[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 7 09:12:48 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44d47fbb by security tracker role at 2023-09-07T08:12:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2023-4815 (Missing Authentication for Critical Function in GitHub repository answ ...)
+	TODO: check
+CVE-2023-4792 (The Duplicate Post Page Menu & Custom Post Type plugin for WordPress i ...)
+	TODO: check
+CVE-2023-4772 (The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2023-41329 (WireMock is a tool for mocking HTTP services. The proxy mode of WireMo ...)
+	TODO: check
+CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be configur ...)
+	TODO: check
+CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does not c ...)
+	TODO: check
+CVE-2023-40397 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	TODO: check
+CVE-2023-40392 (A privacy issue was addressed with improved private data redaction for ...)
+	TODO: check
+CVE-2023-39967 (WireMock is a tool for mocking HTTP services. When certain request URL ...)
+	TODO: check
+CVE-2023-39956 (Electron is a framework which lets you write cross-platform desktop ap ...)
+	TODO: check
+CVE-2023-39240 (It is identified a format string vulnerability in ASUS RT-AX56U V2\u20 ...)
+	TODO: check
+CVE-2023-39239 (It is identified a format string vulnerability in ASUS RT-AX56U V2\u20 ...)
+	TODO: check
+CVE-2023-39238 (It is identified a format string vulnerability in ASUS RT-AX56U V2. Th ...)
+	TODO: check
+CVE-2023-39237 (ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficie ...)
+	TODO: check
+CVE-2023-39236 (ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient f ...)
+	TODO: check
+CVE-2023-38616 (A race condition was addressed with improved state handling. This issu ...)
+	TODO: check
+CVE-2023-38605 (This issue was addressed with improved redaction of sensitive informat ...)
+	TODO: check
+CVE-2023-38033 (ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has in ...)
+	TODO: check
+CVE-2023-38032 (ASUS RT-AC86U AiProtection security- related function has insufficient ...)
+	TODO: check
+CVE-2023-38031 (ASUS RT-AC86U Adaptive QoS - Web History function has insufficient fil ...)
+	TODO: check
+CVE-2023-34357 (Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for F ...)
+	TODO: check
 CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble' rule, a pac ...)
 	TODO: check
 CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable to Loca ...)
@@ -21466,8 +21508,8 @@ CVE-2023-29200 (Contao is an open source content management system. Prior to ver
 	NOT-FOR-US: Contao
 CVE-2023-29199 (There exists a vulnerability in source code transformer (exception san ...)
 	NOT-FOR-US: Node vm2
-CVE-2023-29198
-	RESERVED
+CVE-2023-29198 (Electron is a framework which lets you write cross-platform desktop ap ...)
+	TODO: check
 CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...)
 	- php-guzzlehttp-psr7 2.4.5-1 (bug #1034581)
 	[bullseye] - php-guzzlehttp-psr7 <no-dsa> (Minor issue; can be fixed via point release)
@@ -38659,8 +38701,8 @@ CVE-2023-23625 (go-unixfs is an implementation of a unix-like filesystem on top
 	NOT-FOR-US: go-unixfs
 CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
 	NOT-FOR-US: Discourse
-CVE-2023-23623
-	RESERVED
+CVE-2023-23623 (Electron is a framework which lets you write cross-platform desktop ap ...)
+	TODO: check
 CVE-2023-23622 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
 	NOT-FOR-US: Discourse
 CVE-2023-23621 (Discourse is an open-source discussion platform. Prior to version 3.0. ...)
@@ -108585,7 +108627,7 @@ CVE-2022-0902 (Improper Limitation of a Pathname to a Restricted Directory ('Pat
 	NOT-FOR-US: ABB
 CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...)
 	NOT-FOR-US: WordPress plugins
-CVE-2022-0900 (A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aci ...)
+CVE-2022-0900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: DivvyDrive
 CVE-2022-0899 (The Header Footer Code Manager WordPress plugin before 1.1.24 does not ...)
 	NOT-FOR-US: WordPress plugin
@@ -134218,9 +134260,9 @@ CVE-2021-43364
 	RESERVED
 CVE-2021-43363
 	RESERVED
-CVE-2021-43362 (Due to improper sanitization MedData HBYS software suffers from a remo ...)
+CVE-2021-43362 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: MedData HBYS software
-CVE-2021-43361 (Due to improper sanitization MedData HBYS software suffers from a remo ...)
+CVE-2021-43361 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: MedData HBYS software
 CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule\u2019s serialization functio ...)
 	NOT-FOR-US: Sunnet eHRD



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44d47fbbfee2ba1b04cfce57b9411d166d176522

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44d47fbbfee2ba1b04cfce57b9411d166d176522
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230907/c4a84f3d/attachment.htm>

More information about the debian-security-tracker-commits mailing list