[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 14 08:11:44 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7116902 by security tracker role at 2023-11-14T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2023-6115
+	REJECTED
+CVE-2023-6109 (The YOP Poll plugin for WordPress is vulnerable to a race condition in ...)
+	TODO: check
+CVE-2023-6107
+	REJECTED
+CVE-2023-6106
+	REJECTED
+CVE-2023-6092
+	REJECTED
+CVE-2023-6089
+	REJECTED
+CVE-2023-6088
+	REJECTED
+CVE-2023-6087
+	REJECTED
+CVE-2023-6086
+	REJECTED
+CVE-2023-6085
+	REJECTED
+CVE-2023-6083
+	REJECTED
+CVE-2023-6034
+	REJECTED
+CVE-2023-6010
+	REJECTED
+CVE-2023-6006 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2023-5977
+	REJECTED
+CVE-2023-4603 (The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2023-47697 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event ...)
+	TODO: check
+CVE-2023-47696 (Unauth. Stored Cross-Site Scripting (XSS) vulnerabilityin Gravity Mast ...)
+	TODO: check
+CVE-2023-47695 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit  ...)
+	TODO: check
+CVE-2023-47690 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bo ...)
+	TODO: check
+CVE-2023-47684 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePun ...)
+	TODO: check
+CVE-2023-47680 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-47673 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano  ...)
+	TODO: check
+CVE-2023-47665 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_p ...)
+	TODO: check
+CVE-2023-47662 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gold ...)
+	TODO: check
+CVE-2023-47657 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-47629 (DataHub is an open-source metadata platform. In affected versions sign ...)
+	TODO: check
+CVE-2023-47628 (DataHub is an open-source metadata platform. DataHub Frontend's sessio ...)
+	TODO: check
+CVE-2023-47625 (PX4 autopilot is a flight control solution for drones. In affected ver ...)
+	TODO: check
+CVE-2023-47609 (SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3  ...)
+	TODO: check
+CVE-2023-47346 (Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2 ...)
+	TODO: check
+CVE-2023-47117 (Label Studio is an open source data labeling tool. In all current vers ...)
+	TODO: check
+CVE-2023-46446 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to control t ...)
+	TODO: check
+CVE-2023-46445 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to control t ...)
+	TODO: check
+CVE-2023-46021 (SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank  ...)
+	TODO: check
+CVE-2023-46020 (Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood ...)
+	TODO: check
+CVE-2023-46019 (Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects B ...)
+	TODO: check
+CVE-2023-46018 (SQL injection vulnerability in receiverReg.php in Code-Projects Blood  ...)
+	TODO: check
+CVE-2023-46017 (SQL Injection vulnerability in receiverLogin.php in Code-Projects Bloo ...)
+	TODO: check
+CVE-2023-46016 (Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0  ...)
+	TODO: check
+CVE-2023-46015 (Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects ...)
+	TODO: check
+CVE-2023-46014 (SQL Injection vulnerability in hospitalLogin.php in Code-Projects Bloo ...)
+	TODO: check
+CVE-2023-45881 (GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resour ...)
+	TODO: check
+CVE-2023-45880 (GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via ...)
+	TODO: check
+CVE-2023-45879 (GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME el ...)
+	TODO: check
+CVE-2023-45878 (GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write ...)
+	TODO: check
+CVE-2023-45560 (An issue in Yasukawa memberscard v.13.6.1 allows attackers to send cra ...)
+	TODO: check
+CVE-2023-45558 (An issue in Golden v.13.6.1 allows attackers to send crafted notificat ...)
+	TODO: check
+CVE-2023-43902 (Incorrect access control in the Forgot Your Password function of EMSig ...)
+	TODO: check
+CVE-2023-43901 (Incorrect access control in the AdHoc User creation form of EMSigner v ...)
+	TODO: check
+CVE-2023-43900 (Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow atta ...)
+	TODO: check
+CVE-2023-42816 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...)
+	TODO: check
+CVE-2023-42815 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...)
+	TODO: check
+CVE-2023-42814 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...)
+	TODO: check
+CVE-2023-42813 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...)
+	TODO: check
+CVE-2023-42480 (The unauthenticated attacker in NetWeaver AS Java Logon application -  ...)
+	TODO: check
+CVE-2023-42327 (Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 al ...)
+	TODO: check
+CVE-2023-42326 (An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execut ...)
+	TODO: check
+CVE-2023-42325 (Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 al ...)
+	TODO: check
+CVE-2023-41366 (Under certain condition SAP NetWeaver Application Server ABAP - versio ...)
+	TODO: check
+CVE-2023-31754 (Optimizely CMS UI before v12.16.0 was discovered to contain a cross-si ...)
+	TODO: check
+CVE-2023-31403 (SAP Business One installation - version 10.0, does not perform proper  ...)
+	TODO: check
 CVE-2023-6104
 	REJECTED
 CVE-2023-6103 (A vulnerability has been found in Intelbras RX 1500 1.1.9 and classifi ...)
@@ -203,6 +327,7 @@ CVE-2023-39295 (An OS command injection vulnerability has been reported to affec
 CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-5870
+	{DSA-5554-1 DSA-5553-1}
 	- postgresql-16 16.1-1
 	- postgresql-15 <unfixed>
 	- postgresql-13 <removed>
@@ -210,6 +335,7 @@ CVE-2023-5870
 	NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/
 	NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
 CVE-2023-5869
+	{DSA-5554-1 DSA-5553-1}
 	- postgresql-16 16.1-1
 	- postgresql-15 <unfixed>
 	- postgresql-13 <removed>
@@ -217,6 +343,7 @@ CVE-2023-5869
 	NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/
 	NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
 CVE-2023-5868
+	{DSA-5554-1 DSA-5553-1}
 	- postgresql-16 16.1-1
 	- postgresql-15 <unfixed>
 	- postgresql-13 <removed>
@@ -14383,6 +14510,7 @@ CVE-2023-32561 (A previously generated artifact by an administrator could be acc
 CVE-2023-32560 (An attacker can send a specially crafted message to the Wavelink Avala ...)
 	NOT-FOR-US: Ivanti
 CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the MERGE comm ...)
+	{DSA-5553-1}
 	- postgresql-15 15.4-1
 	- postgresql-13 <not-affected> (Only affects 15.x)
 	- postgresql-11 <not-affected> (Only affects 15.x)
@@ -14390,7 +14518,7 @@ CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the MERG
 	NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
 	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 (REL_15_4)
 CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in Po ...)
-	{DLA-3600-1}
+	{DSA-5554-1 DSA-5553-1 DLA-3600-1}
 	- postgresql-15 15.4-1
 	- postgresql-13 <removed>
 	- postgresql-11 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d71169025a70b0a73ec8a2f619fd268d2f4c8e16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d71169025a70b0a73ec8a2f619fd268d2f4c8e16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231114/37d7996d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list