[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 11 21:13:00 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12e6e598 by security tracker role at 2023-09-11T20:12:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2023-4881 (A stack based out-of-bounds write flaw was found in the netfilter subs ...)
+ TODO: check
+CVE-2023-4318 (The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when ...)
+ TODO: check
+CVE-2023-4314 (The wpDataTables WordPress plugin before 2.1.66 does not validate the ...)
+ TODO: check
+CVE-2023-4307 (The Lock User Account WordPress plugin through 1.0.3 does not have CSR ...)
+ TODO: check
+CVE-2023-4294 (The URL Shortify WordPress plugin before 1.7.6 does not properly escap ...)
+ TODO: check
+CVE-2023-4278 (The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 do ...)
+ TODO: check
+CVE-2023-4270 (The Min Max Control WordPress plugin before 4.6 does not sanitise and ...)
+ TODO: check
+CVE-2023-4060 (The WP Adminify WordPress plugin before 3.1.6 does not sanitise and es ...)
+ TODO: check
+CVE-2023-4022 (The Herd Effects WordPress plugin before 5.2.3 does not sanitise and e ...)
+ TODO: check
+CVE-2023-41609 (An open redirect vulnerability in the sanitize_url() parameter of Couc ...)
+ TODO: check
+CVE-2023-41593 (Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop ...)
+ TODO: check
+CVE-2023-41336 (ux-autocomplete is a JavaScript Autocomplete functionality for Symfony ...)
+ TODO: check
+CVE-2023-41256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...)
+ TODO: check
+CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in ...)
+ TODO: check
+CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the function ...)
+ TODO: check
+CVE-2023-40946 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $usernam ...)
+ TODO: check
+CVE-2023-40945 (Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Inje ...)
+ TODO: check
+CVE-2023-40944 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schooln ...)
+ TODO: check
+CVE-2023-40786 (HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowi ...)
+ TODO: check
+CVE-2023-40150 (Softneta MedDream PACS does not perform an authentication check and pe ...)
+ TODO: check
+CVE-2023-40032 (libvips is a demand-driven, horizontally threaded image processing lib ...)
+ TODO: check
+CVE-2023-3612 (Govee Home app has unprotected access to WebView component which can b ...)
+ TODO: check
+CVE-2023-3510 (The FTP Access WordPress plugin through 1.0 does not have authorisatio ...)
+ TODO: check
+CVE-2023-3170 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...)
+ TODO: check
+CVE-2023-3169 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...)
+ TODO: check
+CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authentic ...)
+ TODO: check
+CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in plaintext. The ...)
+ TODO: check
+CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to execute arbit ...)
+ TODO: check
+CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC ...)
+ TODO: check
+CVE-2023-39067 (Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allo ...)
+ TODO: check
+CVE-2023-39063 (Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local at ...)
+ TODO: check
+CVE-2023-38829 (An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker ...)
+ TODO: check
+CVE-2023-38743 (Zoho ManageEngine ADManager Plus before Build 7200 allows admin users ...)
+ TODO: check
+CVE-2023-38256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...)
+ TODO: check
+CVE-2023-36980 (An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balanc ...)
+ TODO: check
+CVE-2023-36497 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...)
+ TODO: check
+CVE-2023-36161 (An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_ ...)
+ TODO: check
+CVE-2023-36140 (In PHPJabbers Cleaning Business Software 1.0, there is no encryption o ...)
+ TODO: check
+CVE-2023-31468 (An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime ...)
+ TODO: check
+CVE-2023-2705 (The gAppointments WordPress plugin before 1.10.0 does not sanitise and ...)
+ TODO: check
CVE-2023-4816 (A vulnerability exists in the Equipment Tag Out authentication, when c ...)
TODO: check
CVE-2023-42471 (The wave.ai.browser application through 1.0.35 for Android allows a re ...)
@@ -212,6 +292,7 @@ CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does
NOTE: Fixed by: https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5 (7.0.13)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc
CVE-2023-40397 (The issue was addressed with improved checks. This issue is fixed in m ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -434,6 +515,7 @@ CVE-2023-32425 (The issue was addressed with improved memory handling. This issu
CVE-2023-32379 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2023-32370 (A logic issue was addressed with improved validation. This issue is fi ...)
+ {DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -1129,7 +1211,7 @@ CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions sta
- gitlab <unfixed>
CVE-2023-4638
- gitlab <unfixed>
-CVE-2023-4630
+CVE-2023-4630 (An issue has been discovered in GitLab affecting all versions starting ...)
- gitlab <unfixed>
CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all versions fr ...)
- gitlab <not-affected> (Specific to EE)
@@ -16183,12 +16265,12 @@ CVE-2023-31071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ya
NOT-FOR-US: WordPress plugin
CVE-2023-31070
RESERVED
-CVE-2023-31069
- RESERVED
-CVE-2023-31068
- RESERVED
-CVE-2023-31067
- RESERVED
+CVE-2023-31069 (An issue was discovered in TSplus Remote Access through 16.0.2.14. Cre ...)
+ TODO: check
+CVE-2023-31068 (An issue was discovered in TSplus Remote Access through 16.0.2.14. The ...)
+ TODO: check
+CVE-2023-31067 (An issue was discovered in TSplus Remote Access through 16.0.2.14. The ...)
+ TODO: check
CVE-2023-31066 (Files or Directories Accessible to External Parties vulnerability in A ...)
NOT-FOR-US: Apache InLong
CVE-2023-31065 (Insufficient Session Expiration vulnerability in Apache Software Found ...)
@@ -19212,8 +19294,8 @@ CVE-2023-30060
RESERVED
CVE-2023-30059
RESERVED
-CVE-2023-30058
- RESERVED
+CVE-2023-30058 (novel-plus 3.6.2 is vulnerable to SQL Injection.)
+ TODO: check
CVE-2023-30057 (Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Ori ...)
NOT-FOR-US: FICO
CVE-2023-30056 (A session takeover vulnerability exists in FICO Origination Manager De ...)
@@ -25314,6 +25396,7 @@ CVE-2023-28200 (A validation issue was addressed with improved input sanitizatio
CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
NOT-FOR-US: Apple
CVE-2023-28198 (A use-after-free issue was addressed with improved memory management. ...)
+ {DSA-5396-1}
- webkit2gtk 2.40.1-1
- wpewebkit 2.40.2-2
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -27738,8 +27821,8 @@ CVE-2023-27472 (quickentity-editor-next is an open source, system local, video g
NOT-FOR-US: quickentity-editor-next
CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...)
NOT-FOR-US: Insyde
-CVE-2023-27470
- RESERVED
+CVE-2023-27470 (BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 ...)
+ TODO: check
CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file de ...)
NOT-FOR-US: Malwarebytes Anti-Exploit
CVE-2023-27468
@@ -87312,8 +87395,8 @@ CVE-2022-34240
RESERVED
CVE-2022-34239 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
-CVE-2022-34238
- RESERVED
+CVE-2022-34238 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...)
+ TODO: check
CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
@@ -87334,14 +87417,14 @@ CVE-2022-34229 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005
NOT-FOR-US: Adobe
CVE-2022-34228 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
-CVE-2022-34227
- RESERVED
+CVE-2022-34227 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
+ TODO: check
CVE-2022-34226 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34225 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
-CVE-2022-34224
- RESERVED
+CVE-2022-34224 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
+ TODO: check
CVE-2022-34223 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34222 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
@@ -102706,18 +102789,18 @@ CVE-2022-28838 (Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.00
NOT-FOR-US: Adobe
CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and e ...)
NOT-FOR-US: Adobe
-CVE-2022-28836
- RESERVED
-CVE-2022-28835
- RESERVED
-CVE-2022-28834
- RESERVED
-CVE-2022-28833
- RESERVED
-CVE-2022-28832
- RESERVED
-CVE-2022-28831
- RESERVED
+CVE-2022-28836 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-28835 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-28834 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...)
+ TODO: check
+CVE-2022-28833 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...)
+ TODO: check
+CVE-2022-28832 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...)
+ TODO: check
+CVE-2022-28831 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...)
+ TODO: check
CVE-2022-28830 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...)
NOT-FOR-US: Adobe
CVE-2022-28829 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...)
@@ -111137,6 +111220,7 @@ CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service
CVE-2022-25902
RESERVED
CVE-2022-25901 (Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...)
+ {DLA-3561-1}
- node-cookiejar 2.1.4+~2.1.2-1
[bullseye] - node-cookiejar 2.1.2-1+deb11u1
NOTE: https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984
@@ -119830,8 +119914,8 @@ CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in
NOT-FOR-US: YzmCMS
CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without login, unaut ...)
NOT-FOR-US: YzmCMS
-CVE-2022-23382
- RESERVED
+CVE-2022-23382 (Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170 ...)
+ TODO: check
CVE-2022-23381
RESERVED
CVE-2022-23380 (There is a SQL injection vulnerability in the background of taocms 3.0 ...)
@@ -217985,8 +218069,8 @@ CVE-2020-24090
RESERVED
CVE-2020-24089
RESERVED
-CVE-2020-24088
- RESERVED
+CVE-2020-24088 (An issue was discovered in MmMapIoSpace routine in Foxconn Live Update ...)
+ TODO: check
CVE-2020-24087
RESERVED
CVE-2020-24086
@@ -227761,8 +227845,8 @@ CVE-2020-19561
RESERVED
CVE-2020-19560
RESERVED
-CVE-2020-19559
- RESERVED
+CVE-2020-19559 (An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote at ...)
+ TODO: check
CVE-2020-19558
RESERVED
CVE-2020-19557
@@ -228287,18 +228371,18 @@ CVE-2020-19325
RESERVED
CVE-2020-19324
RESERVED
-CVE-2020-19323
- RESERVED
+CVE-2020-19323 (An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta ...)
+ TODO: check
CVE-2020-19322
RESERVED
CVE-2020-19321
RESERVED
-CVE-2020-19320
- RESERVED
-CVE-2020-19319
- RESERVED
-CVE-2020-19318
- RESERVED
+CVE-2020-19320 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the ...)
+ TODO: check
+CVE-2020-19319 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the ...)
+ TODO: check
+CVE-2020-19318 (Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, ...)
+ TODO: check
CVE-2020-19317
RESERVED
CVE-2020-19316 (OS Command injection vulnerability in function link in Filesystem.php ...)
@@ -286964,10 +287048,10 @@ CVE-2019-16473
RESERVED
CVE-2019-16472
RESERVED
-CVE-2019-16471
- RESERVED
-CVE-2019-16470
- RESERVED
+CVE-2019-16471 (Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected ...)
+ TODO: check
+CVE-2019-16470 (Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected ...)
+ TODO: check
CVE-2019-16469 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...)
NOT-FOR-US: Adobe Experience Manager
CVE-2019-16468 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...)
@@ -314441,8 +314525,8 @@ CVE-2019-7821 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 201
NOT-FOR-US: Adobe
CVE-2019-7820 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-7819
- RESERVED
+CVE-2019-7819 (Adobe Acrobat Reader versions 2019.010.20098 and earlier are affected ...)
+ TODO: check
CVE-2019-7818 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
NOT-FOR-US: Adobe
CVE-2019-7817 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12e6e5982d613c13e960329386e06681915cc999
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12e6e5982d613c13e960329386e06681915cc999
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230911/6e752c79/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list