Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3962165a by security tracker role at 2023-10-31T08:12:04+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2023-5867 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
+ TODO: check
+CVE-2023-5866 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in
GitHub ...)
+ TODO: check
+CVE-2023-5865 (Insufficient Session Expiration in GitHub repository
thorsten/phpmyfaq ...)
+ TODO: check
+CVE-2023-5864 (Cross-site Scripting (XSS) - Stored in GitHub repository
thorsten/phpm ...)
+ TODO: check
+CVE-2023-5863 (Cross-site Scripting (XSS) - Reflected in GitHub repository
thorsten/p ...)
+ TODO: check
+CVE-2023-5862 (Missing Authorization in GitHub repository hamza417/inure prior
to Bui ...)
+ TODO: check
+CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in GitHub repository
microweber/mi ...)
+ TODO: check
+CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring
Framework fo ...)
+ TODO: check
+CVE-2023-46502 (An issue in OpenCRX v.5.2.2 allows a remote attacker to
execute arbitr ...)
+ TODO: check
+CVE-2023-46478 (An issue in minCal v.1.0.0 allows a remote attacker to execute
arbitra ...)
+ TODO: check
+CVE-2023-46451 (Best Courier Management System v1.0 is vulnerable to Cross
Site Script ...)
+ TODO: check
+CVE-2023-46361 (Artifex Software jbig2dec v0.20 was discovered to contain a
SEGV vulne ...)
+ TODO: check
+CVE-2023-46356 (In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl
Modules ...)
+ TODO: check
+CVE-2023-46210 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in WebC ...)
+ TODO: check
+CVE-2023-46139 (KernelSU is a Kernel based root solution for Android. Starting
in vers ...)
+ TODO: check
+CVE-2023-46138 (JumpServer is an open source bastion host and maintenance
security aud ...)
+ TODO: check
+CVE-2023-46040 (Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a
allows a r ...)
+ TODO: check
+CVE-2023-45996 (SQL injection vulnerability in Senayan Library Management
Systems Slim ...)
+ TODO: check
+CVE-2023-45956 (An issue discovered in Govee LED Strip v3.00.42 allows
attackers to ca ...)
+ TODO: check
+CVE-2023-45899 (An issue in the component
SuperUserSetuserModuleFrontController:init() ...)
+ TODO: check
+CVE-2023-45804
+ REJECTED
+CVE-2023-45672 (Frigate is an open source network video recorder. Prior to
version 0.1 ...)
+ TODO: check
+CVE-2023-45671 (Frigate is an open source network video recorder. Prior to
version 0.1 ...)
+ TODO: check
+CVE-2023-45670 (Frigate is an open source network video recorder. Prior to
version 0.1 ...)
+ TODO: check
+CVE-2023-45378 (In the module "PrestaBlog" (prestablog) version 4.4.7 and
before from ...)
+ TODO: check
+CVE-2023-44397 (CloudExplorer Lite is an open source, lightweight cloud
management pla ...)
+ TODO: check
+CVE-2023-43798 (BigBlueButton is an open-source virtual classroom.
BigBlueButton prior ...)
+ TODO: check
+CVE-2023-43797 (BigBlueButton is an open-source virtual classroom. Prior to
versions 2 ...)
+ TODO: check
+CVE-2023-43139 (An issue in franfinance before v.2.0.27 allows a remote
attacker to ex ...)
+ TODO: check
+CVE-2023-42323 (Cross Site Request Forgery (CSRF) vulnerability in DouHaocms
v.3.3 all ...)
+ TODO: check
+CVE-2023-36263 (Prestashop opartlimitquantity 1.4.5 and before is vulnerable
to SQL In ...)
+ TODO: check
+CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion
in the c ...)
+ TODO: check
+CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in
demos/hooks-targe ...)
+ TODO: check
+CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing
attack again ...)
+ TODO: check
CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script]
- salt <unfixed>
NOTE:
https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
@@ -141,7 +209,7 @@ CVE-2023-5426 (The Post Meta Data Manager plugin for
WordPress is vulnerable to
NOT-FOR-US: WordPress plugin
CVE-2023-5425 (The Post Meta Data Manager plugin for WordPress is vulnerable
to unaut ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-46129 [nkeys: xkeys Seal encryption used fixed key for all encryption]
+CVE-2023-46129 (NATS.io is a high performance open source pub-sub distributed
communic ...)
- golang-github-nats-io-nkeys <unfixed> (bug #1055010)
[bookworm] - golang-github-nats-io-nkeys <not-affected> (Vulnerable
code not present)
[bullseye] - golang-github-nats-io-nkeys <not-affected> (Vulnerable
code not present)
@@ -1444,7 +1512,7 @@ CVE-2023-38276 (IBM Cognos Dashboards on Cloud Pak for
Data 4.7.0 exposes sensit
NOT-FOR-US: IBM
CVE-2023-38275 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes
sensitive in ...)
NOT-FOR-US: IBM
-CVE-2023-5349 [memory leak]
+CVE-2023-5349 (A memory leak flaw was found in ruby-magick, an interface
between Ruby ...)
{DLA-3625-1}
- ruby-rmagick 5.3.0-1
[bookworm] - ruby-rmagick <no-dsa> (Minor issue)
@@ -1956,10 +2024,12 @@ CVE-2023-35126 (An out-of-bounds write vulnerability
exists within the parsers f
CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream
parsing fun ...)
NOT-FOR-US: Ichitaro
CVE-2023-45024
+ {DSA-5541-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
NOTE:
https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e
(rt-5.0.5)
CVE-2023-41260
+ {DSA-5542-1 DSA-5541-1 DLA-3642-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
- request-tracker4 4.4.7+dfsg-1 (bug #1054516)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
@@ -1967,6 +2037,7 @@ CVE-2023-41260
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7
NOTE:
https://github.com/bestpractical/rt/commit/33e9203bf2a61e20f8b8e682d57f55cb7a995967
(rt-4.4.7)
CVE-2023-41259
+ {DSA-5542-1 DSA-5541-1 DLA-3642-1}
- request-tracker5 5.0.5+dfsg-1 (bug #1054517)
- request-tracker4 4.4.7+dfsg-1 (bug #1054516)
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5
@@ -34933,8 +35004,8 @@ CVE-2023-27848 (broccoli-compass v0.2.4 was discovered
to contain a remote code
NOT-FOR-US: broccoli-compass
CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog
v.2.0.1 and be ...)
NOT-FOR-US: PrestaShop
-CVE-2023-27846
- RESERVED
+CVE-2023-27846 (SQL injection vulnerability found in PrestaShop themevolty
v.4.0.8 and ...)
+ TODO: check
CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs
before v ...)
NOT-FOR-US: PrestaShop
CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite
v.1.0 and ...)
@@ -81558,8 +81629,8 @@ CVE-2022-39174
CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer
overflow ...)
- wolfssl 5.5.3-1 (bug #1021021)
[bullseye] - wolfssl <no-dsa> (Minor issue)
-CVE-2022-39172
- RESERVED
+CVE-2022-39172 (A stored XSS in the process overview (bersicht zugewiesener
Vorgaenge) ...)
+ TODO: check
CVE-2022-39171
RESERVED
CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in
dwarf_f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3962165aeef9f8db413e2d1d08b4814b13b72d33
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3962165aeef9f8db413e2d1d08b4814b13b72d33
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
