[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 13 Oct 2023 13:13:12 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2c239785 by security tracker role at 2023-10-13T20:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,95 @@
+CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub 
reposit ...)
+       TODO: check
+CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository 
vriteio/vrite  ...)
+       TODO: check
+CVE-2023-5571 (Improper Input Validation in GitHub repository vriteio/vrite 
prior to  ...)
+       TODO: check
+CVE-2023-5449 (A potential security vulnerability has been identified in 
certain HP D ...)
+       TODO: check
+CVE-2023-5409 (HP is aware of a potential security vulnerability in HP t430 
and t638  ...)
+       TODO: check
+CVE-2023-5240 (Improper access control in PAM propagation scripts in 
Devolutions Serv ...)
+       TODO: check
+CVE-2023-4995 (The Embed Calendly plugin for WordPress is vulnerable to Stored 
Cross- ...)
+       TODO: check
+CVE-2023-4829 (Cross-site Scripting (XSS) - Stored in GitHub repository 
froxlor/froxl ...)
+       TODO: check
+CVE-2023-4517 (Cross-site Scripting (XSS) - Stored in GitHub repository 
hestiacp/hest ...)
+       TODO: check
+CVE-2023-4499 (A potential security vulnerability has been identified in the 
HP ThinU ...)
+       TODO: check
+CVE-2023-45468 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer 
overflow via ...)
+       TODO: check
+CVE-2023-45467 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command 
injection v ...)
+       TODO: check
+CVE-2023-45466 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command 
injection v ...)
+       TODO: check
+CVE-2023-45465 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command 
injection v ...)
+       TODO: check
+CVE-2023-45464 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer 
overflow via ...)
+       TODO: check
+CVE-2023-45463 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer 
overflow via ...)
+       TODO: check
+CVE-2023-45393 (An indirect object reference (IDOR) in GRANDING UTime Master 
v9.0.7-Bu ...)
+       TODO: check
+CVE-2023-45391 (A stored cross-site scripting (XSS) vulnerability in the 
Create A New  ...)
+       TODO: check
+CVE-2023-45276 (Cross-Site Request Forgery (CSRF) vulnerability in 
automatededitor.Com ...)
+       TODO: check
+CVE-2023-45270 (Cross-Site Request Forgery (CSRF) vulnerability in 
PINPOINT.WORLD Pinp ...)
+       TODO: check
+CVE-2023-45269 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole 
Simple S ...)
+       TODO: check
+CVE-2023-45268 (Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps 
Hitsteps W ...)
+       TODO: check
+CVE-2023-45267 (Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 
IRivYou p ...)
+       TODO: check
+CVE-2023-45162 (Affected 1E Platform versions have a Blind SQL Injection 
vulnerability ...)
+       TODO: check
+CVE-2023-45130 (Frontier is Substrate's Ethereum compatibility layer. Prior to 
commit  ...)
+       TODO: check
+CVE-2023-45109 (Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN 
WhitePage p ...)
+       TODO: check
+CVE-2023-45108 (Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay 
plugin <= ...)
+       TODO: check
+CVE-2023-45107 (Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber 
plugin < ...)
+       TODO: check
+CVE-2023-43079 (Dell OpenManage Server Administrator, versions 11.0.0.0 and 
prior, con ...)
+       TODO: check
+CVE-2023-41843 (A improper neutralization of input during web page generation 
('cross- ...)
+       TODO: check
+CVE-2023-41836 (An improper neutralization of input during web page generation 
('cross ...)
+       TODO: check
+CVE-2023-41682 (A improper limitation of a pathname to a restricted directory 
('path t ...)
+       TODO: check
+CVE-2023-41681 (A improper neutralization of input during web page generation 
('cross- ...)
+       TODO: check
+CVE-2023-41680 (A improper neutralization of input during web page generation 
('cross- ...)
+       TODO: check
+CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains 
an unspe ...)
+       TODO: check
+CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in 
WordPres ...)
+       TODO: check
+CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open 
source c ...)
+       TODO: check
+CVE-2023-38000 (Auth. Stored (contributor+) Cross-Site Scripting (XSS) 
vulnerability i ...)
+       TODO: check
+CVE-2023-34977 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
+       TODO: check
+CVE-2023-34976 (A SQL injection vulnerability has been reported to affect 
Video Statio ...)
+       TODO: check
+CVE-2023-34975 (A SQL injection vulnerability has been reported to affect 
Video Statio ...)
+       TODO: check
+CVE-2023-33303 (A insufficient session expiration in Fortinet FortiEDR version 
5.0.0 t ...)
+       TODO: check
+CVE-2023-32976 (An OS command injection vulnerability has been reported to 
affect Cont ...)
+       TODO: check
+CVE-2023-32974 (A path traversal vulnerability has been reported to affect 
several QNA ...)
+       TODO: check
+CVE-2023-32973 (A buffer copy without checking size of input vulnerability has 
been re ...)
+       TODO: check
+CVE-2023-32970 (A NULL pointer dereference vulnerability has been reported to 
affect s ...)
+       TODO: check
 CVE-2023-42663
        - airflow <itp> (bug #819700)
 CVE-2023-42792
@@ -501,7 +593,7 @@ CVE-2023-4837 (SmodBIP is vulnerable to Cross-Site Request 
Forgery, that could b
 CVE-2023-4309 (Election Services Co. (ESC) Internet Election Service is 
vulnerable to ...)
        NOT-FOR-US: Election Services Co. (ESC) Internet Election Service
 CVE-2023-45648 (Improper Input Validation vulnerability in Apache 
Tomcat.Tomcatfrom 11 ...)
-       {DSA-5522-1 DSA-5521-1}
+       {DSA-5522-1 DSA-5521-1 DLA-3617-1}
        - tomcat10 10.1.14-1
        - tomcat9 9.0.70-2
        - tomcat8 <removed>
@@ -579,7 +671,7 @@ CVE-2023-43485 (When TACACS+ audit forwarding is configured 
on BIG-IP or BIG-IQ
 CVE-2023-42796 (A vulnerability has been identified in CP-8031 MASTER MODULE 
(All vers ...)
        NOT-FOR-US: Siemens
 CVE-2023-42795 (Incomplete Cleanup vulnerability in Apache Tomcat.When 
recycling vario ...)
-       {DSA-5522-1 DSA-5521-1}
+       {DSA-5522-1 DSA-5521-1 DLA-3617-1}
        - tomcat10 10.1.14-1
        - tomcat9 9.0.70-2
        - tomcat8 <removed>
@@ -919,7 +1011,7 @@ CVE-2023-3961 [smbd allows client access to unix domain 
sockets on the file syst
        NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html
        NOTE: In scope for continued Samba support
 CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server 
resource consum ...)
-       {DSA-5522-1 DSA-5521-1}
+       {DSA-5522-1 DSA-5521-1 DLA-3617-1}
        - tomcat9 9.0.70-2
        - tomcat10 10.1.14-1
        - trafficserver <unfixed> (bug #1053801)
@@ -3621,7 +3713,8 @@ CVE-2023-43766 (Certain WithSecure products allow Local 
privilege escalation via
        NOT-FOR-US: WithSecure
 CVE-2023-43765 (Certain WithSecure products allow Denial of Service in the 
aeelf compo ...)
        NOT-FOR-US: WithSecure
-CVE-2023-43764 (Certain WithSecure products allow Unauthenticated Remote Code 
Executio ...)
+CVE-2023-43764
+       REJECTED
        NOT-FOR-US: WithSecure
 CVE-2023-43763 (Certain WithSecure products allow XSS via an unvalidated 
parameter in  ...)
        NOT-FOR-US: WithSecure
@@ -7332,7 +7425,7 @@ CVE-2023-4524
 CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of service: remote 
attacker ...)
        NOT-FOR-US: Array AG OS
 CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in F ...)
-       {DSA-5522-1 DSA-5521-1}
+       {DSA-5522-1 DSA-5521-1 DLA-3617-1}
        - tomcat10 10.1.13-1
        - tomcat9 9.0.70-2
        - tomcat8 <removed>
@@ -26010,8 +26103,8 @@ CVE-2023-1917 (The PowerPress plugin for WordPress is 
vulnerable to Stored Cross
        NOT-FOR-US: WordPress plugin
 CVE-2022-48436
        RESERVED
-CVE-2023-29464
-       RESERVED
+CVE-2023-29464 (FactoryTalk Linx, in the Rockwell Automation PanelView Plus, 
allows an ...)
+       TODO: check
 CVE-2023-29463 (The JMX Console within the Rockwell Automation Pavilion8 is 
exposed to ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2023-29462 (An arbitrary code execution vulnerability contained in 
Rockwell Automa ...)
@@ -40233,7 +40326,7 @@ CVE-2023-25000 (HashiCorp Vault's implementation of 
Shamir's secret sharing used
 CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth 
method allowe ...)
        NOT-FOR-US: Vault
 CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number 
of requ ...)
-       {DSA-5522-1}
+       {DSA-5522-1 DLA-3617-1}
        - tomcat10 10.1.5-1
        - tomcat9 9.0.70-2
        [bullseye] - tomcat9 <postponed> (Minor issue, fix along with future 
update)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c23978525da3ec942110d378a528c36f8cdf9b8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c23978525da3ec942110d378a528c36f8cdf9b8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to