[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 8 08:11:45 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e868bde3 by security tracker role at 2023-12-08T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,50 @@
-CVE-2023-45866 [unauthorized HID device connections allows keystroke injection and arbitrary commands execution]
+CVE-2023-6599 (Missing Standardized Error Handling Mechanism in GitHub repository mic ...)
+	TODO: check
+CVE-2023-6581 (A vulnerability has been found in D-Link DAR-7000 up to 20231126 and c ...)
+	TODO: check
+CVE-2023-6580 (A vulnerability, which was classified as critical, was found in D-Link ...)
+	TODO: check
+CVE-2023-6579 (A vulnerability, which was classified as critical, has been found in o ...)
+	TODO: check
+CVE-2023-6578 (A vulnerability classified as critical has been found in Software AG W ...)
+	TODO: check
+CVE-2023-6577 (A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to  ...)
+	TODO: check
+CVE-2023-6576 (A vulnerability was found in Beijing Baichuo S210 up to 20231123. It h ...)
+	TODO: check
+CVE-2023-6061 (Multiple components of Iconics SCADA Suite are prone to a Phantom DLL  ...)
+	TODO: check
+CVE-2023-5058 (Improper Input Validation in the processing of user-supplied splash sc ...)
+	TODO: check
+CVE-2023-5008 (Student Information System v1.0 is vulnerable to an unauthenticated SQ ...)
+	TODO: check
+CVE-2023-4122 (Student Information System v1.0 is vulnerable to an Insecure File Uplo ...)
+	TODO: check
+CVE-2023-48929 (Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24. ...)
+	TODO: check
+CVE-2023-48928 (Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24. ...)
+	TODO: check
+CVE-2023-48122 (An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote at ...)
+	TODO: check
+CVE-2023-46693 (Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allo ...)
+	TODO: check
+CVE-2023-43744 (An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, ...)
+	TODO: check
+CVE-2023-43743 (A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virt ...)
+	TODO: check
+CVE-2023-43742 (An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual,  ...)
+	TODO: check
+CVE-2023-43305 (An issue in studio kent mini-app on Line v13.6.1 allows attackers to s ...)
+	TODO: check
+CVE-2023-38174 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-36880 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability)
+	TODO: check
+CVE-2023-35618 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management security ...)
+	TODO: check
+CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral  ...)
 	- bluez <unfixed>
 	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
 CVE-2023-6588 (Offline mode is always enabled, even if permission disallows it, in  D ...)
@@ -537,7 +583,7 @@ CVE-2023-5874 (The Popup box WordPress plugin before 3.8.6 does not sanitise and
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5809 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-5808 (Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on  ...)
+CVE-2023-5808 (SMU versions prior to 14.8.7825.01 are susceptible to unintended infor ...)
 	NOT-FOR-US: Hitachi
 CVE-2023-5762 (The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Re ...)
 	NOT-FOR-US: WordPress plugin
@@ -2198,7 +2244,7 @@ CVE-2023-48707 (CodeIgniter Shield is an authentication and authorization provid
 	NOT-FOR-US: CodeIgniter Shield
 CVE-2023-48312 (capsule-proxy is a reverse proxy for the capsule operator project. Aff ...)
 	NOT-FOR-US: capsule-proxy (reverse proxy for Capsule)
-CVE-2023-46575 (A SQL injection vulnerability in Meshery before 0.6.179 allows a remot ...)
+CVE-2023-46575 (A SQL injection vulnerability exists in Meshery prior to version v0.6. ...)
 	NOT-FOR-US: Meshery
 CVE-2023-38914
 	REJECTED
@@ -45990,8 +46036,8 @@ CVE-2023-26160
 	RESERVED
 CVE-2023-26159
 	RESERVED
-CVE-2023-26158
-	RESERVED
+CVE-2023-26158 (All versions of the package mockjs are vulnerable to Prototype Polluti ...)
+	TODO: check
 CVE-2023-26157
 	RESERVED
 CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are vulnerable to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e868bde364509a09eacb9df019a497ace5f6e201

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e868bde364509a09eacb9df019a497ace5f6e201
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231208/43a24d05/attachment.htm>

More information about the debian-security-tracker-commits mailing list