[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 2 08:12:15 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b625ad7d by security tracker role at 2023-11-02T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as problem ...)
+	TODO: check
+CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core before 1. ...)
+	TODO: check
+CVE-2023-46595 (Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attackerto obtai ...)
+	TODO: check
+CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Com ...)
+	TODO: check
+CVE-2023-46428 (An arbitrary file upload vulnerability in HadSky v7.12.10 allows attac ...)
+	TODO: check
+CVE-2023-46327 (Multiple MFPs (multifunction printers) provided by FUJIFILM Business I ...)
+	TODO: check
+CVE-2023-45203 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...)
+	TODO: check
+CVE-2023-45202 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...)
+	TODO: check
+CVE-2023-45201 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...)
+	TODO: check
+CVE-2023-45114 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45113 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45112 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45111 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45019 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45018 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45017 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45016 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45015 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45014 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45013 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-45012 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...)
+	TODO: check
+CVE-2023-44954 (Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a rem ...)
+	TODO: check
+CVE-2023-44025 (SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and befo ...)
+	TODO: check
+CVE-2023-39281 (A stack buffer overflow vulnerability discovered in AsfSecureBootDxe i ...)
+	TODO: check
 CVE-2023-5849 (Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allow ...)
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)
@@ -97,7 +145,7 @@ CVE-2023-33227 (The Network Configuration Manager was susceptible to a Directory
 	NOT-FOR-US: SolarWinds
 CVE-2023-33226 (The Network Configuration Manager was susceptible to a Directory Trave ...)
 	NOT-FOR-US: SolarWinds
-CVE-2023-46695
+CVE-2023-46695 (An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ...)
 	- python-django <not-affected> (Only an issue on windows)
 	NOTE: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
 CVE-2023-5831
@@ -158,17 +206,17 @@ CVE-2023-4198 (Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an
 	- dolibarr <removed>
 CVE-2023-4197 (Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to stri ...)
 	- dolibarr <removed>
-CVE-2023-47099 (An issue was discovered in Virtualmin 7.7. The Create Virtual Server f ...)
+CVE-2023-47099 (A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtua ...)
 	NOT-FOR-US: Virtualmin
-CVE-2023-47098 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripti ...)
+CVE-2023-47098 (A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra  ...)
 	NOT-FOR-US: Virtualmin
-CVE-2023-47097 (An issue was discovered in Virtualmin 7.7. The Server Templates featur ...)
+CVE-2023-47097 (A Stored Cross-Site Scripting (XSS) vulnerability in the Server Templa ...)
 	NOT-FOR-US: Virtualmin
-CVE-2023-47096 (An issue was discovered in Virtualmin 7.7. The Cloudmin Services Clien ...)
+CVE-2023-47096 (A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin S ...)
 	NOT-FOR-US: Virtualmin
-CVE-2023-47095 (An issue was discovered in Virtualmin 7.7. The Custom Fields feature o ...)
+CVE-2023-47095 (A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields ...)
 	NOT-FOR-US: Virtualmin
-CVE-2023-47094 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripti ...)
+CVE-2023-47094 (A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans ...)
 	NOT-FOR-US: Virtualmin
 CVE-2023-46485 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...)
 	NOT-FOR-US: TOTOLINK
@@ -1820,7 +1868,7 @@ CVE-2023-XXXX [SQUID-2021:8 Denial of Service in Gopher gateway]
 	NOTE: https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 (SQUID_6_0_1)
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f
 	NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html
-CVE-2023-46724 [Squid: Buffer UnderRead in SSL CN Parsing]
+CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper Validation of ...)
 	- squid <unfixed>
 	[buster] - squid <not-affected> (Doesn't build with OpenSSL yet)
 	NOTE: https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3
@@ -4705,7 +4753,7 @@ CVE-2023-32972 (A buffer copy without checking size of input vulnerability has b
 	NOT-FOR-US: QNAP
 CVE-2023-32971 (A buffer copy without checking size of input vulnerability has been re ...)
 	NOT-FOR-US: QNAP
-CVE-2023-5408
+CVE-2023-5408 (A privilege escalation flaw was found in the node restriction admissio ...)
 	NOT-FOR-US: OpenShift
 CVE-2023-4061
 	NOT-FOR-US: Red Hat Enterprise Application Platform



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b625ad7dc5285ebeb2efbef586a00b8bb83a5a33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b625ad7dc5285ebeb2efbef586a00b8bb83a5a33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231102/952cedea/attachment.htm>


More information about the debian-security-tracker-commits mailing list