Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b22d1a79 by security tracker role at 2023-10-17T20:12:15+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,69 @@
+CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown
element ...)
+ TODO: check
+CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during
initial ...)
+ TODO: check
+CVE-2023-4896 (A vulnerability exists which allows an authenticated attacker
to acces ...)
+ TODO: check
+CVE-2023-45952 (An arbitrary file upload vulnerability in the component
ajax_link.php ...)
+ TODO: check
+CVE-2023-45951 (lylme_spage v1.7.0 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2023-45907 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-45906 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-45905 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-45904 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-45903 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
+ TODO: check
+CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python.
urllib3 pre ...)
+ TODO: check
+CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Alex ...)
+ TODO: check
+CVE-2023-45007 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Fotomoto ...)
+ TODO: check
+CVE-2023-45006 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
ByConsol ...)
+ TODO: check
+CVE-2023-45005 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Castos S ...)
+ TODO: check
+CVE-2023-45004 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
wp3sixty ...)
+ TODO: check
+CVE-2023-45003 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Arrow Pl ...)
+ TODO: check
+CVE-2023-44990 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in real ...)
+ TODO: check
+CVE-2023-44824 (An issue in Expense Management System v.1.0 allows a local
attacker to ...)
+ TODO: check
+CVE-2023-44311 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in the P ...)
+ TODO: check
+CVE-2023-44310 (Stored cross-site scripting (XSS) vulnerability in Page Tree
menu Life ...)
+ TODO: check
+CVE-2023-44309 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the frag ...)
+ TODO: check
+CVE-2023-43959 (An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote
privileged ...)
+ TODO: check
+CVE-2023-43794 (Nocodb is an open source Airtable alternative. Affected
versions of no ...)
+ TODO: check
+CVE-2023-43777 (Eaton easySoft software is used to program easy controllers
and displa ...)
+ TODO: check
+CVE-2023-43776 (Eaton easyE4 PLC offers a device password protection
functionality to ...)
+ TODO: check
+CVE-2023-42629 (Stored cross-site scripting (XSS) vulnerability in the manage
vocabula ...)
+ TODO: check
+CVE-2023-42628 (Stored cross-site scripting (XSS) vulnerability in the Wiki
widget in ...)
+ TODO: check
+CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in
the Comm ...)
+ TODO: check
+CVE-2023-39902 (A software vulnerability has been identified in the U-Boot
Secondary P ...)
+ TODO: check
+CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan
Presence, deploy ...)
+ TODO: check
CVE-2023-4399 (Grafana is an open-source platform for monitoring and
observability. ...)
- grafana <removed>
CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of
sensitive in ...)
@@ -128,7 +194,7 @@ CVE-2023-4834 (In Red Lion EuropembCONNECT24 and
mymbCONNECT24 and Helmholz myRE
NOT-FOR-US: Red Lion
CVE-2023-4827 (The File Manager Pro WordPress plugin before 1.8 does not
properly che ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-4822 (The vulnerability impacts instances with several organizations,
and al ...)
+CVE-2023-4822 (Grafana is an open-source platform for monitoring and
observability. T ...)
- grafana <removed>
CVE-2023-4821 (The Drag and Drop Multiple File Upload for WooCommerce
WordPress plugi ...)
NOT-FOR-US: WooCommerce plugin
@@ -411,6 +477,7 @@ CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to
cross-site scripting. Thi
CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,
19.0.1, ...)
NOT-FOR-US: IBM
CVE-2023-41914
+ {DSA-5529-1}
- slurm-wlm 23.02.6-1
NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA
NOTE: slurm-wlm-contrib also changed, but actual security issue is in
slurm-wlm
@@ -6358,6 +6425,7 @@ CVE-2023-31242 (An authentication bypass vulnerability
exists in the OAS Engine
CVE-2023-2453 (There is insufficient sanitization of tainted file names that
are dire ...)
NOT-FOR-US: PHP-Fusion
CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis
1.x in an ...)
+ {DLA-3622-1}
- axis 1.4-29 (bug #1051288)
[bookworm] - axis <no-dsa> (Minor issue)
[bullseye] - axis <no-dsa> (Minor issue)
@@ -34526,10 +34594,10 @@ CVE-2023-27135 (TOTOlink A7100RU
V7.4cu.2313_B20191024 was discovered to contain
NOT-FOR-US: TOTOLINK
CVE-2023-27134
RESERVED
-CVE-2023-27133
- RESERVED
-CVE-2023-27132
- RESERVED
+CVE-2023-27133 (TSplus Remote Work 16.0.0.0 has weak permissions for .exe,
.js, and .h ...)
+ TODO: check
+CVE-2023-27132 (TSplus Remote Work 16.0.0.0 places a cleartext password on the
"var pa ...)
+ TODO: check
CVE-2023-27131 (Cross Site Scripting vulnerability found in Typecho v.1.2.0
allows a r ...)
NOT-FOR-US: Typecho
CVE-2023-27130 (Cross Site Scripting vulnerability found in Typecho v.1.2.0
allows a r ...)
@@ -42732,8 +42800,8 @@ CVE-2023-24387 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
NOT-FOR-US: WordPress plugin
CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kari ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-24385
- RESERVED
+CVE-2023-24385 (Auth. (author+) Stored Cross-Site Scripting (XSS)
vulnerability in Dav ...)
+ TODO: check
CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt
Organizati ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24383 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kibo ...)
@@ -63383,8 +63451,8 @@ CVE-2022-3763 (The Booster for WooCommerce WordPress
plugin before 5.6.7, Booste
NOT-FOR-US: WordPress plugin
CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7,
Booster Plu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3761
- RESERVED
+CVE-2022-3761 (OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN
Connect ...)
+ TODO: check
CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of
Deserialization of Unt ...)
NOT-FOR-US: aEnrich Technology a+HRD
CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of
Deserialization of Unt ...)
@@ -64978,8 +65046,8 @@ CVE-2023-20600
RESERVED
CVE-2023-20599
RESERVED
-CVE-2023-20598
- RESERVED
+CVE-2023-20598 (An improper privilege management in the AMD
Radeon\u2122Graphics drive ...)
+ TODO: check
CVE-2023-20597 (Improper initialization of variables in the DXE driver may
allow a pri ...)
NOT-FOR-US: AMD
CVE-2023-20596
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22d1a79540d7d8dcfc94b246469a42a139fc0dd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22d1a79540d7d8dcfc94b246469a42a139fc0dd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
