[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 22 20:12:33 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19d923a0 by security tracker role at 2023-12-22T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2023-7076 (A vulnerability was found in slawkens MyAAC up to 0.8.13. It has been  ...)
+	TODO: check
+CVE-2023-7075 (A vulnerability was found in code-projects Point of Sales and Inventor ...)
+	TODO: check
+CVE-2023-51662 (The Snowflake .NET driver provides an interface to the Microsoft .NET  ...)
+	TODO: check
+CVE-2023-51661 (Wasmer is a WebAssembly runtime that enables containers to run anywher ...)
+	TODO: check
+CVE-2023-51649 (Nautobot is a Network Source of Truth and Network Automation Platform  ...)
+	TODO: check
+CVE-2023-51448 (Cacti provides an operational monitoring and fault management framewor ...)
+	TODO: check
+CVE-2023-51035 (TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...)
+	TODO: check
+CVE-2023-51034 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...)
+	TODO: check
+CVE-2023-51033 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary com ...)
+	TODO: check
+CVE-2023-51028 (TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2023-51027 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51025 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthori ...)
+	TODO: check
+CVE-2023-51024 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51023 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary co ...)
+	TODO: check
+CVE-2023-51022 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51021 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51020 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51019 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51018 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51017 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51016 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51015 (TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary co ...)
+	TODO: check
+CVE-2023-51014 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51013 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51012 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-51011 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-50725 (Resque is a Redis-backed Ruby library for creating background jobs, pl ...)
+	TODO: check
+CVE-2023-50714 (yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and Op ...)
+	TODO: check
+CVE-2023-50712 (Iris is a web collaborative platform aiming to help incident responder ...)
+	TODO: check
+CVE-2023-50708 (yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and Op ...)
+	TODO: check
+CVE-2023-50569 (Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, a ...)
+	TODO: check
+CVE-2023-50259 (Medusa is an automatic video library manager for TV shows. Versions pr ...)
+	TODO: check
+CVE-2023-50258 (Medusa is an automatic video library manager for TV shows. Versions pr ...)
+	TODO: check
+CVE-2023-50254 (Deepin Linux's default document reader `deepin-reader` software suffer ...)
+	TODO: check
+CVE-2023-50250 (Cacti is an open source operational monitoring and fault management fr ...)
+	TODO: check
+CVE-2023-50147 (There is an arbitrary command execution vulnerability in the setDiagno ...)
+	TODO: check
+CVE-2023-49792 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-49791 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-49790 (The Nextcloud iOS Files app allows users of iOS to interact with Nextc ...)
+	TODO: check
+CVE-2023-49391 (An issue was discovered in free5GC version 3.3.0, allows remote attack ...)
+	TODO: check
+CVE-2023-49356 (A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an atta ...)
+	TODO: check
+CVE-2023-49088 (Cacti is an open source operational monitoring and fault management fr ...)
+	TODO: check
+CVE-2023-49085 (Cacti provides an operational monitoring and fault management framewor ...)
+	TODO: check
+CVE-2023-48704 (ClickHouse is an open-source column-oriented database management syste ...)
+	TODO: check
+CVE-2023-48670 (Dell SupportAssist for Home PCs version 3.14.1 and prior versions cont ...)
+	TODO: check
+CVE-2023-45957 (A stored cross-site scripting (XSS) vulnerability in the component adm ...)
+	TODO: check
+CVE-2023-45165 (IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit ...)
+	TODO: check
+CVE-2023-43741 (A time-of-check-time-of-use race condition vulnerability in Buildkite  ...)
+	TODO: check
+CVE-2023-43116 (A symbolic link following vulnerability in Buildkite Elastic CI for AW ...)
+	TODO: check
+CVE-2023-43088 (Dell Client BIOS contains a pre-boot direct memory access (DMA) vulner ...)
+	TODO: check
+CVE-2023-42017 (IBM Planning Analytics Local 2.0 could allow a remote attacker to uplo ...)
+	TODO: check
+CVE-2023-39251 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...)
+	TODO: check
 CVE-2023-XXXX [XSS issue fixed in 4.1.13 upstream]
 	- spip 4.1.13+dfsg-1 (bug #1059331)
 	[bookworm] - spip <no-dsa> (Minor issue)
@@ -137,7 +243,7 @@ CVE-2023-37520 (UnauthenticatedStored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: HCL
 CVE-2023-37519 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This  ...)
 	NOT-FOR-US: HCL
-CVE-2023-42465 [Targeted Corruption of Register and Stack Variables]
+CVE-2023-42465 (Sudo before 1.9.15 might allow row hammer attacks (for authentication  ...)
 	- sudo 1.9.15p2-2
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/9
 	NOTE: https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f (SUDO_1_9_15p1)
@@ -957,6 +1063,7 @@ CVE-2023-5348 (The Product Catalog Mode For WooCommerce WordPress plugin before
 CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin before ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur if a us ...)
+	{DSA-5586-1}
 	- openssh 1:9.6p1-1
 	NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
 	NOTE: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1)
@@ -1020,6 +1127,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
 	NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
+	{DSA-5586-1}
 	- dropbear <unfixed> (bug #1059001)
 	- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
 	[bookworm] - erlang <no-dsa> (Minor issue)
@@ -91082,8 +91190,8 @@ CVE-2022-39339 (user_oidc is an OpenID Connect user backend for Nextcloud. In ve
 	NOT-FOR-US: Nextcloud addon
 CVE-2022-39338 (user_oidc is an OpenID Connect user backend for Nextcloud. Versions pr ...)
 	NOT-FOR-US: Nextcloud addon
-CVE-2022-39337
-	RESERVED
+CVE-2022-39337 (Hertzbeat is an open source, real-time monitoring system with custom-m ...)
+	TODO: check
 CVE-2022-39336
 	RESERVED
 CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and maintained by  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19d923a0992a2c53ad94ac02dbc2c0a7776326a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19d923a0992a2c53ad94ac02dbc2c0a7776326a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231222/925d6526/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list