[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 31 21:12:18 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
477f64e6 by security tracker role at 2023-07-31T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-4026
+	REJECTED
+CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in the Li ...)
+	TODO: check
+CVE-2023-3997 (Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a po ...)
+	TODO: check
+CVE-2023-3983 (An authenticated SQL injection vulnerability exists in Advantech iView ...)
+	TODO: check
+CVE-2023-3817 (Issue summary: Checking excessively long DH keys or parameters may be  ...)
+	TODO: check
+CVE-2023-3508 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed  ...)
+	TODO: check
+CVE-2023-3507 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed  ...)
+	TODO: check
+CVE-2023-3345 (The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly s ...)
+	TODO: check
+CVE-2023-3292 (The grid-kit-premium WordPress plugin before 2.2.0 does not escape som ...)
+	TODO: check
+CVE-2023-3134 (The Forminator WordPress plugin before 1.24.4 does not properly escape ...)
+	TODO: check
+CVE-2023-3130 (The Short URL WordPress plugin before 1.6.5 does not sanitise and esca ...)
+	TODO: check
+CVE-2023-38989 (An issue in the delete function in the UserController class of jeesite ...)
+	TODO: check
+CVE-2023-38750 (In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 ...)
+	TODO: check
+CVE-2023-38311 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...)
+	TODO: check
+CVE-2023-38310 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...)
+	TODO: check
+CVE-2023-38309 (An issue was discovered in Webmin 2.021. A Reflected Cross-Site Script ...)
+	TODO: check
+CVE-2023-38308 (An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS)  ...)
+	TODO: check
+CVE-2023-38307 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...)
+	TODO: check
+CVE-2023-38306 (An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS)  ...)
+	TODO: check
+CVE-2023-38305 (An issue was discovered in Webmin 2.021. The download functionality al ...)
+	TODO: check
+CVE-2023-38304 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...)
+	TODO: check
+CVE-2023-38303 (An issue was discovered in Webmin 2.021. One can exploit a stored Cros ...)
+	TODO: check
+CVE-2023-37771 (Art Gallery Management System v1.0 contains a SQL injection vulnerabil ...)
+	TODO: check
+CVE-2023-37647 (SEMCMS v1.5 was discovered to contain a SQL injection vulnerability vi ...)
+	TODO: check
+CVE-2023-37580 (Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the  ...)
+	TODO: check
+CVE-2023-36092 (Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows  ...)
+	TODO: check
+CVE-2023-36091 (Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows  ...)
+	TODO: check
+CVE-2023-36090 (Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows ...)
+	TODO: check
+CVE-2023-36089 (Authentication Bypass vulnerability in D-Link DIR-645 firmware version ...)
+	TODO: check
+CVE-2023-35861 (A shell-injection vulnerability in email notifications on Supermicro m ...)
+	TODO: check
+CVE-2023-35792 (Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scrip ...)
+	TODO: check
+CVE-2023-35791 (Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.)
+	TODO: check
+CVE-2023-34917 (Fuge CMS v1.0 contains an Open Redirect vulnerability in member/Regist ...)
+	TODO: check
+CVE-2023-34916 (Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/Proce ...)
+	TODO: check
+CVE-2023-34872 (A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a re ...)
+	TODO: check
+CVE-2023-34842 (Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows  ...)
+	TODO: check
+CVE-2023-34644 (Remote code execution vulnerability in Ruijie Networks Product: RG-EW  ...)
+	TODO: check
+CVE-2023-34635 (Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injec ...)
+	TODO: check
+CVE-2023-33534 (A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intellig ...)
+	TODO: check
+CVE-2020-36763 (Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote a ...)
+	TODO: check
 CVE-2023-4007 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
 	NOT-FOR-US: phpmyfaq
 CVE-2023-4006 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
@@ -14,7 +94,7 @@ CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condi
 	NOT-FOR-US: ASUS
 CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition.  ...)
 	NOT-FOR-US: ASUS
-CVE-2023-4004
+CVE-2023-4004 (A use-after-free flaw was found in the Linux kernel's netfilter in the ...)
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/87b5a5c209405cb6b57424cdfa226a6dbd349232 (6.5-rc3)
@@ -6879,7 +6959,7 @@ CVE-2023-32714 (In the Splunk App for Lookup File Editing versions below 4.0.1,
 	NOT-FOR-US: Splunk
 CVE-2023-32713 (In Splunk App for Stream versions below 8.1.1, a low-privileged user c ...)
 	NOT-FOR-US: Splunk
-CVE-2023-32712 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an atta ...)
+CVE-2023-32712 (In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, a  ...)
 	NOT-FOR-US: Splunk
 CVE-2023-32711 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splun ...)
 	NOT-FOR-US: Splunk
@@ -19863,7 +19943,7 @@ CVE-2023-28025
 	RESERVED
 CVE-2023-28024
 	RESERVED
-CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI Softwar ...)
+CVE-2023-28023 (HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulner ...)
 	NOT-FOR-US: HCL
 CVE-2023-28022
 	RESERVED
@@ -19883,7 +19963,7 @@ CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User
 	NOT-FOR-US: HCL
 CVE-2023-28014 (HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An a ...)
 	NOT-FOR-US: HCL
-CVE-2023-28013 (HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An a ...)
+CVE-2023-28013 (HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vul ...)
 	NOT-FOR-US: HCL
 CVE-2023-28012 (HCL BigFix Mobile is vulnerable to a command injection attack. An auth ...)
 	NOT-FOR-US: HCL
@@ -29042,8 +29122,8 @@ CVE-2023-0604
 	RESERVED
 CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0602
-	RESERVED
+CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not properl ...)
+	TODO: check
 CVE-2023-0601
 	RESERVED
 CVE-2023-24855
@@ -33070,8 +33150,8 @@ CVE-2023-0268 (The Mega Addons For WPBakery Page Builder WordPress plugin before
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0267 (The Ultimate Carousel For WPBakery Page Builder WordPress plugin throu ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-4888
-	RESERVED
+CVE-2022-4888 (The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned C ...)
+	TODO: check
 CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...)
 	NOT-FOR-US: Th3-822 Rapidleech
 CVE-2009-10002 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -52726,7 +52806,7 @@ CVE-2023-20595
 CVE-2023-20594
 	RESERVED
 CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural  ...)
-	{DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3508-1}
+	{DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3511-1 DLA-3508-1}
 	- linux 6.4.4-2
 	- amd64-microcode 3.20230719.1 (bug #1041863)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1
@@ -59156,10 +59236,10 @@ CVE-2022-42185
 	RESERVED
 CVE-2022-42184
 	RESERVED
-CVE-2022-42183
-	RESERVED
-CVE-2022-42182
-	RESERVED
+CVE-2022-42183 (Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side  ...)
+	TODO: check
+CVE-2022-42182 (Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Tr ...)
+	TODO: check
 CVE-2022-42181
 	RESERVED
 CVE-2022-42180
@@ -160203,10 +160283,10 @@ CVE-2021-31683
 	RESERVED
 CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...)
 	NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application
-CVE-2021-31681
-	RESERVED
-CVE-2021-31680
-	RESERVED
+CVE-2021-31681 (Deserialization of Untrusted Data vulnerability in yolo 3 allows attac ...)
+	TODO: check
+CVE-2021-31680 (Deserialization of Untrusted Data vulnerability in yolo 5 allows attac ...)
+	TODO: check
 CVE-2021-31679 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...)
 	NOT-FOR-US: PESCMS Team
 CVE-2021-31678 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...)
@@ -160263,8 +160343,8 @@ CVE-2021-31653
 	RESERVED
 CVE-2021-31652
 	RESERVED
-CVE-2021-31651
-	RESERVED
+CVE-2021-31651 (Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows r ...)
+	TODO: check
 CVE-2021-31650 (A SQL injection vulnerability in Sourcecodester Online Grading System  ...)
 	NOT-FOR-US: Sourcecodester Online Grading System
 CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...)
@@ -216072,8 +216152,8 @@ CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Camp
 	NOT-FOR-US: UniBox
 CVE-2020-21882
 	RESERVED
-CVE-2020-21881
-	RESERVED
+CVE-2020-21881 (Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS ...)
+	TODO: check
 CVE-2020-21880
 	RESERVED
 CVE-2020-21879
@@ -216564,8 +216644,8 @@ CVE-2020-21664
 	RESERVED
 CVE-2020-21663
 	RESERVED
-CVE-2020-21662
-	RESERVED
+CVE-2020-21662 (SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers  ...)
+	TODO: check
 CVE-2020-21661
 	RESERVED
 CVE-2020-21660
@@ -302065,6 +302145,7 @@ CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for D
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61
 	NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66
 CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD)  ...)
+	{DLA-3511-1}
 	- amd64-microcode 3.20220411.1 (bug #970395)
 	[bullseye] - amd64-microcode 3.20230719.1~deb11u1
 	NOTE: https://seclists.org/fulldisclosure/2019/Jun/46



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/477f64e6e12e3772cf77b3be0c6976d0220eecce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/477f64e6e12e3772cf77b3be0c6976d0220eecce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230731/c6f4587d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list