[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 17 08:12:18 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b126ab86 by security tracker role at 2023-11-17T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any file on t ...)
+ TODO: check
+CVE-2023-6014 (An attacker is able to arbitrarily create an account in MLflow bypassi ...)
+ TODO: check
+CVE-2023-48659 (An issue was discovered in MISP before 2.4.176. app/Controller/AppCont ...)
+ TODO: check
+CVE-2023-48658 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...)
+ TODO: check
+CVE-2023-48657 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...)
+ TODO: check
+CVE-2023-48656 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...)
+ TODO: check
+CVE-2023-48655 (An issue was discovered in MISP before 2.4.176. app/Controller/Compone ...)
+ TODO: check
+CVE-2023-48649 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on t ...)
+ TODO: check
+CVE-2023-48648 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized ac ...)
+ TODO: check
+CVE-2023-48237 (Vim is an open source command line text editor. In affected versions w ...)
+ TODO: check
+CVE-2023-48236 (Vim is an open source command line text editor. When using the z= comm ...)
+ TODO: check
+CVE-2023-48235 (Vim is an open source command line text editor. When parsing relative ...)
+ TODO: check
+CVE-2023-48234 (Vim is an open source command line text editor. When getting the count ...)
+ TODO: check
+CVE-2023-48233 (Vim is an open source command line text editor. If the count after the ...)
+ TODO: check
+CVE-2023-48232 (Vim is an open source command line text editor. A floating point excep ...)
+ TODO: check
+CVE-2023-48231 (Vim is an open source command line text editor. When closing a window, ...)
+ TODO: check
+CVE-2023-48222 (Rundeck is an open source automation service with a web console, comma ...)
+ TODO: check
+CVE-2023-48078 (SQL Injection vulnerability in add.php in Simple CRUD Functionality v1 ...)
+ TODO: check
+CVE-2023-48031 (OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with ...)
+ TODO: check
+CVE-2023-47797 (Reflected cross-site scripting (XSS) vulnerability on a content page\u ...)
+ TODO: check
+CVE-2023-47688 (Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube Spe ...)
+ TODO: check
+CVE-2023-47687 (Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Cust ...)
+ TODO: check
+CVE-2023-47686 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato ...)
+ TODO: check
+CVE-2023-47675 (CubeCart prior to 6.5.3 allows a remote authenticated attacker with an ...)
+ TODO: check
+CVE-2023-47642 (Zulip is an open-source team collaboration tool. It was discovered by ...)
+ TODO: check
+CVE-2023-47283 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a ...)
+ TODO: check
+CVE-2023-47112 (Rundeck is an open source automation service with a web console, comma ...)
+ TODO: check
+CVE-2023-47025 (An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial ...)
+ TODO: check
+CVE-2023-46214 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise ...)
+ TODO: check
+CVE-2023-46213 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escap ...)
+ TODO: check
+CVE-2023-45387 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportpr ...)
+ TODO: check
+CVE-2023-45382 (In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from ...)
+ TODO: check
+CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a ...)
+ TODO: check
+CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS before versio ...)
+ TODO: check
+CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS before versio ...)
+ TODO: check
+CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS ...)
+ TODO: check
+CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...)
+ TODO: check
+CVE-2023-39547 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...)
+ TODO: check
+CVE-2023-39546 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...)
+ TODO: check
+CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...)
+ TODO: check
+CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...)
+ TODO: check
+CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
+ TODO: check
+CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
+ TODO: check
+CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
+ TODO: check
+CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
+ TODO: check
+CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
+ TODO: check
+CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...)
+ TODO: check
+CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before 10.1.2. it ha ...)
+ TODO: check
+CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6 ...)
+ TODO: check
CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API for ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
@@ -1225,7 +1323,7 @@ CVE-2023-5868
NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
CVE-2023-6073 (Attacker can perform a Denial of Service attack to crash the ICAS 3 IV ...)
NOT-FOR-US: Volkswagen
-CVE-2023-6069 (Improper Input Validation in GitHub repository froxlor/froxlor prior t ...)
+CVE-2023-6069 (Improper Link Resolution Before File Access in GitHub repository froxl ...)
- froxlor <itp> (bug #581792)
CVE-2023-5954 (HashiCorp Vault and Vault Enterprise inbound client requests triggerin ...)
NOT-FOR-US: HashiCorp Vault
@@ -2653,9 +2751,9 @@ CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-
NOT-FOR-US: pkp-lib
CVE-2023-5902 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
NOT-FOR-US: pkp-lib
-CVE-2023-5901 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
+CVE-2023-5901 (Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-1 ...)
NOT-FOR-US: pkp-lib
-CVE-2023-5900 (Missing Authorization in GitHub repository pkp/pkp-lib prior to 3.3.0- ...)
+CVE-2023-5900 (Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3 ...)
NOT-FOR-US: pkp-lib
CVE-2023-5899 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
NOT-FOR-US: pkp-lib
@@ -3754,6 +3852,7 @@ CVE-2023-42856 (The issue was addressed with improved memory handling. This issu
CVE-2023-42854 (This issue was addressed by removing the vulnerable code. This issue i ...)
NOT-FOR-US: Apple
CVE-2023-42852 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ {DSA-5557-1}
- webkit2gtk 2.42.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.2-1
@@ -3799,6 +3898,7 @@ CVE-2023-41989 (The issue was addressed by restricting options offered on a lock
CVE-2023-41988 (This issue was addressed by restricting options offered on a locked de ...)
NOT-FOR-US: Apple
CVE-2023-41983 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-5557-1}
- webkit2gtk 2.42.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.2-1
@@ -15166,7 +15266,7 @@ CVE-2023-40253 (Improper Authentication vulnerability in Genians Genian NAC V4.0
NOT-FOR-US: Genians
CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0 ...)
NOT-FOR-US: ArchiMate Archi
-CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.)
+CVE-2023-40224 (MISP 2.4.174 allows XSS in app/View/Events/index.ctp.)
NOT-FOR-US: MISP
CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
NOT-FOR-US: OpenZeppelin Contracts
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b126ab86f5cf00fcf466d7c6027f1644fa3c58e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b126ab86f5cf00fcf466d7c6027f1644fa3c58e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231117/0f8c3ab8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list