[Git][security-tracker-team/security-tracker][master] automatic update

Mon Dec 4 20:12:22 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43af222a by security tracker role at 2023-12-04T20:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2023-6481 (A serialization vulnerability in logback receiver component part of  l ...)
+	TODO: check
+CVE-2023-6460 (A potential logging of the firestore key via logging within nodejs-fir ...)
+	TODO: check
+CVE-2023-5768 (A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU ...)
+	TODO: check
+CVE-2023-5767 (A vulnerability exists in the webserver that affects the  RTU500 serie ...)
+	TODO: check
+CVE-2023-48967 (Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untru ...)
+	TODO: check
+CVE-2023-48966 (An arbitrary file upload vulnerability in the component /admin/api.upl ...)
+	TODO: check
+CVE-2023-48965 (An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.5 ...)
+	TODO: check
+CVE-2023-48910 (Microcks up to 1.17.1 was discovered to contain a Server-Side Request  ...)
+	TODO: check
+CVE-2023-48866 (A Cross-Site Scripting (XSS) vulnerability in the recipe preparation c ...)
+	TODO: check
+CVE-2023-48863 (SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security ...)
+	TODO: check
+CVE-2023-48815 (kkFileView v4.3.0 is vulnerable to Incorrect Access Control.)
+	TODO: check
+CVE-2023-48800 (In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file su ...)
+	TODO: check
+CVE-2023-48799 (TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Comma ...)
+	TODO: check
+CVE-2023-44306 (Dell DM5500 contains a path traversal vulnerability in PPOE Component. ...)
+	TODO: check
+CVE-2023-44305 (Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerabi ...)
+	TODO: check
+CVE-2023-44304 (Dell DM5500 contains a privilege escalation vulnerability in PPOE Comp ...)
+	TODO: check
+CVE-2023-44302 (Dell DM5500 5.14.0.0 and prior contain an improper authentication vuln ...)
+	TODO: check
+CVE-2023-44301 (Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scriptin ...)
+	TODO: check
+CVE-2023-44300 (Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerabil ...)
+	TODO: check
+CVE-2023-44291 (Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in ...)
+	TODO: check
+CVE-2023-41613 (EzViz Studio v2.2.0 is vulnerable to DLL hijacking.)
+	TODO: check
+CVE-2023-32804 (Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Dri ...)
+	TODO: check
 CVE-2023-5332 (Patch in third party library Consul requires 'enable-script-checks' to ...)
 	- consul <removed>
 	[bullseye] - consul <no-dsa> (Minor issue)
@@ -4167,7 +4211,7 @@ CVE-2023-46819 (Missing Authentication in Apache Software Foundation Apache OFBi
 	NOT-FOR-US: Apache OFBiz
 CVE-2023-5976 (Improper Access Control in GitHub repository microweber/microweber pri ...)
 	NOT-FOR-US: microweber
-CVE-2023-5605 (The URL Shortify WordPress plugin through 1.7.8 does not sanitise and  ...)
+CVE-2023-5605 (The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5601 (The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1. ...)
 	NOT-FOR-US: WordPress plugin
@@ -4517,6 +4561,7 @@ CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2
 CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL injection vulner ...)
 	NOT-FOR-US: kerawen
 CVE-2023-47272 (Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a C ...)
+	{DSA-5572-1}
 	- roundcube 1.6.5+dfsg-1 (bug #1055421)
 	NOTE: https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a (1.6.5)
 CVE-2023-47235 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43af222ae515b0d77532a664886a53eda63c2b66

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43af222ae515b0d77532a664886a53eda63c2b66
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231204/c1526621/attachment-0001.htm>
