[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 22 Dec 2023 12:12:40 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
19d923a0 by security tracker role at 2023-12-22T20:12:21+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,109 @@
+CVE-2023-7076 (A vulnerability was found in slawkens MyAAC up to 0.8.13. It 
has been  ...)
+       TODO: check
+CVE-2023-7075 (A vulnerability was found in code-projects Point of Sales and 
Inventor ...)
+       TODO: check
+CVE-2023-51662 (The Snowflake .NET driver provides an interface to the 
Microsoft .NET  ...)
+       TODO: check
+CVE-2023-51661 (Wasmer is a WebAssembly runtime that enables containers to run 
anywher ...)
+       TODO: check
+CVE-2023-51649 (Nautobot is a Network Source of Truth and Network Automation 
Platform  ...)
+       TODO: check
+CVE-2023-51448 (Cacti provides an operational monitoring and fault management 
framewor ...)
+       TODO: check
+CVE-2023-51035 (TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to 
arbitrary com ...)
+       TODO: check
+CVE-2023-51034 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to 
arbitrary com ...)
+       TODO: check
+CVE-2023-51033 (TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to 
arbitrary com ...)
+       TODO: check
+CVE-2023-51028 (TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized  ...)
+       TODO: check
+CVE-2023-51027 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51026 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51025 (TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an 
unauthori ...)
+       TODO: check
+CVE-2023-51024 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51023 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
arbitrary co ...)
+       TODO: check
+CVE-2023-51022 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51021 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51020 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51019 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51018 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51017 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51016 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51015 (TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
arbitrary co ...)
+       TODO: check
+CVE-2023-51014 (TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51013 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51012 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-51011 (TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to 
unauthorized ...)
+       TODO: check
+CVE-2023-50725 (Resque is a Redis-backed Ruby library for creating background 
jobs, pl ...)
+       TODO: check
+CVE-2023-50714 (yii2-authclient is an extension that adds OpenID, OAuth, 
OAuth2 and Op ...)
+       TODO: check
+CVE-2023-50712 (Iris is a web collaborative platform aiming to help incident 
responder ...)
+       TODO: check
+CVE-2023-50708 (yii2-authclient is an extension that adds OpenID, OAuth, 
OAuth2 and Op ...)
+       TODO: check
+CVE-2023-50569 (Reflected Cross Site Scripting (XSS) vulnerability in Cacti 
v1.2.25, a ...)
+       TODO: check
+CVE-2023-50259 (Medusa is an automatic video library manager for TV shows. 
Versions pr ...)
+       TODO: check
+CVE-2023-50258 (Medusa is an automatic video library manager for TV shows. 
Versions pr ...)
+       TODO: check
+CVE-2023-50254 (Deepin Linux's default document reader `deepin-reader` 
software suffer ...)
+       TODO: check
+CVE-2023-50250 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       TODO: check
+CVE-2023-50147 (There is an arbitrary command execution vulnerability in the 
setDiagno ...)
+       TODO: check
+CVE-2023-49792 (Nextcloud Server provides data storage for Nextcloud, an open 
source c ...)
+       TODO: check
+CVE-2023-49791 (Nextcloud Server provides data storage for Nextcloud, an open 
source c ...)
+       TODO: check
+CVE-2023-49790 (The Nextcloud iOS Files app allows users of iOS to interact 
with Nextc ...)
+       TODO: check
+CVE-2023-49391 (An issue was discovered in free5GC version 3.3.0, allows 
remote attack ...)
+       TODO: check
+CVE-2023-49356 (A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows 
an atta ...)
+       TODO: check
+CVE-2023-49088 (Cacti is an open source operational monitoring and fault 
management fr ...)
+       TODO: check
+CVE-2023-49085 (Cacti provides an operational monitoring and fault management 
framewor ...)
+       TODO: check
+CVE-2023-48704 (ClickHouse is an open-source column-oriented database 
management syste ...)
+       TODO: check
+CVE-2023-48670 (Dell SupportAssist for Home PCs version 3.14.1 and prior 
versions cont ...)
+       TODO: check
+CVE-2023-45957 (A stored cross-site scripting (XSS) vulnerability in the 
component adm ...)
+       TODO: check
+CVE-2023-45165 (IBM AIX 7.2 and 7.3 could allow a non-privileged local user to 
exploit ...)
+       TODO: check
+CVE-2023-43741 (A time-of-check-time-of-use race condition vulnerability in 
Buildkite  ...)
+       TODO: check
+CVE-2023-43116 (A symbolic link following vulnerability in Buildkite Elastic 
CI for AW ...)
+       TODO: check
+CVE-2023-43088 (Dell Client BIOS contains a pre-boot direct memory access 
(DMA) vulner ...)
+       TODO: check
+CVE-2023-42017 (IBM Planning Analytics Local 2.0 could allow a remote attacker 
to uplo ...)
+       TODO: check
+CVE-2023-39251 (Dell BIOS contains an Improper Input Validation vulnerability. 
A local ...)
+       TODO: check
 CVE-2023-XXXX [XSS issue fixed in 4.1.13 upstream]
        - spip 4.1.13+dfsg-1 (bug #1059331)
        [bookworm] - spip <no-dsa> (Minor issue)
@@ -137,7 +243,7 @@ CVE-2023-37520 (UnauthenticatedStored Cross-Site Scripting 
(XSS) vulnerability i
        NOT-FOR-US: HCL
 CVE-2023-37519 (Unauthenticated Stored Cross-Site Scripting (XSS) 
vulnerability. This  ...)
        NOT-FOR-US: HCL
-CVE-2023-42465 [Targeted Corruption of Register and Stack Variables]
+CVE-2023-42465 (Sudo before 1.9.15 might allow row hammer attacks (for 
authentication  ...)
        - sudo 1.9.15p2-2
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/9
        NOTE: 
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
 (SUDO_1_9_15p1)
@@ -957,6 +1063,7 @@ CVE-2023-5348 (The Product Catalog Mode For WooCommerce 
WordPress plugin before
 CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin 
before ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur 
if a us ...)
+       {DSA-5586-1}
        - openssh 1:9.6p1-1
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
        NOTE: 
https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
 (V_9_6_P1)
@@ -1020,6 +1127,7 @@ CVE-2023-32725 (The website configured in the URL widget 
will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API 
server in Bo ...)
        NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, 
found in O ...)
+       {DSA-5586-1}
        - dropbear <unfixed> (bug #1059001)
        - erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
        [bookworm] - erlang <no-dsa> (Minor issue)
@@ -91082,8 +91190,8 @@ CVE-2022-39339 (user_oidc is an OpenID Connect user 
backend for Nextcloud. In ve
        NOT-FOR-US: Nextcloud addon
 CVE-2022-39338 (user_oidc is an OpenID Connect user backend for Nextcloud. 
Versions pr ...)
        NOT-FOR-US: Nextcloud addon
-CVE-2022-39337
-       RESERVED
+CVE-2022-39337 (Hertzbeat is an open source, real-time monitoring system with 
custom-m ...)
+       TODO: check
 CVE-2022-39336
        RESERVED
 CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and 
maintained by  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19d923a0992a2c53ad94ac02dbc2c0a7776326a5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19d923a0992a2c53ad94ac02dbc2c0a7776326a5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to