[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 01 Nov 2023 01:12:31 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1c89f7ce by security tracker role at 2023-11-01T08:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pkp/pkp-lib p ...)
+       TODO: check
+CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pkp/pkp-lib p ...)
+       TODO: check
+CVE-2023-5902 (Cross-Site Request Forgery (CSRF) in GitHub repository 
pkp/pkp-lib pri ...)
+       TODO: check
+CVE-2023-5901 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository p ...)
+       TODO: check
+CVE-2023-5900 (Missing Authorization in GitHub repository pkp/pkp-lib prior to 
3.3.0- ...)
+       TODO: check
+CVE-2023-5899 (Cross-Site Request Forgery (CSRF) in GitHub repository 
pkp/pkp-lib pri ...)
+       TODO: check
+CVE-2023-5898 (Cross-Site Request Forgery (CSRF) in GitHub repository 
pkp/pkp-lib pri ...)
+       TODO: check
+CVE-2023-5897 (Cross-Site Request Forgery (CSRF) in GitHub repository 
pkp/customLocal ...)
+       TODO: check
+CVE-2023-5896 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pkp/pkp-lib p ...)
+       TODO: check
+CVE-2023-5895 (Cross-site Scripting (XSS) - DOM in GitHub repository 
pkp/pkp-lib prio ...)
+       TODO: check
+CVE-2023-5894 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pkp/ojs prior ...)
+       TODO: check
+CVE-2023-5893 (Cross-Site Request Forgery (CSRF) in GitHub repository 
pkp/pkp-lib pri ...)
+       TODO: check
+CVE-2023-5892 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pkp/pkp-lib p ...)
+       TODO: check
+CVE-2023-5891 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
pkp/pkp-li ...)
+       TODO: check
+CVE-2023-5890 (Cross-site Scripting (XSS) - Stored in GitHub repository 
pkp/pkp-lib p ...)
+       TODO: check
+CVE-2023-5889 (Insufficient Session Expiration in GitHub repository 
pkp/pkp-lib prior ...)
+       TODO: check
+CVE-2023-5516 (Poorly constructed webap requests and URI components with 
special char ...)
+       TODO: check
+CVE-2023-5515 (The responses for web queries with certain parameters disclose 
interna ...)
+       TODO: check
+CVE-2023-5514 (The response messages received from the eSOMS report generation 
using  ...)
+       TODO: check
+CVE-2023-5306 (Online Blood Donation Management System v1.0 is vulnerable to 
multiple ...)
+       TODO: check
+CVE-2023-4198 (Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows 
an unaut ...)
+       TODO: check
+CVE-2023-4197 (Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails 
to stri ...)
+       TODO: check
+CVE-2023-47099 (An issue was discovered in Virtualmin 7.7. The Create Virtual 
Server f ...)
+       TODO: check
+CVE-2023-47098 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2023-47097 (An issue was discovered in Virtualmin 7.7. The Server 
Templates featur ...)
+       TODO: check
+CVE-2023-47096 (An issue was discovered in Virtualmin 7.7. The Cloudmin 
Services Clien ...)
+       TODO: check
+CVE-2023-47095 (An issue was discovered in Virtualmin 7.7. The Custom Fields 
feature o ...)
+       TODO: check
+CVE-2023-47094 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2023-46485 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a 
remote att ...)
+       TODO: check
+CVE-2023-46484 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a 
remote att ...)
+       TODO: check
+CVE-2023-46378 (Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 
1.1.1 allow ...)
+       TODO: check
+CVE-2023-46278 (Uncontrolled resource consumption vulnerability in Cybozu 
Remote Servi ...)
+       TODO: check
+CVE-2023-44486 (Online Blood Donation Management System v1.0 is vulnerable to 
multiple ...)
+       TODO: check
+CVE-2023-44485 (Online Blood Donation Management System v1.0 is vulnerable to 
multiple ...)
+       TODO: check
+CVE-2023-44484 (Online Blood Donation Management System v1.0 is vulnerable to 
multiple ...)
+       TODO: check
+CVE-2023-43295 (Cross Site Request Forgery vulnerability in Click Studios (SA) 
Pty Ltd ...)
+       TODO: check
+CVE-2023-39695 (Insufficient session expiration in Elenos ETG150 FM 
Transmitter v3.12  ...)
+       TODO: check
+CVE-2023-39610 (An issue in TP-Link Tapo C100 v1.1.15 Build 211130 
Rel.15378n(4555) an ...)
+       TODO: check
+CVE-2023-37833 (Improper access control in Elenos ETG150 FM transmitter v3.12 
allows a ...)
+       TODO: check
+CVE-2023-2622 (Authenticated clients can read arbitrary files on the MAIN 
Computer sy ...)
+       TODO: check
+CVE-2023-2621 (The McFeeder server (distributed as part of SSW package), is 
susceptib ...)
+       TODO: check
 CVE-2023-5859
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
@@ -154,7 +236,8 @@ CVE-2023-42658 (Archive command in Chef InSpec prior to 
4.56.58 and 5.22.29 allo
        TODO: check
 CVE-2023-42425 (An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows 
remote at ...)
        TODO: check
-CVE-2023-41377 (.)
+CVE-2023-41377
+       REJECTED
        TODO: check
 CVE-2023-40681 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Grou ...)
        TODO: check
@@ -2132,7 +2215,7 @@ CVE-2023-46042 (An issue in GetSimpleCMS v.3.4.0a allows 
a remote attacker to ex
        NOT-FOR-US: GetSimpleCMS
 CVE-2023-46033 (D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U 
N150 ADSL ...)
        NOT-FOR-US: D-Link
-CVE-2023-45992 (Cross Site Scripting vulnerability in Ruckus Wireless 
(CommScope) Ruck ...)
+CVE-2023-45992 (A vulnerability in the web-based interface of the RUCKUS 
Cloudpath pro ...)
        NOT-FOR-US: Ruckus
 CVE-2023-45883 (A privilege escalation vulnerability exists within the Qumu 
Multicast  ...)
        NOT-FOR-US: Qumu Multicast Extension
@@ -7757,7 +7840,8 @@ CVE-2023-4785 (Lack of error handling in the TCP server 
in Google's gRPC startin
        NOTE: https://github.com/grpc/grpc/pull/33669
        NOTE: https://github.com/grpc/grpc/pull/33670
        NOTE: https://github.com/grpc/grpc/pull/33672
-CVE-2023-4701 (A Improper Privilege Management vulnerability through an 
incorrect use ...)
+CVE-2023-4701
+       REJECTED
        NOT-FOR-US: CodeMeter Runtime
 CVE-2023-42469 (The com.full.dialer.top.secure.encrypted application through 
1.0.1 for ...)
        NOT-FOR-US: com.full.dialer.top.secure.encrypted application
@@ -10941,11 +11025,11 @@ CVE-2023-3893
        - kubernetes 1.20.5+really1.20.2-1
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1, 
marking that as fixed version
        NOTE: The source package itself it still vulnerable, but custom 
rebuilds are not really a usecase here
-CVE-2023-3955
+CVE-2023-3955 (A security issue was discovered in Kubernetes where a user  
that can c ...)
        - kubernetes 1.20.5+really1.20.2-1
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1, 
marking that as fixed version
        NOTE: The source package itself it still vulnerable, but custom 
rebuilds are not really a usecase here
-CVE-2023-3676
+CVE-2023-3676 (A security issue was discovered in Kubernetes where a user  
that can c ...)
        - kubernetes 1.20.5+really1.20.2-1
        NOTE: Server components no longer built since 1.20.5+really1.20.2-1, 
marking that as fixed version
        NOTE: The source package itself it still vulnerable, but custom 
rebuilds are not really a usecase here
@@ -65520,8 +65604,7 @@ CVE-2023-20888 (Aria Operations for Networks contains 
an authenticated deseriali
        NOT-FOR-US: VMware
 CVE-2023-20887 (Aria Operations for Networks contains a command injection 
vulnerabilit ...)
        NOT-FOR-US: VMware
-CVE-2023-20886
-       RESERVED
+CVE-2023-20886 (VMware Workspace ONE UEM console contains an open redirect 
vulnerabili ...)
        NOT-FOR-US: VMware
 CVE-2023-20885 (Vulnerability in Cloud Foundry Notifications, Cloud Foundry 
SMB-volume ...)
        NOT-FOR-US: Cloud foundry
@@ -125242,7 +125325,7 @@ CVE-2022-24229 (A cross-site scripting (XSS) 
vulnerability in ONLYOFFICE Documen
        NOT-FOR-US: ONLYOFFICE
 CVE-2022-24228
        RESERVED
-CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 
allows at ...)
+CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 
and v 8.0 ...)
        NOT-FOR-US: BoltWire
 CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a 
blind SQL  ...)
        NOT-FOR-US: Hospital Management System



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c89f7ceaa1fed216bca824db193e7055cf26796

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c89f7ceaa1fed216bca824db193e7055cf26796
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to