[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 8 08:12:41 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e1c2829 by security tracker role at 2023-11-08T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log injecti ...)
+ TODO: check
+CVE-2023-6001 (Prometheus metrics are available without authentication. These expose ...)
+ TODO: check
+CVE-2023-5982 (The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPr ...)
+ TODO: check
+CVE-2023-5801 (Vulnerability of identity verification being bypassed in the face unlo ...)
+ TODO: check
+CVE-2023-46800 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46799 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46798 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46797 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46796 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46795 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46794 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46793 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46792 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46790 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46789 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46788 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46787 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46786 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46785 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
+ TODO: check
+CVE-2023-46770 (Out-of-bounds vulnerability in the sensor module. Successful exploitat ...)
+ TODO: check
+CVE-2023-46769 (Use-After-Free (UAF) vulnerability in the dubai module. Successful ex ...)
+ TODO: check
+CVE-2023-46768 (Multi-thread vulnerability in the idmap module. Successful exploitatio ...)
+ TODO: check
+CVE-2023-46680 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...)
+ TODO: check
+CVE-2023-46679 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...)
+ TODO: check
+CVE-2023-46678 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...)
+ TODO: check
+CVE-2023-46677 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...)
+ TODO: check
+CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...)
+ TODO: check
+CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...)
+ TODO: check
+CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...)
+ TODO: check
+CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing Order" (or ...)
+ TODO: check
+CVE-2023-44115 (Vulnerability of improper permission control in the Booster module. Im ...)
+ TODO: check
+CVE-2023-43984 (Insecure permissions in Smart Soft advancedexport before v4.4.7 allow ...)
+ TODO: check
+CVE-2023-42361 (Local File Inclusion vulnerability in Midori-global Better PDF Exporte ...)
+ TODO: check
+CVE-2023-41270 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ TODO: check
+CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2023-41111 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
CVE-2023-45284 [path/filepath: recognize device names with trailing spaces and superscripts]
- golang-1.21 1.21.4-1
- golang-1.20 1.20.11-1
@@ -763,11 +835,13 @@ CVE-2023-43076 (Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of
CVE-2023-42802 (GLPI is a free asset and IT management software package. Starting in v ...)
- glpi <removed>
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rrh2-x4ch-pq3m
-CVE-2023-47360
+CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an Integer underflow tha ...)
+ {DSA-5545-1}
- vlc 3.0.20-1
NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms
NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
-CVE-2023-47359
+CVE-2023-47359 (Videolan VLC prior to version 3.0.20 contains an incorrect offset read ...)
+ {DSA-5545-1}
- vlc 3.0.20-1
NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms
NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
@@ -5593,7 +5667,7 @@ CVE-2023-32971 (A buffer copy without checking size of input vulnerability has b
NOT-FOR-US: QNAP
CVE-2023-5408 (A privilege escalation flaw was found in the node restriction admissio ...)
NOT-FOR-US: OpenShift
-CVE-2023-4061
+CVE-2023-4061 (A flaw was found in wildfly-core. A management user could use the reso ...)
NOT-FOR-US: Red Hat Enterprise Application Platform
CVE-2023-3171
NOT-FOR-US: Red Hat Enterprise Application Platform
@@ -55748,7 +55822,7 @@ CVE-2023-22093 (Vulnerability in the Oracle iRecruitment product of Oracle E-Bus
NOT-FOR-US: Oracle
CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.35-1 (bug #1055034)
-CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE ...)
+CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...)
NOT-FOR-US: Oracle
CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
NOT-FOR-US: Oracle
@@ -55768,7 +55842,7 @@ CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border Controller
NOT-FOR-US: Oracle
CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
NOT-FOR-US: Oracle
-CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of ...)
+CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
{DSA-5548-1 DSA-5537-1 DLA-3636-1}
- openjdk-8 8u392-ga-1
- openjdk-11 11.0.21+9-1
@@ -55800,7 +55874,7 @@ CVE-2023-22069 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
NOT-FOR-US: Oracle
CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.35-1 (bug #1055034)
-CVE-2023-22067 (Vulnerability in Oracle Java SE (component: CORBA). Supported version ...)
+CVE-2023-22067 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-8 8u392-ga-1
CVE-2023-22066 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.35-1 (bug #1055034)
@@ -55896,7 +55970,7 @@ CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edi
NOT-FOR-US: Oracle
CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.32-1
-CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
{DSA-5548-1}
- openjdk-17 17.0.9+9-1
- openjdk-21 21.0.1+12-1
@@ -144144,8 +144218,8 @@ CVE-2021-43421 (A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 t
NOT-FOR-US: Studio 42 elFinder
CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...)
NOT-FOR-US: Sourcecodester
-CVE-2021-43419
- RESERVED
+CVE-2021-43419 (An Information Disclosure vulnerability exists in Opay Mobile applicat ...)
+ TODO: check
CVE-2021-43418
RESERVED
CVE-2021-43417
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1c28295eaab6381888a96228a4182bff1354ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1c28295eaab6381888a96228a4182bff1354ab
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231108/69c29f72/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list