[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 01 Dec 2023 12:12:44 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9a1bf453 by security tracker role at 2023-12-01T20:11:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-6461 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
viliusle/m ...)
+       TODO: check
+CVE-2023-6449 (The Contact Form 7 plugin for WordPress is vulnerable to 
arbitrary fil ...)
+       TODO: check
+CVE-2023-5637 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Arsla ...)
+       TODO: check
+CVE-2023-5636 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Arsla ...)
+       TODO: check
+CVE-2023-5635 (Improper Protection for Outbound Error Messages and Alert 
Signals vuln ...)
+       TODO: check
+CVE-2023-5634 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
+       TODO: check
+CVE-2023-5427 (A local non-privileged user can make improper GPU processing 
operation ...)
+       TODO: check
+CVE-2023-4518 (A vulnerability exists in the input validation of the GOOSE  
messages  ...)
+       TODO: check
+CVE-2023-49371 (RuoYi up to v4.6 was discovered to contain a SQL injection 
vulnerabili ...)
+       TODO: check
+CVE-2023-48893 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is 
vulnerable ...)
+       TODO: check
+CVE-2023-48842 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a 
command in ...)
+       TODO: check
+CVE-2023-48813 (Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is 
vulnerab ...)
+       TODO: check
+CVE-2023-45168 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged 
local user ...)
+       TODO: check
+CVE-2023-43015 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site scr ...)
+       TODO: check
+CVE-2023-42006 (IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 
could a ...)
+       TODO: check
+CVE-2023-38268 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site req ...)
+       TODO: check
 CVE-2023-6396
        - gitlab <not-affected> (Specific to EE)
 CVE-2023-6442 (A vulnerability was found in PHPGurukul Nipah Virus Testing 
Management ...)
@@ -87,7 +119,7 @@ CVE-2023-39226 (In Delta Electronics InfraSuite Device 
Master v.1.0.7, a vulnera
        NOT-FOR-US: Delta Electronics
 CVE-2023-6439 (A vulnerability classified as problematic was found in ZenTao 
PMS 18.8 ...)
        NOT-FOR-US: ZenTao PMS
-CVE-2023-6438 (A vulnerability classified as problematic has been found in 
IceCMS 2.0 ...)
+CVE-2023-6438 (A vulnerability classified as problematic has been found in 
Thecosy Ic ...)
        NOT-FOR-US: IceCMS
 CVE-2023-6435 (A vulnerability has been discovered in BigProf Online Invoicing 
System ...)
        NOT-FOR-US: BigProf Online Invoicing System
@@ -36273,10 +36305,10 @@ CVE-2023-28898
        RESERVED
 CVE-2023-28897
        RESERVED
-CVE-2023-28896
-       RESERVED
-CVE-2023-28895
-       RESERVED
+CVE-2023-28896 (Access to critical Unified Diagnostics Services (UDS) of the 
Modular I ...)
+       TODO: check
+CVE-2023-28895 (The password for access to the debugging console of the PoWer 
Controll ...)
+       TODO: check
 CVE-2023-28894
        RESERVED
 CVE-2023-28893
@@ -45158,8 +45190,8 @@ CVE-2023-26026 (Planning Analytics Cartridge for Cloud 
Pak for Data 4.0 exposes
        NOT-FOR-US: IBM
 CVE-2023-26025
        RESERVED
-CVE-2023-26024
-       RESERVED
+CVE-2023-26024 (IBM Planning Analytics on Cloud Pak for Data 4.0 could allow 
an attack ...)
+       TODO: check
 CVE-2023-26023 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 
exposes sensit ...)
        NOT-FOR-US: IBM
 CVE-2023-26022 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect 
Server) is v ...)
@@ -50346,7 +50378,7 @@ CVE-2023-24417 (Cross-Site Request Forgery (CSRF) 
vulnerability in tiggersWelt.N
        NOT-FOR-US: WordPress plugin
 CVE-2023-24416
        RESERVED
-CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in 
QuantumCloud ChatBo ...)
+CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in 
QuantumCloud AI Cha ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft 
Photo Gall ...)
        NOT-FOR-US: WordPress plugin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1bf45363d7a916a045437a8760f5ef1b37cb70

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1bf45363d7a916a045437a8760f5ef1b37cb70
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to