[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 21 Sep 2023 01:12:39 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f0b405ea by security tracker role at 2023-09-21T08:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,37 @@
+CVE-2023-4760 (In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, 
Remote  ...)
+       TODO: check
+CVE-2023-4292 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and 
all pre ...)
+       TODO: check
+CVE-2023-4291 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and 
all pre ...)
+       TODO: check
+CVE-2023-4152 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and 
all pre ...)
+       TODO: check
+CVE-2023-43669 (The Tungstenite crate through 0.20.0 for Rust allows remote 
attackers  ...)
+       TODO: check
+CVE-2023-43135 (There is an unauthorized access vulnerability in TP-LINK 
ER5120G 4.0 2 ...)
+       TODO: check
+CVE-2023-42322 (Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 
allows a r ...)
+       TODO: check
+CVE-2023-42321 (Cross Site Request Forgery (CSRF) vulnerability in icmsdev 
iCMSv.7.0.1 ...)
+       TODO: check
+CVE-2023-39677 (MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts 
Prestashop ...)
+       TODO: check
+CVE-2023-39675 (SimpleImportProduct Prestashop Module v6.2.9 was discovered to 
contain ...)
+       TODO: check
+CVE-2023-39252 (Dell SCG Policy Manager 5.16.00.14  contains a broken 
cryptographic al ...)
+       TODO: check
+CVE-2023-38876 (A reflected cross-site scripting (XSS) vulnerability in 
msaad1999's PH ...)
+       TODO: check
+CVE-2023-38875 (A reflected cross-site scripting (XSS) vulnerability in 
msaad1999's PH ...)
+       TODO: check
+CVE-2023-37279 (Faktory is a language-agnostic persistent background job 
server. Prior ...)
+       TODO: check
+CVE-2023-36234 (Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, 
allows attac ...)
+       TODO: check
+CVE-2023-36109 (Buffer Overflow vulnerability in JerryScript version 3.0, 
allows remot ...)
+       TODO: check
+CVE-2023-34575 (SQL injection vulnerability in PrestaShop opartsavecart 
through 2.0.7  ...)
+       TODO: check
 CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
hestiacp/h ...)
        TODO: check
 CVE-2023-5074 (Use of a static key to protect a JWT token used in user 
authentication ...)
@@ -47574,8 +47608,8 @@ CVE-2023-22026
        RESERVED
 CVE-2023-22025
        RESERVED
-CVE-2023-22024
-       RESERVED
+CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in 
UEK has  ...)
+       TODO: check
 CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems 
(compone ...)
        NOT-FOR-US: Oracle
 CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data 
Management W ...)
@@ -376315,8 +376349,8 @@ CVE-2018-5480
        REJECTED
 CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is 
vulnerable ...)
        NOT-FOR-US: FoxSash ImgHosting
-CVE-2018-5478
-       RESERVED
+CVE-2018-5478 (Contao 3.x before 3.5.32 allows XSS via the unsubscribe module 
in the  ...)
+       TODO: check
 CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS 
Web Appl ...)
        NOT-FOR-US: ABB netCADOPS Web Application
 CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta 
Electronic ...)
@@ -474638,8 +474672,7 @@ CVE-2015-8373 (The kea-dhcp4 and kea-dhcp6 servers 
0.9.2 and 1.0.0-beta in ISC K
        - isc-kea <not-affected> (Fixed before the initial version uploaded to 
Debian)
 CVE-2015-8372
        RESERVED
-CVE-2015-8371 [Composer Cache Injection vulnerability]
-       RESERVED
+CVE-2015-8371 (Composer before 2016-02-10 allows cache poisoning from other 
projects  ...)
        - composer 1.0.0~alpha11-3
        NOTE: 
http://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html
 CVE-2015-8370 (Multiple integer underflows in Grub2 1.98 through 2.02 allow 
physicall ...)
@@ -482761,8 +482794,8 @@ CVE-2015-5469 (Absolute path traversal vulnerability 
in the MDC YouTube Download
        NOT-FOR-US: MDC YouTube Downloader plugin for WordPress
 CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop 
Styling pl ...)
        NOT-FOR-US: Commerce Shop Styling plugin for WordPress
-CVE-2015-5467
-       RESERVED
+CVE-2015-5467 (web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows 
attackers to  ...)
+       TODO: check
 CVE-2015-5466 (Silicon Integrated Systems XGI WindowsXP Display Manager (aka 
XGI VGA  ...)
        NOT-FOR-US: Silicon Integrated Systems XGI WindowsXP Display Manager
 CVE-2015-5465 (Silicon Integrated Systems WindowsXP Display Manager (aka VGA 
Driver M ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0b405ea9dfbf8ccd2889176ef996c367bf93b81

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0b405ea9dfbf8ccd2889176ef996c367bf93b81
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to