[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 4 09:12:24 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b3626a6 by security tracker role at 2023-10-04T08:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before SMCCC sup ...)
+	TODO: check
+CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only for the  ...)
+	TODO: check
+CVE-2023-5368 (On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls u ...)
+	TODO: check
+CVE-2023-5357 (The Instagram for WordPress plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2023-5291 (The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2023-44974 (An arbitrary file upload vulnerability in the component /admin/plugin. ...)
+	TODO: check
+CVE-2023-44973 (An arbitrary file upload vulnerability in the component /content/templ ...)
+	TODO: check
+CVE-2023-44272 (A cross-site scripting vulnerability exists in Citadel versions prior  ...)
+	TODO: check
+CVE-2023-43953 (SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vul ...)
+	TODO: check
+CVE-2023-43952 (SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (X ...)
+	TODO: check
+CVE-2023-43951 (SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vul ...)
+	TODO: check
+CVE-2023-43898 (Nothings stb 2.28 was discovered to contain a Null Pointer Dereference ...)
+	TODO: check
+CVE-2023-43176 (A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allo ...)
+	TODO: check
+CVE-2023-40519 (A cross-site scripting (XSS) vulnerability in the bpk-common/auth/logi ...)
+	TODO: check
+CVE-2023-3213 (The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorize ...)
+	TODO: check
+CVE-2023-39651 (Improper neutralization of SQL parameter in Theme Volty CMS BrandList  ...)
+	TODO: check
+CVE-2023-39649 (Improper neutralization of SQL parameter in Theme Volty CMS Category S ...)
+	TODO: check
+CVE-2023-39648 (Improper neutralization of SQL parameter in Theme Volty CMS Testimonia ...)
+	TODO: check
+CVE-2023-39647 (Improper neutralization of SQL parameter in Theme Volty CMS Category P ...)
+	TODO: check
+CVE-2023-39646 (Improper neutralization of SQL parameter in Theme Volty CMS Category C ...)
+	TODO: check
+CVE-2023-39645 (Improper neutralization of SQL parameter in Theme Volty CMS Payment Ic ...)
+	TODO: check
+CVE-2023-37404 (IBM Observability with Instana 1.0.243 through 1.0.254 could allow an  ...)
+	TODO: check
+CVE-2023-35905 (IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to ...)
+	TODO: check
+CVE-2023-33273 (An issue was discovered in DTS Monitoring 3.57.0. The parameter url wi ...)
+	TODO: check
+CVE-2023-33272 (An issue was discovered in DTS Monitoring 3.57.0. The parameter ip wit ...)
+	TODO: check
+CVE-2023-33271 (An issue was discovered in DTS Monitoring 3.57.0. The parameter common ...)
+	TODO: check
+CVE-2023-33270 (An issue was discovered in DTS Monitoring 3.57.0. The parameter url wi ...)
+	TODO: check
+CVE-2023-33269 (An issue was discovered in DTS Monitoring 3.57.0. The parameter option ...)
+	TODO: check
+CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The parameter port w ...)
+	TODO: check
 CVE-2023-5366 [openvswitch don't match packets on nd_target field]
 	- openvswitch 3.1.2-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
@@ -7456,6 +7514,7 @@ CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the MERG
 	NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 (REL_15_4)
 CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in Po ...)
+	{DLA-3600-1}
 	- postgresql-15 15.4-1
 	[bookworm] - postgresql-15 <postponed> (Minor issue, fix along with next round of updates)
 	- postgresql-13 <removed>
@@ -20753,30 +20812,30 @@ CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 42
 	NOT-FOR-US: SAP
 CVE-2023-30739
 	RESERVED
-CVE-2023-30738
-	RESERVED
-CVE-2023-30737
-	RESERVED
-CVE-2023-30736
-	RESERVED
-CVE-2023-30735
-	RESERVED
-CVE-2023-30734
-	RESERVED
-CVE-2023-30733
-	RESERVED
-CVE-2023-30732
-	RESERVED
-CVE-2023-30731
-	RESERVED
+CVE-2023-30738 (An improper input validation in UEFI Firmware prior to Firmware update ...)
+	TODO: check
+CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior to versi ...)
+	TODO: check
+CVE-2023-30736 (Improper authorization in PushMsgReceiver of Samsung Assistant prior t ...)
+	TODO: check
+CVE-2023-30735 (Improper Preservation of Permissions vulnerability in SAssistant prior ...)
+	TODO: check
+CVE-2023-30734 (Improper access control vulnerability in Samsung Health prior to versi ...)
+	TODO: check
+CVE-2023-30733 (Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SM ...)
+	TODO: check
+CVE-2023-30732 (Improper access control in system property prior to SMR Oct-2023 Relea ...)
+	TODO: check
+CVE-2023-30731 (Logic error in package installation via debugger command prior to SMR  ...)
+	TODO: check
 CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to versions 11 ...)
 	NOT-FOR-US: Samsung
 CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to version 6.1. ...)
 	NOT-FOR-US: Samsung
 CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior to versi ...)
 	NOT-FOR-US: Samsung
-CVE-2023-30727
-	RESERVED
+CVE-2023-30727 (Improper access control vulnerability in SecSettings prior to SMR Oct- ...)
+	TODO: check
 CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to version ...)
 	NOT-FOR-US: Samsung
 CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to version 14 ...)
@@ -20845,12 +20904,12 @@ CVE-2023-30694 (Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior
 	NOT-FOR-US: Samsung
 CVE-2023-30693 (Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec- ...)
 	NOT-FOR-US: Samsung
-CVE-2023-30692
-	RESERVED
+CVE-2023-30692 (Improper input validation vulnerability in Evaluator prior to SMR Oct- ...)
+	TODO: check
 CVE-2023-30691 (Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release  ...)
 	NOT-FOR-US: Samsung
-CVE-2023-30690
-	RESERVED
+CVE-2023-30690 (Improper input validation vulnerability in Duo prior to SMR Oct-2023 R ...)
+	TODO: check
 CVE-2023-30689 (Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-r ...)
 	NOT-FOR-US: Samsung
 CVE-2023-30688 (Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR A ...)
@@ -42929,7 +42988,7 @@ CVE-2023-22422 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1
 	NOT-FOR-US: F5 BIG-IP
 CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...)
 	NOT-FOR-US: F5 BIG-IP
-CVE-2023-22374 (In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, a ...)
+CVE-2023-22374 (A format string vulnerability exists in iControl SOAP that allows an a ...)
 	NOT-FOR-US: F5 BIG-IP
 CVE-2023-22358 (In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vu ...)
 	NOT-FOR-US: F5 BIG-IP
@@ -124048,7 +124107,7 @@ CVE-2022-23225
 	RESERVED
 CVE-2022-23224
 	RESERVED
-CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
+CVE-2022-23223 (On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that d ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
 	{DSA-5076-1 DLA-2923-1}
@@ -126988,8 +127047,8 @@ CVE-2022-22449 (IBM Security Verify Governance, Identity Manager 10.01 could all
 	NOT-FOR-US: IBM
 CVE-2022-22448
 	RESERVED
-CVE-2022-22447
-	RESERVED
+CVE-2022-22447 (IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to pote ...)
+	TODO: check
 CVE-2022-22446
 	RESERVED
 CVE-2022-22445 (An attacker that gains service access to the FSP (POWER9 only) or gain ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3626a69a0aa842a6787922df94c4d75d80ad0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3626a69a0aa842a6787922df94c4d75d80ad0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231004/9b4fbcba/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list