Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a0b402b by security tracker role at 2023-09-22T08:24:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-5068 (Delta Electronics DIAScreen may write past the end of an
allocated bu ...)
+ TODO: check
+CVE-2023-4774 (The WP-Matomo Integration (WP-Piwik) plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2023-4716 (The Media Library Assistant plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2023-43784 (Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields
that are ...)
+ TODO: check
+CVE-2023-43783 (Cadence through 0.9.2 2023-08-21 uses an Insecure
/tmp/cadence-wineasi ...)
+ TODO: check
+CVE-2023-43782 (Cadence through 0.9.2 2023-08-21 uses an Insecure
/tmp/.cadence-aloop- ...)
+ TODO: check
+CVE-2023-43771 (In nqptp-message-handlers.c in nqptp before 1.2.3, crafted
packets rec ...)
+ TODO: check
+CVE-2023-43767 (Certain WithSecure products allow Denial of Service via the
aepack arc ...)
+ TODO: check
+CVE-2023-43766 (Certain WithSecure products allow Local privilege escalation
via the l ...)
+ TODO: check
+CVE-2023-43765 (Certain WithSecure products allow Denial of Service in the
aeelf compo ...)
+ TODO: check
+CVE-2023-43764 (Certain WithSecure products allow Unauthenticated Remote Code
Executio ...)
+ TODO: check
+CVE-2023-43763 (Certain WithSecure products allow XSS via an unvalidated
parameter in ...)
+ TODO: check
+CVE-2023-43762 (Certain WithSecure products allow Unauthenticated Remote Code
Executio ...)
+ TODO: check
+CVE-2023-43761 (Certain WithSecure products allow Denial of Service (infinite
loop). T ...)
+ TODO: check
+CVE-2023-43760 (Certain WithSecure products allow Denial of Service via a
fuzzed PE32 ...)
+ TODO: check
+CVE-2023-43128 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11
is vulner ...)
+ TODO: check
+CVE-2023-42261 (Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable
to Insec ...)
+ TODO: check
+CVE-2023-41616 (A reflected cross-site scripting (XSS) vulnerability in the
Search Stu ...)
+ TODO: check
+CVE-2023-41614 (A stored cross-site scripting (XSS) vulnerability in the Add
Animal De ...)
+ TODO: check
+CVE-2023-38344 (An issue was discovered in Ivanti Endpoint Manager before 2022
SU4. A ...)
+ TODO: check
+CVE-2023-38343 (An XXE (XML external entity injection) vulnerability exists in
the CSE ...)
+ TODO: check
+CVE-2023-31719 (FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.)
+ TODO: check
+CVE-2023-31718 (FUXA <= 1.1.12 is vulnerable to Local via Inclusion via
/api/download.)
+ TODO: check
+CVE-2023-31717 (A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration
of confid ...)
+ TODO: check
+CVE-2023-31716 (FUXA <= 1.1.12 has a Local File Inclusion vulnerability via
file=fuxa. ...)
+ TODO: check
CVE-2023-5002
- pgadmin4 <itp> (bug #834129)
CVE-2023-3629
@@ -58,7 +108,7 @@ CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory
Traversal. The download
TODO: check
CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
NOT-FOR-US: Dreamer CMS
-CVE-2023-41993 (The issue was addressed with improved checks. This issue is
fixed in S ...)
+CVE-2023-41993 (The issue was addressed with improved checks. This issue is
fixed in i ...)
TODO: check
CVE-2023-41992 (The issue was addressed with improved checks. This issue is
fixed in i ...)
TODO: check
@@ -227,7 +277,7 @@ CVE-2023-34047 (A batch loader function in Spring for
GraphQL versions 1.1.0 - 1
TODO: check
CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application
allows an ...)
NOT-FOR-US: PaperCutNG
-CVE-2023-4504 [Postscript parsing heap-based buffer overflow]
+CVE-2023-4504 (Due to failure in validating the length provided by an
attacker-crafte ...)
- cups 2.4.2-6
[bookworm] - cups <no-dsa> (Minor issue)
[bullseye] - cups <no-dsa> (Minor issue)
@@ -440,7 +490,7 @@ CVE-2020-36766 (An issue was discovered in the Linux kernel
before 5.8.6. driver
- linux 5.8.7-1
[buster] - linux 4.19.146-1
NOTE:
https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1)
-CVE-2023-43770 (cross-site scripting (XSS) vulnerability in handling of
linkrefs in plain text messages)
+CVE-2023-43770 (Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before
1.6.3 al ...)
- roundcube 1.6.3+dfsg-1 (bug #1052059)
[bookworm] - roundcube <no-dsa> (Minor issue)
[bullseye] - roundcube <no-dsa> (Minor issue)
@@ -537,7 +587,7 @@ CVE-2023-43091 [Code injection via service.json file]
NOTE: https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588
NOTE: Introduced with merge:
https://gitlab.gnome.org/GNOME/gnome-maps/-/merge_requests/227 (v43.alpha)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea
(v45.rc)
-CVE-2023-43090 [Screenshot tool allows viewing open windows when session is
locked]
+CVE-2023-43090 (A vulnerability was found in GNOME Shell. GNOME Shell's lock
screen al ...)
{DSA-5501-1}
- gnome-shell 44.5-1 (bug #1052067)
[bullseye] - gnome-shell <not-affected> (Vulnerable code introduced in
42.beta)
@@ -41374,12 +41424,12 @@ CVE-2023-23366
RESERVED
CVE-2023-23365
RESERVED
-CVE-2023-23364
- RESERVED
-CVE-2023-23363
- RESERVED
-CVE-2023-23362
- RESERVED
+CVE-2023-23364 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-23363 (A buffer copy without checking size of input vulnerability has
been re ...)
+ TODO: check
+CVE-2023-23362 (An OS command injection vulnerability has been reported to
affect QNAP ...)
+ TODO: check
CVE-2023-23361
RESERVED
CVE-2023-23360
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0b402bd3cae8e88269efd1763a2f73710d91a6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a0b402bd3cae8e88269efd1763a2f73710d91a6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
