Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b126ab86 by security tracker role at 2023-11-17T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any
file on t ...)
+ TODO: check
+CVE-2023-6014 (An attacker is able to arbitrarily create an account in MLflow
bypassi ...)
+ TODO: check
+CVE-2023-48659 (An issue was discovered in MISP before 2.4.176.
app/Controller/AppCont ...)
+ TODO: check
+CVE-2023-48658 (An issue was discovered in MISP before 2.4.176.
app/Model/AppModel.php ...)
+ TODO: check
+CVE-2023-48657 (An issue was discovered in MISP before 2.4.176.
app/Model/AppModel.php ...)
+ TODO: check
+CVE-2023-48656 (An issue was discovered in MISP before 2.4.176.
app/Model/AppModel.php ...)
+ TODO: check
+CVE-2023-48655 (An issue was discovered in MISP before 2.4.176.
app/Controller/Compone ...)
+ TODO: check
+CVE-2023-48649 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored
XSS on t ...)
+ TODO: check
+CVE-2023-48648 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows
unauthorized ac ...)
+ TODO: check
+CVE-2023-48237 (Vim is an open source command line text editor. In affected
versions w ...)
+ TODO: check
+CVE-2023-48236 (Vim is an open source command line text editor. When using the
z= comm ...)
+ TODO: check
+CVE-2023-48235 (Vim is an open source command line text editor. When parsing
relative ...)
+ TODO: check
+CVE-2023-48234 (Vim is an open source command line text editor. When getting
the count ...)
+ TODO: check
+CVE-2023-48233 (Vim is an open source command line text editor. If the count
after the ...)
+ TODO: check
+CVE-2023-48232 (Vim is an open source command line text editor. A floating
point excep ...)
+ TODO: check
+CVE-2023-48231 (Vim is an open source command line text editor. When closing a
window, ...)
+ TODO: check
+CVE-2023-48222 (Rundeck is an open source automation service with a web
console, comma ...)
+ TODO: check
+CVE-2023-48078 (SQL Injection vulnerability in add.php in Simple CRUD
Functionality v1 ...)
+ TODO: check
+CVE-2023-48031 (OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of
File with ...)
+ TODO: check
+CVE-2023-47797 (Reflected cross-site scripting (XSS) vulnerability on a
content page\u ...)
+ TODO: check
+CVE-2023-47688 (Cross-Site Request Forgery (CSRF) vulnerability in Alexufo
Youtube Spe ...)
+ TODO: check
+CVE-2023-47687 (Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech
Woo Cust ...)
+ TODO: check
+CVE-2023-47686 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs
Arigato ...)
+ TODO: check
+CVE-2023-47675 (CubeCart prior to 6.5.3 allows a remote authenticated attacker
with an ...)
+ TODO: check
+CVE-2023-47642 (Zulip is an open-source team collaboration tool. It was
discovered by ...)
+ TODO: check
+CVE-2023-47283 (Directory traversal vulnerability in CubeCart prior to 6.5.3
allows a ...)
+ TODO: check
+CVE-2023-47112 (Rundeck is an open source automation service with a web
console, comma ...)
+ TODO: check
+CVE-2023-47025 (An issue in Free5gc v.3.3.0 allows a local attacker to cause a
denial ...)
+ TODO: check
+CVE-2023-46214 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk
Enterprise ...)
+ TODO: check
+CVE-2023-46213 (In Splunk Enterprise versions below 9.0.7 and 9.1.2,
ineffective escap ...)
+ TODO: check
+CVE-2023-45387 (In the module "Product Catalog (CSV, Excel, XML) Export PRO"
(exportpr ...)
+ TODO: check
+CVE-2023-45382 (In the module "SoNice Retour" (sonice_retour) up to version
2.1.0 from ...)
+ TODO: check
+CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3
allows a ...)
+ TODO: check
+CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS
before versio ...)
+ TODO: check
+CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS
before versio ...)
+ TODO: check
+CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of
OpenNMS ...)
+ TODO: check
+CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
+ TODO: check
+CVE-2023-39547 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
+ TODO: check
+CVE-2023-39546 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
+ TODO: check
+CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
+ TODO: check
+CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and
earlier, ...)
+ TODO: check
+CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
+ TODO: check
+CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
+ TODO: check
+CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
+ TODO: check
+CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
+ TODO: check
+CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
+ TODO: check
+CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before
version 10.1. ...)
+ TODO: check
+CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before
10.1.2. it ha ...)
+ TODO: check
+CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart
prior to 6 ...)
+ TODO: check
CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel
API for ...)
- linux 6.5.6-1
[bookworm] - linux 6.1.55-1
@@ -1225,7 +1323,7 @@ CVE-2023-5868
NOTE:
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
CVE-2023-6073 (Attacker can perform a Denial of Service attack to crash the
ICAS 3 IV ...)
NOT-FOR-US: Volkswagen
-CVE-2023-6069 (Improper Input Validation in GitHub repository froxlor/froxlor
prior t ...)
+CVE-2023-6069 (Improper Link Resolution Before File Access in GitHub
repository froxl ...)
- froxlor <itp> (bug #581792)
CVE-2023-5954 (HashiCorp Vault and Vault Enterprise inbound client requests
triggerin ...)
NOT-FOR-US: HashiCorp Vault
@@ -2653,9 +2751,9 @@ CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in
GitHub repository pkp/pkp-
NOT-FOR-US: pkp-lib
CVE-2023-5902 (Cross-Site Request Forgery (CSRF) in GitHub repository
pkp/pkp-lib pri ...)
NOT-FOR-US: pkp-lib
-CVE-2023-5901 (Unrestricted Upload of File with Dangerous Type in GitHub
repository p ...)
+CVE-2023-5901 (Cross-site Scripting in GitHub repository pkp/pkp-lib prior to
3.3.0-1 ...)
NOT-FOR-US: pkp-lib
-CVE-2023-5900 (Missing Authorization in GitHub repository pkp/pkp-lib prior to
3.3.0- ...)
+CVE-2023-5900 (Cross-Site Request Forgery in GitHub repository pkp/pkp-lib
prior to 3 ...)
NOT-FOR-US: pkp-lib
CVE-2023-5899 (Cross-Site Request Forgery (CSRF) in GitHub repository
pkp/pkp-lib pri ...)
NOT-FOR-US: pkp-lib
@@ -3754,6 +3852,7 @@ CVE-2023-42856 (The issue was addressed with improved
memory handling. This issu
CVE-2023-42854 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
CVE-2023-42852 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ {DSA-5557-1}
- webkit2gtk 2.42.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.2-1
@@ -3799,6 +3898,7 @@ CVE-2023-41989 (The issue was addressed by restricting
options offered on a lock
CVE-2023-41988 (This issue was addressed by restricting options offered on a
locked de ...)
NOT-FOR-US: Apple
CVE-2023-41983 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-5557-1}
- webkit2gtk 2.42.2-1
[buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
- wpewebkit 2.42.2-1
@@ -15166,7 +15266,7 @@ CVE-2023-40253 (Improper Authentication vulnerability
in Genians Genian NAC V4.0
NOT-FOR-US: Genians
CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi
before 5.1.0 ...)
NOT-FOR-US: ArchiMate Archi
-CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.)
+CVE-2023-40224 (MISP 2.4.174 allows XSS in app/View/Events/index.ctp.)
NOT-FOR-US: MISP
CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract
developm ...)
NOT-FOR-US: OpenZeppelin Contracts
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b126ab86f5cf00fcf466d7c6027f1644fa3c58e2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b126ab86f5cf00fcf466d7c6027f1644fa3c58e2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
