[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 17 21:12:30 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b22d1a79 by security tracker role at 2023-10-17T20:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown element ...)
+ TODO: check
+CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during initial ...)
+ TODO: check
+CVE-2023-4896 (A vulnerability exists which allows an authenticated attacker to acces ...)
+ TODO: check
+CVE-2023-45952 (An arbitrary file upload vulnerability in the component ajax_link.php ...)
+ TODO: check
+CVE-2023-45951 (lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerabi ...)
+ TODO: check
+CVE-2023-45907 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-45906 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-45905 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-45904 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-45903 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
+ TODO: check
+CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...)
+ TODO: check
+CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
+ TODO: check
+CVE-2023-45007 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto ...)
+ TODO: check
+CVE-2023-45006 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsol ...)
+ TODO: check
+CVE-2023-45005 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos S ...)
+ TODO: check
+CVE-2023-45004 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty ...)
+ TODO: check
+CVE-2023-45003 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Pl ...)
+ TODO: check
+CVE-2023-44990 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in real ...)
+ TODO: check
+CVE-2023-44824 (An issue in Expense Management System v.1.0 allows a local attacker to ...)
+ TODO: check
+CVE-2023-44311 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the P ...)
+ TODO: check
+CVE-2023-44310 (Stored cross-site scripting (XSS) vulnerability in Page Tree menu Life ...)
+ TODO: check
+CVE-2023-44309 (Multiple stored cross-site scripting (XSS) vulnerabilities in the frag ...)
+ TODO: check
+CVE-2023-43959 (An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged ...)
+ TODO: check
+CVE-2023-43794 (Nocodb is an open source Airtable alternative. Affected versions of no ...)
+ TODO: check
+CVE-2023-43777 (Eaton easySoft software is used to program easy controllers and displa ...)
+ TODO: check
+CVE-2023-43776 (Eaton easyE4 PLC offers a device password protection functionality to ...)
+ TODO: check
+CVE-2023-42629 (Stored cross-site scripting (XSS) vulnerability in the manage vocabula ...)
+ TODO: check
+CVE-2023-42628 (Stored cross-site scripting (XSS) vulnerability in the Wiki widget in ...)
+ TODO: check
+CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Comm ...)
+ TODO: check
+CVE-2023-39902 (A software vulnerability has been identified in the U-Boot Secondary P ...)
+ TODO: check
+CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan Presence, deploy ...)
+ TODO: check
CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability. ...)
- grafana <removed>
CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensitive in ...)
@@ -128,7 +194,7 @@ CVE-2023-4834 (In Red Lion EuropembCONNECT24 and mymbCONNECT24 and Helmholz myRE
NOT-FOR-US: Red Lion
CVE-2023-4827 (The File Manager Pro WordPress plugin before 1.8 does not properly che ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4822 (The vulnerability impacts instances with several organizations, and al ...)
+CVE-2023-4822 (Grafana is an open-source platform for monitoring and observability. T ...)
- grafana <removed>
CVE-2023-4821 (The Drag and Drop Multiple File Upload for WooCommerce WordPress plugi ...)
NOT-FOR-US: WooCommerce plugin
@@ -411,6 +477,7 @@ CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Thi
CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...)
NOT-FOR-US: IBM
CVE-2023-41914
+ {DSA-5529-1}
- slurm-wlm 23.02.6-1
NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA
NOTE: slurm-wlm-contrib also changed, but actual security issue is in slurm-wlm
@@ -6358,6 +6425,7 @@ CVE-2023-31242 (An authentication bypass vulnerability exists in the OAS Engine
CVE-2023-2453 (There is insufficient sanitization of tainted file names that are dire ...)
NOT-FOR-US: PHP-Fusion
CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...)
+ {DLA-3622-1}
- axis 1.4-29 (bug #1051288)
[bookworm] - axis <no-dsa> (Minor issue)
[bullseye] - axis <no-dsa> (Minor issue)
@@ -34526,10 +34594,10 @@ CVE-2023-27135 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain
NOT-FOR-US: TOTOLINK
CVE-2023-27134
RESERVED
-CVE-2023-27133
- RESERVED
-CVE-2023-27132
- RESERVED
+CVE-2023-27133 (TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .h ...)
+ TODO: check
+CVE-2023-27132 (TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pa ...)
+ TODO: check
CVE-2023-27131 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...)
NOT-FOR-US: Typecho
CVE-2023-27130 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...)
@@ -42732,8 +42800,8 @@ CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kari ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24385
- RESERVED
+CVE-2023-24385 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Dav ...)
+ TODO: check
CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24383 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...)
@@ -63383,8 +63451,8 @@ CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booste
NOT-FOR-US: WordPress plugin
CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3761
- RESERVED
+CVE-2022-3761 (OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect ...)
+ TODO: check
CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...)
NOT-FOR-US: aEnrich Technology a+HRD
CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...)
@@ -64978,8 +65046,8 @@ CVE-2023-20600
RESERVED
CVE-2023-20599
RESERVED
-CVE-2023-20598
- RESERVED
+CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics drive ...)
+ TODO: check
CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...)
NOT-FOR-US: AMD
CVE-2023-20596
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22d1a79540d7d8dcfc94b246469a42a139fc0dd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22d1a79540d7d8dcfc94b246469a42a139fc0dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231017/08662396/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list