[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 10 20:12:39 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
27852b22 by security tracker role at 2023-11-10T20:12:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-6076 (A vulnerability classified as problematic was found in PHPGurukul Rest ...)
+	TODO: check
+CVE-2023-6075 (A vulnerability classified as problematic has been found in PHPGurukul ...)
+	TODO: check
+CVE-2023-6074 (A vulnerability was found in PHPGurukul Restaurant Table Booking Syste ...)
+	TODO: check
+CVE-2023-4949 (An attacker with local access to a system (either through a disk or ex ...)
+	TODO: check
+CVE-2023-47614 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor  ...)
+	TODO: check
+CVE-2023-47611 (A CWE-269: Improper Privilege Management vulnerability exists in Telit ...)
+	TODO: check
+CVE-2023-47164 (Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier all ...)
+	TODO: check
+CVE-2023-47129 (Statmic is a core Laravel content management system Composer package.  ...)
+	TODO: check
+CVE-2023-47128 (Piccolo is an object-relational mapping and query builder which suppor ...)
+	TODO: check
+CVE-2023-47121 (Discourse is an open source platform for community discussion. Prior t ...)
+	TODO: check
+CVE-2023-47120 (Discourse is an open source platform for community discussion. In vers ...)
+	TODO: check
+CVE-2023-47119 (Discourse is an open source platform for community discussion. Prior t ...)
+	TODO: check
+CVE-2023-47108 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...)
+	TODO: check
+CVE-2023-46735 (Symfony is a PHP framework for web and console applications and a set  ...)
+	TODO: check
+CVE-2023-46734 (Symfony is a PHP framework for web and console applications and a set  ...)
+	TODO: check
+CVE-2023-46733 (Symfony is a PHP framework for web and console applications and a set  ...)
+	TODO: check
+CVE-2023-46130 (Discourse is an open source platform for community discussion. Prior t ...)
+	TODO: check
+CVE-2023-45816 (Discourse is an open source platform for community discussion. Prior t ...)
+	TODO: check
+CVE-2023-45806 (Discourse is an open source platform for community discussion. Prior t ...)
+	TODO: check
+CVE-2023-41285 (A SQL injection vulnerability has been reported to affect QuMagie. If  ...)
+	TODO: check
+CVE-2023-41284 (A SQL injection vulnerability has been reported to affect QuMagie. If  ...)
+	TODO: check
+CVE-2023-39295 (An OS command injection vulnerability has been reported to affect QuMa ...)
+	TODO: check
+CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+	TODO: check
 CVE-2023-5870
 	- postgresql-16 16.1-1
 	- postgresql-15 <unfixed>
@@ -3861,7 +3907,6 @@ CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup
 	NOTE: https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 (unstable)
 	NOTE: https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc (7.0.14)
 CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino development.  ...)
-	{DLA-3649-1}
 	NOT-FOR-US: Arduino Create Agent
 CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino development.  ...)
 	NOT-FOR-US: Arduino Create Agent
@@ -4074,6 +4119,7 @@ CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Reques
 CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
 	NOT-FOR-US: Dreamer CMS
 CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...)
+	{DLA-3649-1}
 	- python-urllib3 1.26.18-1 (bug #1054226)
 	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
 	[bullseye] - python-urllib3 <no-dsa> (Minor issue)
@@ -26361,10 +26407,10 @@ CVE-2023-31080
 	RESERVED
 CVE-2023-31079 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-31078
-	RESERVED
-CVE-2023-31077
-	RESERVED
+CVE-2023-31078 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher  ...)
+	TODO: check
+CVE-2023-31077 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Pa ...)
+	TODO: check
 CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-31075
@@ -28456,8 +28502,8 @@ CVE-2023-30480
 	RESERVED
 CVE-2023-30479
 	RESERVED
-CVE-2023-30478
-	RESERVED
+CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...)
+	TODO: check
 CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-30476
@@ -31009,8 +31055,8 @@ CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert H ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-29440
-	RESERVED
+CVE-2023-29440 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple  ...)
+	TODO: check
 CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...)
 	NOT-FOR-US: FooGallery
 CVE-2023-29438 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
@@ -31033,12 +31079,12 @@ CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CT
 	NOT-FOR-US: WordPress theme
 CVE-2023-29429
 	RESERVED
-CVE-2023-29428
-	RESERVED
+CVE-2023-29428 (Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb So ...)
+	TODO: check
 CVE-2023-29427 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Book ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-29426
-	RESERVED
+CVE-2023-29426 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd ...)
+	TODO: check
 CVE-2023-29425
 	RESERVED
 CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plai ...)
@@ -50102,8 +50148,8 @@ CVE-2023-23369 (An OS command injection vulnerability has been reported to affec
 	NOT-FOR-US: QNAP
 CVE-2023-23368 (An OS command injection vulnerability has been reported to affect seve ...)
 	NOT-FOR-US: QNAP
-CVE-2023-23367
-	RESERVED
+CVE-2023-23367 (An OS command injection vulnerability has been reported to affect seve ...)
+	TODO: check
 CVE-2023-23366 (A path traversal vulnerability has been reported to affect Music Stati ...)
 	NOT-FOR-US: QNAP
 CVE-2023-23365 (A path traversal vulnerability has been reported to affect Music Stati ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27852b229cde1f19b489b72eeebb5cbda9f40db1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27852b229cde1f19b489b72eeebb5cbda9f40db1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231110/82f5b5be/attachment.htm>

More information about the debian-security-tracker-commits mailing list