[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Oct 13 21:12:55 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c239785 by security tracker role at 2023-10-13T20:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
+	TODO: check
+CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite  ...)
+	TODO: check
+CVE-2023-5571 (Improper Input Validation in GitHub repository vriteio/vrite prior to  ...)
+	TODO: check
+CVE-2023-5449 (A potential security vulnerability has been identified in certain HP D ...)
+	TODO: check
+CVE-2023-5409 (HP is aware of a potential security vulnerability in HP t430 and t638  ...)
+	TODO: check
+CVE-2023-5240 (Improper access control in PAM propagation scripts in Devolutions Serv ...)
+	TODO: check
+CVE-2023-4995 (The Embed Calendly plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2023-4829 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...)
+	TODO: check
+CVE-2023-4517 (Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hest ...)
+	TODO: check
+CVE-2023-4499 (A potential security vulnerability has been identified in the HP ThinU ...)
+	TODO: check
+CVE-2023-45468 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...)
+	TODO: check
+CVE-2023-45467 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
+	TODO: check
+CVE-2023-45466 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
+	TODO: check
+CVE-2023-45465 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...)
+	TODO: check
+CVE-2023-45464 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...)
+	TODO: check
+CVE-2023-45463 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...)
+	TODO: check
+CVE-2023-45393 (An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Bu ...)
+	TODO: check
+CVE-2023-45391 (A stored cross-site scripting (XSS) vulnerability in the Create A New  ...)
+	TODO: check
+CVE-2023-45276 (Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com ...)
+	TODO: check
+CVE-2023-45270 (Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinp ...)
+	TODO: check
+CVE-2023-45269 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...)
+	TODO: check
+CVE-2023-45268 (Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps W ...)
+	TODO: check
+CVE-2023-45267 (Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou p ...)
+	TODO: check
+CVE-2023-45162 (Affected 1E Platform versions have a Blind SQL Injection vulnerability ...)
+	TODO: check
+CVE-2023-45130 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit  ...)
+	TODO: check
+CVE-2023-45109 (Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage p ...)
+	TODO: check
+CVE-2023-45108 (Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= ...)
+	TODO: check
+CVE-2023-45107 (Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin < ...)
+	TODO: check
+CVE-2023-43079 (Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, con ...)
+	TODO: check
+CVE-2023-41843 (A improper neutralization of input during web page generation ('cross- ...)
+	TODO: check
+CVE-2023-41836 (An improper neutralization of input during web page generation ('cross ...)
+	TODO: check
+CVE-2023-41682 (A improper limitation of a pathname to a restricted directory ('path t ...)
+	TODO: check
+CVE-2023-41681 (A improper neutralization of input during web page generation ('cross- ...)
+	TODO: check
+CVE-2023-41680 (A improper neutralization of input during web page generation ('cross- ...)
+	TODO: check
+CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspe ...)
+	TODO: check
+CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in WordPres ...)
+	TODO: check
+CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open source c ...)
+	TODO: check
+CVE-2023-38000 (Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
+CVE-2023-34977 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+	TODO: check
+CVE-2023-34976 (A SQL injection vulnerability has been reported to affect Video Statio ...)
+	TODO: check
+CVE-2023-34975 (A SQL injection vulnerability has been reported to affect Video Statio ...)
+	TODO: check
+CVE-2023-33303 (A insufficient session expiration in Fortinet FortiEDR version 5.0.0 t ...)
+	TODO: check
+CVE-2023-32976 (An OS command injection vulnerability has been reported to affect Cont ...)
+	TODO: check
+CVE-2023-32974 (A path traversal vulnerability has been reported to affect several QNA ...)
+	TODO: check
+CVE-2023-32973 (A buffer copy without checking size of input vulnerability has been re ...)
+	TODO: check
+CVE-2023-32970 (A NULL pointer dereference vulnerability has been reported to affect s ...)
+	TODO: check
 CVE-2023-42663
 	- airflow <itp> (bug #819700)
 CVE-2023-42792
@@ -501,7 +593,7 @@ CVE-2023-4837 (SmodBIP is vulnerable to Cross-Site Request Forgery, that could b
 CVE-2023-4309 (Election Services Co. (ESC) Internet Election Service is vulnerable to ...)
 	NOT-FOR-US: Election Services Co. (ESC) Internet Election Service
 CVE-2023-45648 (Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ...)
-	{DSA-5522-1 DSA-5521-1}
+	{DSA-5522-1 DSA-5521-1 DLA-3617-1}
 	- tomcat10 10.1.14-1
 	- tomcat9 9.0.70-2
 	- tomcat8 <removed>
@@ -579,7 +671,7 @@ CVE-2023-43485 (When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ
 CVE-2023-42796 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...)
 	NOT-FOR-US: Siemens
 CVE-2023-42795 (Incomplete Cleanup vulnerability in Apache Tomcat.When recycling vario ...)
-	{DSA-5522-1 DSA-5521-1}
+	{DSA-5522-1 DSA-5521-1 DLA-3617-1}
 	- tomcat10 10.1.14-1
 	- tomcat9 9.0.70-2
 	- tomcat8 <removed>
@@ -919,7 +1011,7 @@ CVE-2023-3961 [smbd allows client access to unix domain sockets on the file syst
 	NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
 	NOTE: In scope for continued Samba support
 CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...)
-	{DSA-5522-1 DSA-5521-1}
+	{DSA-5522-1 DSA-5521-1 DLA-3617-1}
 	- tomcat9 9.0.70-2
 	- tomcat10 10.1.14-1
 	- trafficserver <unfixed> (bug #1053801)
@@ -3621,7 +3713,8 @@ CVE-2023-43766 (Certain WithSecure products allow Local privilege escalation via
 	NOT-FOR-US: WithSecure
 CVE-2023-43765 (Certain WithSecure products allow Denial of Service in the aeelf compo ...)
 	NOT-FOR-US: WithSecure
-CVE-2023-43764 (Certain WithSecure products allow Unauthenticated Remote Code Executio ...)
+CVE-2023-43764
+	REJECTED
 	NOT-FOR-US: WithSecure
 CVE-2023-43763 (Certain WithSecure products allow XSS via an unvalidated parameter in  ...)
 	NOT-FOR-US: WithSecure
@@ -7332,7 +7425,7 @@ CVE-2023-4524
 CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of service: remote attacker ...)
 	NOT-FOR-US: Array AG OS
 CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
-	{DSA-5522-1 DSA-5521-1}
+	{DSA-5522-1 DSA-5521-1 DLA-3617-1}
 	- tomcat10 10.1.13-1
 	- tomcat9 9.0.70-2
 	- tomcat8 <removed>
@@ -26010,8 +26103,8 @@ CVE-2023-1917 (The PowerPress plugin for WordPress is vulnerable to Stored Cross
 	NOT-FOR-US: WordPress plugin
 CVE-2022-48436
 	RESERVED
-CVE-2023-29464
-	RESERVED
+CVE-2023-29464 (FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an ...)
+	TODO: check
 CVE-2023-29463 (The JMX Console within the Rockwell Automation Pavilion8 is exposed to ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2023-29462 (An arbitrary code execution vulnerability contained in Rockwell Automa ...)
@@ -40233,7 +40326,7 @@ CVE-2023-25000 (HashiCorp Vault's implementation of Shamir's secret sharing used
 CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowe ...)
 	NOT-FOR-US: Vault
 CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...)
-	{DSA-5522-1}
+	{DSA-5522-1 DLA-3617-1}
 	- tomcat10 10.1.5-1
 	- tomcat9 9.0.70-2
 	[bullseye] - tomcat9 <postponed> (Minor issue, fix along with future update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c23978525da3ec942110d378a528c36f8cdf9b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c23978525da3ec942110d378a528c36f8cdf9b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231013/29fe13e5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list