[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 15 08:13:04 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bceb538c by security tracker role at 2023-11-15T08:12:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,193 @@
+CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...)
+	TODO: check
+CVE-2023-6032 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
+	TODO: check
+CVE-2023-5987 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
+	TODO: check
+CVE-2023-5986 (A CWE-601 URL Redirection to Untrusted Site vulnerability exists that  ...)
+	TODO: check
+CVE-2023-5985 (A CWE-79 Improper Neutralization of Input During Web Page Generation v ...)
+	TODO: check
+CVE-2023-5984 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...)
+	TODO: check
+CVE-2023-4889 (The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2023-48217 (Statamic is a flat-first, Laravel + Git powered CMS designed for build ...)
+	TODO: check
+CVE-2023-47678 (An improper access control vulnerability exists in RT-AC87U all versio ...)
+	TODO: check
+CVE-2023-47641 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	TODO: check
+CVE-2023-47640 (DataHub is an open-source metadata platform. The HMAC signature for Da ...)
+	TODO: check
+CVE-2023-47631 (vantage6 is a framework to manage and deploy privacy enhancing technol ...)
+	TODO: check
+CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue was found ...)
+	TODO: check
+CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+	TODO: check
+CVE-2023-47586 (Multiple heap-based buffer overflow vulnerabilities exist in V-Server  ...)
+	TODO: check
+CVE-2023-47585 (Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earl ...)
+	TODO: check
+CVE-2023-47584 (Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and ear ...)
+	TODO: check
+CVE-2023-47583 (Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator  ...)
+	TODO: check
+CVE-2023-47582 (Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17 ...)
+	TODO: check
+CVE-2023-47581 (Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlie ...)
+	TODO: check
+CVE-2023-47580 (Multiple improper restriction of operations within the bounds of a mem ...)
+	TODO: check
+CVE-2023-47549 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on302 respo ...)
+	TODO: check
+CVE-2023-47547 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactor ...)
+	TODO: check
+CVE-2023-47546 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Walte ...)
+	TODO: check
+CVE-2023-47545 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fat ...)
+	TODO: check
+CVE-2023-47544 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visu ...)
+	TODO: check
+CVE-2023-47533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...)
+	TODO: check
+CVE-2023-47532 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum  ...)
+	TODO: check
+CVE-2023-47528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajj ...)
+	TODO: check
+CVE-2023-47524 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requiresPH ...)
+	TODO: check
+CVE-2023-47522 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Fe ...)
+	TODO: check
+CVE-2023-47520 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael  ...)
+	TODO: check
+CVE-2023-47518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew  ...)
+	TODO: check
+CVE-2023-47517 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPres ...)
+	TODO: check
+CVE-2023-47446 (Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scriptin ...)
+	TODO: check
+CVE-2023-47445 (Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via t ...)
+	TODO: check
+CVE-2023-47309 (Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripti ...)
+	TODO: check
+CVE-2023-47308 (In the module "Newsletter Popup PRO with Voucher/Coupon code" (newslet ...)
+	TODO: check
+CVE-2023-47130 (Yii is an open source PHP web framework. yiisoft/yii before version 1. ...)
+	TODO: check
+CVE-2023-47125 (TYPO3 is an open source PHP based web content management system releas ...)
+	TODO: check
+CVE-2023-46672 (An issue was identified by Elastic whereby sensitive information is re ...)
+	TODO: check
+CVE-2023-46582 (SQL injection vulnerability in Inventory Management v.1.0 allows a loc ...)
+	TODO: check
+CVE-2023-46581 (SQL injection vulnerability in Inventory Management v.1.0 allows a loc ...)
+	TODO: check
+CVE-2023-46580 (Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0  ...)
+	TODO: check
+CVE-2023-46132 (Hyperledger Fabric is an open source permissioned distributed ledger f ...)
+	TODO: check
+CVE-2023-46121 (yt-dlp is a youtube-dl fork with additional features and fixes. The Ge ...)
+	TODO: check
+CVE-2023-46026 (Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul  ...)
+	TODO: check
+CVE-2023-46025 (SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher  ...)
+	TODO: check
+CVE-2023-46024 (SQL Injection vulnerability in index.php in phpgurukul Teacher Subject ...)
+	TODO: check
+CVE-2023-46023 (SQL injection vulnerability in addTask.php in Code-Projects Simple Tas ...)
+	TODO: check
+CVE-2023-46022 (SQL Injection vulnerability in delete.php in Code-Projects Blood Bank  ...)
+	TODO: check
+CVE-2023-45627 (An authenticated Denial-of-Service (DoS) vulnerability exists in the C ...)
+	TODO: check
+CVE-2023-45626 (An authenticated vulnerability has been identified allowing an attacke ...)
+	TODO: check
+CVE-2023-45625 (Multiple authenticated command injection vulnerabilities exist in the  ...)
+	TODO: check
+CVE-2023-45624 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...)
+	TODO: check
+CVE-2023-45623 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the W ...)
+	TODO: check
+CVE-2023-45622 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the B ...)
+	TODO: check
+CVE-2023-45621 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the C ...)
+	TODO: check
+CVE-2023-45620 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the C ...)
+	TODO: check
+CVE-2023-45619 (There is an arbitrary file deletion vulnerability in the RSSI service  ...)
+	TODO: check
+CVE-2023-45618 (There are arbitrary file deletion vulnerabilities in the AirWave clien ...)
+	TODO: check
+CVE-2023-45617 (There are arbitrary file deletion vulnerabilities in the CLI service a ...)
+	TODO: check
+CVE-2023-45616 (There is a buffer overflow vulnerability in the underlying AirWave cli ...)
+	TODO: check
+CVE-2023-45615 (There are buffer overflow vulnerabilities in the underlying CLI servic ...)
+	TODO: check
+CVE-2023-45614 (There are buffer overflow vulnerabilities in the underlying CLI servic ...)
+	TODO: check
+CVE-2023-43979 (ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL inject ...)
+	TODO: check
+CVE-2023-43591 (Improper privilege management  in Zoom Rooms for macOS before version  ...)
+	TODO: check
+CVE-2023-43590 (Link following  in Zoom Rooms for macOS before version 5.16.0 may allo ...)
+	TODO: check
+CVE-2023-43588 (Insufficient control flow management in some Zoom clients may allow an ...)
+	TODO: check
+CVE-2023-43582 (Improper authorization in some Zoom clients may allow an authorized us ...)
+	TODO: check
+CVE-2023-41718 (When a particular process flow is initiated, an attacker may be able t ...)
+	TODO: check
+CVE-2023-41597 (EyouCms v1.6.2 was discovered to contain a reflected cross-site script ...)
+	TODO: check
+CVE-2023-41570 (MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect acc ...)
+	TODO: check
+CVE-2023-40923 (MyPrestaModules ordersexport before v5.0 was discovered to contain mul ...)
+	TODO: check
+CVE-2023-39537 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use  ...)
+	TODO: check
+CVE-2023-39536 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use  ...)
+	TODO: check
+CVE-2023-39535 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use  ...)
+	TODO: check
+CVE-2023-39337 (A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older a ...)
+	TODO: check
+CVE-2023-39335 (A security vulnerability has been identified in EPMM Versions 11.10, 1 ...)
+	TODO: check
+CVE-2023-39206 (Buffer overflow in some Zoom clients may allow an unauthenticated user ...)
+	TODO: check
+CVE-2023-39205 (Improper conditions check in Zoom Team Chat for Zoom clients may allow ...)
+	TODO: check
+CVE-2023-39204 (Buffer overflow in some Zoom clients may allow an unauthenticated user ...)
+	TODO: check
+CVE-2023-39203 (Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop C ...)
+	TODO: check
+CVE-2023-39202 (Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Cl ...)
+	TODO: check
+CVE-2023-39199 (Cryptographic issues with In-Meeting Chat for some Zoom clients may al ...)
+	TODO: check
+CVE-2023-38544 (A logged in user can modify specific files that may lead to unauthoriz ...)
+	TODO: check
+CVE-2023-38543 (When a specific component is loaded a local attacker and is able to se ...)
+	TODO: check
+CVE-2023-38043 (When a specific component is loaded a local attacker and is able to se ...)
+	TODO: check
+CVE-2023-36558 (ASP.NET Core - Security Feature Bypass Vulnerability)
+	TODO: check
+CVE-2023-36437 (Azure DevOps Server Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36049 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...)
+	TODO: check
+CVE-2023-36038 (ASP.NET Core Denial of Service Vulnerability)
+	TODO: check
+CVE-2023-36007 (Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulner ...)
+	TODO: check
+CVE-2023-35080 (A vulnerability has been identified in the Ivanti Secure Access Window ...)
+	TODO: check
+CVE-2023-34060 (VMware Cloud Director Appliance contains an authentication bypass vuln ...)
+	TODO: check
 CVE-2023-44444 [GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability]
 	- gimp <unfixed>
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/
@@ -317,7 +507,7 @@ CVE-2023-28377 (Improper authentication in some Intel(R) NUC Kit NUC11PH USB fir
 	NOT-FOR-US: Intel
 CVE-2023-22327 (Out-of-bounds write in firmware for some Intel(R) FPGA products before ...)
 	NOT-FOR-US: Intel
-CVE-2023-5528
+CVE-2023-5528 (A security issue was discovered in Kubernetes where a user that can cr ...)
 	- kubernetes <not-affected> (Windows-specific)
 CVE-2023-23583 (Sequence of processor instructions leads to unexpected behavior for so ...)
 	- intel-microcode <unfixed> (bug #1055962)
@@ -1940,7 +2130,7 @@ CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as pr
 	NOT-FOR-US: PopojiCMS
 CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core before 1. ...)
 	NOT-FOR-US: transmute-core
-CVE-2023-46595 (Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attackerto obtai ...)
+CVE-2023-46595 (Net-NTLM leak in Fireflow A32.20 allows an attackerto obtain victim\u2 ...)
 	NOT-FOR-US: Fireflow
 CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Com ...)
 	NOT-FOR-US: dmpop Mejiro
@@ -8637,7 +8827,7 @@ CVE-2023-5197 (A use-after-free vulnerability in the Linux kernel's netfilter: n
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/f15f29fd4779be8a418b66e9d52979bb6d6c2325 (6.6-rc3)
 	NOTE: https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325
-CVE-2023-5189 [insecure galaxy-importer tarfile extraction]
+CVE-2023-5189 (A path traversal vulnerability exists in Ansible when extracting tarba ...)
 	NOT-FOR-US: Ansible Automation Hub
 CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on ports 33 ...)
 	- galera-4 26.4.13-1
@@ -27002,8 +27192,8 @@ CVE-2023-31102 (7-Zip through 22.01 on Linux allows an integer underflow and cod
 	NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
 CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in Apache So ...)
 	NOT-FOR-US: Apache InLong
-CVE-2023-31100
-	RESERVED
+CVE-2023-31100 (Improper Access Control in SMI handler vulnerability in Phoenix Secure ...)
+	TODO: check
 CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an authenticated use ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software Foundation ...)
@@ -63354,8 +63544,8 @@ CVE-2022-4107 (The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 d
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4106 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 doe ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-45781
-	RESERVED
+CVE-2022-45781 (Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlie ...)
+	TODO: check
 CVE-2022-45780
 	RESERVED
 CVE-2022-45779



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bceb538c66d704299b1c5d571edab7260c757aee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bceb538c66d704299b1c5d571edab7260c757aee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231115/4eeea631/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list