[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 30 08:12:08 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9ccc48bc by security tracker role at 2023-11-30T08:11:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-5772 (The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site ...)
+	TODO: check
+CVE-2023-5247 (Malicious Code Execution Vulnerability due to External Control of File ...)
+	TODO: check
+CVE-2023-4474 (The improper neutralization of special elements in the WSGI server of  ...)
+	TODO: check
+CVE-2023-4473 (A command injection vulnerability in the web server of the Zyxel NAS32 ...)
+	TODO: check
+CVE-2023-49701 (Memory Corruption in SIM management while USIMPhase2init)
+	TODO: check
+CVE-2023-49700 (Security best practices violations, a string operation in Streamingmed ...)
+	TODO: check
+CVE-2023-49699 (Memory Corruption in IMS while calling VoLTE Streamingmedia Interface)
+	TODO: check
+CVE-2023-49694 (A low-privileged OS user with access to a Windows host where NETGEAR P ...)
+	TODO: check
+CVE-2023-49693 (NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol ...)
+	TODO: check
+CVE-2023-49097 (ZITADEL is an identity infrastructure system. ZITADEL uses the notific ...)
+	TODO: check
+CVE-2023-49095 (nexkey is a microblogging platform. Insufficient validation of Activit ...)
+	TODO: check
+CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces and min ...)
+	TODO: check
+CVE-2023-49087 (xml-security is a library that implements XML signatures and encryptio ...)
+	TODO: check
+CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	TODO: check
+CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	TODO: check
+CVE-2023-49077 (Mailcow: dockerized is an open source groupware/email suite based on d ...)
+	TODO: check
+CVE-2023-49076 (Customer-data-framework allows management of customer data within Pimc ...)
+	TODO: check
+CVE-2023-49052 (File Upload vulnerability in Microweber v.2.0.4 allows a remote attack ...)
+	TODO: check
+CVE-2023-48952 (An issue in the box_deserialize_reusing function in openlink virtuoso- ...)
+	TODO: check
+CVE-2023-48951 (An issue in the box_equal function in openlink virtuoso-opensource v7. ...)
+	TODO: check
+CVE-2023-48950 (An issue in the box_col_len function in openlink virtuoso-opensource v ...)
+	TODO: check
+CVE-2023-48949 (An issue in the box_add function in openlink virtuoso-opensource v7.2. ...)
+	TODO: check
+CVE-2023-48948 (An issue in the box_div function in openlink virtuoso-opensource v7.2. ...)
+	TODO: check
+CVE-2023-48947 (An issue in the cha_cmp function of openlink virtuoso-opensource v7.2. ...)
+	TODO: check
+CVE-2023-48946 (An issue in the box_mpy function of openlink virtuoso-opensource v7.2. ...)
+	TODO: check
+CVE-2023-48945 (A stack overflow in openlink virtuoso-opensource v7.2.11 allows attack ...)
+	TODO: check
+CVE-2023-47464 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...)
+	TODO: check
+CVE-2023-47463 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...)
+	TODO: check
+CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and be ...)
+	TODO: check
+CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
+	TODO: check
+CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 and DT900 ...)
+	TODO: check
+CVE-2023-37928 (A post-authentication command injection vulnerability in the WSGI serv ...)
+	TODO: check
+CVE-2023-37927 (The improper neutralization of special elements in the CGI program of  ...)
+	TODO: check
+CVE-2023-35138 (A command injection vulnerability in the \u201cshow_zysync_server_cont ...)
+	TODO: check
+CVE-2023-35137 (An improper authentication vulnerability in the authentication module  ...)
+	TODO: check
 CVE-2023-6378 (A serialization vulnerability in logback receiver component part of  l ...)
 	- logback <unfixed>
 	NOTE: https://logback.qos.ch/news.html#1.3.12
@@ -111,7 +181,7 @@ CVE-2023-48848 (An arbitrary file read vulnerability in ureport v2.2.9 allows a
 	NOT-FOR-US: ureport
 CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection Module ...)
 	NOT-FOR-US: Direct Connection Module in Ezviz
-CVE-2023-48042 (Amazzing Filter for Prestashop through 3.2.2 is vulnerable to Cross-Si ...)
+CVE-2023-48042 (Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing fi ...)
 	NOT-FOR-US: Amazzing Filter for Prestashop
 CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...)
 	- haproxy 2.6.15-1
@@ -313,7 +383,7 @@ CVE-2023-4297 (The Mmm Simple File List WordPress plugin through 2.3 does not va
 	NOT-FOR-US: WordPress plugin
 CVE-2023-4252 (The EventPrime WordPress plugin through 3.2.9 specifies the price of a ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-49316 (In Math/BinaryField.php in phpseclib before 3.0.34, excessively large  ...)
+CVE-2023-49316 (In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...)
 	- php-phpseclib3 3.0.34-1 (bug #1057008)
 	[bookworm] - php-phpseclib3 <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f (3.0.34)
@@ -77589,18 +77659,18 @@ CVE-2022-42543 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible out
 	NOT-FOR-US: Android
 CVE-2022-42542 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...)
 	NOT-FOR-US: Android
-CVE-2022-42541
-	RESERVED
-CVE-2022-42540
-	RESERVED
-CVE-2022-42539
-	RESERVED
-CVE-2022-42538
-	RESERVED
-CVE-2022-42537
-	RESERVED
-CVE-2022-42536
-	RESERVED
+CVE-2022-42541 (Remote code execution)
+	TODO: check
+CVE-2022-42540 (Elevation of privilege)
+	TODO: check
+CVE-2022-42539 (Information disclosure)
+	TODO: check
+CVE-2022-42538 (Elevation of privilege)
+	TODO: check
+CVE-2022-42537 (Remote code execution)
+	TODO: check
+CVE-2022-42536 (Remote code execution)
+	TODO: check
 CVE-2022-42535 (In a query in MmsSmsProvider.java, there is a possible access to restr ...)
 	NOT-FOR-US: Android
 CVE-2022-42534 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible  ...)
@@ -115574,7 +115644,8 @@ CVE-2022-28959 (Multiple cross-site scripting (XSS) vulnerabilities in the compo
 	NOTE: https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/
 	NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 (v4.0.0)
 	NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf
-CVE-2022-28958 (D-Link DIR816L_FW206b01 was discovered to contain a remote code execut ...)
+CVE-2022-28958
+	REJECTED
 	NOT-FOR-US: D-Link
 CVE-2022-28957
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ccc48bc26caeba7ef3e0d69a908c7873b09e322

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ccc48bc26caeba7ef3e0d69a908c7873b09e322
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231130/cf03137e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list