[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 28 Sep 2023 01:12:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9acddbd3 by security tracker role at 2023-09-28T08:12:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2023-5244 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
microweber ...)
+       TODO: check
+CVE-2023-5233 (The Font Awesome Integration plugin for WordPress is vulnerable 
to Sto ...)
+       TODO: check
+CVE-2023-5232 (The Font Awesome More Icons plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2023-5230 (The TM WooCommerce Compare & Wishlist plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2023-44276 (OPNsense before 23.7.5 allows XSS via the index.php sequence 
parameter ...)
+       TODO: check
+CVE-2023-44275 (OPNsense before 23.7.5 allows XSS via the index.php 
column_count param ...)
+       TODO: check
+CVE-2023-44273 (Consensys gnark-crypto through 0.11.2 allows Signature 
Malleability. T ...)
+       TODO: check
+CVE-2023-44080 (An issue in PGYER codefever v.2023.8.14-2ce4006 allows a 
remote attack ...)
+       TODO: check
+CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for 
Linux that d ...)
+       TODO: check
+CVE-2023-43656 (matrix-hookshot is a Matrix bot for connecting to external 
services li ...)
+       TODO: check
+CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated 
user can e ...)
+       TODO: check
+CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 
thru v.8.0, ...)
+       TODO: check
+CVE-2023-43314 (Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B 
allows a r ...)
+       TODO: check
+CVE-2023-43233 (A stored cross-site scripting (XSS) vulnerability in the 
cms/content/e ...)
+       TODO: check
+CVE-2023-43192 (SQL injection can exist in a newly created part of the 
JFinalcms backg ...)
+       TODO: check
+CVE-2023-43191 (JFinalCMS foreground message can be embedded malicious code 
saved in t ...)
+       TODO: check
+CVE-2023-42818 (JumpServer is an open source bastion host. When users enable 
MFA and u ...)
+       TODO: check
+CVE-2023-42222 (WebCatalog before 49.0 is vulnerable to Incorrect Access 
Control. WebC ...)
+       TODO: check
+CVE-2023-41453 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker 
v.1.0.5 al ...)
+       TODO: check
+CVE-2023-41452 (Cross Site Request Forgery vulnerability in phpkobo 
AjaxNewTicker v.1. ...)
+       TODO: check
+CVE-2023-41451 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker 
v.1.0.5 al ...)
+       TODO: check
+CVE-2023-41450 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote 
attacker to ...)
+       TODO: check
+CVE-2023-41449 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote 
attacker to ...)
+       TODO: check
+CVE-2023-41448 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker 
v.1.0.5 al ...)
+       TODO: check
+CVE-2023-41447 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker 
v.1.0.5 al ...)
+       TODO: check
+CVE-2023-41446 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker 
v.1.0.5 al ...)
+       TODO: check
+CVE-2023-41445 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker 
v.1.0.5 al ...)
+       TODO: check
+CVE-2023-41444 (An issue in Binalyze IREC.sys v.3.11.0 and before allows a 
local attac ...)
+       TODO: check
+CVE-2023-40026 (Argo CD is a declarative continuous deployment framework for 
Kubernete ...)
+       TODO: check
+CVE-2023-38877 (A host header injection vulnerability exists in gugoan's 
Economizzer v ...)
+       TODO: check
+CVE-2023-38874 (A remote code execution (RCE) vulnerability via an insecure 
file uploa ...)
+       TODO: check
+CVE-2023-38873 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan 
Economizzer  ...)
+       TODO: check
+CVE-2023-38872 (An Insecure Direct Object Reference (IDOR) vulnerability in 
gugoan Eco ...)
+       TODO: check
+CVE-2023-38871 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan 
Economizzer  ...)
+       TODO: check
+CVE-2023-38870 (A SQL injection vulnerability exists in gugoan Economizzer 
commit 3730 ...)
+       TODO: check
 CVE-2023-42119 [Exim dnsdb Out-Of-Bounds Read Information Disclosure 
Vulnerability]
        - exim4 <unfixed>
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
@@ -56,7 +126,7 @@ CVE-2023-5184 (Two potential signed to unsigned conversion 
errors and buffer ove
        NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
 CVE-2023-4523 (Real Time Automation 460 Series products with versions prior to 
v8.9.8 ...)
        NOT-FOR-US: Real Time Automation 460 Series products
-CVE-2023-4066
+CVE-2023-4066 (A flaw was found in Red Hat's AMQ Broker, which stores certain 
passwor ...)
        NOT-FOR-US: Red Hat AMQ Broker
 CVE-2023-4129 (Dell Data Protection Central, version 19.9, contains an 
Inadequate Enc ...)
        NOT-FOR-US: Dell
@@ -598,7 +668,8 @@ CVE-2023-5161 (The Modal Window plugin for WordPress is 
vulnerable to Stored Cro
        NOT-FOR-US: Modal Window plugin for WordPress
 CVE-2023-5135 (The Simple Cloudflare Turnstile plugin for WordPress is 
vulnerable to  ...)
        NOT-FOR-US: Simple Cloudflare Turnstile plugin for WordPress
-CVE-2023-5129 (With a specially crafted WebP lossless file, libwebp may write 
data ou ...)
+CVE-2023-5129
+       REJECTED
        - libwebp 1.2.4-0.3
        [bookworm] - libwebp 1.2.4-0.2+deb12u1
        [bullseye] - libwebp 0.6.1-2.1+deb11u2
@@ -33670,16 +33741,16 @@ CVE-2023-26151
        RESERVED
 CVE-2023-26150
        RESERVED
-CVE-2023-26149
-       RESERVED
+CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are 
vulnerable to C ...)
+       TODO: check
 CVE-2023-26148
        RESERVED
 CVE-2023-26147
        RESERVED
 CVE-2023-26146
        RESERVED
-CVE-2023-26145
-       RESERVED
+CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A 
number of  ...)
+       TODO: check
 CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 
are vuln ...)
        - node-graphql <unfixed>
        [bookworm] - node-graphql <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9acddbd3f1d0549f077cd1cb4f9109682375f13d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9acddbd3f1d0549f077cd1cb4f9109682375f13d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to