[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 14 09:13:00 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8c128cef by security tracker role at 2023-09-14T08:12:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2023-4948 (The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-4945 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2023-4944 (The Awesome Weather Widget for WordPress plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2023-4841 (The Feeds for YouTube for WordPress plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2023-4814 (A Privilege escalation vulnerability exists in Trellix Windows DLP end ...)
+ TODO: check
+CVE-2023-4568 (PaperCut NG allows for unauthenticated XMLRPC commands to be run by de ...)
+ TODO: check
+CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption vulnerabi ...)
+ TODO: check
+CVE-2023-41267 (In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a docume ...)
+ TODO: check
+CVE-2023-41162 (A Reflected Cross-site scripting (XSS) vulnerability in the file manag ...)
+ TODO: check
+CVE-2023-41158 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type pro ...)
+ TODO: check
+CVE-2023-41155 (A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwardi ...)
+ TODO: check
+CVE-2023-41154 (A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cro ...)
+ TODO: check
+CVE-2023-41152 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type pro ...)
+ TODO: check
+CVE-2023-40617 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...)
+ TODO: check
+CVE-2023-38206 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...)
+ TODO: check
+CVE-2023-38205 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...)
+ TODO: check
+CVE-2023-38204 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...)
+ TODO: check
CVE-2023-4910
NOT-FOR-US: 3scale-admin-portal
CVE-2023-38039 [HTTP headers eat all memory]
@@ -412,6 +446,7 @@ CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on A
- chromium 117.0.5938.62-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 ...)
+ {DSA-5497-1 DSA-5496-1}
- chromium 117.0.5938.62-1 (unimportant)
[buster] - chromium <end-of-life> (see DSA 5046)
- firefox 117.0.1-1
@@ -31802,8 +31837,8 @@ CVE-2023-26143
RESERVED
CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...)
TODO: check
-CVE-2023-26141
- RESERVED
+CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial ...)
+ TODO: check
CVE-2023-26140 (Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerab ...)
NOT-FOR-US: excalidraw
CVE-2023-26139 (Versions of the package underscore-keypath from 0.0.11 are vulnerable ...)
@@ -38830,8 +38865,8 @@ CVE-2023-23847 (A cross-site request forgery (CSRF) vulnerability in Synopsys Je
NOT-FOR-US: Jenkins plugin
CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...)
NOT-FOR-US: Open5GS
-CVE-2023-23845
- RESERVED
+CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
+ TODO: check
CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
NOT-FOR-US: SolarWinds
CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
@@ -38840,8 +38875,8 @@ CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to
NOT-FOR-US: SolarWinds
CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...)
NOT-FOR-US: SolarWinds
-CVE-2023-23840
- RESERVED
+CVE-2023-23840 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...)
+ TODO: check
CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...)
NOT-FOR-US: SolarWinds
CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c128cefb56de204778243c8e201aec420339eeb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c128cefb56de204778243c8e201aec420339eeb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230914/9837fbe9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list