[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 28 21:17:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8ee6951 by security tracker role at 2023-08-28T20:17:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-41109 (SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Com ...)
+	TODO: check
+CVE-2023-40846 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
+	TODO: check
+CVE-2023-40767 (User enumeration is found in in PHPJabbers Make an Offer Widget v1.0.  ...)
+	TODO: check
+CVE-2023-40766 (User enumeration is found in in PHPJabbers Ticket Support Script v3.2. ...)
+	TODO: check
+CVE-2023-40765 (User enumeration is found in PHPJabbers Event Booking Calendar v4.0. T ...)
+	TODO: check
+CVE-2023-40764 (User enumeration is found in PHP Jabbers Car Rental Script v3.0. This  ...)
+	TODO: check
+CVE-2023-40763 (User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This ...)
+	TODO: check
+CVE-2023-40762 (User enumeration is found in PHPJabbers Fundraising Script v1.0. This  ...)
+	TODO: check
+CVE-2023-40761 (User enumeration is found in PHPJabbers Yacht Listing Script v2.0. Thi ...)
+	TODO: check
+CVE-2023-40760 (User enumeration is found in PHP Jabbers Hotel Booking System v4.0. Th ...)
+	TODO: check
+CVE-2023-40759 (User enumeration is found in PHP Jabbers Restaurant Booking Script v3. ...)
+	TODO: check
+CVE-2023-40758 (User enumeration is found in PHPJabbers Document Creator v1.0. This is ...)
+	TODO: check
+CVE-2023-40757 (User enumeration is found in PHPJabbers Food Delivery Script v3.1. Thi ...)
+	TODO: check
+CVE-2023-40756 (User enumeration is found in PHPJabbers Callback Widget v1.0. This iss ...)
+	TODO: check
+CVE-2023-40755 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...)
+	TODO: check
+CVE-2023-40754 (In PHPJabbers Car Rental Script 3.0, lack of verification when changin ...)
+	TODO: check
+CVE-2023-40753 (There is a Cross Site Scripting (XSS) vulnerability in the message par ...)
+	TODO: check
+CVE-2023-40752 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...)
+	TODO: check
+CVE-2023-40751 (PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripti ...)
+	TODO: check
+CVE-2023-40750 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...)
+	TODO: check
+CVE-2023-40749 (PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in ...)
+	TODO: check
+CVE-2023-40748 (PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnera ...)
+	TODO: check
+CVE-2023-40590 (GitPython is a python library used to interact with Git repositories.  ...)
+	TODO: check
+CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Improper c ...)
+	TODO: check
+CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...)
+	TODO: check
+CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...)
+	TODO: check
+CVE-2023-39708 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...)
+	TODO: check
+CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL ...)
+	TODO: check
+CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create functi ...)
+	TODO: check
+CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...)
+	TODO: check
+CVE-2023-39560 (ECTouch v2 was discovered to contain a SQL injection vulnerability via ...)
+	TODO: check
+CVE-2023-39348 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+	TODO: check
+CVE-2023-39062 (Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 al ...)
+	TODO: check
+CVE-2023-38289
+	REJECTED
+CVE-2023-38288
+	REJECTED
+CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...)
+	TODO: check
+CVE-2023-35785 (Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA byp ...)
+	TODO: check
+CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementa ...)
+	TODO: check
+CVE-2018-25089 (A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki ...)
+	TODO: check
+CVE-2017-20186 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ...)
+	TODO: check
 CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...)
 	NOT-FOR-US: Omeka S
 CVE-2023-4560 (Improper Authorization of Index Containing Sensitive Information in Gi ...)
@@ -6593,7 +6673,8 @@ CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerabi
 	NOT-FOR-US: KodExplorer
 CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows unauthenticated us ...)
 	NOT-FOR-US: Projectworlds Online Art Gallery Project
-CVE-2023-37151 (Sourcecodester Online Pizza Ordering System v1.0 allows the upload of  ...)
+CVE-2023-37151
+	REJECTED
 	NOT-FOR-US: Sourcecodester Online Pizza Ordering System
 CVE-2023-37150 (Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scri ...)
 	NOT-FOR-US: Sourcecodester Online Pizza Ordering System
@@ -15995,8 +16076,8 @@ CVE-2023-1999 (There exists a use after free/double free in libwebp. An attacker
 	NOTE: Fixed by: https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129 (v1.3.1-rc1)
 	NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/187d379db68839f76d1390be291c471f2f66644c (v0.5.0-rc1)
 	NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f (backport; v0.4.2-rc2)
-CVE-2023-1997
-	RESERVED
+CVE-2023-1997 (An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate  ...)
+	TODO: check
 CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPE ...)
 	NOT-FOR-US: 3ds
 CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 and earli ...)
@@ -29176,8 +29257,8 @@ CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unaut
 	NOT-FOR-US: Telindus
 CVE-2023-26096
 	RESERVED
-CVE-2023-26095
-	RESERVED
+CVE-2023-26095 (ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6 ...)
+	TODO: check
 CVE-2023-26094
 	RESERVED
 CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL) injection,  ...)
@@ -47033,8 +47114,8 @@ CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows X
 	NOT-FOR-US: SquaredUp Dashboard Server
 CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open re ...)
 	NOT-FOR-US: SquaredUp Dashboard Server
-CVE-2022-46783
-	RESERVED
+CVE-2022-46783 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If ...)
+	TODO: check
 CVE-2022-46782 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A  ...)
 	NOT-FOR-US: Stormshield SSL VPN Client
 CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
@@ -185519,6 +185600,7 @@ CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open R
 CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
 	NOT-FOR-US: Node dns-packet
 CVE-2021-23385 (This affects all versions of package Flask-Security. When using the ge ...)
+	{DLA-3545-1}
 	- flask-security 5.0.2-1 (bug #1021279)
 	[bullseye] - flask-security 4.0.0-1+deb11u1
 	NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234
@@ -207778,8 +207860,8 @@ CVE-2020-27368 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A
 	NOT-FOR-US: TOTOLINK
 CVE-2020-27367
 	RESERVED
-CVE-2020-27366
-	RESERVED
+CVE-2020-27366 (Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Huma ...)
+	TODO: check
 CVE-2020-27365
 	RESERVED
 CVE-2020-27364
@@ -243618,6 +243700,7 @@ CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url
 CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...)
 	NOT-FOR-US: TestLink
 CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...)
+	{DLA-3546-1}
 	- opendmarc 1.4.0~beta1+dfsg-4 (bug #977767)
 	[stretch] - opendmarc <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://sourceforge.net/p/opendmarc/tickets/237/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8ee6951ec1e66e33a88ddae5a5c53f2f9692639

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8ee6951ec1e66e33a88ddae5a5c53f2f9692639
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230828/5cd0791a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list