[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 13 09:12:30 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
50d36829 by security tracker role at 2023-09-13T08:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4928 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.)
+	TODO: check
+CVE-2023-4917 (The Leyka plugin for WordPress is vulnerable to Sensitive Information  ...)
+	TODO: check
+CVE-2023-4916 (The Login with phone number plugin for WordPress is vulnerable to Cros ...)
+	TODO: check
+CVE-2023-4915 (The WP User Control plugin for WordPress is vulnerable to unauthorized ...)
+	TODO: check
+CVE-2023-4400 (A password management vulnerability in Skyhigh Secure Web Gateway (SWG ...)
+	TODO: check
+CVE-2023-4213 (The Simplr Registration Form Plus+ plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2023-4153 (The BAN Users plugin for WordPress is vulnerable to privilege escalati ...)
+	TODO: check
+CVE-2023-41423 (Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 a ...)
+	TODO: check
+CVE-2023-39073 (An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arb ...)
+	TODO: check
 CVE-2023-3867 [ksmbd: add missing compound request handing in some commands]
 	- linux 6.4.11-1
 	[bookworm] - linux 6.1.52-1
@@ -19,7 +37,7 @@ CVE-2023-3865 [ksmbd: fix out-of-bound read in smb2_write]
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-980/
 	NOTE: https://git.kernel.org/linus/5fe7f7b78290638806211046a99f031ff26164e1 (6.4)
-CVE-2023-4813 [potential use-after-free in gaih_inet()]
+CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_inet fun ...)
 	- glibc 2.36-3
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36)
@@ -282,34 +300,34 @@ CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for WordPre
 	NOT-FOR-US: JQuery Accordion Menu Widget for WordPress plugin for WordPress
 CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for WordPress  ...)
 	NOT-FOR-US: Google Maps Plugin by Intergeo for WordPress plugin for WordPress
-CVE-2023-4909
+CVE-2023-4909 (Inappropriate implementation in Interstitials in Google Chrome prior t ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4908
+CVE-2023-4908 (Inappropriate implementation in Picture in Picture in Google Chrome pr ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4907
+CVE-2023-4907 (Inappropriate implementation in Intents in Google Chrome on Android pr ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4906
+CVE-2023-4906 (Insufficient policy enforcement in Autofill in Google Chrome prior to  ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4905
+CVE-2023-4905 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4904
+CVE-2023-4904 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4903
+CVE-2023-4903 (Inappropriate implementation in Custom Mobile Tabs in Google Chrome on ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4902
+CVE-2023-4902 (Inappropriate implementation in Input in Google Chrome prior to 117.0. ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4901
+CVE-2023-4901 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4900
+CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187  ...)
@@ -45812,8 +45830,8 @@ CVE-2022-47639
 	RESERVED
 CVE-2022-47638
 	RESERVED
-CVE-2022-47637
-	RESERVED
+CVE-2022-47637 (The installer in XAMPP through 8.1.12 allows local users to write to t ...)
+	TODO: check
 CVE-2022-47636 (A DLL hijacking vulnerability has been discovered in OutSystems Servic ...)
 	NOT-FOR-US: OutSystems Service Studio
 CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d36829fffaa781d66eabe1883e10bd8d7aedc1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d36829fffaa781d66eabe1883e10bd8d7aedc1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230913/ef12350b/attachment.htm>

More information about the debian-security-tracker-commits mailing list