[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 7 08:12:19 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
573070b7 by security tracker role at 2023-12-07T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlf ...)
+ TODO: check
+CVE-2023-6566 (Business Logic Errors in GitHub repository microweber/microweber prior ...)
+ TODO: check
+CVE-2023-5761 (The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress p ...)
+ TODO: check
+CVE-2023-5714 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5713 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5712 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5711 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access Point pro ...)
+ TODO: check
+CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows local at ...)
+ TODO: check
+CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication ...)
+ TODO: check
+CVE-2023-48841 (Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Languag ...)
+ TODO: check
+CVE-2023-48840 (A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3 ...)
+ TODO: check
+CVE-2023-48839 (Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site ...)
+ TODO: check
+CVE-2023-48838 (Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection iss ...)
+ TODO: check
+CVE-2023-48837 (Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues ...)
+ TODO: check
+CVE-2023-48836 (Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scri ...)
+ TODO: check
+CVE-2023-48835 (Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > ...)
+ TODO: check
+CVE-2023-48834 (A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows ...)
+ TODO: check
+CVE-2023-48833 (A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Cale ...)
+ TODO: check
+CVE-2023-48831 (A lack of rate limiting in pjActionAJaxSend in Availability Booking Ca ...)
+ TODO: check
+CVE-2023-48830 (Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Lan ...)
+ TODO: check
+CVE-2023-48828 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross ...)
+ TODO: check
+CVE-2023-48827 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injecti ...)
+ TODO: check
+CVE-2023-48826 (Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the ...)
+ TODO: check
+CVE-2023-48825 (Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injec ...)
+ TODO: check
+CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (X ...)
+ TODO: check
+CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier Manageme ...)
+ TODO: check
+CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking Calendar ...)
+ TODO: check
+CVE-2023-48207 (Availability Booking Calendar 5.0 allows CSV injection via the unique ...)
+ TODO: check
+CVE-2023-48206 (A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Manag ...)
+ TODO: check
+CVE-2023-48205 (Jorani Leave Management System 1.0.2 allows a remote attacker to spoof ...)
+ TODO: check
+CVE-2023-48172 (A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software ...)
+ TODO: check
+CVE-2023-46916 (Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An att ...)
+ TODO: check
+CVE-2023-46354 (In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 ...)
+ TODO: check
+CVE-2023-46353 (In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPre ...)
+ TODO: check
+CVE-2023-46307 (An issue was discovered in server.js in etcd-browser 87ae63d75260. By ...)
+ TODO: check
+CVE-2023-43304 (An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to s ...)
+ TODO: check
+CVE-2023-43303 (An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attac ...)
+ TODO: check
+CVE-2023-43302 (An issue in sanTas mini-app on Line v13.6.1 allows attackers to send c ...)
+ TODO: check
+CVE-2023-43301 (An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers ...)
+ TODO: check
+CVE-2023-43300 (An issue in urban_project mini-app on Line v13.6.1 allows attackers to ...)
+ TODO: check
+CVE-2023-43299 (An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to s ...)
+ TODO: check
+CVE-2023-43298 (An issue in SCOL Members Card mini-app on Line v13.6.1 allows attacker ...)
+ TODO: check
+CVE-2023-43103 (An XSS issue was discovered in a web endpoint in Zimbra Collaboration ...)
+ TODO: check
+CVE-2023-43102 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. A ...)
+ TODO: check
+CVE-2023-41106 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. A ...)
+ TODO: check
+CVE-2023-40238 (A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O w ...)
+ TODO: check
CVE-2023-6560 [io_uring out of boundary memory access in __io_uaddr_map()]
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -69,7 +165,7 @@ CVE-2023-34439 (Pleasanter 1.3.47.0 and earlier contains a stored cross-site scr
NOT-FOR-US: Pleasanter
CVE-2023-32268 (Exposure of Proxy Administrator Credentials An authenticated administ ...)
NOT-FOR-US: Microfocus
-CVE-2023-46218 [curl: cookie mixed case PSL bypass]
+CVE-2023-46218 (This flaw allows a malicious HTTP server to set "super cookies" in cur ...)
- curl 8.5.0-1 (bug #1057646)
NOTE: Introduced by: https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465 (curl-7_46_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb (curl-8_5_0)
@@ -2498,7 +2594,7 @@ CVE-2023-5764 [internal templating can cause unsafe variables to lose their unsa
NOTE: https://github.com/ansible/ansible/pull/82293 (stable-2.16)
NOTE: https://github.com/ansible/ansible/pull/82294 (stable-2.15)
NOTE: https://github.com/ansible/ansible/pull/82295 (stable-2.14)
-CVE-2023-41913
+CVE-2023-41913 (strongSwan before 5.9.12 has a buffer overflow and possible unauthenti ...)
{DSA-5560-1 DLA-3663-1}
- strongswan 5.9.12-1
NOTE: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html
@@ -4320,7 +4416,7 @@ CVE-2023-34033 (Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax
NOT-FOR-US: WordPress plugin
CVE-2023-34002 (Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manage ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-46857
+CVE-2023-46857 (Squidex before 7.9.0 allows XSS via an SVG document to the Upload Asse ...)
NOT-FOR-US: Squidex
CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers to acces ...)
NOT-FOR-US: Lenovo
@@ -10268,13 +10364,13 @@ CVE-2023-44770 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.
NOT-FOR-US: Zenario CMS
CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
+CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8. ...)
NOT-FOR-US: Concrete CMS
CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...)
NOT-FOR-US: Concrete CMS
CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versio ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...)
+CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS ve ...)
NOT-FOR-US: Concrete CMS
CVE-2023-44758 (GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerabil ...)
NOT-FOR-US: GDidees CMS
@@ -23523,7 +23619,7 @@ CVE-2023-36459 (Mastodon is a free, open-source social network server based on A
- mastodon <itp> (bug #859741)
CVE-2023-36456 (authentik is an open-source Identity Provider. Prior to versions 2023. ...)
NOT-FOR-US: authentik
-CVE-2023-36189 (SQL injection vulnerability in langchain v.0.0.64 allows a remote atta ...)
+CVE-2023-36189 (SQL injection vulnerability in langchain before v0.0.247 allows a remo ...)
NOT-FOR-US: langchain
CVE-2023-36188 (An issue in langchain v.0.0.64 allows a remote attacker to execute arb ...)
NOT-FOR-US: langchain
@@ -25860,7 +25956,7 @@ CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to ca
NOT-FOR-US: flexjson
CVE-2023-34585
REJECTED
-CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution. This is r ...)
+CVE-2023-34540 (An issue discovered in Langchain before 0.0.225 allows attacker to run ...)
NOT-FOR-US: Langchain
CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...)
NOT-FOR-US: Microsoft
@@ -40529,8 +40625,8 @@ CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version < 1
NOT-FOR-US: HCL
CVE-2023-28018
RESERVED
-CVE-2023-28017
- RESERVED
+CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack where a ...)
+ TODO: check
CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...)
NOT-FOR-US: HCL
CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/573070b7b818e68e196aafdde8677ead9e395df7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/573070b7b818e68e196aafdde8677ead9e395df7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231207/443e5d41/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list