[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 31 Dec 2023 00:11:58 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
62de7bcd by security tracker role at 2023-12-31T08:11:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,25 @@
+CVE-2023-52286 (Tencent tdsqlpcloud through 1.8.5 allows unauthenticated 
remote attack ...)
+       TODO: check
+CVE-2023-52284 (Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro 
Runtime or ...)
+       TODO: check
+CVE-2023-52277 (Royal RoyalTSX before 6.0.2.1 allows attackers to cause a 
denial of se ...)
+       TODO: check
+CVE-2023-52275 (Gallery3d on Tecno Camon X CA7 devices allows attackers to 
view hidden ...)
+       TODO: check
+CVE-2023-52269 (MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted 
Message ...)
+       TODO: check
+CVE-2023-52267 (ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log 
out-of-bounds-rea ...)
+       TODO: check
+CVE-2023-52266 (ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func 
use-after ...)
+       TODO: check
+CVE-2023-52265 (IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS 
via a PATC ...)
+       TODO: check
+CVE-2023-52264 (The beesblog (aka Bees Blog) component before 1.6.2 for thirty 
bees al ...)
+       TODO: check
+CVE-2021-46901 (examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 
6lbr) 1.5 ...)
+       TODO: check
+CVE-2021-46900 (Sympa before 6.2.62 relies on a cookie parameter for certain 
security  ...)
+       TODO: check
 CVE-2023-7192 [netfilter: ctnetlink: fix possible refcount leak in 
ctnetlink_create_conntrack()]
        - linux 6.1.20-1
        [bullseye] - linux 5.10.178-1
@@ -743,7 +765,7 @@ CVE-2023-34198 (In Stormshield Network Security (SNS) 1.0.0 
through 3.7.36 befor
 CVE-2023-7102 (Use of a Third Party library produced a vulnerability in 
Barracuda Net ...)
        NOT-FOR-US: Barracuda (its use of Spreadsheet::ParseExcel, cf. 
CVE-2023-7102)
 CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for 
parsing ...)
-       {DSA-5592-1}
+       {DSA-5592-1 DLA-3702-1}
        - libspreadsheet-parseexcel-perl 0.6500-4 (bug #1059450)
        NOTE: 
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
        NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc
@@ -3494,6 +3516,7 @@ CVE-2023-43813 (GLPI is a free asset and IT management 
software package. Startin
 CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper 
Neutraliz ...)
        NOT-FOR-US: Dasan Networks W-Web
 CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in 
TinyXML ...)
+       {DLA-3701-1}
        - tinyxml <unfixed> (bug #1059315)
        NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities
        NOTE: Debian (non upstream) patch: 
https://salsa.debian.org/debian/tinyxml/-/raw/2366e1f23d059d4c20c43c54176b6bd78d6a83fc/debian/patches/CVE-2023-34194.patch
@@ -5585,7 +5608,7 @@ CVE-2023-4518 (A vulnerability exists in the input 
validation of the GOOSE  mess
        NOT-FOR-US: Hitachi
 CVE-2023-49371 (RuoYi up to v4.6 was discovered to contain a SQL injection 
vulnerabili ...)
        NOT-FOR-US: RuoYi
-CVE-2023-48893 (SQL injection vulnerability in Senayan Library Management 
Systems Slim ...)
+CVE-2023-48893 (SLiMS (aka SENAYAN Library Management System) through 9.6.1 
allows adm ...)
        NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian
 CVE-2023-48842 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a 
command in ...)
        NOT-FOR-US: D-Link
@@ -23845,7 +23868,8 @@ CVE-2023-36865 (Microsoft Office Visio Remote Code 
Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Chri ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-36546 (An issue in PEStudio v.9.52 allows a remote attacker to 
execute arbitr ...)
+CVE-2023-36546
+       REJECTED
        NOT-FOR-US: PEStudio
 CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop 
Client  ...)
        NOT-FOR-US: Zoom



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62de7bcde170232f025bc8c23e8a90b70bbe50d7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62de7bcde170232f025bc8c23e8a90b70bbe50d7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to