ...)
+ TODO: check
+CVE-2023-38940 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were di ...)
+ TODO: check
+CVE-2023-38939 (Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a ...)
+ TODO: check
+CVE-2023-38938 (Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2. ...)
+ TODO: check
+CVE-2023-38937 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06 ...)
+ TODO: check
+CVE-2023-38936 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06. ...)
+ TODO: check
+CVE-2023-38935 (Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, ...)
+ TODO: check
+CVE-2023-38934 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was dis ...)
+ TODO: check
+CVE-2023-38933 (Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC ...)
+ TODO: check
+CVE-2023-38932 (Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2. ...)
+ TODO: check
+CVE-2023-38931 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06 ...)
+ TODO: check
+CVE-2023-38930 (Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC ...)
+ TODO: check
+CVE-2023-38929 (Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via th ...)
+ TODO: check
+CVE-2023-38928 (Netgear R7100LG 1.0.0.78 was discovered to contain a command injection ...)
+ TODO: check
+CVE-2023-38926 (Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow v ...)
+ TODO: check
+CVE-2023-38925 (Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were disc ...)
+ TODO: check
+CVE-2023-38924 (Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow ...)
+ TODO: check
+CVE-2023-38922 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0. ...)
+ TODO: check
+CVE-2023-38921 (Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain ...)
+ TODO: check
+CVE-2023-38704 (`import-in-the-middle` is a module loading interceptor specifically fo ...)
+ TODO: check
+CVE-2023-38591 (Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer o ...)
+ TODO: check
+CVE-2023-38412 (Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer ov ...)
+ TODO: check
+CVE-2023-38392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki ...)
+ TODO: check
+CVE-2023-38157 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2023-38045 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2023-38044 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-36499 (Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer over ...)
+ TODO: check
+CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a r ...)
+ TODO: check
+CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...)
+ TODO: check
+CVE-2023-34477 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-34476 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-32783 (The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 a ...)
+ TODO: check
+CVE-2023-32090 (Pega platform clients who are using versions 6.1 through 7.3.1 may be ...)
+ TODO: check
+CVE-2023-2843 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14 ...)
+ TODO: check
CVE-2023-4193 (A vulnerability has been found in SourceCodester Resort Reservation Sy ...)
NOT-FOR-US: SourceCodester Resort Reservation System
CVE-2023-4192 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -135,7 +233,7 @@ CVE-2023-39379 (Fujitsu Software Infrastructure Manager (ISM) stores sensitive i
NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM)
CVE-2023-39344 (social-media-skeleton is an uncompleted social media project. A SQL in ...)
NOT-FOR-US: social-media-skeleton
-CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path trave ...)
+CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traver ...)
NOT-FOR-US: PaperCut
CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion vulnerability in th ...)
NOT-FOR-US: ECShop
@@ -282,7 +380,7 @@ CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compile
NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2
NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497
NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87
-CVE-2023-4147 [netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID]
+CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s Netfilter f ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 (6.5-rc4)
@@ -662,6 +760,7 @@ CVE-2023-38560 (An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174cb25a0cd44a1c0706c2ed73fc95bef
NOTE: Issue in PCL support shipped sourcewise in src:ghostscript
CVE-2023-38559 (A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_w ...)
+ {DLA-3519-1}
- ghostscript <unfixed> (bug #1043033)
[bookworm] - ghostscript <postponed> (Minor issue; can be batched together in a later update)
[bullseye] - ghostscript <postponed> (Minor issue; can be batched together in a later update)
@@ -963,7 +1062,7 @@ CVE-2023-32226 (Sysaid - CWE-552: Files or Directories Accessible to External P
NOT-FOR-US: SysAid
CVE-2023-32225 (Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A ...)
NOT-FOR-US: SysAid
-CVE-2023-4012 [crash on NTS requests]
+CVE-2023-4012 (ntpd will crash if the server is not NTS-enabled (no certificate) and ...)
{DSA-5466-1}
- ntpsec 1.2.2+dfsg1-2 (bug #1038422)
[bullseye] - ntpsec <not-affected> (Vulnerable code introduced later)
@@ -6387,6 +6486,7 @@ CVE-2023-34750 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulne
CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-fil ...)
NOT-FOR-US: ujcms
CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows attackers to ca ...)
+ {DSA-5471-1 DLA-3520-1}
- libhtmlcleaner-java 2.29-1
NOTE: https://github.com/amplafi/htmlcleaner/issues/13
CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to cause a de ...)
@@ -14040,7 +14140,7 @@ CVE-2023-30148
RESERVED
CVE-2023-30147
RESERVED
-CVE-2023-30146 (Assmann Digitus Plug&View IP Camera family allows unauthenticated atta ...)
+CVE-2023-30146 (Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 all ...)
NOT-FOR-US: Assmann Digitus Plug&View IP Camera
CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template I ...)
NOT-FOR-US: Camaleon CMS
@@ -22885,8 +22985,8 @@ CVE-2023-27375
RESERVED
CVE-2023-27374
RESERVED
-CVE-2023-27373
- RESERVED
+CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
+ TODO: check
CVE-2023-27308
RESERVED
CVE-2023-27302
@@ -23234,7 +23334,7 @@ CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type conf
[bullseye] - linux 5.10.178-1
NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97
NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7
-CVE-2023-4194
+CVE-2023-4194 (A flaw was found in the Linux kernel's TUN/TAP functionality. This iss ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/9bc3047374d5bec163e83e743709e23753376f0c (6.5-rc5)
NOTE: https://git.kernel.org/linus/5c9241f3ceab3257abe2923a59950db0dc8bb737 (6.5-rc5)
@@ -30145,8 +30245,8 @@ CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampac
- ampache <removed>
CVE-2023-0605 (The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0604
- RESERVED
+CVE-2023-0604 (The WP Food Manager WordPress plugin before 1.0.4 does not sanitise an ...)
+ TODO: check
CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not properl ...)
@@ -33421,10 +33521,10 @@ CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterpri
NOT-FOR-US: Github Enterprise Server
CVE-2023-23759 (There is a vulnerability in the fizz library prior to v2023.01.30.00 w ...)
NOT-FOR-US: Facebook fizz
-CVE-2023-23758
- RESERVED
-CVE-2023-23757
- RESERVED
+CVE-2023-23758 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2023-23757 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
CVE-2023-23756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Joomla addon
CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of ra ...)
@@ -69021,8 +69121,8 @@ CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.
[bullseye] - inetutils 2:2.0-1+deb11u1
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
NOTE: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
-CVE-2022-38795
- RESERVED
+CVE-2022-38795 (In Gitea through 1.17.1, repo cloning can occur in the migration funct ...)
+ TODO: check
CVE-2022-38794 (Zaver through 2020-12-15 allows directory traversal via the GET /.. su ...)
NOT-FOR-US: Zaver
CVE-2022-38793
@@ -178758,8 +178858,8 @@ CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1
NOT-FOR-US: WordPress plugin
CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allow ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-24916
- RESERVED
+CVE-2021-24916 (The Qubely WordPress plugin before 1.8.6 allows unauthenticated user t ...)
+ TODO: check
CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc65340534c31896d54e11287bc33f0a3e5ab76c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc65340534c31896d54e11287bc33f0a3e5ab76c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230807/7c413de6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list