[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 14 Oct 2023 01:11:53 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b34c3279 by security tracker role at 2023-10-14T08:11:29+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 
802.15.4 nR ...)
+       TODO: check
+CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c 
can ca ...)
+       TODO: check
+CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add 
Attachments fea ...)
+       TODO: check
+CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and 
directories by n ...)
+       TODO: check
+CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and 
resultant heap ...)
+       TODO: check
+CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an 
unauthenticat ...)
+       TODO: check
+CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot 
farm automa ...)
+       TODO: check
+CVE-2023-44037 (An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru 
v.5.8.13 and v. ...)
+       TODO: check
+CVE-2023-36559 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+       TODO: check
 CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub 
reposit ...)
        NOT-FOR-US: Vrite
 CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository 
vriteio/vrite  ...)
@@ -173,6 +191,7 @@ CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of 
third-party packages
 CVE-2023-45138 (Change Request is an pplication allowing users to request 
changes on a ...)
        NOT-FOR-US: XWiki addon
 CVE-2023-45133 (Babel is a compiler for writingJavaScript. In 
`@babel/traverse` prior  ...)
+       {DLA-3618-1}
        - node-babel <removed>
        - node-babel7 7.20.15+ds1+~cs214.269.168-5 (bug #1053880)
        NOTE: github.com: 
https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92
@@ -959,7 +978,7 @@ CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow 
Scheduler Elevation of Pri
        NOT-FOR-US: Microsoft
 CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
-CVE-2023-36417 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability)
+CVE-2023-36417 (Microsoft SQL OLE DB Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-36416 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting 
Vulnerabilit ...)
        NOT-FOR-US: Microsoft
@@ -24405,8 +24424,8 @@ CVE-2023-30156
        RESERVED
 CVE-2023-30155
        RESERVED
-CVE-2023-30154
-       RESERVED
+CVE-2023-30154 (Multiple improper neutralization of SQL parameters in module 
AfterMail ...)
+       TODO: check
 CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module 
for Pre ...)
        NOT-FOR-US: PrestaShop module
 CVE-2023-30152
@@ -24417,8 +24436,8 @@ CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 
are vulnerable to SQL Inj
        NOT-FOR-US: PrestaShop leocustomajax
 CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete 
(cityautocomplete ...)
        NOT-FOR-US: PrestaShop module
-CVE-2023-30148
-       RESERVED
+CVE-2023-30148 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities in 
Opart op ...)
+       TODO: check
 CVE-2023-30147
        RESERVED
 CVE-2023-30146 (Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 
2.000.022 all ...)
@@ -36583,8 +36602,8 @@ CVE-2023-26157
        RESERVED
 CVE-2023-26156
        RESERVED
-CVE-2023-26155
-       RESERVED
+CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to 
Command Inject ...)
+       TODO: check
 CVE-2023-26154
        RESERVED
 CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are 
vulnerable to Co ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b34c32795b09a8d1f9c604c00639e217b1ea5fa3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b34c32795b09a8d1f9c604c00639e217b1ea5fa3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to