[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 28 09:12:38 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9acddbd3 by security tracker role at 2023-09-28T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-5244 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
+	TODO: check
+CVE-2023-5233 (The Font Awesome Integration plugin for WordPress is vulnerable to Sto ...)
+	TODO: check
+CVE-2023-5232 (The Font Awesome More Icons plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2023-5230 (The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2023-44276 (OPNsense before 23.7.5 allows XSS via the index.php sequence parameter ...)
+	TODO: check
+CVE-2023-44275 (OPNsense before 23.7.5 allows XSS via the index.php column_count param ...)
+	TODO: check
+CVE-2023-44273 (Consensys gnark-crypto through 0.11.2 allows Signature Malleability. T ...)
+	TODO: check
+CVE-2023-44080 (An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attack ...)
+	TODO: check
+CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that d ...)
+	TODO: check
+CVE-2023-43656 (matrix-hookshot is a Matrix bot for connecting to external services li ...)
+	TODO: check
+CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated user can e ...)
+	TODO: check
+CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, ...)
+	TODO: check
+CVE-2023-43314 (Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a r ...)
+	TODO: check
+CVE-2023-43233 (A stored cross-site scripting (XSS) vulnerability in the cms/content/e ...)
+	TODO: check
+CVE-2023-43192 (SQL injection can exist in a newly created part of the JFinalcms backg ...)
+	TODO: check
+CVE-2023-43191 (JFinalCMS foreground message can be embedded malicious code saved in t ...)
+	TODO: check
+CVE-2023-42818 (JumpServer is an open source bastion host. When users enable MFA and u ...)
+	TODO: check
+CVE-2023-42222 (WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebC ...)
+	TODO: check
+CVE-2023-41453 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
+	TODO: check
+CVE-2023-41452 (Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1. ...)
+	TODO: check
+CVE-2023-41451 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
+	TODO: check
+CVE-2023-41450 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to ...)
+	TODO: check
+CVE-2023-41449 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to ...)
+	TODO: check
+CVE-2023-41448 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
+	TODO: check
+CVE-2023-41447 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
+	TODO: check
+CVE-2023-41446 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
+	TODO: check
+CVE-2023-41445 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
+	TODO: check
+CVE-2023-41444 (An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attac ...)
+	TODO: check
+CVE-2023-40026 (Argo CD is a declarative continuous deployment framework for Kubernete ...)
+	TODO: check
+CVE-2023-38877 (A host header injection vulnerability exists in gugoan's Economizzer v ...)
+	TODO: check
+CVE-2023-38874 (A remote code execution (RCE) vulnerability via an insecure file uploa ...)
+	TODO: check
+CVE-2023-38873 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer  ...)
+	TODO: check
+CVE-2023-38872 (An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Eco ...)
+	TODO: check
+CVE-2023-38871 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer  ...)
+	TODO: check
+CVE-2023-38870 (A SQL injection vulnerability exists in gugoan Economizzer commit 3730 ...)
+	TODO: check
 CVE-2023-42119 [Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability]
 	- exim4 <unfixed>
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
@@ -56,7 +126,7 @@ CVE-2023-5184 (Two potential signed to unsigned conversion errors and buffer ove
 	NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-4523 (Real Time Automation 460 Series products with versions prior to v8.9.8 ...)
 	NOT-FOR-US: Real Time Automation 460 Series products
-CVE-2023-4066
+CVE-2023-4066 (A flaw was found in Red Hat's AMQ Broker, which stores certain passwor ...)
 	NOT-FOR-US: Red Hat AMQ Broker
 CVE-2023-4129 (Dell Data Protection Central, version 19.9, contains an Inadequate Enc ...)
 	NOT-FOR-US: Dell
@@ -598,7 +668,8 @@ CVE-2023-5161 (The Modal Window plugin for WordPress is vulnerable to Stored Cro
 	NOT-FOR-US: Modal Window plugin for WordPress
 CVE-2023-5135 (The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: Simple Cloudflare Turnstile plugin for WordPress
-CVE-2023-5129 (With a specially crafted WebP lossless file, libwebp may write data ou ...)
+CVE-2023-5129
+	REJECTED
 	- libwebp 1.2.4-0.3
 	[bookworm] - libwebp 1.2.4-0.2+deb12u1
 	[bullseye] - libwebp 0.6.1-2.1+deb11u2
@@ -33670,16 +33741,16 @@ CVE-2023-26151
 	RESERVED
 CVE-2023-26150
 	RESERVED
-CVE-2023-26149
-	RESERVED
+CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...)
+	TODO: check
 CVE-2023-26148
 	RESERVED
 CVE-2023-26147
 	RESERVED
 CVE-2023-26146
 	RESERVED
-CVE-2023-26145
-	RESERVED
+CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A number of  ...)
+	TODO: check
 CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 are vuln ...)
 	- node-graphql <unfixed>
 	[bookworm] - node-graphql <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9acddbd3f1d0549f077cd1cb4f9109682375f13d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9acddbd3f1d0549f077cd1cb4f9109682375f13d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230928/b345045b/attachment.htm>

More information about the debian-security-tracker-commits mailing list