[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 10 08:11:43 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
33dcb18f by security tracker role at 2023-11-10T08:11:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-6073 (Attacker can perform a Denial of Service attack to crash the ICAS 3 IV ...)
+ TODO: check
+CVE-2023-6069 (Improper Input Validation in GitHub repository froxlor/froxlor prior t ...)
+ TODO: check
+CVE-2023-5954 (HashiCorp Vault and Vault Enterprise inbound client requests triggerin ...)
+ TODO: check
+CVE-2023-4379 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ TODO: check
+CVE-2023-47800 (Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default pass ...)
+ TODO: check
+CVE-2023-47246 (In SysAid On-Premise before 23.3.36, a path traversal vulnerability le ...)
+ TODO: check
+CVE-2023-46729 (sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized ...)
+ TODO: check
+CVE-2023-45167 (IBM AIX's 7.3 Python implementation could allow a non-privileged local ...)
+ TODO: check
+CVE-2023-39796 (SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 ...)
+ TODO: check
+CVE-2023-36024 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2023-36014 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2023-34031 (Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPre ...)
+ TODO: check
+CVE-2023-34025 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login ...)
+ TODO: check
+CVE-2023-34024 (Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP ...)
+ TODO: check
+CVE-2023-32794 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product ...)
+ TODO: check
+CVE-2023-32745 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Automat ...)
+ TODO: check
+CVE-2023-32744 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product ...)
+ TODO: check
+CVE-2023-32739 (Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custo ...)
+ TODO: check
+CVE-2023-32602 (Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NO ...)
+ TODO: check
+CVE-2023-32594 (Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej ...)
+ TODO: check
+CVE-2023-32592 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edwa ...)
+ TODO: check
+CVE-2023-32587 (Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC W ...)
+ TODO: check
+CVE-2023-32579 (Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forg ...)
+ TODO: check
+CVE-2023-32512 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...)
+ TODO: check
+CVE-2023-32502 (Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro M ...)
+ TODO: check
+CVE-2023-32501 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooki ...)
+ TODO: check
+CVE-2023-32500 (Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - M ...)
+ TODO: check
+CVE-2023-32125 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...)
+ TODO: check
+CVE-2023-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Red ...)
+ TODO: check
+CVE-2023-32092 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...)
+ TODO: check
CVE-2023-6054 (A vulnerability, which was classified as critical, was found in Tongda ...)
NOT-FOR-US: Tongda OA
CVE-2023-6053 (A vulnerability, which was classified as critical, has been found in T ...)
@@ -3179,7 +3239,7 @@ CVE-2023-5541 (The CSV grade import method contained an XSS risk for users impor
- moodle <removed>
CVE-2023-5542 (Students in "Only see own membership" groups could see other students ...)
- moodle <removed>
-CVE-2023-5543
+CVE-2023-5543 (When duplicating a BigBlueButton activity, the original meeting ID was ...)
- moodle <removed>
CVE-2023-46301 (iTerm2 before 3.4.20 allow (potentially remote) code execution because ...)
NOT-FOR-US: iTerm2
@@ -25735,8 +25795,8 @@ CVE-2023-31237
RESERVED
CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31235
- RESERVED
+CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
+ TODO: check
CVE-2023-31234
RESERVED
CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...)
@@ -26240,8 +26300,8 @@ CVE-2023-31095
RESERVED
CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Ka ...)
NOT-FOR-US: WooCommerce plugin
-CVE-2023-31093
- RESERVED
+CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly ...)
+ TODO: check
CVE-2023-31092
RESERVED
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prad ...)
@@ -26250,12 +26310,12 @@ CVE-2023-31090
RESERVED
CVE-2023-31089
RESERVED
-CVE-2023-31088
- RESERVED
+CVE-2023-31088 (Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floatin ...)
+ TODO: check
CVE-2023-31087 (Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Mana ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31086
- RESERVED
+CVE-2023-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple G ...)
+ TODO: check
CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel ...)
- linux <unfixed> (unimportant)
NOTE: https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/
@@ -29505,8 +29565,8 @@ CVE-2023-29977
RESERVED
CVE-2023-29976
RESERVED
-CVE-2023-29975
- RESERVED
+CVE-2023-29975 (An issue discovered in Pfsense CE version 2.6.0 allows attackers to ch ...)
+ TODO: check
CVE-2023-29974 (An issue discovered in Pfsense CE version 2.6.0 allows attackers to co ...)
NOT-FOR-US: Pfsense CE
CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead ...)
@@ -66805,7 +66865,7 @@ CVE-2022-44710 (DirectX Graphics Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44709
RESERVED
-CVE-2022-44708 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.)
+CVE-2022-44708 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44707 (Windows Kernel Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
@@ -66813,11 +66873,11 @@ CVE-2022-44706
RESERVED
CVE-2022-44705
RESERVED
-CVE-2022-44704 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability.)
+CVE-2022-44704 (Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulne ...)
NOT-FOR-US: Microsoft
CVE-2022-44703
RESERVED
-CVE-2022-44702 (Windows Terminal Remote Code Execution Vulnerability.)
+CVE-2022-44702 (Windows Terminal Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44701
RESERVED
@@ -66875,7 +66935,7 @@ CVE-2022-44675 (Windows Bluetooth Driver Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-44673 (Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privileg ...)
+CVE-2022-44673 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...)
NOT-FOR-US: Microsoft
CVE-2022-44672
RESERVED
@@ -78670,7 +78730,7 @@ CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41121 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...)
+CVE-2022-41121 (Windows Graphics Component Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41120 (Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulne ...)
NOT-FOR-US: Microsoft
@@ -78734,7 +78794,7 @@ CVE-2022-41091 (Windows Mark of the Web Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41090 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...)
NOT-FOR-US: Microsoft
-CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability.)
+CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41088 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...)
NOT-FOR-US: Microsoft
@@ -78760,7 +78820,7 @@ CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability.)
+CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41075
RESERVED
@@ -374957,8 +375017,8 @@ CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow
NOT-FOR-US: Lantech
CVE-2018-8864 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MH ...)
NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
-CVE-2018-8863
- RESERVED
+CVE-2018-8863 (The HTTP header in Philips EncoreAnywhere contains data an attacker ma ...)
+ TODO: check
CVE-2018-8862 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MH ...)
NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environment (Br ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33dcb18fc5e2dcda6b245a23f96c5f4c1827b058
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33dcb18fc5e2dcda6b245a23f96c5f4c1827b058
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231110/915bbc99/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list