[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 14 09:13:00 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c128cef by security tracker role at 2023-09-14T08:12:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2023-4948 (The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2023-4945 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2023-4944 (The Awesome Weather Widget for WordPress plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2023-4841 (The Feeds for YouTube for WordPress plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2023-4814 (A Privilege escalation vulnerability exists in Trellix Windows DLP end ...)
+	TODO: check
+CVE-2023-4568 (PaperCut NG allows for unauthenticated XMLRPC commands to be run by de ...)
+	TODO: check
+CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption vulnerabi ...)
+	TODO: check
+CVE-2023-41267 (In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a docume ...)
+	TODO: check
+CVE-2023-41162 (A Reflected Cross-site scripting (XSS) vulnerability in the file manag ...)
+	TODO: check
+CVE-2023-41158 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type pro ...)
+	TODO: check
+CVE-2023-41155 (A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwardi ...)
+	TODO: check
+CVE-2023-41154 (A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cro ...)
+	TODO: check
+CVE-2023-41152 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type pro ...)
+	TODO: check
+CVE-2023-40617 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...)
+	TODO: check
+CVE-2023-38206 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier)  ...)
+	TODO: check
+CVE-2023-38205 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier)  ...)
+	TODO: check
+CVE-2023-38204 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier)  ...)
+	TODO: check
 CVE-2023-4910
 	NOT-FOR-US: 3scale-admin-portal
 CVE-2023-38039 [HTTP headers eat all memory]
@@ -412,6 +446,7 @@ CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on A
 	- chromium 117.0.5938.62-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187  ...)
+	{DSA-5497-1 DSA-5496-1}
 	- chromium 117.0.5938.62-1 (unimportant)
 	[buster] - chromium <end-of-life> (see DSA 5046)
 	- firefox 117.0.1-1
@@ -31802,8 +31837,8 @@ CVE-2023-26143
 	RESERVED
 CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...)
 	TODO: check
-CVE-2023-26141
-	RESERVED
+CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial  ...)
+	TODO: check
 CVE-2023-26140 (Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerab ...)
 	NOT-FOR-US: excalidraw
 CVE-2023-26139 (Versions of the package underscore-keypath from 0.0.11 are vulnerable  ...)
@@ -38830,8 +38865,8 @@ CVE-2023-23847 (A cross-site request forgery (CSRF) vulnerability in Synopsys Je
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...)
 	NOT-FOR-US: Open5GS
-CVE-2023-23845
-	RESERVED
+CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
+	TODO: check
 CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
 	NOT-FOR-US: SolarWinds
 CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
@@ -38840,8 +38875,8 @@ CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to
 	NOT-FOR-US: SolarWinds
 CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...)
 	NOT-FOR-US: SolarWinds
-CVE-2023-23840
-	RESERVED
+CVE-2023-23840 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
+	TODO: check
 CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...)
 	NOT-FOR-US: SolarWinds
 CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c128cefb56de204778243c8e201aec420339eeb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c128cefb56de204778243c8e201aec420339eeb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230914/9837fbe9/attachment.htm>

More information about the debian-security-tracker-commits mailing list