Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b22d1a79 by security tracker role at 2023-10-17T20:12:15+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,69 @@ +CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown element ...) + TODO: check +CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during initial ...) + TODO: check +CVE-2023-4896 (A vulnerability exists which allows an authenticated attacker to acces ...) + TODO: check +CVE-2023-45952 (An arbitrary file upload vulnerability in the component ajax_link.php ...) + TODO: check +CVE-2023-45951 (lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerabi ...) + TODO: check +CVE-2023-45907 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-45906 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-45905 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-45904 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-45903 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + TODO: check +CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...) + TODO: check +CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) + TODO: check +CVE-2023-45007 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto ...) + TODO: check +CVE-2023-45006 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsol ...) + TODO: check +CVE-2023-45005 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos S ...) + TODO: check +CVE-2023-45004 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty ...) + TODO: check +CVE-2023-45003 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Pl ...) + TODO: check +CVE-2023-44990 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in real ...) + TODO: check +CVE-2023-44824 (An issue in Expense Management System v.1.0 allows a local attacker to ...) + TODO: check +CVE-2023-44311 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the P ...) + TODO: check +CVE-2023-44310 (Stored cross-site scripting (XSS) vulnerability in Page Tree menu Life ...) + TODO: check +CVE-2023-44309 (Multiple stored cross-site scripting (XSS) vulnerabilities in the frag ...) + TODO: check +CVE-2023-43959 (An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged ...) + TODO: check +CVE-2023-43794 (Nocodb is an open source Airtable alternative. Affected versions of no ...) + TODO: check +CVE-2023-43777 (Eaton easySoft software is used to program easy controllers and displa ...) + TODO: check +CVE-2023-43776 (Eaton easyE4 PLC offers a device password protection functionality to ...) + TODO: check +CVE-2023-42629 (Stored cross-site scripting (XSS) vulnerability in the manage vocabula ...) + TODO: check +CVE-2023-42628 (Stored cross-site scripting (XSS) vulnerability in the Wiki widget in ...) + TODO: check +CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Comm ...) + TODO: check +CVE-2023-39902 (A software vulnerability has been identified in the U-Boot Secondary P ...) + TODO: check +CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan Presence, deploy ...) + TODO: check CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability. ...) - grafana <removed> CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensitive in ...) @@ -128,7 +194,7 @@ CVE-2023-4834 (In Red Lion EuropembCONNECT24 and mymbCONNECT24 and Helmholz myRE NOT-FOR-US: Red Lion CVE-2023-4827 (The File Manager Pro WordPress plugin before 1.8 does not properly che ...) NOT-FOR-US: WordPress plugin -CVE-2023-4822 (The vulnerability impacts instances with several organizations, and al ...) +CVE-2023-4822 (Grafana is an open-source platform for monitoring and observability. T ...) - grafana <removed> CVE-2023-4821 (The Drag and Drop Multiple File Upload for WooCommerce WordPress plugi ...) NOT-FOR-US: WooCommerce plugin @@ -411,6 +477,7 @@ CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Thi CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) NOT-FOR-US: IBM CVE-2023-41914 + {DSA-5529-1} - slurm-wlm 23.02.6-1 NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA NOTE: slurm-wlm-contrib also changed, but actual security issue is in slurm-wlm @@ -6358,6 +6425,7 @@ CVE-2023-31242 (An authentication bypass vulnerability exists in the OAS Engine CVE-2023-2453 (There is insufficient sanitization of tainted file names that are dire ...) NOT-FOR-US: PHP-Fusion CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...) + {DLA-3622-1} - axis 1.4-29 (bug #1051288) [bookworm] - axis <no-dsa> (Minor issue) [bullseye] - axis <no-dsa> (Minor issue) @@ -34526,10 +34594,10 @@ CVE-2023-27135 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain NOT-FOR-US: TOTOLINK CVE-2023-27134 RESERVED -CVE-2023-27133 - RESERVED -CVE-2023-27132 - RESERVED +CVE-2023-27133 (TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .h ...) + TODO: check +CVE-2023-27132 (TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pa ...) + TODO: check CVE-2023-27131 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...) NOT-FOR-US: Typecho CVE-2023-27130 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...) @@ -42732,8 +42800,8 @@ CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i NOT-FOR-US: WordPress plugin CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kari ...) NOT-FOR-US: WordPress plugin -CVE-2023-24385 - RESERVED +CVE-2023-24385 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Dav ...) + TODO: check CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...) NOT-FOR-US: WordPress plugin CVE-2023-24383 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) @@ -63383,8 +63451,8 @@ CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booste NOT-FOR-US: WordPress plugin CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) NOT-FOR-US: WordPress plugin -CVE-2022-3761 - RESERVED +CVE-2022-3761 (OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect ...) + TODO: check CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...) NOT-FOR-US: aEnrich Technology a+HRD CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...) @@ -64978,8 +65046,8 @@ CVE-2023-20600 RESERVED CVE-2023-20599 RESERVED -CVE-2023-20598 - RESERVED +CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics drive ...) + TODO: check CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...) NOT-FOR-US: AMD CVE-2023-20596 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22d1a79540d7d8dcfc94b246469a42a139fc0dd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b22d1a79540d7d8dcfc94b246469a42a139fc0dd You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits