[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 20 May 2023 13:12:31 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
209e6c9b by security tracker role at 2023-05-20T20:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-33244 (Obsidian before 1.2.2 allows calls to unintended APIs (for 
microphone  ...)
+       TODO: check
+CVE-2023-2713 (Authorization Bypass Through User-Controlled Key vulnerability  
in "Re ...)
+       TODO: check
+CVE-2023-2712 (Unrestricted Upload of File with Dangerous Type vulnerability  
in "Ren ...)
+       TODO: check
 CVE-2023-32677 (Zulip is an open-source team collaboration tool with unique 
topic-base ...)
        NOT-FOR-US: Zulip
 CVE-2023-2824 (A vulnerability was found in SourceCodester Dental Clinic 
Appointment  ...)
@@ -18,7 +24,7 @@ CVE-2023-2715 (The Groundhogg plugin for WordPress is 
vulnerable to unauthorized
        NOT-FOR-US: Groundhogg plugin for WordPress
 CVE-2023-2714 (The Groundhogg plugin for WordPress is vulnerable to 
unauthorized modi ...)
        NOT-FOR-US: Groundhogg plugin for WordPress
-CVE-2023-32700 [improperly secured shell-escape in LuaTeX]
+CVE-2023-32700 (LuaTeX before 1.17.0 allows execution of arbitrary shell 
commands when ...)
        {DSA-5406-1 DLA-3427-1}
        - texlive-bin 2022.20220321.62855-5.1
        NOTE: https://tug.org/~mseven/luatex.html
@@ -705,7 +711,7 @@ CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats 
protective search_path c
        - postgresql-13 <removed>
        - postgresql-11 <removed>
        NOTE: 
https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/
-CVE-2023-32668 (LuaTeX before 1.17.0 enables the socket library by default.)
+CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the 
default sett ...)
        - texlive-bin <unfixed>
        [bullseye] - texlive-bin <no-dsa> (Minor issue)
        [buster] - texlive-bin <no-dsa> (Minor issue)
@@ -8027,16 +8033,16 @@ CVE-2023-1698 (In multiple products of WAGO a 
vulnerability allows an unauthenti
        NOT-FOR-US: WAGO
 CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the 
Packet For ...)
        NOT-FOR-US: Juniper
-CVE-2023-1696
-       RESERVED
+CVE-2023-1696 (The multimedia video module has a vulnerability in data 
processing.Suc ...)
+       TODO: check
 CVE-2023-1695
        RESERVED
-CVE-2023-1694
-       RESERVED
-CVE-2023-1693
-       RESERVED
-CVE-2023-1692
-       RESERVED
+CVE-2023-1694 (The Settings module has the file privilege escalation 
vulnerability.Su ...)
+       TODO: check
+CVE-2023-1693 (The Settings module has the file privilege escalation 
vulnerability.Su ...)
+       TODO: check
+CVE-2023-1692 (The window management module lacks permission 
verification.Successful  ...)
+       TODO: check
 CVE-2023-1691
        RESERVED
 CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in 
VLC and  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/209e6c9b9715fa2301d94b53c9fd991ebddfc3c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/209e6c9b9715fa2301d94b53c9fd991ebddfc3c0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to