Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
573070b7 by security tracker role at 2023-12-07T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,99 @@
+CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository
mlflow/mlf ...)
+ TODO: check
+CVE-2023-6566 (Business Logic Errors in GitHub repository
microweber/microweber prior ...)
+ TODO: check
+CVE-2023-5761 (The Burst Statistics \u2013 Privacy-Friendly Analytics for
WordPress p ...)
+ TODO: check
+CVE-2023-5714 (The System Dashboard plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5713 (The System Dashboard plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5712 (The System Dashboard plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5711 (The System Dashboard plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access
Point pro ...)
+ TODO: check
+CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows
local at ...)
+ TODO: check
+CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a
post-authentication ...)
+ TODO: check
+CVE-2023-48841 (Appointment Scheduler 3.0 is vulnerable to CSV Injection via a
Languag ...)
+ TODO: check
+CVE-2023-48840 (A lack of rate limiting in pjActionAjaxSend in Appointment
Scheduler 3 ...)
+ TODO: check
+CVE-2023-48839 (Appointment Scheduler 3.0 is vulnerable to Multiple Stored
Cross-Site ...)
+ TODO: check
+CVE-2023-48838 (Appointment Scheduler 3.0 is vulnerable to Multiple HTML
Injection iss ...)
+ TODO: check
+CVE-2023-48837 (Car Rental Script 3.0 is vulnerable to Multiple HTML Injection
issues ...)
+ TODO: check
+CVE-2023-48836 (Car Rental Script 3.0 is vulnerable to Multiple Stored
Cross-Site Scri ...)
+ TODO: check
+CVE-2023-48835 (Car Rental Script v3.0 is vulnerable to CSV Injection via a
Language > ...)
+ TODO: check
+CVE-2023-48834 (A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0
allows ...)
+ TODO: check
+CVE-2023-48833 (A lack of rate limiting in pjActionAJaxSend in Time Slots
Booking Cale ...)
+ TODO: check
+CVE-2023-48831 (A lack of rate limiting in pjActionAJaxSend in Availability
Booking Ca ...)
+ TODO: check
+CVE-2023-48830 (Shuttle Booking Software 2.0 is vulnerable to CSV Injection in
the Lan ...)
+ TODO: check
+CVE-2023-48828 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple
Stored Cross ...)
+ TODO: check
+CVE-2023-48827 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML
Injecti ...)
+ TODO: check
+CVE-2023-48826 (Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection
via the ...)
+ TODO: check
+CVE-2023-48825 (Availability Booking Calendar 5.0 is vulnerable to Multiple
HTML Injec ...)
+ TODO: check
+CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site
Scripting (X ...)
+ TODO: check
+CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier
Manageme ...)
+ TODO: check
+CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking
Calendar ...)
+ TODO: check
+CVE-2023-48207 (Availability Booking Calendar 5.0 allows CSV injection via the
unique ...)
+ TODO: check
+CVE-2023-48206 (A Cross Site Scripting (XSS) vulnerability in GaatiTrack
Courier Manag ...)
+ TODO: check
+CVE-2023-48205 (Jorani Leave Management System 1.0.2 allows a remote attacker
to spoof ...)
+ TODO: check
+CVE-2023-48172 (A Cross Site Scripting (XSS) vulnerability in Shuttle Booking
Software ...)
+ TODO: check
+CVE-2023-46916 (Maxima Max Pro Power 1.0 486A devices allow BLE traffic
replay. An att ...)
+ TODO: check
+CVE-2023-46354 (In the module "Orders (CSV, Excel) Export PRO" (ordersexport)
< 5.2.0 ...)
+ TODO: check
+CVE-2023-46353 (In the module "Product Tag Icons Pro" (ticons) before 1.8.4
from MyPre ...)
+ TODO: check
+CVE-2023-46307 (An issue was discovered in server.js in etcd-browser
87ae63d75260. By ...)
+ TODO: check
+CVE-2023-43304 (An issue in PARK DANDAN mini-app on Line v13.6.1 allows
attackers to s ...)
+ TODO: check
+CVE-2023-43303 (An issue in craftbeer bar canvas mini-app on Line v13.6.1
allows attac ...)
+ TODO: check
+CVE-2023-43302 (An issue in sanTas mini-app on Line v13.6.1 allows attackers
to send c ...)
+ TODO: check
+CVE-2023-43301 (An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows
attackers ...)
+ TODO: check
+CVE-2023-43300 (An issue in urban_project mini-app on Line v13.6.1 allows
attackers to ...)
+ TODO: check
+CVE-2023-43299 (An issue in DA BUTCHERS mini-app on Line v13.6.1 allows
attackers to s ...)
+ TODO: check
+CVE-2023-43298 (An issue in SCOL Members Card mini-app on Line v13.6.1 allows
attacker ...)
+ TODO: check
+CVE-2023-43103 (An XSS issue was discovered in a web endpoint in Zimbra
Collaboration ...)
+ TODO: check
+CVE-2023-43102 (An issue was discovered in Zimbra Collaboration (ZCS) before
10.0.4. A ...)
+ TODO: check
+CVE-2023-41106 (An issue was discovered in Zimbra Collaboration (ZCS) before
10.0.3. A ...)
+ TODO: check
+CVE-2023-40238 (A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde
InsydeH2O w ...)
+ TODO: check
CVE-2023-6560 [io_uring out of boundary memory access in __io_uaddr_map()]
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -69,7 +165,7 @@ CVE-2023-34439 (Pleasanter 1.3.47.0 and earlier contains a
stored cross-site scr
NOT-FOR-US: Pleasanter
CVE-2023-32268 (Exposure of Proxy Administrator Credentials An authenticated
administ ...)
NOT-FOR-US: Microfocus
-CVE-2023-46218 [curl: cookie mixed case PSL bypass]
+CVE-2023-46218 (This flaw allows a malicious HTTP server to set "super
cookies" in cur ...)
- curl 8.5.0-1 (bug #1057646)
NOTE: Introduced by:
https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465
(curl-7_46_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb
(curl-8_5_0)
@@ -2498,7 +2594,7 @@ CVE-2023-5764 [internal templating can cause unsafe
variables to lose their unsa
NOTE: https://github.com/ansible/ansible/pull/82293 (stable-2.16)
NOTE: https://github.com/ansible/ansible/pull/82294 (stable-2.15)
NOTE: https://github.com/ansible/ansible/pull/82295 (stable-2.14)
-CVE-2023-41913
+CVE-2023-41913 (strongSwan before 5.9.12 has a buffer overflow and possible
unauthenti ...)
{DSA-5560-1 DLA-3663-1}
- strongswan 5.9.12-1
NOTE:
https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html
@@ -4320,7 +4416,7 @@ CVE-2023-34033 (Cross-Site Request Forgery (CSRF)
vulnerability in Malinky Ajax
NOT-FOR-US: WordPress plugin
CVE-2023-34002 (Cross-Site Request Forgery (CSRF) vulnerability in WP
Inventory Manage ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-46857
+CVE-2023-46857 (Squidex before 7.9.0 allows XSS via an SVG document to the
Upload Asse ...)
NOT-FOR-US: Squidex
CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers
to acces ...)
NOT-FOR-US: Lenovo
@@ -10268,13 +10364,13 @@ CVE-2023-44770 (A Cross-Site Scripting (XSS)
vulnerability in Zenario CMS v.9.4.
NOT-FOR-US: Zenario CMS
CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
+CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
versions 8. ...)
NOT-FOR-US: Concrete CMS
CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
v.9.2.1 all ...)
NOT-FOR-US: Concrete CMS
CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS
from versio ...)
NOT-FOR-US: Concrete CMS
-CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in
Concrete CMS v. ...)
+CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in
Concrete CMS ve ...)
NOT-FOR-US: Concrete CMS
CVE-2023-44758 (GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS)
vulnerabil ...)
NOT-FOR-US: GDidees CMS
@@ -23523,7 +23619,7 @@ CVE-2023-36459 (Mastodon is a free, open-source social
network server based on A
- mastodon <itp> (bug #859741)
CVE-2023-36456 (authentik is an open-source Identity Provider. Prior to
versions 2023. ...)
NOT-FOR-US: authentik
-CVE-2023-36189 (SQL injection vulnerability in langchain v.0.0.64 allows a
remote atta ...)
+CVE-2023-36189 (SQL injection vulnerability in langchain before v0.0.247
allows a remo ...)
NOT-FOR-US: langchain
CVE-2023-36188 (An issue in langchain v.0.0.64 allows a remote attacker to
execute arb ...)
NOT-FOR-US: langchain
@@ -25860,7 +25956,7 @@ CVE-2023-34609 (An issue was discovered flexjson thru
3.3 allows attackers to ca
NOT-FOR-US: flexjson
CVE-2023-34585
REJECTED
-CVE-2023-34540 (Langchain 0.0.171 is vulnerable to Arbitrary Code Execution.
This is r ...)
+CVE-2023-34540 (An issue discovered in Langchain before 0.0.225 allows
attacker to run ...)
NOT-FOR-US: Langchain
CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking
attack. The v ...)
NOT-FOR-US: Microsoft
@@ -40529,8 +40625,8 @@ CVE-2023-28019 (Insufficient validation in Bigfix WebUI
API App site version < 1
NOT-FOR-US: HCL
CVE-2023-28018
RESERVED
-CVE-2023-28017
- RESERVED
+CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack
where a ...)
+ TODO: check
CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare
Metal S ...)
NOT-FOR-US: HCL
CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a
User Accoun ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/573070b7b818e68e196aafdde8677ead9e395df7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/573070b7b818e68e196aafdde8677ead9e395df7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
