[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 27 Oct 2023 13:12:54 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6e329afb by security tracker role at 2023-10-27T20:12:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-5829 (A vulnerability was found in code-projects Admission Management 
System ...)
+       TODO: check
+CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial 
Develo ...)
+       TODO: check
+CVE-2023-5827 (A vulnerability was found in Shanghai CTI Navigation CTI 
Monitoring an ...)
+       TODO: check
+CVE-2023-5826 (A vulnerability was found in Netentsec NS-ASG Application 
Security Gat ...)
+       TODO: check
+CVE-2023-5821 (The Thumbnail carousel slider plugin for WordPress is 
vulnerable to Cr ...)
+       TODO: check
+CVE-2023-5820 (The Thumbnail Slider With Lightbox plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2023-5817 (The Neon text plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2023-5807 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-5774 (The Animated Counters plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2023-5705 (The VK Filter Search plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2023-5570 (Improper Protection for Outbound Error Messages and Alert 
Signals vuln ...)
+       TODO: check
+CVE-2023-5443 (Improper Protection for Outbound Error Messages and Alert 
Signals vuln ...)
+       TODO: check
+CVE-2023-4967 (Denial of Service in NetScaler ADC and NetScaler Gateway when 
configur ...)
+       TODO: check
+CVE-2023-46853 (In Memcached before 1.6.22, an off-by-one error exists when 
processing ...)
+       TODO: check
+CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when 
processing m ...)
+       TODO: check
+CVE-2023-46604 (Apache ActiveMQ is vulnerable to Remote Code Execution.The 
vulnerabili ...)
+       TODO: check
+CVE-2023-46407 (FFmpeg prior to commit bf814 was discovered to contain an out 
of bound ...)
+       TODO: check
+CVE-2023-46394 (A stored cross-site scripting (XSS) vulnerability in 
/home/user/edit_s ...)
+       TODO: check
+CVE-2023-46393 (gougucms v4.08.18 was discovered to contain a password reset 
poisoning ...)
+       TODO: check
+CVE-2023-46290 (Due to inadequate code logic, a previously unauthenticated 
threat acto ...)
+       TODO: check
+CVE-2023-46289 (Rockwell Automation FactoryTalk View Site Edition 
insufficiently valid ...)
+       TODO: check
+CVE-2023-46246 (Vim is an improved version of the good old UNIX editor Vi. 
Heap-use-af ...)
+       TODO: check
+CVE-2023-44377 (Online Art Gallery v1.0 is vulnerable to multiple 
Unauthenticated SQL  ...)
+       TODO: check
+CVE-2023-44376 (Online Art Gallery v1.0 is vulnerable to multiple 
Unauthenticated SQL  ...)
+       TODO: check
 CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder 
System 1.0.  ...)
        NOT-FOR-US: SourceCodester Task Reminder System
 CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder 
System 1.0 a ...)
@@ -30247,8 +30295,8 @@ CVE-2023-29011 (Git for Windows, the Windows port of 
Git, ships with an executab
        NOT-FOR-US: Git for Windows
 CVE-2023-29010 (Budibase is a low code platform for creating internal tools, 
workflows ...)
        NOT-FOR-US: budibase
-CVE-2023-29009
-       RESERVED
+CVE-2023-29009 (baserCMS is a website development framework with WebAPI that 
runs on P ...)
+       TODO: check
 CVE-2023-29008 (The SvelteKit framework offers developers an option to create 
simple R ...)
        NOT-FOR-US: SvelteKit
 CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 
2.31.8, 2. ...)
@@ -34370,16 +34418,16 @@ CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 
and 7.6.1.3 could disclose s
        NOT-FOR-US: IBM
 CVE-2023-27859
        RESERVED
-CVE-2023-27858
-       RESERVED
+CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary 
code execut ...)
+       TODO: check
 CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition 
occurs w ...)
        NOT-FOR-US: Rockwell
 CVE-2023-27856 (In affected versions, path traversal exists when processing a 
message  ...)
        NOT-FOR-US: Rockwell
 CVE-2023-27855 (In affected versions, a path traversal exists when processing 
a messag ...)
        NOT-FOR-US: Rockwell
-CVE-2023-27854
-       RESERVED
+CVE-2023-27854 (An arbitrary code execution vulnerability was reported to 
Rockwell Aut ...)
+       TODO: check
 CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and 
prior ve ...)
        NOT-FOR-US: OpenHarmony
 CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of 
wildcard bac ...)
@@ -53972,6 +54020,7 @@ CVE-2023-22083 (Vulnerability in the Oracle Enterprise 
Session Border Controller
 CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
        NOT-FOR-US: Oracle
 CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK 
product of ...)
+       {DSA-5537-1}
        - openjdk-8 8u392-ga-1
        - openjdk-11 11.0.21+9-1
        - openjdk-17 17.0.9+9-1
@@ -54003,6 +54052,7 @@ CVE-2023-22069 (Vulnerability in the Oracle WebLogic 
Server product of Oracle Fu
 CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2023-22067 (Vulnerability in Oracle Java SE (component: CORBA).  Supported 
version ...)
+       {DSA-5537-1}
        - openjdk-11 11.0.21+9-1
        - openjdk-8 8u392-ga-1
 CVE-2023-22066 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -68775,12 +68825,12 @@ CVE-2022-3704 (A vulnerability classified as 
problematic has been found in Ruby
        NOTE: Considered only a bug withouth security impact by the rails team
 CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 
and prio ...)
        NOT-FOR-US: ETIC Telecom Remote Access Server (RAS)
-CVE-2022-3702
-       RESERVED
-CVE-2022-3701
-       RESERVED
-CVE-2022-3700
-       RESERVED
+CVE-2022-3702 (A denial of service vulnerability was reported in Lenovo 
Vantage Hardw ...)
+       TODO: check
+CVE-2022-3701 (A privilege elevation vulnerability was reported in the Lenovo 
Vantage ...)
+       TODO: check
+CVE-2022-3700 (A Time of Check Time of Use (TOCTOU) vulnerability was reported 
in the ...)
+       TODO: check
 CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo 
Hardwa ...)
        NOT-FOR-US: Lenovo
 CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo 
HardwareS ...)
@@ -68852,8 +68902,8 @@ CVE-2022-3683 (A vulnerability exists in the SDM600 API 
web services authorizati
        NOT-FOR-US: ABB SDM600
 CVE-2022-3682 (A vulnerability exists in the SDM600 file permission 
validation.  An a ...)
        NOT-FOR-US: ABB SDM600
-CVE-2022-3681
-       RESERVED
+CVE-2022-3681 (A vulnerability has been identified in the MR2600 router 
v1.0.18 and e ...)
+       TODO: check
 CVE-2022-43746
        RESERVED
 CVE-2022-43745
@@ -69837,8 +69887,8 @@ CVE-2022-3613 (An issue has been discovered in GitLab 
CE/EE affecting all versio
        - gitlab 15.10.8+ds1-2
 CVE-2022-3612
        RESERVED
-CVE-2022-3611
-       RESERVED
+CVE-2022-3611 (An information disclosure vulnerability has been identified in 
the Len ...)
+       TODO: check
 CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does 
not sa ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does 
not sani ...)
@@ -72604,8 +72654,8 @@ CVE-2022-38451 (A directory traversal vulnerability 
exists in the httpd update.c
        NOT-FOR-US: FreshTomato
 CVE-2022-38091
        RESERVED
-CVE-2022-3429
-       RESERVED
+CVE-2022-3429 (A denial-of-service vulnerability was found in the firmware 
used in Le ...)
+       TODO: check
 CVE-2022-3428
        RESERVED
 CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site 
Request ...)
@@ -93306,10 +93356,10 @@ CVE-2022-34889 (This vulnerability allows local 
attackers to escalate privileges
        NOT-FOR-US: Parallels
 CVE-2022-34888 (The Remote Mount feature can potentially be abused by valid, 
authentic ...)
        NOT-FOR-US: Lenovo
-CVE-2022-34887
-       RESERVED
-CVE-2022-34886
-       RESERVED
+CVE-2022-34887 (Standard users can directly operate and set printer 
configuration info ...)
+       TODO: check
+CVE-2022-34886 (A remote code execution vulnerability was found in the 
firmware used i ...)
+       TODO: check
 CVE-2022-34885 (An improper input sanitization vulnerability in the Motorola 
MR2600 ro ...)
        NOT-FOR-US: Motorola
 CVE-2022-34884 (A buffer overflow exists in the Remote Presence subsystem 
which can po ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e329afb752bdcc0b755308362564e1486032d89

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e329afb752bdcc0b755308362564e1486032d89
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to