[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 22 09:24:41 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a0b402b by security tracker role at 2023-09-22T08:24:28+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-5068 (Delta Electronics DIAScreen may write past the end of an allocated  bu ...)
+	TODO: check
+CVE-2023-4774 (The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2023-4716 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2023-43784 (Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are ...)
+	TODO: check
+CVE-2023-43783 (Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasi ...)
+	TODO: check
+CVE-2023-43782 (Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop- ...)
+	TODO: check
+CVE-2023-43771 (In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets rec ...)
+	TODO: check
+CVE-2023-43767 (Certain WithSecure products allow Denial of Service via the aepack arc ...)
+	TODO: check
+CVE-2023-43766 (Certain WithSecure products allow Local privilege escalation via the l ...)
+	TODO: check
+CVE-2023-43765 (Certain WithSecure products allow Denial of Service in the aeelf compo ...)
+	TODO: check
+CVE-2023-43764 (Certain WithSecure products allow Unauthenticated Remote Code Executio ...)
+	TODO: check
+CVE-2023-43763 (Certain WithSecure products allow XSS via an unvalidated parameter in  ...)
+	TODO: check
+CVE-2023-43762 (Certain WithSecure products allow Unauthenticated Remote Code Executio ...)
+	TODO: check
+CVE-2023-43761 (Certain WithSecure products allow Denial of Service (infinite loop). T ...)
+	TODO: check
+CVE-2023-43760 (Certain WithSecure products allow Denial of Service via a fuzzed PE32  ...)
+	TODO: check
+CVE-2023-43128 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...)
+	TODO: check
+CVE-2023-42261 (Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insec ...)
+	TODO: check
+CVE-2023-41616 (A reflected cross-site scripting (XSS) vulnerability in the Search Stu ...)
+	TODO: check
+CVE-2023-41614 (A stored cross-site scripting (XSS) vulnerability in the Add Animal De ...)
+	TODO: check
+CVE-2023-38344 (An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A  ...)
+	TODO: check
+CVE-2023-38343 (An XXE (XML external entity injection) vulnerability exists in the CSE ...)
+	TODO: check
+CVE-2023-31719 (FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.)
+	TODO: check
+CVE-2023-31718 (FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.)
+	TODO: check
+CVE-2023-31717 (A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confid ...)
+	TODO: check
+CVE-2023-31716 (FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa. ...)
+	TODO: check
 CVE-2023-5002
 	- pgadmin4 <itp> (bug #834129)
 CVE-2023-3629
@@ -58,7 +108,7 @@ CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download
 	TODO: check
 CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
 	NOT-FOR-US: Dreamer CMS
-CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in S ...)
+CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in i ...)
 	TODO: check
 CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in i ...)
 	TODO: check
@@ -227,7 +277,7 @@ CVE-2023-34047 (A batch loader function in Spring for GraphQL versions 1.1.0 - 1
 	TODO: check
 CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application allows an ...)
 	NOT-FOR-US: PaperCutNG
-CVE-2023-4504 [Postscript parsing heap-based buffer overflow]
+CVE-2023-4504 (Due to failure in validating the length provided by an attacker-crafte ...)
 	- cups 2.4.2-6
 	[bookworm] - cups <no-dsa> (Minor issue)
 	[bullseye] - cups <no-dsa> (Minor issue)
@@ -440,7 +490,7 @@ CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. driver
 	- linux 5.8.7-1
 	[buster] - linux 4.19.146-1
 	NOTE: https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1)
-CVE-2023-43770 (cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages)
+CVE-2023-43770 (Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 al ...)
 	- roundcube 1.6.3+dfsg-1 (bug #1052059)
 	[bookworm] - roundcube <no-dsa> (Minor issue)
 	[bullseye] - roundcube <no-dsa> (Minor issue)
@@ -537,7 +587,7 @@ CVE-2023-43091 [Code injection via service.json file]
 	NOTE: https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588
 	NOTE: Introduced with merge: https://gitlab.gnome.org/GNOME/gnome-maps/-/merge_requests/227 (v43.alpha)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea (v45.rc)
-CVE-2023-43090 [Screenshot tool allows viewing open windows when session is locked]
+CVE-2023-43090 (A vulnerability was found in GNOME Shell. GNOME Shell's lock screen al ...)
 	{DSA-5501-1}
 	- gnome-shell 44.5-1 (bug #1052067)
 	[bullseye] - gnome-shell <not-affected> (Vulnerable code introduced in 42.beta)
@@ -41374,12 +41424,12 @@ CVE-2023-23366
 	RESERVED
 CVE-2023-23365
 	RESERVED
-CVE-2023-23364
-	RESERVED
-CVE-2023-23363
-	RESERVED
-CVE-2023-23362
-	RESERVED
+CVE-2023-23364 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2023-23363 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2023-23362 (An OS command injection vulnerability has been reported to affect QNAP ...)
+	TODO: check
 CVE-2023-23361
 	RESERVED
 CVE-2023-23360



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0b402bd3cae8e88269efd1763a2f73710d91a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0b402bd3cae8e88269efd1763a2f73710d91a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230922/dc4b8627/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list