[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 9 20:12:03 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c59eebda by security tracker role at 2023-11-09T20:11:49+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2023-6054 (A vulnerability, which was classified as critical, was found in Tongda ...)
+	TODO: check
+CVE-2023-6053 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2023-6052 (A vulnerability classified as critical has been found in Tongda OA 201 ...)
+	TODO: check
+CVE-2023-6039 (A use-after-free flaw was found in lan78xx_disconnect in drivers/net/u ...)
+	TODO: check
+CVE-2023-4612 (Improper Authentication vulnerability in Apereo CAS injakarta.servlet. ...)
+	TODO: check
+CVE-2023-4218 (In Eclipse IDE versions < 2023-09 (4.29) some files with xml content a ...)
+	TODO: check
+CVE-2023-47616 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
+	TODO: check
+CVE-2023-47615 (A CWE-526: Exposure of Sensitive Information Through Environmental Var ...)
+	TODO: check
+CVE-2023-47612 (A CWE-552: Files or Directories Accessible to External Parties vulnera ...)
+	TODO: check
+CVE-2023-47610 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+	TODO: check
+CVE-2023-47373 (The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allow ...)
+	TODO: check
+CVE-2023-47372 (The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6. ...)
+	TODO: check
+CVE-2023-47370 (The leakage of channel access token in bluetrick Line 13.6.1 allows re ...)
+	TODO: check
+CVE-2023-47369 (The leakage of channel access token in best_training_member Line 13.6. ...)
+	TODO: check
+CVE-2023-47368 (The leakage of channel access token in taketorinoyu Line 13.6.1 allows ...)
+	TODO: check
+CVE-2023-47367 (The leakage of channel access token in platinum clinic Line 13.6.1 all ...)
+	TODO: check
+CVE-2023-47366 (The leakage of channel access token in craft_members Line 13.6.1 allow ...)
+	TODO: check
+CVE-2023-47365 (The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 ...)
+	TODO: check
+CVE-2023-47364 (The leakage of channel access token in nagaoka taxi Line 13.6.1 allows ...)
+	TODO: check
+CVE-2023-47363 (The leakage of channel access token in F.B.P members Line 13.6.1 allow ...)
+	TODO: check
+CVE-2023-47238 (Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 \ ...)
+	TODO: check
+CVE-2023-47237 (Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto  ...)
+	TODO: check
+CVE-2023-47110 (blockreassurance adds an information block aimed at offering helpful i ...)
+	TODO: check
+CVE-2023-46894 (An issue discovered in esptool 4.6.2 allows attackers to view sensitiv ...)
+	TODO: check
+CVE-2023-46743 (application-collabora is an integration of Collabora Online in XWiki.  ...)
+	TODO: check
+CVE-2023-46614 (Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Hel ...)
+	TODO: check
+CVE-2023-45885 (Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct ...)
+	TODO: check
+CVE-2023-45884 (Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka  ...)
+	TODO: check
+CVE-2023-43791 (Label Studio is a multi-type data labeling and annotation tool with st ...)
+	TODO: check
+CVE-2023-41138 (The AppsAnywhere macOS client-privileged helper can be tricked into ex ...)
+	TODO: check
+CVE-2023-41137 (Symmetric encryption used to protect messages between the AppsAnywhere ...)
+	TODO: check
+CVE-2023-40055 (The Network Configuration Manager was susceptible to a Directory Trave ...)
+	TODO: check
+CVE-2023-40054 (The Network Configuration Manager was susceptible to a Directory Trave ...)
+	TODO: check
+CVE-2023-39198 (A race condition was found in the QXL driver in the Linux kernel. The  ...)
+	TODO: check
+CVE-2023-36688 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...)
+	TODO: check
+CVE-2023-34386 (Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart  ...)
+	TODO: check
+CVE-2023-34371 (Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo Spa ...)
+	TODO: check
+CVE-2023-34182 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Passw ...)
+	TODO: check
+CVE-2023-34181 (Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= ...)
+	TODO: check
+CVE-2023-34178 (Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Gro ...)
+	TODO: check
+CVE-2023-34177 (Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagstr\xf6m W ...)
+	TODO: check
+CVE-2023-34171 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Repor ...)
+	TODO: check
+CVE-2023-34169 (Cross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc ...)
+	TODO: check
+CVE-2023-34033 (Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagina ...)
+	TODO: check
+CVE-2023-34002 (Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manage ...)
+	TODO: check
 CVE-2023-46857
 	NOT-FOR-US: Squidex
 CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers to acces ...)
@@ -202,7 +292,7 @@ CVE-2023-32298 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ka
 	NOT-FOR-US: WordPress plugin
 CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful exploita ...)
 	NOT-FOR-US: Huawei
-CVE-2023-47248
+CVE-2023-47248 (Deserialization of untrusted data in IPC and Parquet readers in PyArro ...)
 	- apache-arrow <itp> (bug #970021)
 CVE-2023-40114
 	NOT-FOR-US: Android
@@ -305,7 +395,7 @@ CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable Pr
 	NOT-FOR-US: Samsung
 CVE-2023-41111 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
 	NOT-FOR-US: Samsung
-CVE-2023-45284 [path/filepath: recognize device names with trailing spaces and superscripts]
+CVE-2023-45284 (On Windows, The IsLocal function does not correctly detect reserved de ...)
 	- golang-1.21 1.21.4-1
 	- golang-1.20 1.20.11-1
 	- golang-1.19 <unfixed>
@@ -318,7 +408,7 @@ CVE-2023-45284 [path/filepath: recognize device names with trailing spaces and s
 	NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4)
 	NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11)
 	TODO: check if it should be considered "windows only" or still tracked due to issue in path parsing for windows paths
-CVE-2023-45283 [path/filepath: recognize \??\ as a Root Local Device path prefix]
+CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix as sp ...)
 	- golang-1.21 1.21.4-1
 	- golang-1.20 1.20.11-1
 	- golang-1.19 <unfixed>
@@ -3053,29 +3143,29 @@ CVE-2023-5388
 	[bullseye] - nss <postponed> (Minor issue, revisit once fixed upstream)
 	[buster] - nss <no-dsa> (Minor issue)
 	NOTE: https://people.redhat.com/~hkario/marvin/
-CVE-2023-5551
+CVE-2023-5551 (Separate Groups mode restrictions were not honoured in the forum summa ...)
 	- moodle <removed>
-CVE-2023-5550
+CVE-2023-5550 (In a shared hosting environment that has been misconfigured to allow a ...)
 	- moodle <removed>
-CVE-2023-5549
+CVE-2023-5549 (Insufficient web service capability checks made it possible to move ca ...)
 	- moodle <removed>
-CVE-2023-5548
+CVE-2023-5548 (Stronger revision number limitations were required on file serving end ...)
 	- moodle <removed>
-CVE-2023-5547
+CVE-2023-5547 (The course upload preview contained an XSS risk for users uploading un ...)
 	- moodle <removed>
-CVE-2023-5546
+CVE-2023-5546 (ID numbers displayed in the quiz grading report required additional sa ...)
 	- moodle <removed>
-CVE-2023-5545
+CVE-2023-5545 (H5P metadata automatically populated the author with the user's userna ...)
 	- moodle <removed>
-CVE-2023-5544
+CVE-2023-5544 (Wiki comments required additional sanitizing and access restrictions t ...)
 	- moodle <removed>
-CVE-2023-5539
+CVE-2023-5539 (A remote code execution risk was identified in the Lesson activity. By ...)
 	- moodle <removed>
-CVE-2023-5540
+CVE-2023-5540 (A remote code execution risk was identified in the IMSCP activity. By  ...)
 	- moodle <removed>
-CVE-2023-5541
+CVE-2023-5541 (The CSV grade import method contained an XSS risk for users importing  ...)
 	- moodle <removed>
-CVE-2023-5542
+CVE-2023-5542 (Students in "Only see own membership" groups could see other students  ...)
 	- moodle <removed>
 CVE-2023-5543
 	- moodle <removed>
@@ -26148,8 +26238,8 @@ CVE-2023-31089
 	RESERVED
 CVE-2023-31088
 	RESERVED
-CVE-2023-31087
-	RESERVED
+CVE-2023-31087 (Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Mana ...)
+	TODO: check
 CVE-2023-31086
 	RESERVED
 CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel  ...)
@@ -41725,8 +41815,8 @@ CVE-2023-25996
 	RESERVED
 CVE-2023-25995
 	RESERVED
-CVE-2023-25994
-	RESERVED
+CVE-2023-25994 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publis ...)
+	TODO: check
 CVE-2023-25993
 	RESERVED
 CVE-2023-25992 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...)
@@ -41763,8 +41853,8 @@ CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-25975
-	RESERVED
+CVE-2023-25975 (Cross-Site Request Forgery (CSRF) vulnerability in Fr\xe9d\xe9ric Shee ...)
+	TODO: check
 CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psic ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59eebdab20f6a99c5151a363147647c392a0602

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c59eebdab20f6a99c5151a363147647c392a0602
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231109/2cdc8172/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list