[Git][security-tracker-team/security-tracker][master] automatic update

Fri, 10 Nov 2023 12:12:48 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
27852b22 by security tracker role at 2023-11-10T20:12:19+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-6076 (A vulnerability classified as problematic was found in 
PHPGurukul Rest ...)
+       TODO: check
+CVE-2023-6075 (A vulnerability classified as problematic has been found in 
PHPGurukul ...)
+       TODO: check
+CVE-2023-6074 (A vulnerability was found in PHPGurukul Restaurant Table 
Booking Syste ...)
+       TODO: check
+CVE-2023-4949 (An attacker with local access to a system (either through a 
disk or ex ...)
+       TODO: check
+CVE-2023-47614 (A CWE-200: Exposure of Sensitive Information to an 
Unauthorized Actor  ...)
+       TODO: check
+CVE-2023-47611 (A CWE-269: Improper Privilege Management vulnerability exists 
in Telit ...)
+       TODO: check
+CVE-2023-47164 (Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and 
earlier all ...)
+       TODO: check
+CVE-2023-47129 (Statmic is a core Laravel content management system Composer 
package.  ...)
+       TODO: check
+CVE-2023-47128 (Piccolo is an object-relational mapping and query builder 
which suppor ...)
+       TODO: check
+CVE-2023-47121 (Discourse is an open source platform for community discussion. 
Prior t ...)
+       TODO: check
+CVE-2023-47120 (Discourse is an open source platform for community discussion. 
In vers ...)
+       TODO: check
+CVE-2023-47119 (Discourse is an open source platform for community discussion. 
Prior t ...)
+       TODO: check
+CVE-2023-47108 (OpenTelemetry-Go Contrib is a collection of third-party 
packages for O ...)
+       TODO: check
+CVE-2023-46735 (Symfony is a PHP framework for web and console applications 
and a set  ...)
+       TODO: check
+CVE-2023-46734 (Symfony is a PHP framework for web and console applications 
and a set  ...)
+       TODO: check
+CVE-2023-46733 (Symfony is a PHP framework for web and console applications 
and a set  ...)
+       TODO: check
+CVE-2023-46130 (Discourse is an open source platform for community discussion. 
Prior t ...)
+       TODO: check
+CVE-2023-45816 (Discourse is an open source platform for community discussion. 
Prior t ...)
+       TODO: check
+CVE-2023-45806 (Discourse is an open source platform for community discussion. 
Prior t ...)
+       TODO: check
+CVE-2023-41285 (A SQL injection vulnerability has been reported to affect 
QuMagie. If  ...)
+       TODO: check
+CVE-2023-41284 (A SQL injection vulnerability has been reported to affect 
QuMagie. If  ...)
+       TODO: check
+CVE-2023-39295 (An OS command injection vulnerability has been reported to 
affect QuMa ...)
+       TODO: check
+CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
+       TODO: check
 CVE-2023-5870
        - postgresql-16 16.1-1
        - postgresql-15 <unfixed>
@@ -3861,7 +3907,6 @@ CVE-2023-45145 (Redis is an in-memory database that 
persists on disk. On startup
        NOTE: 
https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 
(unstable)
        NOTE: 
https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc 
(7.0.14)
 CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino 
development.  ...)
-       {DLA-3649-1}
        NOT-FOR-US: Arduino Create Agent
 CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino 
development.  ...)
        NOT-FOR-US: Arduino Create Agent
@@ -4074,6 +4119,7 @@ CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to 
contain a Cross-Site Reques
 CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site 
Request Forg ...)
        NOT-FOR-US: Dreamer CMS
 CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. 
urllib3 pre ...)
+       {DLA-3649-1}
        - python-urllib3 1.26.18-1 (bug #1054226)
        [bookworm] - python-urllib3 <no-dsa> (Minor issue)
        [bullseye] - python-urllib3 <no-dsa> (Minor issue)
@@ -26361,10 +26407,10 @@ CVE-2023-31080
        RESERVED
 CVE-2023-31079 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-31078
-       RESERVED
-CVE-2023-31077
-       RESERVED
+CVE-2023-31078 (Cross-Site Request Forgery (CSRF) vulnerability in Marco 
Steinbrecher  ...)
+       TODO: check
+CVE-2023-31077 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp 
Export WP Pa ...)
+       TODO: check
 CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Really S ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-31075
@@ -28456,8 +28502,8 @@ CVE-2023-30480
        RESERVED
 CVE-2023-30479
        RESERVED
-CVE-2023-30478
-       RESERVED
+CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant 
Newslette ...)
+       TODO: check
 CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Essi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-30476
@@ -31009,8 +31055,8 @@ CVE-2023-29442 (Zoho ManageEngine Applications Manager 
before 16400 allows proxy
        NOT-FOR-US: Zoho ManageEngine
 CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Robert H ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-29440
-       RESERVED
+CVE-2023-29440 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers 
Simple  ...)
+       TODO: check
 CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
FooPlugi ...)
        NOT-FOR-US: FooGallery
 CVE-2023-29438 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Eric ...)
@@ -31033,12 +31079,12 @@ CVE-2023-29430 (Unauth. Reflected Cross-Site 
Scripting (XSS) vulnerability in CT
        NOT-FOR-US: WordPress theme
 CVE-2023-29429
        RESERVED
-CVE-2023-29428
-       RESERVED
+CVE-2023-29428 (Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins 
Superb So ...)
+       TODO: check
 CVE-2023-29427 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
TMS Book ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-29426
-       RESERVED
+CVE-2023-29426 (Cross-Site Request Forgery (CSRF) vulnerability in Robert 
Schulz (sprd ...)
+       TODO: check
 CVE-2023-29425
        RESERVED
 CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Plai ...)
@@ -50102,8 +50148,8 @@ CVE-2023-23369 (An OS command injection vulnerability 
has been reported to affec
        NOT-FOR-US: QNAP
 CVE-2023-23368 (An OS command injection vulnerability has been reported to 
affect seve ...)
        NOT-FOR-US: QNAP
-CVE-2023-23367
-       RESERVED
+CVE-2023-23367 (An OS command injection vulnerability has been reported to 
affect seve ...)
+       TODO: check
 CVE-2023-23366 (A path traversal vulnerability has been reported to affect 
Music Stati ...)
        NOT-FOR-US: QNAP
 CVE-2023-23365 (A path traversal vulnerability has been reported to affect 
Music Stati ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27852b229cde1f19b489b72eeebb5cbda9f40db1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27852b229cde1f19b489b72eeebb5cbda9f40db1
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to