[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 01 Sep 2023 13:12:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5263ddab by security tracker role at 2023-09-01T20:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,18 +1,116 @@
-CVE-2023-4647
+CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac 
prior to ...)
+       TODO: check
+CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 
2.3-DEV.)
+       TODO: check
+CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub 
repository ...)
+       TODO: check
+CVE-2023-4714 (A vulnerability was found in PlayTube 3.0.1 and classified as 
problema ...)
+       TODO: check
+CVE-2023-4713 (A vulnerability has been found in IBOS OA 4.5.5 and classified 
as crit ...)
+       TODO: check
+CVE-2023-4712 (A vulnerability, which was classified as critical, was found in 
Xintia ...)
+       TODO: check
+CVE-2023-4711 (A vulnerability, which was classified as critical, has been 
found in D ...)
+       TODO: check
+CVE-2023-4710 (A vulnerability classified as problematic was found in TOTVS RM 
12.1.  ...)
+       TODO: check
+CVE-2023-4709 (A vulnerability classified as problematic has been found in 
TOTVS RM 1 ...)
+       TODO: check
+CVE-2023-4708 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has 
been r ...)
+       TODO: check
+CVE-2023-4707 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has 
been d ...)
+       TODO: check
+CVE-2023-4704 (External Control of System or Configuration Setting in GitHub 
reposito ...)
+       TODO: check
+CVE-2023-41633 (Catdoc v0.95 was discovered to contain a NULL pointer 
dereference via  ...)
+       TODO: check
+CVE-2023-41628 (An issue in O-RAN Software Community E2 G-Release allows 
attackers to  ...)
+       TODO: check
+CVE-2023-41627 (O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not 
validate the  ...)
+       TODO: check
+CVE-2023-41364 (In tine through 2023.01.14.325, the sort parameter of the 
/index.php e ...)
+       TODO: check
+CVE-2023-41051 (In a typical Virtual Machine Monitor (VMM) there are several 
component ...)
+       TODO: check
+CVE-2023-41049 (@dcl/single-sign-on-client is an open source npm library which 
deals w ...)
+       TODO: check
+CVE-2023-41046 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
+CVE-2023-40980 (File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and 
before  ...)
+       TODO: check
+CVE-2023-40970 (Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is 
vulnerabl ...)
+       TODO: check
+CVE-2023-40969 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is 
vulnerable ...)
+       TODO: check
+CVE-2023-40968 (Buffer Overflow vulnerability in hzeller timg v.1.5.2 and 
before allow ...)
+       TODO: check
+CVE-2023-40771 (SQL injection vulnerability in DataEase v.1.18.9 allows a 
remote attac ...)
+       TODO: check
+CVE-2023-40239 (Certain Lexmark devices (such as CS310) before 2023-08-25 
allow XXE at ...)
+       TODO: check
+CVE-2023-3210 (An issue has been discovered in GitLab affecting all versions 
starting ...)
+       TODO: check
+CVE-2023-39714 (Multiple cross-site scripting (XSS) vulnerabilities in Free 
and Open S ...)
+       TODO: check
+CVE-2023-39710 (Multiple cross-site scripting (XSS) vulnerabilities in Free 
and Open S ...)
+       TODO: check
+CVE-2023-39703 (A cross site scripting (XSS) vulnerability in the Markdown 
Editor comp ...)
+       TODO: check
+CVE-2023-39685 (An issue in hjson-java up to v3.0.0 allows attackers to cause 
a Denial ...)
+       TODO: check
+CVE-2023-39631 (An issue in LanChain-ai Langchain v.0.0.245 allows a remote 
attacker t ...)
+       TODO: check
+CVE-2023-39582 (SQL Injection vulnerability in Chamilo LMS v.1.11 thru 
v.1.11.20 allow ...)
+       TODO: check
+CVE-2023-37997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Dharmesh ...)
+       TODO: check
+CVE-2023-37994 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-37986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in mini ...)
+       TODO: check
+CVE-2023-37893 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Chop-Cho ...)
+       TODO: check
+CVE-2023-37830 (A cross-site scripting (XSS) vulnerability in General 
Solutions Steine ...)
+       TODO: check
+CVE-2023-37829 (A cross-site scripting (XSS) vulnerability in General 
Solutions Steine ...)
+       TODO: check
+CVE-2023-37828 (A cross-site scripting (XSS) vulnerability in General 
Solutions Steine ...)
+       TODO: check
+CVE-2023-37827 (A cross-site scripting (XSS) vulnerability in General 
Solutions Steine ...)
+       TODO: check
+CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in General 
Solutions Steine ...)
+       TODO: check
+CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath 
before  ...)
+       TODO: check
+CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit 
421f2e91cf2ba424 ...)
+       TODO: check
+CVE-2023-36326 (Integer Overflow vulnerability in RELIC before commit 
34580d840469361b ...)
+       TODO: check
+CVE-2023-36187 (Buffer Overflow vulnerability in NETGEAR R6400v2 before 
version 1.0.4. ...)
+       TODO: check
+CVE-2023-36100 (An issue was discovered in IceCMS version 2.0.1, allows 
attackers to e ...)
+       TODO: check
+CVE-2023-36088 (Server Side Request Forgery (SSRF) vulnerability in 
NebulaGraph Studio ...)
+       TODO: check
+CVE-2023-36076 (SQL Injection vulnerability in smanga version 3.1.9 and 
earlier, allow ...)
+       TODO: check
+CVE-2023-34011 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Shop ...)
+       TODO: check
+CVE-2023-4647 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
-CVE-2023-3205
+CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
-CVE-2023-4018
+CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2023-4638
        - gitlab <unfixed>
 CVE-2023-4630
        - gitlab <unfixed>
-CVE-2023-3950
+CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all 
versions fr ...)
        - gitlab <not-affected> (Specific to EE)
-CVE-2023-4378
+CVE-2023-4378 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab <unfixed>
-CVE-2023-3915
+CVE-2023-3915 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2023-40325
        - moodle <removed>
@@ -553,7 +651,7 @@ CVE-2023-4585
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4585
 CVE-2023-4584
-       {DSA-5485-1}
+       {DSA-5485-1 DLA-3553-1}
        - firefox-esr 115.2.0esr-1
        - firefox 117.0-1
        - thunderbird 1:115.2.0-1
@@ -583,7 +681,7 @@ CVE-2023-4582
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4582
 CVE-2023-4581
-       {DSA-5485-1}
+       {DSA-5485-1 DLA-3553-1}
        - firefox-esr 115.2.0esr-1
        - firefox 117.0-1
        - thunderbird 1:115.2.0-1
@@ -643,7 +741,7 @@ CVE-2023-4576
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4576
 CVE-2023-4575
-       {DSA-5485-1}
+       {DSA-5485-1 DLA-3553-1}
        - firefox-esr 115.2.0esr-1
        - firefox 117.0-1
        - thunderbird 1:115.2.0-1
@@ -652,7 +750,7 @@ CVE-2023-4575
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4575
 CVE-2023-4574
-       {DSA-5485-1}
+       {DSA-5485-1 DLA-3553-1}
        - firefox-esr 115.2.0esr-1
        - firefox 117.0-1
        - thunderbird 1:115.2.0-1
@@ -661,7 +759,7 @@ CVE-2023-4574
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4574
 CVE-2023-4573
-       {DSA-5485-1}
+       {DSA-5485-1 DLA-3553-1}
        - firefox-esr 115.2.0esr-1
        - firefox 117.0-1
        - thunderbird 1:115.2.0-1
@@ -22196,8 +22294,7 @@ CVE-2023-1557 (A vulnerability was found in 
SourceCodester E-Commerce System 1.0
        NOT-FOR-US: SourceCodester E-Commerce System
 CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management 
System  ...)
        NOT-FOR-US: SourceCodester Judging Management System
-CVE-2023-1555
-       RESERVED
+CVE-2023-1555 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2013-10022 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: WordPress plugin
@@ -22548,8 +22645,7 @@ CVE-2023-27927 (An authenticated malicious user could 
acquire the simple mail tr
        NOT-FOR-US: SAUTER
 CVE-2023-22300 (An unauthenticated remote attacker could force all 
authenticated users ...)
        NOT-FOR-US: SAUTER
-CVE-2023-1523
-       RESERVED
+CVE-2023-1523 (Using the TIOCLINUX ioctl request, a malicious snap could 
inject conte ...)
        - snapd 2.59.5-1
        [bookworm] - snapd <no-dsa> (Minor issue)
        [bullseye] - snapd <no-dsa> (Minor issue)
@@ -23485,8 +23581,8 @@ CVE-2023-28371 (In Stellarium through 1.2, attackers 
can write to files that are
        NOTE: 
https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb
 CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware versions prior to 
'T2600G-28SQ( ...)
        NOT-FOR-US: TP-Link
-CVE-2023-28366
-       RESERVED
+CVE-2023-28366 (The broker in Eclipse Mosquitto 1.3.2 through 2.x before 
2.0.16 has a  ...)
+       TODO: check
 CVE-2023-28365 (A backup file vulnerability found in UniFi applications 
(Version 7.3.8 ...)
        NOT-FOR-US: UniFi
 CVE-2023-28364 (An Open Redirect vulnerability exists prior to version 
1.52.117, where ...)
@@ -24900,8 +24996,7 @@ CVE-2023-1281 (Use After Free vulnerability in Linux 
kernel traffic control inde
        NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3
 CVE-2023-1280
        RESERVED
-CVE-2023-1279
-       RESERVED
+CVE-2023-1279 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2023-1278 (A vulnerability, which was classified as problematic, has been 
found i ...)
        NOT-FOR-US: IBOS
@@ -32367,8 +32462,8 @@ CVE-2023-25490 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
        NOT-FOR-US: WordPress plugin
 CVE-2023-25489
        RESERVED
-CVE-2023-25488
-       RESERVED
+CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Duc  ...)
+       TODO: check
 CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade 
PixTypes ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25486
@@ -32389,8 +32484,8 @@ CVE-2023-25479 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
        NOT-FOR-US: WordPress plugin
 CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet 
Weather ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-25477
-       RESERVED
+CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Yotu ...)
+       TODO: check
 CVE-2023-25476
        RESERVED
 CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir 
Prelovac S ...)
@@ -33452,12 +33547,12 @@ CVE-2023-25046 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
        NOT-FOR-US: WordPress plugin
 CVE-2023-25045
        RESERVED
-CVE-2023-25044
-       RESERVED
+CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Sumo ...)
+       TODO: check
 CVE-2023-25043
        RESERVED
-CVE-2023-25042
-       RESERVED
+CVE-2023-25042 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Liam ...)
+       TODO: check
 CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Cththeme ...)
        NOT-FOR-US: WordPress theme
 CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
@@ -34490,10 +34585,10 @@ CVE-2023-24677
        RESERVED
 CVE-2023-24676
        RESERVED
-CVE-2023-24675
-       RESERVED
-CVE-2023-24674
-       RESERVED
+CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 
allows attack ...)
+       TODO: check
+CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows 
local att ...)
+       TODO: check
 CVE-2023-24673
        RESERVED
 CVE-2023-24672
@@ -35535,8 +35630,8 @@ CVE-2023-24414 (Cross-Site Request Forgery (CSRF) 
vulnerability in RoboSoft Phot
        NOT-FOR-US: WordPress plugin
 CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
I Thirte ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-24412
-       RESERVED
+CVE-2023-24412 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Web- ...)
+       TODO: check
 CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-24410
@@ -37260,8 +37355,8 @@ CVE-2023-23765 (An incorrect comparison vulnerability 
was identified in GitHub E
        NOT-FOR-US: Github Enterprise Server
 CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub 
Enterpr ...)
        NOT-FOR-US: Github Enterprise Server
-CVE-2023-23763
-       RESERVED
+CVE-2023-23763 (An authorization/sensitive information disclosure 
vulnerability was id ...)
+       TODO: check
 CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub 
Enterpr ...)
        NOT-FOR-US: Github Enterprise Server
 CVE-2023-23761 (An improper authentication vulnerability was identified in 
GitHub Ente ...)
@@ -40274,8 +40369,7 @@ CVE-2023-0122 (A NULL pointer dereference vulnerability 
in the Linux kernel NVMe
        - linux <not-affected> (Vulnerable code not present in any released 
Debian version)
 CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE 
affecting all ...)
        - gitlab 15.10.8+ds1-2
-CVE-2023-0120
-       RESERVED
+CVE-2023-0120 (An issue has been discovered in GitLab affecting all versions 
starting ...)
        - gitlab <unfixed>
 CVE-2023-0119
        RESERVED
@@ -47983,8 +48077,7 @@ CVE-2022-46769 (An improper neutralization of input 
during web page generation (
        NOT-FOR-US: Apache Sling
 CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 
leaked se ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-4343
-       RESERVED
+CVE-2022-4343 (An issue has been discovered in GitLab EE affecting all 
versions start ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all 
versions st ...)
        - gitlab 15.10.8+ds1-2
@@ -48710,8 +48803,8 @@ CVE-2022-46529
        RESERVED
 CVE-2022-46528
        RESERVED
-CVE-2022-46527
-       RESERVED
+CVE-2022-46527 (ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer 
overflow ...)
+       TODO: check
 CVE-2022-46526
        RESERVED
 CVE-2022-46525
@@ -56435,8 +56528,8 @@ CVE-2022-44351 (Skycaiji v2.5.1 was discovered to 
contain a deserialization vuln
        NOT-FOR-US: Skycaiji
 CVE-2022-44350
        RESERVED
-CVE-2022-44349
-       RESERVED
+CVE-2022-44349 (NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross 
Site Scri ...)
+       TODO: check
 CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
        NOT-FOR-US: Sanitization Management System
 CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL 
Injection via ...)
@@ -63453,8 +63546,8 @@ CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC 
Project allows user to cause
        NOT-FOR-US: OpenBMC
 CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not 
sanitise and ...)
        NOT-FOR-US: WordPress plugin
-CVE-2022-3407
-       RESERVED
+CVE-2022-3407 (I some cases, when the device is USB-tethered to a host PC, and 
the de ...)
+       TODO: check
 CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by 
administ ...)
        NOT-FOR-US: Generex CS141
 CVE-2022-42456
@@ -122504,8 +122597,8 @@ CVE-2021-46130
        RESERVED
 CVE-2022-22306 (An improper certificate validation vulnerability [CWE-295] in 
FortiOS  ...)
        NOT-FOR-US: Fortinet FortiOS
-CVE-2022-22305
-       RESERVED
+CVE-2022-22305 (An improper certificate validation vulnerability [CWE-295] 
inFortiMana ...)
+       TODO: check
 CVE-2022-22304 (An improper neutralization of input during web page generation 
vulnera ...)
        NOT-FOR-US: Fortinet
 CVE-2022-22303 (An exposure of sensitive system information to an unauthorized 
control ...)
@@ -219856,8 +219949,8 @@ CVE-2020-22614
        RESERVED
 CVE-2020-22613
        RESERVED
-CVE-2020-22612
-       RESERVED
+CVE-2020-22612 (Installer RCE on settings file write in MyBB before 1.8.22.)
+       TODO: check
 CVE-2020-22611
        RESERVED
 CVE-2020-22610



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5263ddab07bbeb35c5c9d597973ba87f63725ca8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5263ddab07bbeb35c5c9d597973ba87f63725ca8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to