[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 13 Sep 2023 01:12:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
50d36829 by security tracker role at 2023-09-13T08:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4928 (SQL Injection in GitHub repository instantsoft/icms2 prior to 
2.16.1.)
+       TODO: check
+CVE-2023-4917 (The Leyka plugin for WordPress is vulnerable to Sensitive 
Information  ...)
+       TODO: check
+CVE-2023-4916 (The Login with phone number plugin for WordPress is vulnerable 
to Cros ...)
+       TODO: check
+CVE-2023-4915 (The WP User Control plugin for WordPress is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-4400 (A password management vulnerability in Skyhigh Secure Web 
Gateway (SWG ...)
+       TODO: check
+CVE-2023-4213 (The Simplr Registration Form Plus+ plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2023-4153 (The BAN Users plugin for WordPress is vulnerable to privilege 
escalati ...)
+       TODO: check
+CVE-2023-41423 (Cross Site Scripting vulnerability in WP Githuber MD plugin 
v.1.16.2 a ...)
+       TODO: check
+CVE-2023-39073 (An issue in SNMP Web Pro v.1.1 allows a remote attacker to 
execute arb ...)
+       TODO: check
 CVE-2023-3867 [ksmbd: add missing compound request handing in some commands]
        - linux 6.4.11-1
        [bookworm] - linux 6.1.52-1
@@ -19,7 +37,7 @@ CVE-2023-3865 [ksmbd: fix out-of-bound read in smb2_write]
        [buster] - linux <not-affected> (Vulnerable code not present)
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-980/
        NOTE: 
https://git.kernel.org/linus/5fe7f7b78290638806211046a99f031ff26164e1 (6.4)
-CVE-2023-4813 [potential use-after-free in gaih_inet()]
+CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the 
gaih_inet fun ...)
        - glibc 2.36-3
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931
        NOTE: Fixed by: 
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215
 (glibc-2.36)
@@ -282,34 +300,34 @@ CVE-2023-4890 (The JQuery Accordion Menu Widget for 
WordPress plugin for WordPre
        NOT-FOR-US: JQuery Accordion Menu Widget for WordPress plugin for 
WordPress
 CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for 
WordPress  ...)
        NOT-FOR-US: Google Maps Plugin by Intergeo for WordPress plugin for 
WordPress
-CVE-2023-4909
+CVE-2023-4909 (Inappropriate implementation in Interstitials in Google Chrome 
prior t ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4908
+CVE-2023-4908 (Inappropriate implementation in Picture in Picture in Google 
Chrome pr ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4907
+CVE-2023-4907 (Inappropriate implementation in Intents in Google Chrome on 
Android pr ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4906
+CVE-2023-4906 (Insufficient policy enforcement in Autofill in Google Chrome 
prior to  ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4905
+CVE-2023-4905 (Inappropriate implementation in Prompts in Google Chrome prior 
to 117. ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4904
+CVE-2023-4904 (Insufficient policy enforcement in Downloads in Google Chrome 
prior to ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4903
+CVE-2023-4903 (Inappropriate implementation in Custom Mobile Tabs in Google 
Chrome on ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4902
+CVE-2023-4902 (Inappropriate implementation in Input in Google Chrome prior to 
117.0. ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4901
+CVE-2023-4901 (Inappropriate implementation in Prompts in Google Chrome prior 
to 117. ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-4900
+CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on 
Androi ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 
116.0.5845.187  ...)
@@ -45812,8 +45830,8 @@ CVE-2022-47639
        RESERVED
 CVE-2022-47638
        RESERVED
-CVE-2022-47637
-       RESERVED
+CVE-2022-47637 (The installer in XAMPP through 8.1.12 allows local users to 
write to t ...)
+       TODO: check
 CVE-2022-47636 (A DLL hijacking vulnerability has been discovered in 
OutSystems Servic ...)
        NOT-FOR-US: OutSystems Service Studio
 CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, 
and WMS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d36829fffaa781d66eabe1883e10bd8d7aedc1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d36829fffaa781d66eabe1883e10bd8d7aedc1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to