[Git][security-tracker-team/security-tracker][master] automatic update

Wed, 08 Nov 2023 00:12:54 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3e1c2829 by security tracker role at 2023-11-08T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,75 @@
+CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log 
injecti ...)
+       TODO: check
+CVE-2023-6001 (Prometheus metrics are available without authentication. These 
expose  ...)
+       TODO: check
+CVE-2023-5982 (The UpdraftPlus: WordPress Backup & Migration Plugin plugin for 
WordPr ...)
+       TODO: check
+CVE-2023-5801 (Vulnerability of identity verification being bypassed in the 
face unlo ...)
+       TODO: check
+CVE-2023-46800 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46799 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46798 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46797 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46796 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46795 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46794 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46793 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46792 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46790 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46789 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46788 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46787 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46786 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46785 (Online Matrimonial Project v1.0 is vulnerable to multiple 
Unauthentica ...)
+       TODO: check
+CVE-2023-46770 (Out-of-bounds vulnerability in the sensor module. Successful 
exploitat ...)
+       TODO: check
+CVE-2023-46769 (Use-After-Free (UAF) vulnerability in the dubai module.  
Successful ex ...)
+       TODO: check
+CVE-2023-46768 (Multi-thread vulnerability in the idmap module. Successful 
exploitatio ...)
+       TODO: check
+CVE-2023-46680 (Online Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL I ...)
+       TODO: check
+CVE-2023-46679 (Online Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL I ...)
+       TODO: check
+CVE-2023-46678 (Online Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL I ...)
+       TODO: check
+CVE-2023-46677 (Online Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL I ...)
+       TODO: check
+CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple 
Unauthenticated SQL I ...)
+       TODO: check
+CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 
allows an at ...)
+       TODO: check
+CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box 
v.2.3-DEV-rev573-g2013208 ...)
+       TODO: check
+CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing 
Order" (or ...)
+       TODO: check
+CVE-2023-44115 (Vulnerability of improper permission control in the Booster 
module. Im ...)
+       TODO: check
+CVE-2023-43984 (Insecure permissions in Smart Soft advancedexport before 
v4.4.7 allow  ...)
+       TODO: check
+CVE-2023-42361 (Local File Inclusion vulnerability in Midori-global Better PDF 
Exporte ...)
+       TODO: check
+CVE-2023-41270 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
+       TODO: check
+CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
+       TODO: check
+CVE-2023-41111 (An issue was discovered in Samsung Mobile Processor, Wearable 
Processo ...)
+       TODO: check
 CVE-2023-45284 [path/filepath: recognize device names with trailing spaces and 
superscripts]
        - golang-1.21 1.21.4-1
        - golang-1.20 1.20.11-1
@@ -763,11 +835,13 @@ CVE-2023-43076 (Dell PowerScale OneFS 
8.2.x,9.0.0.x-9.5.0.x contains a denial-of
 CVE-2023-42802 (GLPI is a free asset and IT management software package. 
Starting in v ...)
        - glpi <removed>
        NOTE: 
https://github.com/glpi-project/glpi/security/advisories/GHSA-rrh2-x4ch-pq3m
-CVE-2023-47360
+CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an Integer 
underflow tha ...)
+       {DSA-5545-1}
        - vlc 3.0.20-1
        NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms
        NOTE: 
https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
-CVE-2023-47359
+CVE-2023-47359 (Videolan VLC prior to version 3.0.20 contains an incorrect 
offset read ...)
+       {DSA-5545-1}
        - vlc 3.0.20-1
        NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms
        NOTE: 
https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef
@@ -5593,7 +5667,7 @@ CVE-2023-32971 (A buffer copy without checking size of 
input vulnerability has b
        NOT-FOR-US: QNAP
 CVE-2023-5408 (A privilege escalation flaw was found in the node restriction 
admissio ...)
        NOT-FOR-US: OpenShift
-CVE-2023-4061
+CVE-2023-4061 (A flaw was found in wildfly-core. A management user could use 
the reso ...)
        NOT-FOR-US: Red Hat Enterprise Application Platform
 CVE-2023-3171
        NOT-FOR-US: Red Hat Enterprise Application Platform
@@ -55748,7 +55822,7 @@ CVE-2023-22093 (Vulnerability in the Oracle 
iRecruitment product of Oracle E-Bus
        NOT-FOR-US: Oracle
 CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.35-1 (bug #1055034)
-CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK product of Oracle 
Java SE  ...)
+CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM 
Enterprise ...)
        NOT-FOR-US: Oracle
 CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common 
Application Objec ...)
        NOT-FOR-US: Oracle
@@ -55768,7 +55842,7 @@ CVE-2023-22083 (Vulnerability in the Oracle Enterprise 
Session Border Controller
        NOT-FOR-US: Oracle
 CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise 
Edition p ...)
        NOT-FOR-US: Oracle
-CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK 
product of ...)
+CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
        {DSA-5548-1 DSA-5537-1 DLA-3636-1}
        - openjdk-8 8u392-ga-1
        - openjdk-11 11.0.21+9-1
@@ -55800,7 +55874,7 @@ CVE-2023-22069 (Vulnerability in the Oracle WebLogic 
Server product of Oracle Fu
        NOT-FOR-US: Oracle
 CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.35-1 (bug #1055034)
-CVE-2023-22067 (Vulnerability in Oracle Java SE (component: CORBA).  Supported 
version ...)
+CVE-2023-22067 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
        - openjdk-8 8u392-ga-1
 CVE-2023-22066 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.35-1 (bug #1055034)
@@ -55896,7 +55970,7 @@ CVE-2023-22027 (Vulnerability in the Oracle Business 
Intelligence Enterprise Edi
        NOT-FOR-US: Oracle
 CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.32-1
-CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise 
Edition ...)
+CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
        {DSA-5548-1}
        - openjdk-17 17.0.9+9-1
        - openjdk-21 21.0.1+12-1
@@ -144144,8 +144218,8 @@ CVE-2021-43421 (A File Upload vulnerability exists in 
Studio-42 elFinder 2.0.4 t
        NOT-FOR-US: Studio 42 elFinder
 CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester 
Online Paym ...)
        NOT-FOR-US: Sourcecodester
-CVE-2021-43419
-       RESERVED
+CVE-2021-43419 (An Information Disclosure vulnerability exists in Opay Mobile 
applicat ...)
+       TODO: check
 CVE-2021-43418
        RESERVED
 CVE-2021-43417



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1c28295eaab6381888a96228a4182bff1354ab

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e1c28295eaab6381888a96228a4182bff1354ab
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to