[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Oct 18 21:12:55 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b42a762a by security tracker role at 2023-10-18T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2023-5642 (Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker t ...)
+ TODO: check
+CVE-2023-5632 (In Eclipse Mosquito before and including 2.0.5, establishing a connect ...)
+ TODO: check
+CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...)
+ TODO: check
+CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System Config ...)
+ TODO: check
+CVE-2023-46009 (gifsicle-1.94 was found to have a floating point exception (FPE) vulne ...)
+ TODO: check
+CVE-2023-46007 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...)
+ TODO: check
+CVE-2023-46006 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...)
+ TODO: check
+CVE-2023-46005 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...)
+ TODO: check
+CVE-2023-46004 (Sourcecodester Best Courier Management System 1.0 is vulnerable to Arb ...)
+ TODO: check
+CVE-2023-45912 (WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate ...)
+ TODO: check
+CVE-2023-45911 (An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows ...)
+ TODO: check
+CVE-2023-45727 (Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gatew ...)
+ TODO: check
+CVE-2023-45632 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorad ...)
+ TODO: check
+CVE-2023-45630 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Ga ...)
+ TODO: check
+CVE-2023-45628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45608 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45607 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scot ...)
+ TODO: check
+CVE-2023-45602 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfile ...)
+ TODO: check
+CVE-2023-45383 (In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2. ...)
+ TODO: check
+CVE-2023-45073 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...)
+ TODO: check
+CVE-2023-45072 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kard ...)
+ TODO: check
+CVE-2023-45071 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form ...)
+ TODO: check
+CVE-2023-45070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Fo ...)
+ TODO: check
+CVE-2023-45067 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish ...)
+ TODO: check
+CVE-2023-45064 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Daisuke ...)
+ TODO: check
+CVE-2023-45062 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas S ...)
+ TODO: check
+CVE-2023-45059 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2023-45057 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hits ...)
+ TODO: check
+CVE-2023-45056 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100p ...)
+ TODO: check
+CVE-2023-45054 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME ...)
+ TODO: check
+CVE-2023-43250 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a Use ...)
+ TODO: check
+CVE-2023-35663 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...)
+ TODO: check
+CVE-2023-35656 (In multiple functions of protocolembmsadapter.cpp, there is a possible ...)
+ TODO: check
+CVE-2023-32089 (Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with ...)
+ TODO: check
+CVE-2023-32088 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS i ...)
+ TODO: check
+CVE-2023-32087 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS i ...)
+ TODO: check
CVE-2023-5568 [Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19]
- samba 2:4.19.2+dfsg-1
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15491
@@ -462,21 +538,21 @@ CVE-2023-45757 (Security vulnerability in Apache bRPC <=1.6.0 on all platforms a
NOT-FOR-US: Apache bRPC
CVE-2023-45580 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45579 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
+CVE-2023-45579 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45578 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
+CVE-2023-45578 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45577 (An issue in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23 ...)
+CVE-2023-45577 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45576 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
+CVE-2023-45576 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45575 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
+CVE-2023-45575 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25 ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45574 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
+CVE-2023-45574 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45573 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
NOT-FOR-US: DI-7003GV2.D1
-CVE-2023-45572 (Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before ...)
+CVE-2023-45572 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...)
NOT-FOR-US: DI-7003GV2.D1
CVE-2023-45158 (An OS command injection vulnerability exists in web2py 2.24.1 and earl ...)
- web2py <removed>
@@ -4110,7 +4186,7 @@ CVE-2023-4521 (The Import XML and RSS Feeds WordPress plugin before 2.1.5 contai
NOT-FOR-US: WordPress plugin
CVE-2023-4502 (The Translate WordPress with GTranslate WordPress plugin before 3.0.4 ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4490 (The WP Job Portal WordPress plugin through 2.0.3 does not sanitise and ...)
+CVE-2023-4490 (The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and ...)
NOT-FOR-US: WordPress plugin
CVE-2023-4476 (The Locatoraid Store Locator WordPress plugin before 3.9.24 does not s ...)
NOT-FOR-US: WordPress plugin
@@ -21765,8 +21841,8 @@ CVE-2023-31219
RESERVED
CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31217
- RESERVED
+CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+ TODO: check
CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plu ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31215
@@ -22629,8 +22705,8 @@ CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versio
- gitlab 15.10.8+ds1-2
CVE-2023-30912
RESERVED
-CVE-2023-30911
- RESERVED
+CVE-2023-30911 (HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest ...)
+ TODO: check
CVE-2023-30910 (HPE MSA Controller prior to versionIN210R004 could be remotely exploit ...)
NOT-FOR-US: HPE
CVE-2023-30909 (A remote authentication bypass issue exists in some OneView APIs.)
@@ -23106,8 +23182,8 @@ CVE-2023-30783
RESERVED
CVE-2023-30782 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30781
- RESERVED
+CVE-2023-30781 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Bl ...)
+ TODO: check
CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan ...)
@@ -36783,8 +36859,8 @@ CVE-2023-26302 (Denial of service could be caused to the command line interface
NOTE: https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c (v2.2.0)
CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...)
NOT-FOR-US: HP
-CVE-2023-26300
- RESERVED
+CVE-2023-26300 (A potential security vulnerability has been identified in the system B ...)
+ TODO: check
CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
NOT-FOR-US: HP
CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
@@ -65859,8 +65935,8 @@ CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco H
NOT-FOR-US: Cisco
CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager co ...)
NOT-FOR-US: Cisco
-CVE-2023-20261
- RESERVED
+CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could a ...)
+ TODO: check
CVE-2023-20260
RESERVED
CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b42a762a88b306a3d13059dee6aca6e3c97ac221
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b42a762a88b306a3d13059dee6aca6e3c97ac221
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231018/7488afd3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list