[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 27 09:11:43 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa00b741 by security tracker role at 2023-10-27T08:11:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,90 @@
-CVE-2023-46813
+CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder System 1.0.  ...)
+	TODO: check
+CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...)
+	TODO: check
+CVE-2023-5812 (A vulnerability has been found in flusity CMS and classified as critic ...)
+	TODO: check
+CVE-2023-5811 (A vulnerability, which was classified as problematic, was found in flu ...)
+	TODO: check
+CVE-2023-5810 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-5805 (A vulnerability was found in SourceCodester Simple Real Estate Portal  ...)
+	TODO: check
+CVE-2023-5051 (The CallRail Phone Call Tracking plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2023-46818 (An issue was discovered in ISPConfig before 3.2.11p1. PHP code injecti ...)
+	TODO: check
+CVE-2023-46816 (An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13. ...)
+	TODO: check
+CVE-2023-46815 (An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13. ...)
+	TODO: check
+CVE-2023-46665 (Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerabi ...)
+	TODO: check
+CVE-2023-46505 (Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacke ...)
+	TODO: check
+CVE-2023-46504 (Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 a ...)
+	TODO: check
+CVE-2023-46503 (Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 a ...)
+	TODO: check
+CVE-2023-46491 (ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) v ...)
+	TODO: check
+CVE-2023-46376 (Zentao Biz version 8.7 and before is vulnerable to Information Disclos ...)
+	TODO: check
+CVE-2023-46375 (ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Reques ...)
+	TODO: check
+CVE-2023-46374 (ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cr ...)
+	TODO: check
+CVE-2023-46199 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Trib ...)
+	TODO: check
+CVE-2023-46194 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teu ...)
+	TODO: check
+CVE-2023-46192 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Inte ...)
+	TODO: check
+CVE-2023-46153 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...)
+	TODO: check
+CVE-2023-46093 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Lion ...)
+	TODO: check
+CVE-2023-46091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala ...)
+	TODO: check
+CVE-2023-45499 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was disco ...)
+	TODO: check
+CVE-2023-45498 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was disco ...)
+	TODO: check
+CVE-2023-44375 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
+	TODO: check
+CVE-2023-44268 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
+	TODO: check
+CVE-2023-44220 (SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and  ...)
+	TODO: check
+CVE-2023-44219 (A local privilege escalation vulnerability in SonicWall Directory Serv ...)
+	TODO: check
+CVE-2023-44162 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
+	TODO: check
+CVE-2023-43738 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
+	TODO: check
+CVE-2023-43737 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL  ...)
+	TODO: check
+CVE-2023-43352 (An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute  ...)
+	TODO: check
+CVE-2023-42406 (SQL injection vulnerability in D-Link Online behavior audit gateway DA ...)
+	TODO: check
+CVE-2023-42188 (IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).)
+	TODO: check
+CVE-2023-39726 (An issue in Mintty v.3.6.4 and before allows a remote attacker to exec ...)
+	TODO: check
+CVE-2023-38328 (An issue was discovered in eGroupWare 17.1.20190111. An Improper Passw ...)
+	TODO: check
+CVE-2023-34059 (open-vm-tools contains a file descriptor hijack vulnerability in the v ...)
+	TODO: check
+CVE-2023-34058 (VMware Tools contains a SAML token signature bypass vulnerability.A ma ...)
+	TODO: check
+CVE-2023-34057 (VMware Tools contains a local privilege escalation vulnerability.A mal ...)
+	TODO: check
+CVE-2023-33559 (A local file inclusion vulnerability via the lang parameter in OcoMon  ...)
+	TODO: check
+CVE-2023-33558 (An information disclosure vulnerability in the component users-grid-da ...)
+	TODO: check
+CVE-2023-46813 (An issue was discovered in the Linux kernel before 6.5.9, exploitable  ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/63e44bc52047f182601e7817da969a105aa1f721 (6.6-rc7)
 	NOTE: https://git.kernel.org/linus/b9cb9c45583b911e0db71d09caa6b56469eb2bdf (6.6-rc7)
@@ -716,7 +802,7 @@ CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to ca
 CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to  ...)
 	NOT-FOR-US: PingFederate
 CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...)
-	{DSA-5535-1}
+	{DSA-5535-1 DLA-3632-1}
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732
@@ -725,7 +811,7 @@ CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs sho
 	- firefox 119.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731
 CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ...)
-	{DSA-5535-1}
+	{DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -736,7 +822,7 @@ CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneous
 	- firefox 119.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729
 CVE-2023-5728 (During garbage collection extra operations were performed on a object  ...)
-	{DSA-5535-1}
+	{DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -758,7 +844,7 @@ CVE-2023-5726 (A website could have obscured the full screen notification by usi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726
 CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, which un ...)
-	{DSA-5535-1}
+	{DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -766,7 +852,7 @@ CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, whi
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5725
 CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and in som ...)
-	{DSA-5535-1}
+	{DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -780,7 +866,7 @@ CVE-2023-5722 (Using iterative requests an attacker was able to learn the size o
 	- firefox 119.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722
 CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be activate ...)
-	{DSA-5535-1}
+	{DSA-5535-1 DLA-3632-1}
 	- firefox 119.0-1
 	- firefox-esr 115.4.0esr-1
 	- thunderbird 1:115.4.1-1
@@ -36396,8 +36482,8 @@ CVE-2023-27172
 	RESERVED
 CVE-2023-27171
 	RESERVED
-CVE-2023-27170
-	RESERVED
+CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a direc ...)
+	TODO: check
 CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...)
 	NOT-FOR-US: Xpand IT Write-back manager
 CVE-2023-27168
@@ -65278,21 +65364,21 @@ CVE-2022-44458
 	RESERVED
 CVE-2022-44457 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...)
 	NOT-FOR-US: Siemens
-CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie v ...)
+CVE-2022-43506 (SQL Injection in     HandlerTag_KID.ashx    in Delta Electronics DIAEn ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distr ...)
 	NOT-FOR-US: OpenHarmony
-CVE-2022-43457 (SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie  ...)
+CVE-2022-43457 (SQL Injection in             HandlerPage_KID.ashxin Delta Electronics  ...)
 	NOT-FOR-US: Delta Electronics
-CVE-2022-43452 (SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie v ...)
+CVE-2022-43452 (SQL Injection in               FtyInfoSetting.aspxin Delta Electronics ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal v ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulne ...)
 	NOT-FOR-US: OpenHarmony
-CVE-2022-43447 (SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie ...)
+CVE-2022-43447 (SQL Injection in           AM_EBillAnalysis.aspxin Delta Electronics D ...)
 	NOT-FOR-US: Delta Electronics
-CVE-2022-41775 (SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie vers ...)
+CVE-2022-41775 (SQL Injection in         Handler_CFG.ashxin Delta Electronics DIAEnerg ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2022-3780 (Database connections on deleted users could stay active on MySQL data  ...)
 	NOT-FOR-US: Devolutions Remote Desktop Manager
@@ -348538,10 +348624,10 @@ CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration
 	NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
 CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allow ...)
 	NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
-CVE-2018-17879
-	RESERVED
-CVE-2018-17878
-	RESERVED
+CVE-2018-17879 (An issue was discovered on certain ABUS TVIP cameras. The CGI scripts  ...)
+	TODO: check
+CVE-2018-17878 (Buffer Overflow vulnerability in certain ABUS TVIP cameras allows atta ...)
+	TODO: check
 CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ethereum ga ...)
 	NOT-FOR-US: Greedy 599
 CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...)
@@ -349247,10 +349333,10 @@ CVE-2018-17561
 	RESERVED
 CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1. ...)
 	NOT-FOR-US: Grouptime Teamwire Client
-CVE-2018-17559
-	RESERVED
-CVE-2018-17558
-	RESERVED
+CVE-2018-17559 (Due to incorrect access control, unauthenticated remote attackers can  ...)
+	TODO: check
+CVE-2018-17558 (Hardcoded manufacturer credentials and an OS command injection vulnera ...)
+	TODO: check
 CVE-2018-17557
 	REJECTED
 CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Sou ...)
@@ -351541,8 +351627,8 @@ CVE-2018-16741 (An issue was discovered in mgetty before 1.2.1. In fax/faxq-help
 	NOTE: Upstream commit: 1a7b3a30f79bae4cfbc6404fe4648689cd0ade62 (1.2.1)
 CVE-2018-16740
 	RESERVED
-CVE-2018-16739
-	RESERVED
+CVE-2018-16739 (An issue was discovered on certain ABUS TVIP devices. Due to a path tr ...)
+	TODO: check
 CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication protocol, altho ...)
 	{DSA-4312-1}
 	- tinc 1.0.35-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa00b7414881f5bb6d24565b1d189f27d2febdee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa00b7414881f5bb6d24565b1d189f27d2febdee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231027/bc6a894f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list