[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 26 Oct 2023 01:12:31 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
187ebf7f by security tracker role at 2023-10-26T08:12:11+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-5139 (Potential buffer overflow vulnerability at the following 
location in t ...)
+       TODO: check
+CVE-2023-46754 (The admin panel for Obl.ong before 1.1.2 allows authorization 
bypass b ...)
+       TODO: check
+CVE-2023-46753 (An issue was discovered in FRRouting FRR through 9.0.1. A 
crash can oc ...)
+       TODO: check
+CVE-2023-46752 (An issue was discovered in FRRouting FRR through 9.0.1. It 
mishandles  ...)
+       TODO: check
+CVE-2023-46668 (If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a 
non-defa ...)
+       TODO: check
+CVE-2023-46667 (An issue was discovered in Fleet Server >= v8.10.0 and < 
v8.10.3 where ...)
+       TODO: check
+CVE-2023-46584 (SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " 
Testing  ...)
+       TODO: check
+CVE-2023-46583 (Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah 
virus (Ni ...)
+       TODO: check
+CVE-2023-46345 (Catdoc v0.95 was discovered to contain a NULL pointer 
dereference via  ...)
+       TODO: check
+CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior 
to versio ...)
+       TODO: check
+CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, 
a layer ...)
+       TODO: check
+CVE-2023-46137 (Twisted is an event-based framework for internet applications. 
Prior t ...)
+       TODO: check
+CVE-2023-46134 (D-Tale is the combination of a Flask back-end and a React 
front-end to ...)
+       TODO: check
+CVE-2023-46133 (CryptoES is a cryptography algorithms library compatible with 
ES6 and  ...)
+       TODO: check
+CVE-2023-45137 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
+CVE-2023-43906 (Xolo CMS v0.11 was discovered to contain a reflected 
cross-site script ...)
+       TODO: check
+CVE-2023-43905 (Incorrect access control in writercms v1.1.0 allows attackers 
to direc ...)
+       TODO: check
+CVE-2023-38849 (An issue in tire-sales Line v.13.6.1 allows a remote attacker 
to obtai ...)
+       TODO: check
+CVE-2023-38848 (An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote 
attacker ...)
+       TODO: check
+CVE-2023-38847 (An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote 
attacker to  ...)
+       TODO: check
+CVE-2023-38846 (An issue in Marbre Lapin Line v.13.6.1 allows a remote 
attacker to obt ...)
+       TODO: check
+CVE-2023-38845 (An issue in Anglaise Company Anglaise.Company v.13.6.1 allows 
a remote ...)
+       TODO: check
+CVE-2023-31422 (An issue was discovered by Elastic whereby sensitive 
information is re ...)
+       TODO: check
+CVE-2023-31421 (It was discovered that when acting as TLS clients, Beats, 
Elastic Agen ...)
+       TODO: check
 CVE-2023-45872
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2246067
        TODO: check, seems to only affect a r0 version of qtsvg
@@ -2767,7 +2815,7 @@ CVE-2023-44995 (Cross-Site Request Forgery (CSRF) 
vulnerability in WP Doctor Woo
        NOT-FOR-US: WordPress plugin
 CVE-2023-44994 (Cross-Site Request Forgery (CSRF) vulnerability in Bainternet 
ShortCod ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-44763 (Concrete CMS v9.2.1 is affected by Arbitrary File Upload 
vulnerability ...)
+CVE-2023-44763 (Concrete CMS v9.2.1 is affected by an Arbitrary File Upload 
vulnerabil ...)
        NOT-FOR-US: Concrete CMS
 CVE-2023-44476 (Cross-Site Request Forgery (CSRF) vulnerability in Andres 
Felipe Perea ...)
        NOT-FOR-US: WordPress plugin
@@ -5933,7 +5981,7 @@ CVE-2023-3628
        NOT-FOR-US: Infinispan
 CVE-2023-5104 (Improper Input Validation in GitHub repository nocodb/nocodb 
prior to  ...)
        NOT-FOR-US: nocodb
-CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a liteos-a kernel may 
crash c ...)
+CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a system call function 
usage  ...)
        NOT-FOR-US: OpenHarmony
 CVE-2023-43637 (Due to the implementation of "deriveVaultKey", prior to 
version 7.10,  ...)
        NOT-FOR-US: EVE OS
@@ -24001,12 +24049,12 @@ CVE-2023-30971
        RESERVED
 CVE-2023-30970
        RESERVED
-CVE-2023-30969
-       RESERVED
+CVE-2023-30969 (The Palantir Tiles1 service was  found to be vulnerable to an 
API wide ...)
+       TODO: check
 CVE-2023-30968
        RESERVED
-CVE-2023-30967
-       RESERVED
+CVE-2023-30967 (Gotham Orbital-Simulator service prior to 0.692.0 was found to 
be vuln ...)
+       TODO: check
 CVE-2023-30966
        RESERVED
 CVE-2023-30965



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/187ebf7fa5baff64b4548b4da36a0890be8ac848

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/187ebf7fa5baff64b4548b4da36a0890be8ac848
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to