[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 24 Aug 2023 13:12:25 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f512bb00 by security tracker role at 2023-08-24T20:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-4420 (A remote unprivileged attacker can intercept the communication 
via e.g ...)
+       TODO: check
+CVE-2023-4419 (The LMS5xx uses hard-coded credentials, which potentially allow 
low-sk ...)
+       TODO: check
+CVE-2023-4418 (A remote unprivileged attacker can sent multiple packages to 
the LMS5x ...)
+       TODO: check
+CVE-2023-40904 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-40902 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-40901 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-40900 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40899 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40898 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40897 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40896 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40895 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40894 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40893 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40892 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40891 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to 
contain a  ...)
+       TODO: check
+CVE-2023-40877 (DedeCMS up to and including 5.7.110 was discovered to contain 
a cross- ...)
+       TODO: check
+CVE-2023-40876 (DedeCMS up to and including 5.7.110 was discovered to contain 
a cross- ...)
+       TODO: check
+CVE-2023-40875 (DedeCMS up to and including 5.7.110 was discovered to contain 
multiple ...)
+       TODO: check
+CVE-2023-40874 (DedeCMS up to and including 5.7.110 was discovered to contain 
multiple ...)
+       TODO: check
+CVE-2023-40710 (An adversary could cause a continuous restart loop to the 
entire devic ...)
+       TODO: check
+CVE-2023-40709 (An adversary could crash the entire device by sending a large 
quantity ...)
+       TODO: check
+CVE-2023-40708 (The File Transfer Protocol (FTP) port is open by default in 
the SNAP P ...)
+       TODO: check
+CVE-2023-40707 (There are no requirements for setting a complex password in 
the built- ...)
+       TODO: check
+CVE-2023-40706 (There is no limit on the number of login attempts in the web 
server fo ...)
+       TODO: check
+CVE-2023-40371 (IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could 
allow a non- ...)
+       TODO: check
+CVE-2023-39834 (PbootCMS below v3.2.0 was discovered to contain a command 
injection vu ...)
+       TODO: check
+CVE-2023-39801 (A lack of exception handling in the Renault Easy Link 
Multimedia Syste ...)
+       TODO: check
+CVE-2023-34973 (An insufficient entropy vulnerability has been reported to 
affect QNAP ...)
+       TODO: check
+CVE-2023-34972 (A cleartext transmission of sensitive information 
vulnerability has be ...)
+       TODO: check
+CVE-2023-34971 (An inadequate encryption strength vulnerability has been 
reported to a ...)
+       TODO: check
+CVE-2023-34040 (In Spring for Apache Kafka 3.0.9 and earlier and versions 
2.9.10 and e ...)
+       TODO: check
+CVE-2023-32516 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
GloriaFo ...)
+       TODO: check
+CVE-2023-32511 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Booking  ...)
+       TODO: check
+CVE-2023-32510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Rolf van ...)
+       TODO: check
+CVE-2023-31412 (The LMS5xx uses weak hash generation methods, resulting in the 
creatio ...)
+       TODO: check
 CVE-2023-XXXX [tryton-server lack of record validation]
        - tryton-server 6.0.34-1
        [bookworm] - tryton-server 6.0.29-2+deb12u1
@@ -3987,11 +4059,13 @@ CVE-2023-32232 (An issue was discovered in Vasion 
PrinterLogic Client for Window
 CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for 
Windows befo ...)
        NOT-FOR-US: Vasion
 CVE-2023-38289 [libtiff: potential integer overflow in raw2tiff.c]
+       REJECTED
        {DLA-3513-1}
        - tiff 4.5.1+git230720-1
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee
 CVE-2023-38288 [libtiff: integer overflow in tiffcp.c]
+       REJECTED
        {DLA-3513-1}
        - tiff 4.5.1+git230720-1
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5
@@ -46277,8 +46351,8 @@ CVE-2022-46886 (There exists an open redirect within 
the response list update fu
 CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the 
Mozilla Fuzzin ...)
        - firefox 106.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46885
-CVE-2022-46884
-       RESERVED
+CVE-2022-46884 (A potential use-after-free vulnerability existed in SVG Images 
if the  ...)
+       TODO: check
 CVE-2022-46883 (Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew 
McCreight a ...)
        - firefox 107.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-46883
@@ -73658,6 +73732,7 @@ CVE-2022-38225
 CVE-2022-38224
        RESERVED
 CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c 
in w3m 0 ...)
+       {DLA-3541-1}
        - w3m 0.5.3+git20230121-1 (bug #1019599)
        [bullseye] - w3m 0.5.3+git20210102-6+deb11u1
        NOTE: https://github.com/tats/w3m/issues/242



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f512bb00e1f936d769d7a563f2b9fba6df488ad7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f512bb00e1f936d769d7a563f2b9fba6df488ad7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to