[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 21 09:12:31 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0b405ea by security tracker role at 2023-09-21T08:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2023-4760 (In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote  ...)
+	TODO: check
+CVE-2023-4292 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...)
+	TODO: check
+CVE-2023-4291 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...)
+	TODO: check
+CVE-2023-4152 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...)
+	TODO: check
+CVE-2023-43669 (The Tungstenite crate through 0.20.0 for Rust allows remote attackers  ...)
+	TODO: check
+CVE-2023-43135 (There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2 ...)
+	TODO: check
+CVE-2023-42322 (Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a r ...)
+	TODO: check
+CVE-2023-42321 (Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.1 ...)
+	TODO: check
+CVE-2023-39677 (MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop ...)
+	TODO: check
+CVE-2023-39675 (SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain ...)
+	TODO: check
+CVE-2023-39252 (Dell SCG Policy Manager 5.16.00.14  contains a broken cryptographic al ...)
+	TODO: check
+CVE-2023-38876 (A reflected cross-site scripting (XSS) vulnerability in msaad1999's PH ...)
+	TODO: check
+CVE-2023-38875 (A reflected cross-site scripting (XSS) vulnerability in msaad1999's PH ...)
+	TODO: check
+CVE-2023-37279 (Faktory is a language-agnostic persistent background job server. Prior ...)
+	TODO: check
+CVE-2023-36234 (Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attac ...)
+	TODO: check
+CVE-2023-36109 (Buffer Overflow vulnerability in JerryScript version 3.0, allows remot ...)
+	TODO: check
+CVE-2023-34575 (SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7  ...)
+	TODO: check
 CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
 	TODO: check
 CVE-2023-5074 (Use of a static key to protect a JWT token used in user authentication ...)
@@ -47574,8 +47608,8 @@ CVE-2023-22026
 	RESERVED
 CVE-2023-22025
 	RESERVED
-CVE-2023-22024
-	RESERVED
+CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has  ...)
+	TODO: check
 CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
 	NOT-FOR-US: Oracle
 CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data Management W ...)
@@ -376315,8 +376349,8 @@ CVE-2018-5480
 	REJECTED
 CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is vulnerable ...)
 	NOT-FOR-US: FoxSash ImgHosting
-CVE-2018-5478
-	RESERVED
+CVE-2018-5478 (Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the  ...)
+	TODO: check
 CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS Web Appl ...)
 	NOT-FOR-US: ABB netCADOPS Web Application
 CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta Electronic ...)
@@ -474638,8 +474672,7 @@ CVE-2015-8373 (The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC K
 	- isc-kea <not-affected> (Fixed before the initial version uploaded to Debian)
 CVE-2015-8372
 	RESERVED
-CVE-2015-8371 [Composer Cache Injection vulnerability]
-	RESERVED
+CVE-2015-8371 (Composer before 2016-02-10 allows cache poisoning from other projects  ...)
 	- composer 1.0.0~alpha11-3
 	NOTE: http://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html
 CVE-2015-8370 (Multiple integer underflows in Grub2 1.98 through 2.02 allow physicall ...)
@@ -482761,8 +482794,8 @@ CVE-2015-5469 (Absolute path traversal vulnerability in the MDC YouTube Download
 	NOT-FOR-US: MDC YouTube Downloader plugin for WordPress
 CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop Styling pl ...)
 	NOT-FOR-US: Commerce Shop Styling plugin for WordPress
-CVE-2015-5467
-	RESERVED
+CVE-2015-5467 (web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to  ...)
+	TODO: check
 CVE-2015-5466 (Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA  ...)
 	NOT-FOR-US: Silicon Integrated Systems XGI WindowsXP Display Manager
 CVE-2015-5465 (Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver M ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0b405ea9dfbf8ccd2889176ef996c367bf93b81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0b405ea9dfbf8ccd2889176ef996c367bf93b81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230921/ddd944d1/attachment.htm>

More information about the debian-security-tracker-commits mailing list