[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 31 08:12:16 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3962165a by security tracker role at 2023-10-31T08:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2023-5867 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-5866 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...)
+ TODO: check
+CVE-2023-5865 (Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq ...)
+ TODO: check
+CVE-2023-5864 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+ TODO: check
+CVE-2023-5863 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
+ TODO: check
+CVE-2023-5862 (Missing Authorization in GitHub repository hamza417/inure prior to Bui ...)
+ TODO: check
+CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
+ TODO: check
+CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework fo ...)
+ TODO: check
+CVE-2023-46502 (An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitr ...)
+ TODO: check
+CVE-2023-46478 (An issue in minCal v.1.0.0 allows a remote attacker to execute arbitra ...)
+ TODO: check
+CVE-2023-46451 (Best Courier Management System v1.0 is vulnerable to Cross Site Script ...)
+ TODO: check
+CVE-2023-46361 (Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulne ...)
+ TODO: check
+CVE-2023-46356 (In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules ...)
+ TODO: check
+CVE-2023-46210 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebC ...)
+ TODO: check
+CVE-2023-46139 (KernelSU is a Kernel based root solution for Android. Starting in vers ...)
+ TODO: check
+CVE-2023-46138 (JumpServer is an open source bastion host and maintenance security aud ...)
+ TODO: check
+CVE-2023-46040 (Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a r ...)
+ TODO: check
+CVE-2023-45996 (SQL injection vulnerability in Senayan Library Management Systems Slim ...)
+ TODO: check
+CVE-2023-45956 (An issue discovered in Govee LED Strip v3.00.42 allows attackers to ca ...)
+ TODO: check
+CVE-2023-45899 (An issue in the component SuperUserSetuserModuleFrontController:init() ...)
+ TODO: check
+CVE-2023-45804
+ REJECTED
+CVE-2023-45672 (Frigate is an open source network video recorder. Prior to version 0.1 ...)
+ TODO: check
+CVE-2023-45671 (Frigate is an open source network video recorder. Prior to version 0.1 ...)
+ TODO: check
+CVE-2023-45670 (Frigate is an open source network video recorder. Prior to version 0.1 ...)
+ TODO: check
+CVE-2023-45378 (In the module "PrestaBlog" (prestablog) version 4.4.7 and before from ...)
+ TODO: check
+CVE-2023-44397 (CloudExplorer Lite is an open source, lightweight cloud management pla ...)
+ TODO: check
+CVE-2023-43798 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...)
+ TODO: check
+CVE-2023-43797 (BigBlueButton is an open-source virtual classroom. Prior to versions 2 ...)
+ TODO: check
+CVE-2023-43139 (An issue in franfinance before v.2.0.27 allows a remote attacker to ex ...)
+ TODO: check
+CVE-2023-42323 (Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 all ...)
+ TODO: check
+CVE-2023-36263 (Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL In ...)
+ TODO: check
+CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion in the c ...)
+ TODO: check
+CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-targe ...)
+ TODO: check
+CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack again ...)
+ TODO: check
CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script]
- salt <unfixed>
NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
@@ -141,7 +209,7 @@ CVE-2023-5426 (The Post Meta Data Manager plugin for WordPress is vulnerable to
NOT-FOR-US: WordPress plugin
CVE-2023-5425 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption]
+CVE-2023-46129 (NATS.io is a high performance open source pub-sub distributed communic ...)
- golang-github-nats-io-nkeys <unfixed> (bug #1055010)
[bookworm] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present)
[bullseye] - golang-github-nats-io-nkeys <not-affected> (Vulnerable code not present)
@@ -1444,7 +1512,7 @@ CVE-2023-38276 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensit
NOT-FOR-US: IBM
CVE-2023-38275 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...)
NOT-FOR-US: IBM
-CVE-2023-5349 [memory leak]
+CVE-2023-5349 (A memory leak flaw was found in ruby-magick, an interface between Ruby ...)
{DLA-3625-1}
- ruby-rmagick 5.3.0-1
[bookworm] - ruby-rmagick <no-dsa> (Minor issue)
@@ -1956,10 +2024,12 @@ CVE-2023-35126 (An out-of-bounds write vulnerability exists within the parsers f
CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream parsing fun ...)
NOT-FOR-US: Ichitaro
CVE-2023-45024
+ {DSA-5541-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5)
CVE-2023-41260
+ {DSA-5542-1 DSA-5541-1 DLA-3642-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
- request-tracker4 4.4.7+dfsg-1 (bug #1054516)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
@@ -1967,6 +2037,7 @@ CVE-2023-41260
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7
NOTE: https://github.com/bestpractical/rt/commit/33e9203bf2a61e20f8b8e682d57f55cb7a995967 (rt-4.4.7)
CVE-2023-41259
+ {DSA-5542-1 DSA-5541-1 DLA-3642-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
- request-tracker4 4.4.7+dfsg-1 (bug #1054516)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
@@ -34933,8 +35004,8 @@ CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote code
NOT-FOR-US: broccoli-compass
CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and be ...)
NOT-FOR-US: PrestaShop
-CVE-2023-27846
- RESERVED
+CVE-2023-27846 (SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and ...)
+ TODO: check
CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs before v ...)
NOT-FOR-US: PrestaShop
CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and ...)
@@ -81558,8 +81629,8 @@ CVE-2022-39174
CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow ...)
- wolfssl 5.5.3-1 (bug #1021021)
[bullseye] - wolfssl <no-dsa> (Minor issue)
-CVE-2022-39172
- RESERVED
+CVE-2022-39172 (A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) ...)
+ TODO: check
CVE-2022-39171
RESERVED
CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_f ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3962165aeef9f8db413e2d1d08b4814b13b72d33
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3962165aeef9f8db413e2d1d08b4814b13b72d33
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231031/3d2bdd65/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list