[Git][security-tracker-team/security-tracker][master] automatic update

Tue Oct 24 09:12:31 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67a6d475 by security tracker role at 2023-10-24T08:12:18+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,36 @@
-CVE-2023-5633
+CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...)
+	TODO: check
+CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...)
+	TODO: check
+CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...)
+	TODO: check
+CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing g ...)
+	TODO: check
+CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remot ...)
+	TODO: check
+CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind Server-Side Req ...)
+	TODO: check
+CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...)
+	TODO: check
+CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a  ...)
+	TODO: check
+CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remo ...)
+	TODO: check
+CVE-2023-39817
+	REJECTED
+CVE-2023-39816
+	REJECTED
+CVE-2023-39815
+	REJECTED
+CVE-2023-39814
+	REJECTED
+CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk Community  ...)
+	TODO: check
+CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to p ...)
+	TODO: check
+CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary Fil ...)
+	TODO: check
+CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 and CVE ...)
 	- linux 6.5.8-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	[buster] - linux <not-affected> (Vulnerable code not present)
@@ -45,7 +77,7 @@ CVE-2023-33837 (IBM Security Verify Governance 10.0 does not encrypt sensitive o
 	NOT-FOR-US: IBM
 CVE-2023-46288 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	- airflow <itp> (bug #819700)
-CVE-2023-46316 [Fix command line parsing in wrappers]
+CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scrip ...)
 	- traceroute 1:2.1.3-1
 	[bookworm] - traceroute <no-dsa> (Minor issue)
 	[bullseye] - traceroute <no-dsa> (Minor issue)
@@ -82342,10 +82374,10 @@ CVE-2022-2922 (Relative Path Traversal in GitHub repository dnnsoftware/dnn.plat
 	NOT-FOR-US: DNNPlatform
 CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
 	NOT-FOR-US: NotrinosERP
-CVE-2022-38485
-	RESERVED
-CVE-2022-38484
-	RESERVED
+CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt Portal prior ...)
+	TODO: check
+CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability exist i ...)
+	TODO: check
 CVE-2022-38483
 	RESERVED
 CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 bef ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a6d4757effac07d01bfe910089afb132a8d1f2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67a6d4757effac07d01bfe910089afb132a8d1f2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231024/e46748f9/attachment.htm>
