[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 24 21:12:18 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f512bb00 by security tracker role at 2023-08-24T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-4420 (A remote unprivileged attacker can intercept the communication via e.g ...)
+	TODO: check
+CVE-2023-4419 (The LMS5xx uses hard-coded credentials, which potentially allow low-sk ...)
+	TODO: check
+CVE-2023-4418 (A remote unprivileged attacker can sent multiple packages to the LMS5x ...)
+	TODO: check
+CVE-2023-40904 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-40902 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-40901 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-40900 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40899 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40898 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40897 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40896 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40895 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40894 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40893 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40892 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40891 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a  ...)
+	TODO: check
+CVE-2023-40877 (DedeCMS up to and including 5.7.110 was discovered to contain a cross- ...)
+	TODO: check
+CVE-2023-40876 (DedeCMS up to and including 5.7.110 was discovered to contain a cross- ...)
+	TODO: check
+CVE-2023-40875 (DedeCMS up to and including 5.7.110 was discovered to contain multiple ...)
+	TODO: check
+CVE-2023-40874 (DedeCMS up to and including 5.7.110 was discovered to contain multiple ...)
+	TODO: check
+CVE-2023-40710 (An adversary could cause a continuous restart loop to the entire devic ...)
+	TODO: check
+CVE-2023-40709 (An adversary could crash the entire device by sending a large quantity ...)
+	TODO: check
+CVE-2023-40708 (The File Transfer Protocol (FTP) port is open by default in the SNAP P ...)
+	TODO: check
+CVE-2023-40707 (There are no requirements for setting a complex password in the built- ...)
+	TODO: check
+CVE-2023-40706 (There is no limit on the number of login attempts in the web server fo ...)
+	TODO: check
+CVE-2023-40371 (IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non- ...)
+	TODO: check
+CVE-2023-39834 (PbootCMS below v3.2.0 was discovered to contain a command injection vu ...)
+	TODO: check
+CVE-2023-39801 (A lack of exception handling in the Renault Easy Link Multimedia Syste ...)
+	TODO: check
+CVE-2023-34973 (An insufficient entropy vulnerability has been reported to affect QNAP ...)
+	TODO: check
+CVE-2023-34972 (A cleartext transmission of sensitive information vulnerability has be ...)
+	TODO: check
+CVE-2023-34971 (An inadequate encryption strength vulnerability has been reported to a ...)
+	TODO: check
+CVE-2023-34040 (In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and e ...)
+	TODO: check
+CVE-2023-32516 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFo ...)
+	TODO: check
+CVE-2023-32511 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking  ...)
+	TODO: check
+CVE-2023-32510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van ...)
+	TODO: check
+CVE-2023-31412 (The LMS5xx uses weak hash generation methods, resulting in the creatio ...)
+	TODO: check
 CVE-2023-XXXX [tryton-server lack of record validation]
 	- tryton-server 6.0.34-1
 	[bookworm] - tryton-server 6.0.29-2+deb12u1
@@ -3987,11 +4059,13 @@ CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Window
 CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...)
 	NOT-FOR-US: Vasion
 CVE-2023-38289 [libtiff: potential integer overflow in raw2tiff.c]
+	REJECTED
 	{DLA-3513-1}
 	- tiff 4.5.1+git230720-1
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee
 CVE-2023-38288 [libtiff: integer overflow in tiffcp.c]
+	REJECTED
 	{DLA-3513-1}
 	- tiff 4.5.1+git230720-1
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
@@ -46277,8 +46351,8 @@ CVE-2022-46886 (There exists an open redirect within the response list update fu
 CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzin ...)
 	- firefox 106.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46885
-CVE-2022-46884
-	RESERVED
+CVE-2022-46884 (A potential use-after-free vulnerability existed in SVG Images if the  ...)
+	TODO: check
 CVE-2022-46883 (Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight a ...)
 	- firefox 107.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-46883
@@ -73658,6 +73732,7 @@ CVE-2022-38225
 CVE-2022-38224
 	RESERVED
 CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in w3m 0 ...)
+	{DLA-3541-1}
 	- w3m 0.5.3+git20230121-1 (bug #1019599)
 	[bullseye] - w3m 0.5.3+git20210102-6+deb11u1
 	NOTE: https://github.com/tats/w3m/issues/242



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f512bb00e1f936d769d7a563f2b9fba6df488ad7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f512bb00e1f936d769d7a563f2b9fba6df488ad7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230824/dd93ddde/attachment.htm>

More information about the debian-security-tracker-commits mailing list