Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44d47fbb by security tracker role at 2023-09-07T08:12:38+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2023-4815 (Missing Authentication for Critical Function in GitHub
repository answ ...)
+ TODO: check
+CVE-2023-4792 (The Duplicate Post Page Menu & Custom Post Type plugin for
WordPress i ...)
+ TODO: check
+CVE-2023-4772 (The Newsletter plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2023-41329 (WireMock is a tool for mocking HTTP services. The proxy mode
of WireMo ...)
+ TODO: check
+CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be
configur ...)
+ TODO: check
+CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis
does not c ...)
+ TODO: check
+CVE-2023-40397 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
+CVE-2023-40392 (A privacy issue was addressed with improved private data
redaction for ...)
+ TODO: check
+CVE-2023-39967 (WireMock is a tool for mocking HTTP services. When certain
request URL ...)
+ TODO: check
+CVE-2023-39956 (Electron is a framework which lets you write cross-platform
desktop ap ...)
+ TODO: check
+CVE-2023-39240 (It is identified a format string vulnerability in ASUS
RT-AX56U V2\u20 ...)
+ TODO: check
+CVE-2023-39239 (It is identified a format string vulnerability in ASUS
RT-AX56U V2\u20 ...)
+ TODO: check
+CVE-2023-39238 (It is identified a format string vulnerability in ASUS
RT-AX56U V2. Th ...)
+ TODO: check
+CVE-2023-39237 (ASUS RT-AC86U Traffic Analyzer - Apps analysis function has
insufficie ...)
+ TODO: check
+CVE-2023-39236 (ASUS RT-AC86U Traffic Analyzer - Statistic function has
insufficient f ...)
+ TODO: check
+CVE-2023-38616 (A race condition was addressed with improved state handling.
This issu ...)
+ TODO: check
+CVE-2023-38605 (This issue was addressed with improved redaction of sensitive
informat ...)
+ TODO: check
+CVE-2023-38033 (ASUS RT-AC86U unused Traffic Analyzer legacy Statistic
function has in ...)
+ TODO: check
+CVE-2023-38032 (ASUS RT-AC86U AiProtection security- related function has
insufficient ...)
+ TODO: check
+CVE-2023-38031 (ASUS RT-AC86U Adaptive QoS - Web History function has
insufficient fil ...)
+ TODO: check
+CVE-2023-34357 (Soar Cloud Ltd. HR Portal has a weak Password Recovery
Mechanism for F ...)
+ TODO: check
CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble'
rule, a pac ...)
TODO: check
CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable
to Loca ...)
@@ -21466,8 +21508,8 @@ CVE-2023-29200 (Contao is an open source content
management system. Prior to ver
NOT-FOR-US: Contao
CVE-2023-29199 (There exists a vulnerability in source code transformer
(exception san ...)
NOT-FOR-US: Node vm2
-CVE-2023-29198
- RESERVED
+CVE-2023-29198 (Electron is a framework which lets you write cross-platform
desktop ap ...)
+ TODO: check
CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation
in PHP. ...)
- php-guzzlehttp-psr7 2.4.5-1 (bug #1034581)
[bullseye] - php-guzzlehttp-psr7 <no-dsa> (Minor issue; can be fixed
via point release)
@@ -38659,8 +38701,8 @@ CVE-2023-23625 (go-unixfs is an implementation of a
unix-like filesystem on top
NOT-FOR-US: go-unixfs
CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to
version 3.0. ...)
NOT-FOR-US: Discourse
-CVE-2023-23623
- RESERVED
+CVE-2023-23623 (Electron is a framework which lets you write cross-platform
desktop ap ...)
+ TODO: check
CVE-2023-23622 (Discourse is an open-source discussion platform. Prior to
version 3.0. ...)
NOT-FOR-US: Discourse
CVE-2023-23621 (Discourse is an open-source discussion platform. Prior to
version 3.0. ...)
@@ -108585,7 +108627,7 @@ CVE-2022-0902 (Improper Limitation of a Pathname to a
Restricted Directory ('Pat
NOT-FOR-US: ABB
CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do
not sa ...)
NOT-FOR-US: WordPress plugins
-CVE-2022-0900 (A Stored Cross-Site Scripting (XSS) vulnerability in
DivvyDrive's "aci ...)
+CVE-2022-0900 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: DivvyDrive
CVE-2022-0899 (The Header Footer Code Manager WordPress plugin before 1.1.24
does not ...)
NOT-FOR-US: WordPress plugin
@@ -134218,9 +134260,9 @@ CVE-2021-43364
RESERVED
CVE-2021-43363
RESERVED
-CVE-2021-43362 (Due to improper sanitization MedData HBYS software suffers
from a remo ...)
+CVE-2021-43362 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: MedData HBYS software
-CVE-2021-43361 (Due to improper sanitization MedData HBYS software suffers
from a remo ...)
+CVE-2021-43361 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: MedData HBYS software
CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule\u2019s serialization
functio ...)
NOT-FOR-US: Sunnet eHRD
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44d47fbbfee2ba1b04cfce57b9411d166d176522
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44d47fbbfee2ba1b04cfce57b9411d166d176522
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
