[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 28 09:12:24 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38687779 by security tracker role at 2023-07-28T08:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-3990 (A vulnerability classified as problematic has been found in Mingsoft M ...)
+	TODO: check
+CVE-2023-3989 (A vulnerability was found in SourceCodester Jewelry Store System 1.0.  ...)
+	TODO: check
+CVE-2023-3988 (A vulnerability was found in Cafe Billing System 1.0. It has been decl ...)
+	TODO: check
+CVE-2023-3987 (A vulnerability was found in SourceCodester Simple Online Mens Salon M ...)
+	TODO: check
+CVE-2023-3986 (A vulnerability was found in SourceCodester Simple Online Mens Salon M ...)
+	TODO: check
+CVE-2023-3985 (A vulnerability has been found in SourceCodester Online Jewelry Store  ...)
+	TODO: check
+CVE-2023-3984 (A vulnerability, which was classified as critical, was found in phpscr ...)
+	TODO: check
+CVE-2023-3977 (Several plugins for WordPress by Inisev are vulnerable to Cross-Site R ...)
+	TODO: check
+CVE-2023-3774 (An unhandled error in Vault Enterprise's namespace creation may cause  ...)
+	TODO: check
+CVE-2023-3670 (In CODESYS Development System 3.5.9.0 to3.5.17.0 andCODESYS Scripting4 ...)
+	TODO: check
+CVE-2023-38609 (An injection issue was addressed with improved input validation. This  ...)
+	TODO: check
+CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input validat ...)
+	TODO: check
+CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...)
+	TODO: check
+CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
+CVE-2023-38598 (A use-after-free issue was addressed with improved memory management.  ...)
+	TODO: check
+CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is  ...)
+	TODO: check
+CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...)
+	TODO: check
+CVE-2023-38571 (This issue was addressed with improved validation of symlinks. This is ...)
+	TODO: check
+CVE-2023-38331 (Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to ...)
+	TODO: check
+CVE-2023-37285 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+	TODO: check
+CVE-2023-36495 (An integer overflow was addressed with improved input validation. This ...)
+	TODO: check
+CVE-2023-34425 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2023-33745 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper P ...)
+	TODO: check
+CVE-2023-33744 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard- ...)
+	TODO: check
+CVE-2023-33743 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper A ...)
+	TODO: check
+CVE-2023-33742 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Stor ...)
+	TODO: check
+CVE-2023-32654 (A logic issue was addressed with improved state management. This issue ...)
+	TODO: check
+CVE-2023-32445 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2023-32444 (A logic issue was addressed with improved validation. This issue is fi ...)
+	TODO: check
+CVE-2023-32427 (This issue was addressed by using HTTPS when sending information over  ...)
+	TODO: check
 CVE-2023-37369
 	- qt6-base <unfixed>
 	[bookworm] - qt6-base <no-dsa> (Minor issue)
@@ -18997,8 +19057,8 @@ CVE-2023-28204 (An out-of-bounds read was addressed with improved input validati
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=254930
 	NOTE: https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c
 	NOTE: https://webkitgtk.org/security/WSA-2023-0004.html
-CVE-2023-28203
-	RESERVED
+CVE-2023-28203 (The issue was addressed with improved checks. This issue is fixed in A ...)
+	TODO: check
 CVE-2023-28202 (This issue was addressed with improved state management. This issue is ...)
 	NOT-FOR-US: Apple
 CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...)
@@ -24370,8 +24430,8 @@ CVE-2023-0960 (A vulnerability was found in SeaCMS 11.6 and classified as proble
 	NOT-FOR-US: SeaCMS
 CVE-2023-0959 (Bhima version 1.27.0 allows a remote attacker to update the privileges ...)
 	NOT-FOR-US: Bhima
-CVE-2023-0958
-	RESERVED
+CVE-2023-0958 (Several plugins for WordPress by Inisev are vulnerable to unauthorized ...)
+	TODO: check
 CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...)
 	NOT-FOR-US: Gitpod
 CVE-2023-0956
@@ -32084,8 +32144,8 @@ CVE-2023-23766
 	RESERVED
 CVE-2023-23765
 	RESERVED
-CVE-2023-23764
-	RESERVED
+CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
+	TODO: check
 CVE-2023-23763
 	RESERVED
 CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
@@ -54387,12 +54447,12 @@ CVE-2022-43705 (In Botan before 2.19.3, it is possible to forge OCSP responses d
 	NOTE: https://github.com/randombit/botan/commit/909c62717855402e04dbaf8ffc085f444d547aae (2.19.3)
 CVE-2022-43704 (The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, a ...)
 	NOT-FOR-US: Sinilink XY-WFT1 WiFi Remote Thermostat
-CVE-2022-43703
-	RESERVED
-CVE-2022-43702
-	RESERVED
-CVE-2022-43701
-	RESERVED
+CVE-2022-43703 (An installer that loads or executes files using an unconstrained searc ...)
+	TODO: check
+CVE-2022-43702 (When the directory containing the installer does not have sufficiently ...)
+	TODO: check
+CVE-2022-43701 (When the installation directory does not have sufficiently restrictive ...)
+	TODO: check
 CVE-2022-43700
 	RESERVED
 CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account di ...)
@@ -88254,8 +88314,8 @@ CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 al
 	NOT-FOR-US: Truedesk
 CVE-2022-31455 (* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows ...)
 	NOT-FOR-US: Truedesk
-CVE-2022-31454
-	RESERVED
+CVE-2022-31454 (Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) v ...)
+	TODO: check
 CVE-2022-31453
 	RESERVED
 CVE-2022-31452



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3868777938fd26335f012bd4aa1162cb59abfc6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3868777938fd26335f012bd4aa1162cb59abfc6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230728/2743f452/attachment.htm>

More information about the debian-security-tracker-commits mailing list