Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 50d36829 by security tracker role at 2023-09-13T08:12:18+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,21 @@ +CVE-2023-4928 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.) + TODO: check +CVE-2023-4917 (The Leyka plugin for WordPress is vulnerable to Sensitive Information ...) + TODO: check +CVE-2023-4916 (The Login with phone number plugin for WordPress is vulnerable to Cros ...) + TODO: check +CVE-2023-4915 (The WP User Control plugin for WordPress is vulnerable to unauthorized ...) + TODO: check +CVE-2023-4400 (A password management vulnerability in Skyhigh Secure Web Gateway (SWG ...) + TODO: check +CVE-2023-4213 (The Simplr Registration Form Plus+ plugin for WordPress is vulnerable ...) + TODO: check +CVE-2023-4153 (The BAN Users plugin for WordPress is vulnerable to privilege escalati ...) + TODO: check +CVE-2023-41423 (Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 a ...) + TODO: check +CVE-2023-39073 (An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arb ...) + TODO: check CVE-2023-3867 [ksmbd: add missing compound request handing in some commands] - linux 6.4.11-1 [bookworm] - linux 6.1.52-1 @@ -19,7 +37,7 @@ CVE-2023-3865 [ksmbd: fix out-of-bound read in smb2_write] [buster] - linux <not-affected> (Vulnerable code not present) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-980/ NOTE: https://git.kernel.org/linus/5fe7f7b78290638806211046a99f031ff26164e1 (6.4) -CVE-2023-4813 [potential use-after-free in gaih_inet()] +CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_inet fun ...) - glibc 2.36-3 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36) @@ -282,34 +300,34 @@ CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for WordPre NOT-FOR-US: JQuery Accordion Menu Widget for WordPress plugin for WordPress CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for WordPress ...) NOT-FOR-US: Google Maps Plugin by Intergeo for WordPress plugin for WordPress -CVE-2023-4909 +CVE-2023-4909 (Inappropriate implementation in Interstitials in Google Chrome prior t ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4908 +CVE-2023-4908 (Inappropriate implementation in Picture in Picture in Google Chrome pr ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4907 +CVE-2023-4907 (Inappropriate implementation in Intents in Google Chrome on Android pr ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4906 +CVE-2023-4906 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4905 +CVE-2023-4905 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4904 +CVE-2023-4904 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4903 +CVE-2023-4903 (Inappropriate implementation in Custom Mobile Tabs in Google Chrome on ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4902 +CVE-2023-4902 (Inappropriate implementation in Input in Google Chrome prior to 117.0. ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4901 +CVE-2023-4901 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) -CVE-2023-4900 +CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 ...) @@ -45812,8 +45830,8 @@ CVE-2022-47639 RESERVED CVE-2022-47638 RESERVED -CVE-2022-47637 - RESERVED +CVE-2022-47637 (The installer in XAMPP through 8.1.12 allows local users to write to t ...) + TODO: check CVE-2022-47636 (A DLL hijacking vulnerability has been discovered in OutSystems Servic ...) NOT-FOR-US: OutSystems Service Studio CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d36829fffaa781d66eabe1883e10bd8d7aedc1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50d36829fffaa781d66eabe1883e10bd8d7aedc1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits