[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 14 09:11:43 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b34c3279 by security tracker role at 2023-10-14T08:11:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...)
+	TODO: check
+CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...)
+	TODO: check
+CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachments fea ...)
+	TODO: check
+CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...)
+	TODO: check
+CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...)
+	TODO: check
+CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticat ...)
+	TODO: check
+CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot farm automa ...)
+	TODO: check
+CVE-2023-44037 (An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v. ...)
+	TODO: check
+CVE-2023-36559 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
 CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
 	NOT-FOR-US: Vrite
 CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite  ...)
@@ -173,6 +191,7 @@ CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of third-party packages
 CVE-2023-45138 (Change Request is an pplication allowing users to request changes on a ...)
 	NOT-FOR-US: XWiki addon
 CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior  ...)
+	{DLA-3618-1}
 	- node-babel <removed>
 	- node-babel7 7.20.15+ds1+~cs214.269.168-5 (bug #1053880)
 	NOTE: github.com: https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
@@ -959,7 +978,7 @@ CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Pri
 	NOT-FOR-US: Microsoft
 CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2023-36417 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability)
+CVE-2023-36417 (Microsoft SQL OLE DB Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-36416 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
 	NOT-FOR-US: Microsoft
@@ -24405,8 +24424,8 @@ CVE-2023-30156
 	RESERVED
 CVE-2023-30155
 	RESERVED
-CVE-2023-30154
-	RESERVED
+CVE-2023-30154 (Multiple improper neutralization of SQL parameters in module AfterMail ...)
+	TODO: check
 CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module for Pre ...)
 	NOT-FOR-US: PrestaShop module
 CVE-2023-30152
@@ -24417,8 +24436,8 @@ CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Inj
 	NOT-FOR-US: PrestaShop leocustomajax
 CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...)
 	NOT-FOR-US: PrestaShop module
-CVE-2023-30148
-	RESERVED
+CVE-2023-30148 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart op ...)
+	TODO: check
 CVE-2023-30147
 	RESERVED
 CVE-2023-30146 (Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 all ...)
@@ -36583,8 +36602,8 @@ CVE-2023-26157
 	RESERVED
 CVE-2023-26156
 	RESERVED
-CVE-2023-26155
-	RESERVED
+CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...)
+	TODO: check
 CVE-2023-26154
 	RESERVED
 CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b34c32795b09a8d1f9c604c00639e217b1ea5fa3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b34c32795b09a8d1f9c604c00639e217b1ea5fa3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231014/0bfb0c74/attachment-0001.htm>
