[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 14 Nov 2023 00:11:51 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d7116902 by security tracker role at 2023-11-14T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,127 @@
+CVE-2023-6115
+       REJECTED
+CVE-2023-6109 (The YOP Poll plugin for WordPress is vulnerable to a race 
condition in ...)
+       TODO: check
+CVE-2023-6107
+       REJECTED
+CVE-2023-6106
+       REJECTED
+CVE-2023-6092
+       REJECTED
+CVE-2023-6089
+       REJECTED
+CVE-2023-6088
+       REJECTED
+CVE-2023-6087
+       REJECTED
+CVE-2023-6086
+       REJECTED
+CVE-2023-6085
+       REJECTED
+CVE-2023-6083
+       REJECTED
+CVE-2023-6034
+       REJECTED
+CVE-2023-6010
+       REJECTED
+CVE-2023-6006 (This vulnerability allows local attackers to escalate 
privileges on af ...)
+       TODO: check
+CVE-2023-5977
+       REJECTED
+CVE-2023-4603 (The Star CloudPRNT for WooCommerce plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2023-47697 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
WP Event ...)
+       TODO: check
+CVE-2023-47696 (Unauth. Stored Cross-Site Scripting (XSS) vulnerabilityin 
Gravity Mast ...)
+       TODO: check
+CVE-2023-47695 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Scribit  ...)
+       TODO: check
+CVE-2023-47690 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Anton Bo ...)
+       TODO: check
+CVE-2023-47684 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
ThemePun ...)
+       TODO: check
+CVE-2023-47680 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-47673 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Stefano  ...)
+       TODO: check
+CVE-2023-47665 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
edward_p ...)
+       TODO: check
+CVE-2023-47662 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Gold ...)
+       TODO: check
+CVE-2023-47657 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-47629 (DataHub is an open-source metadata platform. In affected 
versions sign ...)
+       TODO: check
+CVE-2023-47628 (DataHub is an open-source metadata platform. DataHub 
Frontend's sessio ...)
+       TODO: check
+CVE-2023-47625 (PX4 autopilot is a flight control solution for drones. In 
affected ver ...)
+       TODO: check
+CVE-2023-47609 (SQL injection vulnerability in OSS Calendar versions prior to 
v.2.0.3  ...)
+       TODO: check
+CVE-2023-47346 (Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and 
SMF 1.2 ...)
+       TODO: check
+CVE-2023-47117 (Label Studio is an open source data labeling tool. In all 
current vers ...)
+       TODO: check
+CVE-2023-46446 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to 
control t ...)
+       TODO: check
+CVE-2023-46445 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to 
control t ...)
+       TODO: check
+CVE-2023-46021 (SQL Injection vulnerability in cancel.php in Code-Projects 
Blood Bank  ...)
+       TODO: check
+CVE-2023-46020 (Cross Site Scripting (XSS) in updateprofile.php in 
Code-Projects Blood ...)
+       TODO: check
+CVE-2023-46019 (Cross Site Scripting (XSS) vulnerability in abs.php in 
Code-Projects B ...)
+       TODO: check
+CVE-2023-46018 (SQL injection vulnerability in receiverReg.php in 
Code-Projects Blood  ...)
+       TODO: check
+CVE-2023-46017 (SQL Injection vulnerability in receiverLogin.php in 
Code-Projects Bloo ...)
+       TODO: check
+CVE-2023-46016 (Cross Site Scripting (XSS) in abs.php in Code-Projects Blood 
Bank 1.0  ...)
+       TODO: check
+CVE-2023-46015 (Cross Site Scripting (XSS) vulnerability in index.php in 
Code-Projects ...)
+       TODO: check
+CVE-2023-46014 (SQL Injection vulnerability in hospitalLogin.php in 
Code-Projects Bloo ...)
+       TODO: check
+CVE-2023-45881 (GibbonEdu Gibbon through version 25.0.0 allows 
/modules/Planner/resour ...)
+       TODO: check
+CVE-2023-45880 (GibbonEdu Gibbon through version 25.0.0 allows Directory 
Traversal via ...)
+       TODO: check
+CVE-2023-45879 (GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an 
IFRAME el ...)
+       TODO: check
+CVE-2023-45878 (GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary 
File Write ...)
+       TODO: check
+CVE-2023-45560 (An issue in Yasukawa memberscard v.13.6.1 allows attackers to 
send cra ...)
+       TODO: check
+CVE-2023-45558 (An issue in Golden v.13.6.1 allows attackers to send crafted 
notificat ...)
+       TODO: check
+CVE-2023-43902 (Incorrect access control in the Forgot Your Password function 
of EMSig ...)
+       TODO: check
+CVE-2023-43901 (Incorrect access control in the AdHoc User creation form of 
EMSigner v ...)
+       TODO: check
+CVE-2023-43900 (Insecure Direct Object References (IDOR) in EMSigner v2.8.7 
allow atta ...)
+       TODO: check
+CVE-2023-42816 (Kyverno is a policy engine designed for Kubernetes. A security 
vulnera ...)
+       TODO: check
+CVE-2023-42815 (Kyverno is a policy engine designed for Kubernetes. A security 
vulnera ...)
+       TODO: check
+CVE-2023-42814 (Kyverno is a policy engine designed for Kubernetes. A security 
vulnera ...)
+       TODO: check
+CVE-2023-42813 (Kyverno is a policy engine designed for Kubernetes. A security 
vulnera ...)
+       TODO: check
+CVE-2023-42480 (The unauthenticated attacker in NetWeaver AS Java Logon 
application -  ...)
+       TODO: check
+CVE-2023-42327 (Cross Site Scripting (XSS) vulnerability in Netgate pfSense 
v.2.7.0 al ...)
+       TODO: check
+CVE-2023-42326 (An issue in Netgate pfSense v.2.7.0 allows a remote attacker 
to execut ...)
+       TODO: check
+CVE-2023-42325 (Cross Site Scripting (XSS) vulnerability in Netgate pfSense 
v.2.7.0 al ...)
+       TODO: check
+CVE-2023-41366 (Under certain condition SAP NetWeaver Application Server ABAP 
- versio ...)
+       TODO: check
+CVE-2023-31754 (Optimizely CMS UI before v12.16.0 was discovered to contain a 
cross-si ...)
+       TODO: check
+CVE-2023-31403 (SAP Business One installation - version 10.0, does not perform 
proper  ...)
+       TODO: check
 CVE-2023-6104
        REJECTED
 CVE-2023-6103 (A vulnerability has been found in Intelbras RX 1500 1.1.9 and 
classifi ...)
@@ -203,6 +327,7 @@ CVE-2023-39295 (An OS command injection vulnerability has 
been reported to affec
 CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-5870
+       {DSA-5554-1 DSA-5553-1}
        - postgresql-16 16.1-1
        - postgresql-15 <unfixed>
        - postgresql-13 <removed>
@@ -210,6 +335,7 @@ CVE-2023-5870
        NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/
        NOTE: 
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
 CVE-2023-5869
+       {DSA-5554-1 DSA-5553-1}
        - postgresql-16 16.1-1
        - postgresql-15 <unfixed>
        - postgresql-13 <removed>
@@ -217,6 +343,7 @@ CVE-2023-5869
        NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/
        NOTE: 
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
 CVE-2023-5868
+       {DSA-5554-1 DSA-5553-1}
        - postgresql-16 16.1-1
        - postgresql-15 <unfixed>
        - postgresql-13 <removed>
@@ -14383,6 +14510,7 @@ CVE-2023-32561 (A previously generated artifact by an 
administrator could be acc
 CVE-2023-32560 (An attacker can send a specially crafted message to the 
Wavelink Avala ...)
        NOT-FOR-US: Ivanti
 CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the 
MERGE comm ...)
+       {DSA-5553-1}
        - postgresql-15 15.4-1
        - postgresql-13 <not-affected> (Only affects 15.x)
        - postgresql-11 <not-affected> (Only affects 15.x)
@@ -14390,7 +14518,7 @@ CVE-2023-39418 (A vulnerability was found in PostgreSQL 
with the use of the MERG
        NOTE: 
https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/
        NOTE: 
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
 (REL_15_4)
 CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was 
found in Po ...)
-       {DLA-3600-1}
+       {DSA-5554-1 DSA-5553-1 DLA-3600-1}
        - postgresql-15 15.4-1
        - postgresql-13 <removed>
        - postgresql-11 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d71169025a70b0a73ec8a2f619fd268d2f4c8e16

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d71169025a70b0a73ec8a2f619fd268d2f4c8e16
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to