Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
33dcb18f by security tracker role at 2023-11-10T08:11:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-6073 (Attacker can perform a Denial of Service attack to crash the
ICAS 3 IV ...)
+ TODO: check
+CVE-2023-6069 (Improper Input Validation in GitHub repository froxlor/froxlor
prior t ...)
+ TODO: check
+CVE-2023-5954 (HashiCorp Vault and Vault Enterprise inbound client requests
triggerin ...)
+ TODO: check
+CVE-2023-4379 (An issue has been discovered in GitLab EE affecting all
versions start ...)
+ TODO: check
+CVE-2023-47800 (Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a
default pass ...)
+ TODO: check
+CVE-2023-47246 (In SysAid On-Premise before 23.3.36, a path traversal
vulnerability le ...)
+ TODO: check
+CVE-2023-46729 (sentry-javascript provides Sentry SDKs for JavaScript. An
unsanitized ...)
+ TODO: check
+CVE-2023-45167 (IBM AIX's 7.3 Python implementation could allow a
non-privileged local ...)
+ TODO: check
+CVE-2023-39796 (SQL injection vulnerability in the miniform module in WBCE CMS
v.1.6.0 ...)
+ TODO: check
+CVE-2023-36024 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-36014 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2023-34031 (Cross-Site Request Forgery (CSRF) vulnerability in Pascal
Casier bbPre ...)
+ TODO: check
+CVE-2023-34025 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS
Hide Login ...)
+ TODO: check
+CVE-2023-34024 (Cross-Site Request Forgery (CSRF) vulnerability in Guillemant
David WP ...)
+ TODO: check
+CVE-2023-32794 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce
Product ...)
+ TODO: check
+CVE-2023-32745 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce
Automat ...)
+ TODO: check
+CVE-2023-32744 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce
Product ...)
+ TODO: check
+CVE-2023-32739 (Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy
WP Custo ...)
+ TODO: check
+CVE-2023-32602 (Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE
CALL ME NO ...)
+ TODO: check
+CVE-2023-32594 (Cross-Site Request Forgery (CSRF) vulnerability in Benedict
B., Maciej ...)
+ TODO: check
+CVE-2023-32592 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel
by Edwa ...)
+ TODO: check
+CVE-2023-32587 (Cross-Site Request Forgery (CSRF) vulnerability in WP
Reactions, LLC W ...)
+ TODO: check
+CVE-2023-32579 (Cross-Site Request Forgery (CSRF) vulnerability in Designs &
Code Forg ...)
+ TODO: check
+CVE-2023-32512 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel
ShortPix ...)
+ TODO: check
+CVE-2023-32502 (Cross-Site Request Forgery (CSRF) vulnerability in Sybre
Waaijer Pro M ...)
+ TODO: check
+CVE-2023-32501 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L.
VikBooki ...)
+ TODO: check
+CVE-2023-32500 (Cross-Site Request Forgery (CSRF) vulnerability in xtemos
WoodMart - M ...)
+ TODO: check
+CVE-2023-32125 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel
Powney Multi ...)
+ TODO: check
+CVE-2023-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim
TPG Red ...)
+ TODO: check
+CVE-2023-32092 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo
Community by ...)
+ TODO: check
CVE-2023-6054 (A vulnerability, which was classified as critical, was found in
Tongda ...)
NOT-FOR-US: Tongda OA
CVE-2023-6053 (A vulnerability, which was classified as critical, has been
found in T ...)
@@ -3179,7 +3239,7 @@ CVE-2023-5541 (The CSV grade import method contained an
XSS risk for users impor
- moodle <removed>
CVE-2023-5542 (Students in "Only see own membership" groups could see other
students ...)
- moodle <removed>
-CVE-2023-5543
+CVE-2023-5543 (When duplicating a BigBlueButton activity, the original meeting
ID was ...)
- moodle <removed>
CVE-2023-46301 (iTerm2 before 3.4.20 allow (potentially remote) code execution
because ...)
NOT-FOR-US: iTerm2
@@ -25735,8 +25795,8 @@ CVE-2023-31237
RESERVED
CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in unFo ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31235
- RESERVED
+CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland
Barker, xnau ...)
+ TODO: check
CVE-2023-31234
RESERVED
CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Haoq ...)
@@ -26240,8 +26300,8 @@ CVE-2023-31095
RESERVED
CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Lauri Ka ...)
NOT-FOR-US: WooCommerce plugin
-CVE-2023-31093
- RESERVED
+CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly
Chronosly ...)
+ TODO: check
CVE-2023-31092
RESERVED
CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Prad ...)
@@ -26250,12 +26310,12 @@ CVE-2023-31090
RESERVED
CVE-2023-31089
RESERVED
-CVE-2023-31088
- RESERVED
+CVE-2023-31088 (Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi
Floatin ...)
+ TODO: check
CVE-2023-31087 (Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS
Job Mana ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-31086
- RESERVED
+CVE-2023-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic
Simple G ...)
+ TODO: check
CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux
kernel ...)
- linux <unfixed> (unimportant)
NOTE:
https://lore.kernel.org/all/[email protected]/
@@ -29505,8 +29565,8 @@ CVE-2023-29977
RESERVED
CVE-2023-29976
RESERVED
-CVE-2023-29975
- RESERVED
+CVE-2023-29975 (An issue discovered in Pfsense CE version 2.6.0 allows
attackers to ch ...)
+ TODO: check
CVE-2023-29974 (An issue discovered in Pfsense CE version 2.6.0 allows
attackers to co ...)
NOT-FOR-US: Pfsense CE
CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which
can lead ...)
@@ -66805,7 +66865,7 @@ CVE-2022-44710 (DirectX Graphics Kernel Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44709
RESERVED
-CVE-2022-44708 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability.)
+CVE-2022-44708 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44707 (Windows Kernel Denial of Service Vulnerability)
NOT-FOR-US: Microsoft
@@ -66813,11 +66873,11 @@ CVE-2022-44706
RESERVED
CVE-2022-44705
RESERVED
-CVE-2022-44704 (Microsoft Windows Sysmon Elevation of Privilege Vulnerability.)
+CVE-2022-44704 (Microsoft Windows System Monitor (Sysmon) Elevation of
Privilege Vulne ...)
NOT-FOR-US: Microsoft
CVE-2022-44703
RESERVED
-CVE-2022-44702 (Windows Terminal Remote Code Execution Vulnerability.)
+CVE-2022-44702 (Windows Terminal Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44701
RESERVED
@@ -66875,7 +66935,7 @@ CVE-2022-44675 (Windows Bluetooth Driver Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-44673 (Windows Client Server Run-Time Subsystem (CSRSS) Elevation of
Privileg ...)
+CVE-2022-44673 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of
Privileg ...)
NOT-FOR-US: Microsoft
CVE-2022-44672
RESERVED
@@ -78670,7 +78730,7 @@ CVE-2022-41123 (Microsoft Exchange Server Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41121 (Windows Graphics Component Elevation of Privilege
Vulnerability. This ...)
+CVE-2022-41121 (Windows Graphics Component Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41120 (Microsoft Windows System Monitor (Sysmon) Elevation of
Privilege Vulne ...)
NOT-FOR-US: Microsoft
@@ -78734,7 +78794,7 @@ CVE-2022-41091 (Windows Mark of the Web Security
Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41090 (Windows Point-to-Point Tunneling Protocol Denial of Service
Vulnerabil ...)
NOT-FOR-US: Microsoft
-CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability.)
+CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41088 (Windows Point-to-Point Tunneling Protocol Remote Code
Execution Vulner ...)
NOT-FOR-US: Microsoft
@@ -78760,7 +78820,7 @@ CVE-2022-41078 (Microsoft Exchange Server Spoofing
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability.)
+CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-41075
RESERVED
@@ -374957,8 +375017,8 @@ CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a
stack-based buffer overflow
NOT-FOR-US: Lantech
CVE-2018-8864 (In ATI Systems Emergency Mass Notification Systems (HPSS16,
HPSS32, MH ...)
NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
-CVE-2018-8863
- RESERVED
+CVE-2018-8863 (The HTTP header in Philips EncoreAnywhere contains data an
attacker ma ...)
+ TODO: check
CVE-2018-8862 (In ATI Systems Emergency Mass Notification Systems (HPSS16,
HPSS32, MH ...)
NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk
environment (Br ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33dcb18fc5e2dcda6b245a23f96c5f4c1827b058
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/33dcb18fc5e2dcda6b245a23f96c5f4c1827b058
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
