[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 14 Sep 2023 01:13:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8c128cef by security tracker role at 2023-09-14T08:12:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2023-4948 (The WooCommerce CVR Payment Gateway plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2023-4945 (The Booster for WooCommerce plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2023-4944 (The Awesome Weather Widget for WordPress plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2023-4841 (The Feeds for YouTube for WordPress plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2023-4814 (A Privilege escalation vulnerability exists in Trellix Windows 
DLP end ...)
+       TODO: check
+CVE-2023-4568 (PaperCut NG allows for unauthenticated XMLRPC commands to be 
run by de ...)
+       TODO: check
+CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption 
vulnerabi ...)
+       TODO: check
+CVE-2023-41267 (In the Apache Airflow HDFS Provider, versions prior to 4.1.1, 
a docume ...)
+       TODO: check
+CVE-2023-41162 (A Reflected Cross-site scripting (XSS) vulnerability in the 
file manag ...)
+       TODO: check
+CVE-2023-41158 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME 
type pro ...)
+       TODO: check
+CVE-2023-41155 (A Stored Cross-Site Scripting (XSS) vulnerability in the mail 
forwardi ...)
+       TODO: check
+CVE-2023-41154 (A Stored Cross-Site Scripting (XSS) vulnerability in the 
scheduled cro ...)
+       TODO: check
+CVE-2023-41152 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME 
type pro ...)
+       TODO: check
+CVE-2023-40617 (A reflected cross-site scripting (XSS) vulnerability in 
OpenKnowledgeM ...)
+       TODO: check
+CVE-2023-38206 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and 
earlier)  ...)
+       TODO: check
+CVE-2023-38205 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and 
earlier)  ...)
+       TODO: check
+CVE-2023-38204 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and 
earlier)  ...)
+       TODO: check
 CVE-2023-4910
        NOT-FOR-US: 3scale-admin-portal
 CVE-2023-38039 [HTTP headers eat all memory]
@@ -412,6 +446,7 @@ CVE-2023-4900 (Inappropriate implementation in Custom Tabs 
in Google Chrome on A
        - chromium 117.0.5938.62-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-4863 (Heap buffer overflow in WebP in Google Chrome prior to 
116.0.5845.187  ...)
+       {DSA-5497-1 DSA-5496-1}
        - chromium 117.0.5938.62-1 (unimportant)
        [buster] - chromium <end-of-life> (see DSA 5046)
        - firefox 117.0.1-1
@@ -31802,8 +31837,8 @@ CVE-2023-26143
        RESERVED
 CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP 
Response Split ...)
        TODO: check
-CVE-2023-26141
-       RESERVED
+CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to 
Denial  ...)
+       TODO: check
 CVE-2023-26140 (Versions of the package @excalidraw/excalidraw from 0.0.0 are 
vulnerab ...)
        NOT-FOR-US: excalidraw
 CVE-2023-26139 (Versions of the package underscore-keypath from 0.0.11 are 
vulnerable  ...)
@@ -38830,8 +38865,8 @@ CVE-2023-23847 (A cross-site request forgery (CSRF) 
vulnerability in Synopsys Je
        NOT-FOR-US: Jenkins plugin
 CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP 
library versi ...)
        NOT-FOR-US: Open5GS
-CVE-2023-23845
-       RESERVED
+CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
+       TODO: check
 CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
        NOT-FOR-US: SolarWinds
 CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
@@ -38840,8 +38875,8 @@ CVE-2023-23842 (The SolarWinds Network Configuration 
Manager was susceptible to
        NOT-FOR-US: SolarWinds
 CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing 
or updat ...)
        NOT-FOR-US: SolarWinds
-CVE-2023-23840
-       RESERVED
+CVE-2023-23840 (The SolarWinds Platform was susceptible to the Incorrect 
Comparison Vu ...)
+       TODO: check
 CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of 
Sensitive I ...)
        NOT-FOR-US: SolarWinds
 CVE-2023-23838 (Directory traversal and file enumeration vulnerability which 
allowed u ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c128cefb56de204778243c8e201aec420339eeb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c128cefb56de204778243c8e201aec420339eeb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to