[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 22 21:12:53 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f606ee7 by security tracker role at 2023-09-22T20:12:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-43640 (TaxonWorks is a web-based workbench designed for taxonomists and biodi ...)
+	TODO: check
+CVE-2023-43270 (dst-admin v1.5.0 was discovered to contain a remote command execution  ...)
+	TODO: check
+CVE-2023-43144 (Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQ ...)
+	TODO: check
+CVE-2023-42821 (The package `github.com/gomarkdown/markdown` is a Go library for parsi ...)
+	TODO: check
+CVE-2023-42812 (Galaxy is an open-source platform for FAIR data analysis. Prior to ver ...)
+	TODO: check
+CVE-2023-42811 (aes-gcm is a pure Rust implementation of the AES-GCM. Starting in vers ...)
+	TODO: check
+CVE-2023-42798 (AutomataCI is a template git repository equipped with a native built-i ...)
+	TODO: check
+CVE-2023-41031 (Command injection inhomemng.htminJuplink RX4-1500 versions V1.0.2,V1.0 ...)
+	TODO: check
+CVE-2023-41029 (Command injection vulnerability in thehomemng.htm endpointinJuplink RX ...)
+	TODO: check
+CVE-2023-41027 (Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplin ...)
+	TODO: check
+CVE-2023-40989 (SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that a ...)
+	TODO: check
+CVE-2023-38346 (An issue was discovered in Wind River VxWorks 6.9 and 7. The function  ...)
+	TODO: check
 CVE-2023-5068 (Delta Electronics DIAScreen may write past the end of an allocated  bu ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2023-4774 (The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerabl ...)
@@ -48,7 +72,7 @@ CVE-2023-31717 (A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of
 	NOT-FOR-US: FUXA
 CVE-2023-31716 (FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa. ...)
 	NOT-FOR-US: FUXA
-CVE-2023-5002
+CVE-2023-5002 (A flaw was found in pgAdmin. This issue occurs when the pgAdmin server ...)
 	- pgadmin4 <itp> (bug #834129)
 CVE-2023-3629
 	NOT-FOR-US: Infinispan
@@ -299,6 +323,7 @@ CVE-2023-4236 (A flaw in the networking code handling DNS-over-TLS queries may c
 	NOTE: https://kb.isc.org/docs/cve-2023-4236
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/18efa454a98759bf4f3ca806d9a6ef881ff9648d (v9.18.19)
 CVE-2023-3341 (The code that processes control channel messages sent to `named` calls ...)
+	{DSA-5504-1}
 	- bind9 1:9.19.17-1 (bug #1052416)
 	NOTE: https://kb.isc.org/docs/cve-2023-3341
 	NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/432a49a7b089da6340e56d402034a586bc69f80e (v9.18.19)
@@ -496,6 +521,7 @@ CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. driver
 	[buster] - linux 4.19.146-1
 	NOTE: https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1)
 CVE-2023-43770 (Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 al ...)
+	{DLA-3577-1}
 	- roundcube 1.6.3+dfsg-1 (bug #1052059)
 	[bookworm] - roundcube <no-dsa> (Minor issue)
 	[bullseye] - roundcube <no-dsa> (Minor issue)
@@ -2212,6 +2238,7 @@ CVE-2023-4059 (The Profile Builder WordPress plugin before 3.9.8 lacks authorisa
 CVE-2023-4019 (The Media from FTP WordPress plugin before 11.17 does not properly lim ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU  ...)
+	{DLA-3578-1}
 	- lldpd 1.0.17-1
 	NOTE: Fixed by: https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b (1.0.17)
 CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_f ...)
@@ -6174,7 +6201,7 @@ CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...)
 	NOT-FOR-US: Rockwell Automation
-CVE-2023-34319 [xen/netback: Fix buffer overrun triggered by unusual packet]
+CVE-2023-34319 (The fix for XSA-423 added logic to Linux'es netback driver to deal wit ...)
 	{DSA-5492-1 DSA-5480-1}
 	- linux 6.4.11-1
 	NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
@@ -40090,8 +40117,8 @@ CVE-2023-23768
 	RESERVED
 CVE-2023-23767
 	RESERVED
-CVE-2023-23766
-	RESERVED
+CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
+	TODO: check
 CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
 	NOT-FOR-US: Github Enterprise Server
 CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...)
@@ -54779,8 +54806,7 @@ CVE-2022-4041 (Incorrect Privilege Assignment vulnerability in Hitachi Storage P
 	NOT-FOR-US: Hitachi
 CVE-2022-4040
 	RESERVED
-CVE-2022-4039
-	RESERVED
+CVE-2022-4039 (A flaw was found in Red Hat Single Sign-On for OpenShift container ima ...)
 	NOT-FOR-US: Keycloak
 CVE-2022-4038
 	RESERVED
@@ -56355,8 +56381,7 @@ CVE-2022-3876 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome
 CVE-2022-3875 (A vulnerability classified as critical was found in Click Studios Pass ...)
 	NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome
-CVE-2022-3874
-	RESERVED
+CVE-2022-3874 (A command injection flaw was found in foreman. This flaw allows an aut ...)
 	- foreman <itp> (bug #663101)
 CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio pr ...)
 	NOT-FOR-US: jgraph/drawio
@@ -99230,7 +99255,7 @@ CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue m
 	NOT-FOR-US: Intel
 CVE-2022-29478
 	RESERVED
-CVE-2022-29470 (Improper access control in the Intel DTT Software before version 8.7.1 ...)
+CVE-2022-29470 (Improper access control in the Intel\xae DTT Software before version 8 ...)
 	NOT-FOR-US: Intel
 CVE-2022-28693
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f606ee72475da111673869d7f61986ef5ef9b46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f606ee72475da111673869d7f61986ef5ef9b46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230922/1eee6f49/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list