Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca8107f9 by security tracker role at 2023-10-26T20:12:03+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,125 @@
+CVE-2023-5804 (A vulnerability was found in PHPGurukul Nipah Virus Testing
Management ...)
+ TODO: check
+CVE-2023-5802 (Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova
WordPres ...)
+ TODO: check
+CVE-2023-5798 (The Assistant WordPress plugin before 1.4.4 does not validate a
parame ...)
+ TODO: check
+CVE-2023-5796 (A vulnerability was found in CodeAstro POS System 1.0. It has
been rat ...)
+ TODO: check
+CVE-2023-5795 (A vulnerability was found in CodeAstro POS System 1.0. It has
been dec ...)
+ TODO: check
+CVE-2023-5794 (A vulnerability was found in PHPGurukul Online Railway Catering
System ...)
+ TODO: check
+CVE-2023-5793 (A vulnerability was found in flusity CMS and classified as
problematic ...)
+ TODO: check
+CVE-2023-5792 (A vulnerability has been found in SourceCodester Sticky Notes
App 1.0 ...)
+ TODO: check
+CVE-2023-5791 (A vulnerability, which was classified as problematic, was found
in Sou ...)
+ TODO: check
+CVE-2023-5790 (A vulnerability classified as critical was found in
SourceCodester Fil ...)
+ TODO: check
+CVE-2023-5789 (A vulnerability classified as problematic has been found in
Dragon Pat ...)
+ TODO: check
+CVE-2023-5787 (A vulnerability was found in Shaanxi Chanming Education
Technology Sco ...)
+ TODO: check
+CVE-2023-5786 (A vulnerability was found in GeoServer GeoWebCache up to
1.15.1. It ha ...)
+ TODO: check
+CVE-2023-5785 (A vulnerability was found in Netentsec NS-ASG Application
Security Gat ...)
+ TODO: check
+CVE-2023-5784 (A vulnerability was found in Netentsec NS-ASG Application
Security Gat ...)
+ TODO: check
+CVE-2023-5783 (A vulnerability has been found in Tongda OA 2017 up to 11.9 and
classi ...)
+ TODO: check
+CVE-2023-5782 (A vulnerability, which was classified as critical, was found in
Tongda ...)
+ TODO: check
+CVE-2023-5781 (A vulnerability, which was classified as critical, has been
found in T ...)
+ TODO: check
+CVE-2023-5780 (A vulnerability classified as critical was found in Tongda OA
2017 11. ...)
+ TODO: check
+CVE-2023-5754 (Sielco PolyEco1000 uses a weak set of default administrative
credentia ...)
+ TODO: check
+CVE-2023-5624 (Under certain conditions, Nessus Network Monitor was found to
not prop ...)
+ TODO: check
+CVE-2023-5623 (NNM failed to properly set ACLs on its installation directory,
which c ...)
+ TODO: check
+CVE-2023-5622 (Under certain conditions, Nessus Network Monitor could allow a
low pri ...)
+ TODO: check
+CVE-2023-46748 (An authenticated SQL injection vulnerability exists in the
BIG-IP Conf ...)
+ TODO: check
+CVE-2023-46747 (Undisclosed requests may bypass configuration utility
authentication, ...)
+ TODO: check
+CVE-2023-46666 (An issue was discovered when using Document Level Security and
the SPO ...)
+ TODO: check
+CVE-2023-46664 (Sielco PolyEco1000 is vulnerable to an improper access control
vulnera ...)
+ TODO: check
+CVE-2023-46663 (Sielco PolyEco1000 is vulnerable to an attacker bypassing
authorizatio ...)
+ TODO: check
+CVE-2023-46662 (Sielco PolyEco1000 is vulnerable to an information disclosure
vulnerab ...)
+ TODO: check
+CVE-2023-46661 (Sielco PolyEco1000 is vulnerable to an attacker escalating
their privi ...)
+ TODO: check
+CVE-2023-46450 (Sourcecodester Free and Open Source inventory management
system 1.0 is ...)
+ TODO: check
+CVE-2023-46449 (Sourcecodester Free and Open Source inventory management
system v1.0 i ...)
+ TODO: check
+CVE-2023-46435 (Sourcecodester Packers and Movers Management System v1.0 is
vulnerable ...)
+ TODO: check
+CVE-2023-46238 (ZITADEL is an identity infrastructure management system.
ZITADEL users ...)
+ TODO: check
+CVE-2023-46234 (browserify-sign is a package to duplicate the functionality of
node's ...)
+ TODO: check
+CVE-2023-46094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Conversi ...)
+ TODO: check
+CVE-2023-46090 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
WebDorad ...)
+ TODO: check
+CVE-2023-46088 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Mamm ...)
+ TODO: check
+CVE-2023-46081 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in
Lavacode La ...)
+ TODO: check
+CVE-2023-46077 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Arrow Pl ...)
+ TODO: check
+CVE-2023-46076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
RedNao W ...)
+ TODO: check
+CVE-2023-46075 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
wpdevart ...)
+ TODO: check
+CVE-2023-46074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Borbis M ...)
+ TODO: check
+CVE-2023-46072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Michael ...)
+ TODO: check
+CVE-2023-45869 (ILIAS 7.25 (2023-09-12) allows any authenticated user to
execute arbit ...)
+ TODO: check
+CVE-2023-45868 (The Learning Module in ILIAS 7.25 (2023-09-12 release) allows
an attac ...)
+ TODO: check
+CVE-2023-45867 (ILIAS (2013-09-12 release) contains a medium-criticality
Directory Tra ...)
+ TODO: check
+CVE-2023-45317 (The application interface allows users to perform certain
actions via ...)
+ TODO: check
+CVE-2023-45228 (The application suffers from improper access control when
editing user ...)
+ TODO: check
+CVE-2023-44267 (Online Art Gallery v1.0 is vulnerable to multiple
Unauthenticated SQL ...)
+ TODO: check
+CVE-2023-43208 (NextGen Healthcare Mirth Connect before version 4.4.1 is
vulnerable to ...)
+ TODO: check
+CVE-2023-42769 (The cookie session ID is of insufficient length and can be
exploited b ...)
+ TODO: check
+CVE-2023-41966 (The application suffers from a privilege escalation
vulnerability. A ...)
+ TODO: check
+CVE-2023-41096 (Missing Encryption of Security Keys vulnerability in Silicon
Labs Embe ...)
+ TODO: check
+CVE-2023-41095 (Missing Encryption of Security Keys vulnerability in Silicon
Labs Open ...)
+ TODO: check
+CVE-2023-39936 (In Ashlar-Vellum Graphite v13.0.48, the affected application
lacks pro ...)
+ TODO: check
+CVE-2023-39427 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt
Share v12 S ...)
+ TODO: check
+CVE-2023-32116 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tota ...)
+ TODO: check
+CVE-2023-31419 (A flaw was discovered in Elasticsearch, affecting the _search
API that ...)
+ TODO: check
+CVE-2023-31418 (An issue has been identified with how Elasticsearch handled
incoming r ...)
+ TODO: check
+CVE-2023-31416 (Secret token configuration is never applied when using ECK
<2.8 with A ...)
+ TODO: check
CVE-2023-5139 (Potential buffer overflow vulnerability at the following
location in t ...)
NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr)
CVE-2023-46754 (The admin panel for Obl.ong before 1.1.2 allows authorization
bypass b ...)
@@ -456,6 +578,7 @@ CVE-2023-5367 (A out-of-bounds write flaw was found in the
xorg-x11-server. This
NOTE:
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a
CVE-2023-5472 (Use after free in Profiles in Google Chrome prior to
118.0.5993.117 al ...)
+ {DSA-5536-1}
- chromium 118.0.5993.117-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to
asserts b ...)
@@ -7299,7 +7422,7 @@ CVE-2023-XXXX [receiving with Lightning: partial MPP
might be accepted]
NOTE:
https://github.com/spesmilo/electrum/security/advisories/GHSA-8r85-vp7r-hjxf
NOTE: https://github.com/spesmilo/electrum/issues/8588
NOTE:
https://github.com/spesmilo/electrum/commit/11fba68126f82d05de90efd67f2b43dfd1b8f22c
-CVE-2023-31417
+CVE-2023-31417 (Elasticsearch generally filters out sensitive information and
credenti ...)
- elasticsearch <removed>
CVE-2023-XXXX [RUSTSEC-2023-0059: Unaligned read of *const *const c_char
pointer]
- rust-users <unfixed> (bug #1051808)
@@ -25861,8 +25984,8 @@ CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting
(XSS) vulnerability in Im
NOT-FOR-US: WordPress plugin
CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Themefic ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-30492
- RESERVED
+CVE-2023-30492 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
CodeBard ...)
NOT-FOR-US: WordPress plugin
CVE-2023-30490
@@ -39280,8 +39403,8 @@ CVE-2023-0899 (The Steveas WP Live Chat Shoutbox
WordPress plugin through 1.4.2
NOT-FOR-US: WordPress plugin
CVE-2023-0898
RESERVED
-CVE-2023-0897
- RESERVED
+CVE-2023-0897 (Sielco PolyEco1000 is vulnerable to a session hijack
vulnerability due ...)
+ TODO: check
CVE-2023-26030
RESERVED
CVE-2023-26029
@@ -239962,8 +240085,8 @@ CVE-2020-17479 (jpv (aka Json Pattern Validator)
before 2.2.2 does not properly
NOT-FOR-US: jpv
CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly
conside ...)
- libcrypt-perl-perl <itp> (bug #907353)
-CVE-2020-17477
- RESERVED
+CVE-2020-17477 (Incorrect LDAP ACLs in ucs-school-ldap-acls-master in
UCS@school befor ...)
+ TODO: check
CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user
name.)
NOT-FOR-US: Mibew Messenger
CVE-2020-17475 (Lack of authentication in the network relays used in MEGVII
Koala 2.9. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca8107f91d7f5e56e03619bcf15d93ad1b9b3bf4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca8107f91d7f5e56e03619bcf15d93ad1b9b3bf4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
