[Git][security-tracker-team/security-tracker][master] automatic update

Fri Oct 6 09:12:26 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b881ae44 by security tracker role at 2023-10-06T08:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-5441 (NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161a ...)
+	TODO: check
+CVE-2023-5312 (A vulnerability classified as critical has been found in DedeCMS 5.7.1 ...)
+	TODO: check
+CVE-2023-45243 (Sensitive information disclosure due to missing authorization. The fol ...)
+	TODO: check
+CVE-2023-45242 (Sensitive information disclosure due to missing authorization. The fol ...)
+	TODO: check
+CVE-2023-45241 (Sensitive information leak through log files. The following products a ...)
+	TODO: check
+CVE-2023-45240 (Sensitive information disclosure due to missing authorization. The fol ...)
+	TODO: check
+CVE-2023-44214 (Sensitive information disclosure due to missing authorization. The fol ...)
+	TODO: check
+CVE-2023-44213 (Sensitive information disclosure due to excessive collection of system ...)
+	TODO: check
+CVE-2023-44212 (Sensitive information disclosure and manipulation due to missing autho ...)
+	TODO: check
+CVE-2023-44211 (Sensitive information disclosure and manipulation due to missing autho ...)
+	TODO: check
+CVE-2023-43343 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...)
+	TODO: check
+CVE-2023-43269 (pigcms up to 7.0 was discovered to contain an arbitrary file upload vu ...)
+	TODO: check
+CVE-2023-40556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule  ...)
+	TODO: check
+CVE-2023-39323 (Line directives ("//line") can be used to bypass the restrictions on " ...)
+	TODO: check
+CVE-2015-10126 (A vulnerability classified as critical was found in Easy2Map Photos Pl ...)
+	TODO: check
+CVE-2015-10125 (A vulnerability classified as problematic has been found in WP Ultimat ...)
+	TODO: check
 CVE-2023-5423 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...)
 	NOT-FOR-US: ourceCodester Online Pizza Ordering System
 CVE-2023-4570 (An improper access restriction in NI MeasurementLink Python services c ...)
@@ -452,10 +484,12 @@ CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version 1
 CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the componen ...)
 	NOT-FOR-US: UPV PEIX
 CVE-2023-4693 [Crafted file system images can cause out-of-bounds write and may leak sensitive information into the GRUB pager]
+	{DLA-3605-1}
 	- grub2 2.12~rc1-11
 	NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
 	NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/
 CVE-2023-4692 [Crafted file system images can cause heap-based buffer overflow and may allow arbitrary code execution and secure boot bypass]
+	{DLA-3605-1}
 	- grub2 2.12~rc1-11
 	NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html
 	NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/
@@ -34983,8 +35017,8 @@ CVE-2023-26155
 	RESERVED
 CVE-2023-26154
 	RESERVED
-CVE-2023-26153
-	RESERVED
+CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...)
+	TODO: check
 CVE-2023-26152 (All versions of the package static-server are vulnerable to Directory  ...)
 	TODO: check
 CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable to Denial ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b881ae44090d2d133d1581c2cc52dc060d902211

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b881ae44090d2d133d1581c2cc52dc060d902211
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231006/481020eb/attachment.htm>
