[Git][security-tracker-team/security-tracker][master] automatic update

Fri Dec 1 20:12:33 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a1bf453 by security tracker role at 2023-12-01T20:11:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-6461 (Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/m ...)
+	TODO: check
+CVE-2023-6449 (The Contact Form 7 plugin for WordPress is vulnerable to arbitrary fil ...)
+	TODO: check
+CVE-2023-5637 (Unrestricted Upload of File with Dangerous Type vulnerability in Arsla ...)
+	TODO: check
+CVE-2023-5636 (Unrestricted Upload of File with Dangerous Type vulnerability in Arsla ...)
+	TODO: check
+CVE-2023-5635 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...)
+	TODO: check
+CVE-2023-5634 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2023-5427 (A local non-privileged user can make improper GPU processing operation ...)
+	TODO: check
+CVE-2023-4518 (A vulnerability exists in the input validation of the GOOSE  messages  ...)
+	TODO: check
+CVE-2023-49371 (RuoYi up to v4.6 was discovered to contain a SQL injection vulnerabili ...)
+	TODO: check
+CVE-2023-48893 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable ...)
+	TODO: check
+CVE-2023-48842 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...)
+	TODO: check
+CVE-2023-48813 (Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerab ...)
+	TODO: check
+CVE-2023-45168 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...)
+	TODO: check
+CVE-2023-43015 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+	TODO: check
+CVE-2023-42006 (IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could a ...)
+	TODO: check
+CVE-2023-38268 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...)
+	TODO: check
 CVE-2023-6396
 	- gitlab <not-affected> (Specific to EE)
 CVE-2023-6442 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...)
@@ -87,7 +119,7 @@ CVE-2023-39226 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnera
 	NOT-FOR-US: Delta Electronics
 CVE-2023-6439 (A vulnerability classified as problematic was found in ZenTao PMS 18.8 ...)
 	NOT-FOR-US: ZenTao PMS
-CVE-2023-6438 (A vulnerability classified as problematic has been found in IceCMS 2.0 ...)
+CVE-2023-6438 (A vulnerability classified as problematic has been found in Thecosy Ic ...)
 	NOT-FOR-US: IceCMS
 CVE-2023-6435 (A vulnerability has been discovered in BigProf Online Invoicing System ...)
 	NOT-FOR-US: BigProf Online Invoicing System
@@ -36273,10 +36305,10 @@ CVE-2023-28898
 	RESERVED
 CVE-2023-28897
 	RESERVED
-CVE-2023-28896
-	RESERVED
-CVE-2023-28895
-	RESERVED
+CVE-2023-28896 (Access to critical Unified Diagnostics Services (UDS) of the Modular I ...)
+	TODO: check
+CVE-2023-28895 (The password for access to the debugging console of the PoWer Controll ...)
+	TODO: check
 CVE-2023-28894
 	RESERVED
 CVE-2023-28893
@@ -45158,8 +45190,8 @@ CVE-2023-26026 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes
 	NOT-FOR-US: IBM
 CVE-2023-26025
 	RESERVED
-CVE-2023-26024
-	RESERVED
+CVE-2023-26024 (IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attack ...)
+	TODO: check
 CVE-2023-26023 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...)
 	NOT-FOR-US: IBM
 CVE-2023-26022 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...)
@@ -50346,7 +50378,7 @@ CVE-2023-24417 (Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.N
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24416
 	RESERVED
-CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBo ...)
+CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1bf45363d7a916a045437a8760f5ef1b37cb70

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1bf45363d7a916a045437a8760f5ef1b37cb70
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231201/a9d80041/attachment.htm>
