[Git][security-tracker-team/security-tracker][master] automatic update

Mon Oct 30 08:11:53 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56debb5b by security tracker role at 2023-10-30T08:11:38+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...)
+	TODO: check
+CVE-2023-4393 (HTML and SMTP injections on the registration page of LiquidFiles versi ...)
+	TODO: check
+CVE-2023-46867 (In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixT ...)
+	TODO: check
+CVE-2023-46866 (In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp ...)
+	TODO: check
+CVE-2023-46865 (/api/v1/company/upload-logo in CompanyController.php in crater through ...)
+	TODO: check
+CVE-2023-46864 (Peppermint Ticket Management through 0.2.4 allows remote attackers to  ...)
+	TODO: check
+CVE-2023-46863 (Peppermint Ticket Management before 0.2.4 allows remote attackers to r ...)
+	TODO: check
+CVE-2023-45799 (In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability e ...)
+	TODO: check
+CVE-2023-45798 (In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists ...)
+	TODO: check
+CVE-2023-45797 (A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions ...)
+	TODO: check
+CVE-2023-45746 (Cross-site scripting vulnerability in Movable Type series allows a rem ...)
+	TODO: check
+CVE-2023-44141 (Inkdrop prior to v5.6.0 allows a local attacker to conduct a code inje ...)
+	TODO: check
+CVE-2023-44002
+	REJECTED
 CVE-2007-10003 (A vulnerability, which was classified as critical, has been found in T ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2005-10002 (A vulnerability, which was classified as critical, was found in almost ...)
@@ -3662,7 +3688,7 @@ CVE-2023-3961 [smbd allows client access to unix domain sockets on the file syst
 	NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
 	NOTE: In scope for continued Samba support
 CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...)
-	{DSA-5522-1 DSA-5521-1 DLA-3621-1 DLA-3617-1}
+	{DSA-5522-1 DSA-5521-1 DLA-3638-1 DLA-3621-1 DLA-3617-1}
 	- tomcat9 9.0.70-2
 	- tomcat10 10.1.14-1
 	- trafficserver <unfixed> (bug #1053801; bug #1054427)
@@ -190490,8 +190516,7 @@ CVE-2021-25737 (A security issue was discovered in Kubernetes where a user may b
 	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
 	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
 	NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4
-CVE-2021-25736
-	RESERVED
+CVE-2021-25736 (Kube-proxy  on Windows can unintentionally forward traffic to local pr ...)
 	- kubernetes <not-affected> (Windows-specific)
 CVE-2021-25735 (A security issue was discovered in kube-apiserver that could allow nod ...)
 	- kubernetes 1.20.5+really1.20.2-1 (bug #990793)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56debb5b97700ef8a4b49aed8756e9441d90b5ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56debb5b97700ef8a4b49aed8756e9441d90b5ed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231030/35e83f13/attachment-0001.htm>
