[Git][security-tracker-team/security-tracker][master] automatic update

Sun Oct 29 08:12:04 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b835b1fd by security tracker role at 2023-10-29T08:11:52+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-5840 (Weak Password Recovery Mechanism for Forgotten Password in GitHub repo ...)
+	TODO: check
+CVE-2023-5839 (Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8 ...)
+	TODO: check
+CVE-2023-5838 (Insufficient Session Expiration in GitHub repository linkstackorg/link ...)
+	TODO: check
+CVE-2023-5837 (A vulnerability classified as problematic was found in AlexanderLivano ...)
+	TODO: check
+CVE-2023-5836 (A vulnerability was found in SourceCodester Task Reminder System 1.0.  ...)
+	TODO: check
+CVE-2023-46862 (An issue was discovered in the Linux kernel through 6.5.9. During a ra ...)
+	TODO: check
+CVE-2023-46858 (Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...)
+	TODO: check
+CVE-2023-46854 (Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxm ...)
+	TODO: check
+CVE-2023-45897 (exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in ...)
+	TODO: check
+CVE-2023-43041 (IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a d ...)
+	TODO: check
+CVE-2023-40686 (Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator c ...)
+	TODO: check
+CVE-2023-40685 (Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator c ...)
+	TODO: check
 CVE-2023-5835 (A vulnerability classified as problematic was found in hu60t hu60wap6. ...)
 	TODO: check
 CVE-2023-5426 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...)
@@ -330,6 +354,7 @@ CVE-2023-46435 (Sourcecodester Packers and Movers Management System v1.0 is vuln
 CVE-2023-46238 (ZITADEL is an identity infrastructure management system. ZITADEL users ...)
 	NOT-FOR-US: ZITADEL
 CVE-2023-46234 (browserify-sign is a package to duplicate the functionality of node's  ...)
+	{DLA-3635-1}
 	- node-browserify-sign 4.2.2-1 (bug #1054667)
 	NOTE: https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw
 	NOTE: https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 (v4.2.2)
@@ -169560,16 +169585,16 @@ CVE-2021-33640 (After tar_close(), libtar.c releases the memory pointed to by po
 	NOT-FOR-US: OpenEuler
 CVE-2021-33639 (REMAP cmd of SVM driver can be used to remap read only memory as read- ...)
 	NOT-FOR-US: OpenEuler
-CVE-2021-33638
-	RESERVED
-CVE-2021-33637
-	RESERVED
-CVE-2021-33636
-	RESERVED
-CVE-2021-33635
-	RESERVED
-CVE-2021-33634
-	RESERVED
+CVE-2021-33638 (When the isula cp command is used to copy files from a container to a  ...)
+	TODO: check
+CVE-2021-33637 (When the isula export command is used to export a container to an imag ...)
+	TODO: check
+CVE-2021-33636 (When the isula load command is used to load malicious images, attacker ...)
+	TODO: check
+CVE-2021-33635 (When malicious images are pulled by isula pull, attackers can execute  ...)
+	TODO: check
+CVE-2021-33634 (iSulad uses the lcr+lxc runtime (default) to run malicious images, whi ...)
+	TODO: check
 CVE-2021-33633
 	RESERVED
 CVE-2021-33632



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b835b1fdc41bd58af6cc62ac842dc688edd3dfc1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b835b1fdc41bd58af6cc62ac842dc688edd3dfc1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231029/4e25bcd6/attachment.htm>
