[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 18 21:12:35 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c857920 by security tracker role at 2023-09-18T20:12:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-42387 (An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a rem ...)
+ TODO: check
+CVE-2023-42371 (Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0. ...)
+ TODO: check
+CVE-2023-42359 (SQL injection vulnerability in Exam Form Submission in PHP with Source ...)
+ TODO: check
+CVE-2023-42328 (An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remo ...)
+ TODO: check
+CVE-2023-42320 (Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.1 ...)
+ TODO: check
+CVE-2023-42253 (Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scrip ...)
+ TODO: check
+CVE-2023-41965 (Sending some requests in the web application of the vulnerable device ...)
+ TODO: check
+CVE-2023-41929 (A DLL hijacking vulnerability in Samsung Memory Card & UFD Authenticat ...)
+ TODO: check
+CVE-2023-41595 (An issue in xui-xray v1.8.3 allows attackers to obtain sensitive infor ...)
+ TODO: check
+CVE-2023-41084 (Session management within the web application is incorrect and allows ...)
+ TODO: check
+CVE-2023-41030 (Hard-coded credentials inJuplink RX4-1500 versions V1.0.2 through V1.0 ...)
+ TODO: check
+CVE-2023-40221 (The absence of filters when loading some sections in the web applicati ...)
+ TODO: check
+CVE-2023-39452 (The web application that owns the device clearly stores the credential ...)
+ TODO: check
+CVE-2023-39446 (Thanks to the weaknesses that the web application has at the user mana ...)
+ TODO: check
+CVE-2023-34999 (A command injection vulnerability exists in RTS VLink Virtual Matrix S ...)
+ TODO: check
+CVE-2023-34195 (An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyd ...)
+ TODO: check
+CVE-2023-33831 (A remote command execution (RCE) vulnerability in the /api/runscript e ...)
+ TODO: check
+CVE-2023-32187 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
+ TODO: check
+CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. drivers/medi ...)
+ TODO: check
CVE-2023-XXXX [cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages]
- roundcube 1.6.3+dfsg-1 (bug #1052059)
NOTE: https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
@@ -524,10 +562,10 @@ CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_ine
- glibc 2.36-3
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931
NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36)
-CVE-2023-4806 [potential use-after-free in getaddrinfo()]
+CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the getaddr ...)
- glibc 2.37-10
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843
-CVE-2023-4527 [Stack read overflow in getaddrinfo in no-aaaa mode]
+CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is called wit ...)
- glibc 2.37-9 (bug #1051958)
[bullseye] - glibc <not-affected> (Vulnerable code not present)
[buster] - glibc <not-affected> (Vulnerable code not present)
@@ -819,7 +857,7 @@ CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on A
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 ...)
- {DSA-5497-2 DSA-5498-1 DSA-5497-1 DSA-5496-1 DLA-3569-1 DLA-3568-1}
+ {DSA-5497-2 DSA-5498-1 DSA-5497-1 DSA-5496-1 DLA-3570-1 DLA-3569-1 DLA-3568-1}
- chromium 117.0.5938.62-1 (unimportant)
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox 117.0.1-1
@@ -2076,7 +2114,7 @@ CVE-2023-40970 (Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vul
NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian
CVE-2023-40969 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable ...)
NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian
-CVE-2023-40968 (Buffer Overflow vulnerability in hzeller timg v.1.5.2 and before allow ...)
+CVE-2023-40968 (Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allow ...)
- timg 1.5.2-1 (bug #1051231)
[bookworm] - timg <no-dsa> (Minor issue)
NOTE: https://github.com/hzeller/timg/issues/115
@@ -6288,7 +6326,7 @@ CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote a
NOT-FOR-US: typecho
CVE-2023-36298 (DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote co ...)
NOT-FOR-US: DedeCMS
-CVE-2023-36255 (An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote ...)
+CVE-2023-36255 (An issue in Eramba Limited Eramba Enterprise and Community edition v.3 ...)
NOT-FOR-US: Eramba Limited Eramba Enterprise
CVE-2023-36217 (Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remo ...)
NOT-FOR-US: Xoops CMS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c857920f382cc418083c2ba2426b5445ff2c524
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c857920f382cc418083c2ba2426b5445ff2c524
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230918/abb8e264/attachment.htm>
More information about the debian-security-tracker-commits
mailing list