[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 21 21:12:26 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df85e09a by security tracker role at 2023-09-21T20:12:14+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2023-5104 (Improper Input Validation in GitHub repository nocodb/nocodb prior to  ...)
+	TODO: check
+CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash c ...)
+	TODO: check
+CVE-2023-43637 (Due to the implementation of "deriveVaultKey", prior to version 7.10,  ...)
+	TODO: check
+CVE-2023-43634 (When sealing/unsealing the \u201cvault\u201d key, a list of PCRs is us ...)
+	TODO: check
+CVE-2023-43633 (On boot, the Pillar eve container checks for the existence and content ...)
+	TODO: check
+CVE-2023-43632 (As noted in the \u201cVTPM.md\u201d file in the eve documentation, \u2 ...)
+	TODO: check
+CVE-2023-43631 (On boot, the Pillar eve container checks for the existence and content ...)
+	TODO: check
+CVE-2023-43309 (There is a stored cross-site scripting (XSS) vulnerability in Webmin 2 ...)
+	TODO: check
+CVE-2023-43274 (Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via th ...)
+	TODO: check
+CVE-2023-43242 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2023-43241 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2023-43240 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2023-43239 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2023-43238 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2023-43237 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...)
+	TODO: check
+CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...)
+	TODO: check
+CVE-2023-42810 (systeminformation is a System Information Library for Node.JS. Version ...)
+	TODO: check
+CVE-2023-42807 (Frappe LMS is an open source learning management system. In versions 1 ...)
+	TODO: check
+CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...)
+	TODO: check
+CVE-2023-42805 (quinn-proto is a state machine for the QUIC transport protocol. Prior  ...)
+	TODO: check
+CVE-2023-42482 (Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.)
+	TODO: check
+CVE-2023-42458 (Zope is an open-source web application server. Prior to versions 4.8.1 ...)
+	TODO: check
+CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELE ...)
+	TODO: check
+CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows users to  ...)
+	TODO: check
+CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download metho ...)
+	TODO: check
+CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.)
+	TODO: check
+CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in S ...)
+	TODO: check
+CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in i ...)
+	TODO: check
+CVE-2023-41991 (A certificate validation issue was addressed. This issue is fixed in i ...)
+	TODO: check
+CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image` fields targe ...)
+	TODO: check
+CVE-2023-40183 (DataEase is an open source data visualization and analysis tool. Prior ...)
+	TODO: check
+CVE-2023-34577 (SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and ...)
+	TODO: check
+CVE-2023-34576 (SQL injection vulnerability in updatepos.php in PrestaShop opartfaq th ...)
+	TODO: check
 CVE-2023-4760 (In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote  ...)
 	TODO: check
 CVE-2023-4292 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...)
@@ -199778,6 +199846,7 @@ CVE-2020-35360
 CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server  ...)
 	NOTE: Bogus issue, can be configured using MaxClientsPerIP in pure-ftpd.conf configuration file
 CVE-2020-35357 (A buffer overflow can occur when calculating the quantile value using  ...)
+	{DLA-3576-1}
 	- gsl <unfixed>
 	[bookworm] - gsl <no-dsa> (Minor issue)
 	[bullseye] - gsl <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df85e09afb493474d0ac70262b8d74b37b6623e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df85e09afb493474d0ac70262b8d74b37b6623e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230921/b33a9054/attachment.htm>

More information about the debian-security-tracker-commits mailing list