[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 1 08:12:20 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c89f7ce by security tracker role at 2023-11-01T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
+	TODO: check
+CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
+	TODO: check
+CVE-2023-5902 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
+	TODO: check
+CVE-2023-5901 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
+	TODO: check
+CVE-2023-5900 (Missing Authorization in GitHub repository pkp/pkp-lib prior to 3.3.0- ...)
+	TODO: check
+CVE-2023-5899 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
+	TODO: check
+CVE-2023-5898 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
+	TODO: check
+CVE-2023-5897 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocal ...)
+	TODO: check
+CVE-2023-5896 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
+	TODO: check
+CVE-2023-5895 (Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prio ...)
+	TODO: check
+CVE-2023-5894 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior ...)
+	TODO: check
+CVE-2023-5893 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
+	TODO: check
+CVE-2023-5892 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
+	TODO: check
+CVE-2023-5891 (Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-li ...)
+	TODO: check
+CVE-2023-5890 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
+	TODO: check
+CVE-2023-5889 (Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior ...)
+	TODO: check
+CVE-2023-5516 (Poorly constructed webap requests and URI components with special char ...)
+	TODO: check
+CVE-2023-5515 (The responses for web queries with certain parameters disclose interna ...)
+	TODO: check
+CVE-2023-5514 (The response messages received from the eSOMS report generation using  ...)
+	TODO: check
+CVE-2023-5306 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...)
+	TODO: check
+CVE-2023-4198 (Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unaut ...)
+	TODO: check
+CVE-2023-4197 (Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to stri ...)
+	TODO: check
+CVE-2023-47099 (An issue was discovered in Virtualmin 7.7. The Create Virtual Server f ...)
+	TODO: check
+CVE-2023-47098 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripti ...)
+	TODO: check
+CVE-2023-47097 (An issue was discovered in Virtualmin 7.7. The Server Templates featur ...)
+	TODO: check
+CVE-2023-47096 (An issue was discovered in Virtualmin 7.7. The Cloudmin Services Clien ...)
+	TODO: check
+CVE-2023-47095 (An issue was discovered in Virtualmin 7.7. The Custom Fields feature o ...)
+	TODO: check
+CVE-2023-47094 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripti ...)
+	TODO: check
+CVE-2023-46485 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...)
+	TODO: check
+CVE-2023-46484 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...)
+	TODO: check
+CVE-2023-46378 (Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allow ...)
+	TODO: check
+CVE-2023-46278 (Uncontrolled resource consumption vulnerability in Cybozu Remote Servi ...)
+	TODO: check
+CVE-2023-44486 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...)
+	TODO: check
+CVE-2023-44485 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...)
+	TODO: check
+CVE-2023-44484 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...)
+	TODO: check
+CVE-2023-43295 (Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd ...)
+	TODO: check
+CVE-2023-39695 (Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12  ...)
+	TODO: check
+CVE-2023-39610 (An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) an ...)
+	TODO: check
+CVE-2023-37833 (Improper access control in Elenos ETG150 FM transmitter v3.12 allows a ...)
+	TODO: check
+CVE-2023-2622 (Authenticated clients can read arbitrary files on the MAIN Computer sy ...)
+	TODO: check
+CVE-2023-2621 (The McFeeder server (distributed as part of SSW package), is susceptib ...)
+	TODO: check
 CVE-2023-5859
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -154,7 +236,8 @@ CVE-2023-42658 (Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allo
 	TODO: check
 CVE-2023-42425 (An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote at ...)
 	TODO: check
-CVE-2023-41377 (.)
+CVE-2023-41377
+	REJECTED
 	TODO: check
 CVE-2023-40681 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...)
 	TODO: check
@@ -2132,7 +2215,7 @@ CVE-2023-46042 (An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to ex
 	NOT-FOR-US: GetSimpleCMS
 CVE-2023-46033 (D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL ...)
 	NOT-FOR-US: D-Link
-CVE-2023-45992 (Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruck ...)
+CVE-2023-45992 (A vulnerability in the web-based interface of the RUCKUS Cloudpath pro ...)
 	NOT-FOR-US: Ruckus
 CVE-2023-45883 (A privilege escalation vulnerability exists within the Qumu Multicast  ...)
 	NOT-FOR-US: Qumu Multicast Extension
@@ -7757,7 +7840,8 @@ CVE-2023-4785 (Lack of error handling in the TCP server in Google's gRPC startin
 	NOTE: https://github.com/grpc/grpc/pull/33669
 	NOTE: https://github.com/grpc/grpc/pull/33670
 	NOTE: https://github.com/grpc/grpc/pull/33672
-CVE-2023-4701 (A Improper Privilege Management vulnerability through an incorrect use ...)
+CVE-2023-4701
+	REJECTED
 	NOT-FOR-US: CodeMeter Runtime
 CVE-2023-42469 (The com.full.dialer.top.secure.encrypted application through 1.0.1 for ...)
 	NOT-FOR-US: com.full.dialer.top.secure.encrypted application
@@ -10941,11 +11025,11 @@ CVE-2023-3893
 	- kubernetes 1.20.5+really1.20.2-1
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
 	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
-CVE-2023-3955
+CVE-2023-3955 (A security issue was discovered in Kubernetes where a user  that can c ...)
 	- kubernetes 1.20.5+really1.20.2-1
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
 	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
-CVE-2023-3676
+CVE-2023-3676 (A security issue was discovered in Kubernetes where a user  that can c ...)
 	- kubernetes 1.20.5+really1.20.2-1
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
 	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
@@ -65520,8 +65604,7 @@ CVE-2023-20888 (Aria Operations for Networks contains an authenticated deseriali
 	NOT-FOR-US: VMware
 CVE-2023-20887 (Aria Operations for Networks contains a command injection vulnerabilit ...)
 	NOT-FOR-US: VMware
-CVE-2023-20886
-	RESERVED
+CVE-2023-20886 (VMware Workspace ONE UEM console contains an open redirect vulnerabili ...)
 	NOT-FOR-US: VMware
 CVE-2023-20885 (Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume ...)
 	NOT-FOR-US: Cloud foundry
@@ -125242,7 +125325,7 @@ CVE-2022-24229 (A cross-site scripting (XSS) vulnerability in ONLYOFFICE Documen
 	NOT-FOR-US: ONLYOFFICE
 CVE-2022-24228
 	RESERVED
-CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...)
+CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.0 ...)
 	NOT-FOR-US: BoltWire
 CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL  ...)
 	NOT-FOR-US: Hospital Management System



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c89f7ceaa1fed216bca824db193e7055cf26796

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c89f7ceaa1fed216bca824db193e7055cf26796
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231101/aa504038/attachment.htm>

More information about the debian-security-tracker-commits mailing list