[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 30 Sep 2023 01:29:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
31a5e605 by security tracker role at 2023-09-30T08:29:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository 
thorsten/phpmyfa ...)
+       TODO: check
+CVE-2023-5319 (Cross-site Scripting (XSS) - Stored in GitHub repository 
thorsten/phpm ...)
+       TODO: check
+CVE-2023-5318 (Use of Hard-coded Credentials in GitHub repository 
microweber/microweb ...)
+       TODO: check
+CVE-2023-5317 (Cross-site Scripting (XSS) - Stored in GitHub repository 
thorsten/phpm ...)
+       TODO: check
+CVE-2023-5316 (Cross-site Scripting (XSS) - DOM in GitHub repository 
thorsten/phpmyfa ...)
+       TODO: check
+CVE-2023-5298 (A vulnerability was found in Tongda OA 2017. It has been rated 
as crit ...)
+       TODO: check
+CVE-2023-5297 (A vulnerability was found in Xinhu RockOA 2.3.2. It has been 
classifie ...)
+       TODO: check
+CVE-2023-5296 (A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi 
and clas ...)
+       TODO: check
+CVE-2023-5295 (The Blog Filter plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2023-5294 (A vulnerability has been found in ECshop 4.1.1 and classified 
as criti ...)
+       TODO: check
+CVE-2023-5293 (A vulnerability, which was classified as critical, was found in 
ECshop ...)
+       TODO: check
+CVE-2023-5227 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository t ...)
+       TODO: check
+CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code 
Executi ...)
+       TODO: check
+CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. It affects 
linters u ...)
+       TODO: check
+CVE-2023-43711 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43710 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43709 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43708 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43707 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43706 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43705 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43704 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43703 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
+CVE-2023-43702 (Os Commerce is currently susceptible to a Cross-Site Scripting 
(XSS) v ...)
+       TODO: check
 CVE-2023-5289 (Allocation of Resources Without Limits or Throttling in GitHub 
reposit ...)
        - rdiffweb <itp> (bug #969974)
 CVE-2023-5288 (A remote unauthorized attacker may connect to the SIM1012, 
interact wi ...)
@@ -366,7 +414,7 @@ CVE-2023-5222 (A vulnerability classified as critical was 
found in Viessmann Vit
 CVE-2023-5221 (A vulnerability classified as critical has been found in ForU 
CMS. Thi ...)
        NOT-FOR-US: ForU CMS
 CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome 
prior  ...)
-       {DSA-5509-1 DSA-5508-1}
+       {DSA-5510-1 DSA-5509-1 DSA-5508-1}
        - chromium 117.0.5938.132-1
        [buster] - chromium <end-of-life> (see DSA 5046)
        - firefox <unfixed> (unimportant)
@@ -85332,8 +85380,8 @@ CVE-2022-35910 (In Jellyfin before 10.8, stored XSS 
allows theft of an admin acc
        - jellyfin <itp> (bug #994189)
 CVE-2022-35909 (In Jellyfin before 10.8, the /users endpoint has incorrect 
access cont ...)
        - jellyfin <itp> (bug #994189)
-CVE-2022-35908
-       RESERVED
+CVE-2022-35908 (Cambium Enterprise Wi-Fi System Software before 6.4.2 does not 
sanitiz ...)
+       TODO: check
 CVE-2022-35907
        RESERVED
 CVE-2022-35906 (An issue was discovered in Bentley MicroStation before 
10.17.0.x and B ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31a5e605f60dae03f5df251bdc5384e9aa9f28e3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31a5e605f60dae03f5df251bdc5384e9aa9f28e3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to