[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 26 21:12:49 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f0846a9 by security tracker role at 2023-09-26T20:12:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2023-5197 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...)
+	TODO: check
+CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on ports 33 ...)
+	TODO: check
+CVE-2023-4264 (Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsy ...)
+	TODO: check
+CVE-2023-4262 (Possible buffer overflow in Zephyr mgmt subsystem when asserts are dis ...)
+	TODO: check
+CVE-2023-4260 (Potential off-by-one buffer overflow vulnerability in the Zephyr fuse  ...)
+	TODO: check
+CVE-2023-4065 (A flaw was found in Red Hat AMQ Broker Operator, where it displayed a  ...)
+	TODO: check
+CVE-2023-44172 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...)
+	TODO: check
+CVE-2023-44171 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...)
+	TODO: check
+CVE-2023-44170 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...)
+	TODO: check
+CVE-2023-44169 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...)
+	TODO: check
+CVE-2023-43857 (Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scrip ...)
+	TODO: check
+CVE-2023-43856 (Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vu ...)
+	TODO: check
+CVE-2023-43775 (Denial-of-service vulnerability in the web server of the Eaton SMP SG- ...)
+	TODO: check
+CVE-2023-43646 (get-func-name is a module to retrieve a function's name securely and c ...)
+	TODO: check
+CVE-2023-43614 (Cross-site scripting vulnerability in Order Data Edit page of Welcart  ...)
+	TODO: check
+CVE-2023-43610 (SQL injection vulnerability in Order Data Edit page of Welcart e-Comme ...)
+	TODO: check
+CVE-2023-43493 (SQL injection vulnerability in Item List page of Welcart e-Commerce ve ...)
+	TODO: check
+CVE-2023-43484 (Cross-site scripting vulnerability in Item List page of Welcart e-Comm ...)
+	TODO: check
+CVE-2023-43234 (DedeBIZ v6.2.11 was discovered to contain multiple remote code executi ...)
+	TODO: check
+CVE-2023-43222 (SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g ...)
+	TODO: check
+CVE-2023-43216 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...)
+	TODO: check
+CVE-2023-42460 (Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_dec ...)
+	TODO: check
+CVE-2023-41962 (Cross-site scripting vulnerability in Credit Card Payment Setup page o ...)
+	TODO: check
+CVE-2023-41904 (Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for Au ...)
+	TODO: check
+CVE-2023-41233 (Cross-site scripting vulnerability in Item List page registration proc ...)
+	TODO: check
+CVE-2023-40532 (Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8 ...)
+	TODO: check
+CVE-2023-40219 (Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or ...)
+	TODO: check
+CVE-2023-39378 (SiberianCMS - CWE-89: Improper Neutralization of Special Elements used ...)
+	TODO: check
+CVE-2023-39377 (SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type ...)
+	TODO: check
+CVE-2023-39376 (SiberianCMS - CWE-284 Improper Access Control Authorized user may disa ...)
+	TODO: check
+CVE-2023-39375 (SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges)
+	TODO: check
+CVE-2023-39347 (Cilium is a networking, observability, and security solution with an e ...)
+	TODO: check
+CVE-2023-34043 (VMware Aria Operations contains a local privilege escalation vulnerabi ...)
+	TODO: check
+CVE-2023-32541 (A use-after-free vulnerability exists in the footerr functionality of  ...)
+	TODO: check
 CVE-2023-5176
 	- firefox <unfixed>
 	- firefox-esr <unfixed>
@@ -2338,7 +2406,7 @@ CVE-2023-32162 (Wacom Drivers for Windows Incorrect Permission Assignment Local
 	NOT-FOR-US: Wacom
 CVE-2023-29166 (A logic issue was addressed with improved state management. This issue ...)
 	NOT-FOR-US: Apple
-CVE-2023-36851
+CVE-2023-36851 (A Missing Authentication for Critical Function vulnerability in Junipe ...)
 	NOT-FOR-US: Juniper
 CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
 	- vim 2:9.0.1894-1
@@ -18350,12 +18418,12 @@ CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabl
 	NOT-FOR-US: Palantir
 CVE-2023-30962 (The Gotham Cerberus service was found to have a stored cross-site scri ...)
 	NOT-FOR-US: Gotham Cerberus
-CVE-2023-30961
-	RESERVED
+CVE-2023-30961 (Palantir Gotham was found to be vulnerable to a bug where under certai ...)
+	TODO: check
 CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...)
 	NOT-FOR-US: Palantir
-CVE-2023-30959
-	RESERVED
+CVE-2023-30959 (In Apollo  change requests, comments added by users could contain a ja ...)
+	TODO: check
 CVE-2023-30958 (A security defect was identified in Foundry Frontend that enabled user ...)
 	NOT-FOR-US: Palantir
 CVE-2023-30957
@@ -27748,8 +27816,8 @@ CVE-2023-28057
 	RESERVED
 CVE-2023-28056 (Dell BIOS contains an improper input validation vulnerability. A local ...)
 	NOT-FOR-US: Dell
-CVE-2023-28055
-	RESERVED
+CVE-2023-28055 (Dell NetWorker, Version 19.7 has an improper authorization vulnerabili ...)
+	TODO: check
 CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. A local ...)
 	NOT-FOR-US: Dell
 CVE-2023-28053



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0846a9a73cf0159644c76641f2e472b1d8ab5e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f0846a9a73cf0159644c76641f2e472b1d8ab5e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230926/4b7c79b3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list