[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 17 Nov 2023 00:12:26 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b126ab86 by security tracker role at 2023-11-17T08:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,101 @@
+CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any 
file on t ...)
+       TODO: check
+CVE-2023-6014 (An attacker is able to arbitrarily create an account in MLflow 
bypassi ...)
+       TODO: check
+CVE-2023-48659 (An issue was discovered in MISP before 2.4.176. 
app/Controller/AppCont ...)
+       TODO: check
+CVE-2023-48658 (An issue was discovered in MISP before 2.4.176. 
app/Model/AppModel.php ...)
+       TODO: check
+CVE-2023-48657 (An issue was discovered in MISP before 2.4.176. 
app/Model/AppModel.php ...)
+       TODO: check
+CVE-2023-48656 (An issue was discovered in MISP before 2.4.176. 
app/Model/AppModel.php ...)
+       TODO: check
+CVE-2023-48655 (An issue was discovered in MISP before 2.4.176. 
app/Controller/Compone ...)
+       TODO: check
+CVE-2023-48649 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored 
XSS on t ...)
+       TODO: check
+CVE-2023-48648 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows 
unauthorized ac ...)
+       TODO: check
+CVE-2023-48237 (Vim is an open source command line text editor. In affected 
versions w ...)
+       TODO: check
+CVE-2023-48236 (Vim is an open source command line text editor. When using the 
z= comm ...)
+       TODO: check
+CVE-2023-48235 (Vim is an open source command line text editor. When parsing 
relative  ...)
+       TODO: check
+CVE-2023-48234 (Vim is an open source command line text editor. When getting 
the count ...)
+       TODO: check
+CVE-2023-48233 (Vim is an open source command line text editor. If the count 
after the ...)
+       TODO: check
+CVE-2023-48232 (Vim is an open source command line text editor. A floating 
point excep ...)
+       TODO: check
+CVE-2023-48231 (Vim is an open source command line text editor. When closing a 
window, ...)
+       TODO: check
+CVE-2023-48222 (Rundeck is an open source automation service with a web 
console, comma ...)
+       TODO: check
+CVE-2023-48078 (SQL Injection vulnerability in add.php in Simple CRUD 
Functionality v1 ...)
+       TODO: check
+CVE-2023-48031 (OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of 
File with ...)
+       TODO: check
+CVE-2023-47797 (Reflected cross-site scripting (XSS) vulnerability on a 
content page\u ...)
+       TODO: check
+CVE-2023-47688 (Cross-Site Request Forgery (CSRF) vulnerability in Alexufo 
Youtube Spe ...)
+       TODO: check
+CVE-2023-47687 (Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech 
Woo Cust ...)
+       TODO: check
+CVE-2023-47686 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs 
Arigato ...)
+       TODO: check
+CVE-2023-47675 (CubeCart prior to 6.5.3 allows a remote authenticated attacker 
with an ...)
+       TODO: check
+CVE-2023-47642 (Zulip is an open-source team collaboration tool. It was 
discovered by  ...)
+       TODO: check
+CVE-2023-47283 (Directory traversal vulnerability in CubeCart prior to 6.5.3 
allows a  ...)
+       TODO: check
+CVE-2023-47112 (Rundeck is an open source automation service with a web 
console, comma ...)
+       TODO: check
+CVE-2023-47025 (An issue in Free5gc v.3.3.0 allows a local attacker to cause a 
denial  ...)
+       TODO: check
+CVE-2023-46214 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk 
Enterprise ...)
+       TODO: check
+CVE-2023-46213 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, 
ineffective escap ...)
+       TODO: check
+CVE-2023-45387 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" 
(exportpr ...)
+       TODO: check
+CVE-2023-45382 (In the module "SoNice Retour" (sonice_retour) up to version 
2.1.0 from ...)
+       TODO: check
+CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3 
allows a  ...)
+       TODO: check
+CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS 
before versio ...)
+       TODO: check
+CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS 
before versio ...)
+       TODO: check
+CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of 
OpenNMS  ...)
+       TODO: check
+CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and 
earlier,  ...)
+       TODO: check
+CVE-2023-39547 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and 
earlier,  ...)
+       TODO: check
+CVE-2023-39546 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and 
earlier,  ...)
+       TODO: check
+CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and 
earlier,  ...)
+       TODO: check
+CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and 
earlier,  ...)
+       TODO: check
+CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before 
version 10.1. ...)
+       TODO: check
+CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before 
version 10.1. ...)
+       TODO: check
+CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before 
version 10.1. ...)
+       TODO: check
+CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before 
version 10.1. ...)
+       TODO: check
+CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before 
version 10.1. ...)
+       TODO: check
+CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before 
version 10.1. ...)
+       TODO: check
+CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before 
10.1.2. it ha ...)
+       TODO: check
+CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart 
prior to 6 ...)
+       TODO: check
 CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel 
API for  ...)
        - linux 6.5.6-1
        [bookworm] - linux 6.1.55-1
@@ -1225,7 +1323,7 @@ CVE-2023-5868
        NOTE: 
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
 CVE-2023-6073 (Attacker can perform a Denial of Service attack to crash the 
ICAS 3 IV ...)
        NOT-FOR-US: Volkswagen
-CVE-2023-6069 (Improper Input Validation in GitHub repository froxlor/froxlor 
prior t ...)
+CVE-2023-6069 (Improper Link Resolution Before File Access in GitHub 
repository froxl ...)
        - froxlor <itp> (bug #581792)
 CVE-2023-5954 (HashiCorp Vault and Vault Enterprise inbound client requests 
triggerin ...)
        NOT-FOR-US: HashiCorp Vault
@@ -2653,9 +2751,9 @@ CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in 
GitHub repository pkp/pkp-
        NOT-FOR-US: pkp-lib
 CVE-2023-5902 (Cross-Site Request Forgery (CSRF) in GitHub repository 
pkp/pkp-lib pri ...)
        NOT-FOR-US: pkp-lib
-CVE-2023-5901 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository p ...)
+CVE-2023-5901 (Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 
3.3.0-1 ...)
        NOT-FOR-US: pkp-lib
-CVE-2023-5900 (Missing Authorization in GitHub repository pkp/pkp-lib prior to 
3.3.0- ...)
+CVE-2023-5900 (Cross-Site Request Forgery in GitHub repository pkp/pkp-lib 
prior to 3 ...)
        NOT-FOR-US: pkp-lib
 CVE-2023-5899 (Cross-Site Request Forgery (CSRF) in GitHub repository 
pkp/pkp-lib pri ...)
        NOT-FOR-US: pkp-lib
@@ -3754,6 +3852,7 @@ CVE-2023-42856 (The issue was addressed with improved 
memory handling. This issu
 CVE-2023-42854 (This issue was addressed by removing the vulnerable code. This 
issue i ...)
        NOT-FOR-US: Apple
 CVE-2023-42852 (A logic issue was addressed with improved checks. This issue 
is fixed  ...)
+       {DSA-5557-1}
        - webkit2gtk 2.42.2-1
        [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
        - wpewebkit 2.42.2-1
@@ -3799,6 +3898,7 @@ CVE-2023-41989 (The issue was addressed by restricting 
options offered on a lock
 CVE-2023-41988 (This issue was addressed by restricting options offered on a 
locked de ...)
        NOT-FOR-US: Apple
 CVE-2023-41983 (The issue was addressed with improved memory handling. This 
issue is f ...)
+       {DSA-5557-1}
        - webkit2gtk 2.42.2-1
        [buster] - webkit2gtk <end-of-life> (EOL in buster LTS)
        - wpewebkit 2.42.2-1
@@ -15166,7 +15266,7 @@ CVE-2023-40253 (Improper Authentication vulnerability 
in Genians Genian NAC V4.0
        NOT-FOR-US: Genians
 CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi 
before 5.1.0 ...)
        NOT-FOR-US: ArchiMate Archi
-CVE-2023-40224 (MISP 2.4174 allows XSS in app/View/Events/index.ctp.)
+CVE-2023-40224 (MISP 2.4.174 allows XSS in app/View/Events/index.ctp.)
        NOT-FOR-US: MISP
 CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract 
developm ...)
        NOT-FOR-US: OpenZeppelin Contracts



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b126ab86f5cf00fcf466d7c6027f1644fa3c58e2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b126ab86f5cf00fcf466d7c6027f1644fa3c58e2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to