[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 02 Nov 2023 01:12:29 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b625ad7d by security tracker role at 2023-11-02T08:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as 
problem ...)
+       TODO: check
+CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core 
before 1. ...)
+       TODO: check
+CVE-2023-46595 (Net-NTLM leak in Fireflow A32.20 and A32.50 allows an 
attackerto obtai ...)
+       TODO: check
+CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop 
Mejiro Com ...)
+       TODO: check
+CVE-2023-46428 (An arbitrary file upload vulnerability in HadSky v7.12.10 
allows attac ...)
+       TODO: check
+CVE-2023-46327 (Multiple MFPs (multifunction printers) provided by FUJIFILM 
Business I ...)
+       TODO: check
+CVE-2023-45203 (Online Examination System v1.0 is vulnerable to multiple Open 
Redirect ...)
+       TODO: check
+CVE-2023-45202 (Online Examination System v1.0 is vulnerable to multiple Open 
Redirect ...)
+       TODO: check
+CVE-2023-45201 (Online Examination System v1.0 is vulnerable to multiple Open 
Redirect ...)
+       TODO: check
+CVE-2023-45114 (Online Examination System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45113 (Online Examination System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45112 (Online Examination System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45111 (Online Examination System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45019 (Online Bus Booking System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45018 (Online Bus Booking System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45017 (Online Bus Booking System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45016 (Online Bus Booking System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45015 (Online Bus Booking System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45014 (Online Bus Booking System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45013 (Online Bus Booking System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-45012 (Online Bus Booking System v1.0 is vulnerable to multiple 
Unauthenticat ...)
+       TODO: check
+CVE-2023-44954 (Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 
allows a rem ...)
+       TODO: check
+CVE-2023-44025 (SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 
and befo ...)
+       TODO: check
+CVE-2023-39281 (A stack buffer overflow vulnerability discovered in 
AsfSecureBootDxe i ...)
+       TODO: check
 CVE-2023-5849 (Integer overflow in USB in Google Chrome prior to 
119.0.6045.105 allow ...)
        - chromium <unfixed>
        [buster] - chromium <end-of-life> (see DSA 5046)
@@ -97,7 +145,7 @@ CVE-2023-33227 (The Network Configuration Manager was 
susceptible to a Directory
        NOT-FOR-US: SolarWinds
 CVE-2023-33226 (The Network Configuration Manager was susceptible to a 
Directory Trave ...)
        NOT-FOR-US: SolarWinds
-CVE-2023-46695
+CVE-2023-46695 (An issue was discovered in Django 3.2 before 3.2.23, 4.1 
before 4.1.13 ...)
        - python-django <not-affected> (Only an issue on windows)
        NOTE: 
https://www.djangoproject.com/weblog/2023/nov/01/security-releases/
 CVE-2023-5831
@@ -158,17 +206,17 @@ CVE-2023-4198 (Improper Access Control in Dolibarr ERP 
CRM <= v17.0.3 allows an
        - dolibarr <removed>
 CVE-2023-4197 (Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails 
to stri ...)
        - dolibarr <removed>
-CVE-2023-47099 (An issue was discovered in Virtualmin 7.7. The Create Virtual 
Server f ...)
+CVE-2023-47099 (A Stored Cross-Site Scripting (XSS) vulnerability in the 
Create Virtua ...)
        NOT-FOR-US: Virtualmin
-CVE-2023-47098 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site 
Scripti ...)
+CVE-2023-47098 (A Stored Cross-Site Scripting (XSS) vulnerability in the 
Manage Extra  ...)
        NOT-FOR-US: Virtualmin
-CVE-2023-47097 (An issue was discovered in Virtualmin 7.7. The Server 
Templates featur ...)
+CVE-2023-47097 (A Stored Cross-Site Scripting (XSS) vulnerability in the 
Server Templa ...)
        NOT-FOR-US: Virtualmin
-CVE-2023-47096 (An issue was discovered in Virtualmin 7.7. The Cloudmin 
Services Clien ...)
+CVE-2023-47096 (A Reflected Cross-Site Scripting (XSS) vulnerability in the 
Cloudmin S ...)
        NOT-FOR-US: Virtualmin
-CVE-2023-47095 (An issue was discovered in Virtualmin 7.7. The Custom Fields 
feature o ...)
+CVE-2023-47095 (A Stored Cross-Site Scripting (XSS) vulnerability in the 
Custom fields ...)
        NOT-FOR-US: Virtualmin
-CVE-2023-47094 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site 
Scripti ...)
+CVE-2023-47094 (A Stored Cross-Site Scripting (XSS) vulnerability in the 
Account Plans ...)
        NOT-FOR-US: Virtualmin
 CVE-2023-46485 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a 
remote att ...)
        NOT-FOR-US: TOTOLINK
@@ -1820,7 +1868,7 @@ CVE-2023-XXXX [SQUID-2021:8 Denial of Service in Gopher 
gateway]
        NOTE: 
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
 (SQUID_6_0_1)
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f
        NOTE: 
https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html
-CVE-2023-46724 [Squid: Buffer UnderRead in SSL CN Parsing]
+CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper 
Validation of ...)
        - squid <unfixed>
        [buster] - squid <not-affected> (Doesn't build with OpenSSL yet)
        NOTE: 
https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3
@@ -4705,7 +4753,7 @@ CVE-2023-32972 (A buffer copy without checking size of 
input vulnerability has b
        NOT-FOR-US: QNAP
 CVE-2023-32971 (A buffer copy without checking size of input vulnerability has 
been re ...)
        NOT-FOR-US: QNAP
-CVE-2023-5408
+CVE-2023-5408 (A privilege escalation flaw was found in the node restriction 
admissio ...)
        NOT-FOR-US: OpenShift
 CVE-2023-4061
        NOT-FOR-US: Red Hat Enterprise Application Platform



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b625ad7dc5285ebeb2efbef586a00b8bb83a5a33

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b625ad7dc5285ebeb2efbef586a00b8bb83a5a33
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to