[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 04 Oct 2023 01:12:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6b3626a6 by security tracker role at 2023-10-04T08:12:13+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before 
SMCCC sup ...)
+       TODO: check
+CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only 
for the  ...)
+       TODO: check
+CVE-2023-5368 (On an msdosfs filesystem, the 'truncate' or 'ftruncate' system 
calls u ...)
+       TODO: check
+CVE-2023-5357 (The Instagram for WordPress plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2023-5291 (The Blog Filter plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2023-44974 (An arbitrary file upload vulnerability in the component 
/admin/plugin. ...)
+       TODO: check
+CVE-2023-44973 (An arbitrary file upload vulnerability in the component 
/content/templ ...)
+       TODO: check
+CVE-2023-44272 (A cross-site scripting vulnerability exists in Citadel 
versions prior  ...)
+       TODO: check
+CVE-2023-43953 (SSCMS 7.2.2 was discovered to contain a cross-site scripting 
(XSS) vul ...)
+       TODO: check
+CVE-2023-43952 (SSCMS 7.2.2 was discovered to contain a stored cross-site 
scripting (X ...)
+       TODO: check
+CVE-2023-43951 (SSCMS 7.2.2 was discovered to contain a cross-site scripting 
(XSS) vul ...)
+       TODO: check
+CVE-2023-43898 (Nothings stb 2.28 was discovered to contain a Null Pointer 
Dereference ...)
+       TODO: check
+CVE-2023-43176 (A deserialization vulnerability in Afterlogic Aurora Files 
v9.7.3 allo ...)
+       TODO: check
+CVE-2023-40519 (A cross-site scripting (XSS) vulnerability in the 
bpk-common/auth/logi ...)
+       TODO: check
+CVE-2023-3213 (The WP Mail SMTP Pro plugin for WordPress is vulnerable to 
unauthorize ...)
+       TODO: check
+CVE-2023-39651 (Improper neutralization of SQL parameter in Theme Volty CMS 
BrandList  ...)
+       TODO: check
+CVE-2023-39649 (Improper neutralization of SQL parameter in Theme Volty CMS 
Category S ...)
+       TODO: check
+CVE-2023-39648 (Improper neutralization of SQL parameter in Theme Volty CMS 
Testimonia ...)
+       TODO: check
+CVE-2023-39647 (Improper neutralization of SQL parameter in Theme Volty CMS 
Category P ...)
+       TODO: check
+CVE-2023-39646 (Improper neutralization of SQL parameter in Theme Volty CMS 
Category C ...)
+       TODO: check
+CVE-2023-39645 (Improper neutralization of SQL parameter in Theme Volty CMS 
Payment Ic ...)
+       TODO: check
+CVE-2023-37404 (IBM Observability with Instana 1.0.243 through 1.0.254 could 
allow an  ...)
+       TODO: check
+CVE-2023-35905 (IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is 
vulnerable to ...)
+       TODO: check
+CVE-2023-33273 (An issue was discovered in DTS Monitoring 3.57.0. The 
parameter url wi ...)
+       TODO: check
+CVE-2023-33272 (An issue was discovered in DTS Monitoring 3.57.0. The 
parameter ip wit ...)
+       TODO: check
+CVE-2023-33271 (An issue was discovered in DTS Monitoring 3.57.0. The 
parameter common ...)
+       TODO: check
+CVE-2023-33270 (An issue was discovered in DTS Monitoring 3.57.0. The 
parameter url wi ...)
+       TODO: check
+CVE-2023-33269 (An issue was discovered in DTS Monitoring 3.57.0. The 
parameter option ...)
+       TODO: check
+CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The 
parameter port w ...)
+       TODO: check
 CVE-2023-5366 [openvswitch don't match packets on nd_target field]
        - openvswitch 3.1.2-1
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347
@@ -7456,6 +7514,7 @@ CVE-2023-39418 (A vulnerability was found in PostgreSQL 
with the use of the MERG
        NOTE: 
https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
        NOTE: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
 (REL_15_4)
 CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was 
found in Po ...)
+       {DLA-3600-1}
        - postgresql-15 15.4-1
        [bookworm] - postgresql-15 <postponed> (Minor issue, fix along with 
next round of updates)
        - postgresql-13 <removed>
@@ -20753,30 +20812,30 @@ CVE-2023-30740 (SAP BusinessObjects Business 
Intelligence Platform - versions 42
        NOT-FOR-US: SAP
 CVE-2023-30739
        RESERVED
-CVE-2023-30738
-       RESERVED
-CVE-2023-30737
-       RESERVED
-CVE-2023-30736
-       RESERVED
-CVE-2023-30735
-       RESERVED
-CVE-2023-30734
-       RESERVED
-CVE-2023-30733
-       RESERVED
-CVE-2023-30732
-       RESERVED
-CVE-2023-30731
-       RESERVED
+CVE-2023-30738 (An improper input validation in UEFI Firmware prior to 
Firmware update ...)
+       TODO: check
+CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior 
to versi ...)
+       TODO: check
+CVE-2023-30736 (Improper authorization in PushMsgReceiver of Samsung Assistant 
prior t ...)
+       TODO: check
+CVE-2023-30735 (Improper Preservation of Permissions vulnerability in 
SAssistant prior ...)
+       TODO: check
+CVE-2023-30734 (Improper access control vulnerability in Samsung Health prior 
to versi ...)
+       TODO: check
+CVE-2023-30733 (Stack-based Buffer Overflow in vulnerability HDCP trustlet 
prior to SM ...)
+       TODO: check
+CVE-2023-30732 (Improper access control in system property prior to SMR 
Oct-2023 Relea ...)
+       TODO: check
+CVE-2023-30731 (Logic error in package installation via debugger command prior 
to SMR  ...)
+       TODO: check
 CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to 
versions 11 ...)
        NOT-FOR-US: Samsung
 CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to 
version 6.1. ...)
        NOT-FOR-US: Samsung
 CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior 
to versi ...)
        NOT-FOR-US: Samsung
-CVE-2023-30727
-       RESERVED
+CVE-2023-30727 (Improper access control vulnerability in SecSettings prior to 
SMR Oct- ...)
+       TODO: check
 CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to 
version ...)
        NOT-FOR-US: Samsung
 CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to 
version 14 ...)
@@ -20845,12 +20904,12 @@ CVE-2023-30694 (Out-of-bounds Write in 
IpcTxPcscTransmitApdu of libsec-ril prior
        NOT-FOR-US: Samsung
 CVE-2023-30693 (Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of 
libsec- ...)
        NOT-FOR-US: Samsung
-CVE-2023-30692
-       RESERVED
+CVE-2023-30692 (Improper input validation vulnerability in Evaluator prior to 
SMR Oct- ...)
+       TODO: check
 CVE-2023-30691 (Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 
Release  ...)
        NOT-FOR-US: Samsung
-CVE-2023-30690
-       RESERVED
+CVE-2023-30690 (Improper input validation vulnerability in Duo prior to SMR 
Oct-2023 R ...)
+       TODO: check
 CVE-2023-30689 (Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of 
libsec-r ...)
        NOT-FOR-US: Samsung
 CVE-2023-30688 (Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior 
to SMR A ...)
@@ -42929,7 +42988,7 @@ CVE-2023-22422 (On BIG-IP versions 17.0.x before 
17.0.0.2 and 16.1.x before 16.1
        NOT-FOR-US: F5 BIG-IP
 CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 
15.1.x bef ...)
        NOT-FOR-US: F5 BIG-IP
-CVE-2023-22374 (In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 
14.1.4.6, a ...)
+CVE-2023-22374 (A format string vulnerability exists in iControl SOAP that 
allows an a ...)
        NOT-FOR-US: F5 BIG-IP
 CVE-2023-22358 (In versions beginning with 7.2.2 to before 7.2.3.1, a DLL 
hijacking vu ...)
        NOT-FOR-US: F5 BIG-IP
@@ -124048,7 +124107,7 @@ CVE-2022-23225
        RESERVED
 CVE-2022-23224
        RESERVED
-CVE-2022-23223 (The HTTP response will disclose the user password. This issue 
affected ...)
+CVE-2022-23223 (On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint 
existed that d ...)
        NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute 
arbitrary ...)
        {DSA-5076-1 DLA-2923-1}
@@ -126988,8 +127047,8 @@ CVE-2022-22449 (IBM Security Verify Governance, 
Identity Manager 10.01 could all
        NOT-FOR-US: IBM
 CVE-2022-22448
        RESERVED
-CVE-2022-22447
-       RESERVED
+CVE-2022-22447 (IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable 
to pote ...)
+       TODO: check
 CVE-2022-22446
        RESERVED
 CVE-2022-22445 (An attacker that gains service access to the FSP (POWER9 only) 
or gain ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3626a69a0aa842a6787922df94c4d75d80ad0d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b3626a69a0aa842a6787922df94c4d75d80ad0d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to