Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b625ad7d by security tracker role at 2023-11-02T08:12:03+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,51 @@ +CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as problem ...) + TODO: check +CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core before 1. ...) + TODO: check +CVE-2023-46595 (Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attackerto obtai ...) + TODO: check +CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Com ...) + TODO: check +CVE-2023-46428 (An arbitrary file upload vulnerability in HadSky v7.12.10 allows attac ...) + TODO: check +CVE-2023-46327 (Multiple MFPs (multifunction printers) provided by FUJIFILM Business I ...) + TODO: check +CVE-2023-45203 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) + TODO: check +CVE-2023-45202 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) + TODO: check +CVE-2023-45201 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) + TODO: check +CVE-2023-45114 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45113 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45112 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45111 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45019 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45018 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45017 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45016 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45015 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45014 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45013 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-45012 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + TODO: check +CVE-2023-44954 (Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a rem ...) + TODO: check +CVE-2023-44025 (SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and befo ...) + TODO: check +CVE-2023-39281 (A stack buffer overflow vulnerability discovered in AsfSecureBootDxe i ...) + TODO: check CVE-2023-5849 (Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allow ...) - chromium <unfixed> [buster] - chromium <end-of-life> (see DSA 5046) @@ -97,7 +145,7 @@ CVE-2023-33227 (The Network Configuration Manager was susceptible to a Directory NOT-FOR-US: SolarWinds CVE-2023-33226 (The Network Configuration Manager was susceptible to a Directory Trave ...) NOT-FOR-US: SolarWinds -CVE-2023-46695 +CVE-2023-46695 (An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ...) - python-django <not-affected> (Only an issue on windows) NOTE: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/ CVE-2023-5831 @@ -158,17 +206,17 @@ CVE-2023-4198 (Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an - dolibarr <removed> CVE-2023-4197 (Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to stri ...) - dolibarr <removed> -CVE-2023-47099 (An issue was discovered in Virtualmin 7.7. The Create Virtual Server f ...) +CVE-2023-47099 (A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtua ...) NOT-FOR-US: Virtualmin -CVE-2023-47098 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripti ...) +CVE-2023-47098 (A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra ...) NOT-FOR-US: Virtualmin -CVE-2023-47097 (An issue was discovered in Virtualmin 7.7. The Server Templates featur ...) +CVE-2023-47097 (A Stored Cross-Site Scripting (XSS) vulnerability in the Server Templa ...) NOT-FOR-US: Virtualmin -CVE-2023-47096 (An issue was discovered in Virtualmin 7.7. The Cloudmin Services Clien ...) +CVE-2023-47096 (A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin S ...) NOT-FOR-US: Virtualmin -CVE-2023-47095 (An issue was discovered in Virtualmin 7.7. The Custom Fields feature o ...) +CVE-2023-47095 (A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields ...) NOT-FOR-US: Virtualmin -CVE-2023-47094 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripti ...) +CVE-2023-47094 (A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans ...) NOT-FOR-US: Virtualmin CVE-2023-46485 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...) NOT-FOR-US: TOTOLINK @@ -1820,7 +1868,7 @@ CVE-2023-XXXX [SQUID-2021:8 Denial of Service in Gopher gateway] NOTE: https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 (SQUID_6_0_1) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html -CVE-2023-46724 [Squid: Buffer UnderRead in SSL CN Parsing] +CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper Validation of ...) - squid <unfixed> [buster] - squid <not-affected> (Doesn't build with OpenSSL yet) NOTE: https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3 @@ -4705,7 +4753,7 @@ CVE-2023-32972 (A buffer copy without checking size of input vulnerability has b NOT-FOR-US: QNAP CVE-2023-32971 (A buffer copy without checking size of input vulnerability has been re ...) NOT-FOR-US: QNAP -CVE-2023-5408 +CVE-2023-5408 (A privilege escalation flaw was found in the node restriction admissio ...) NOT-FOR-US: OpenShift CVE-2023-4061 NOT-FOR-US: Red Hat Enterprise Application Platform View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b625ad7dc5285ebeb2efbef586a00b8bb83a5a33 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b625ad7dc5285ebeb2efbef586a00b8bb83a5a33 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits