Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9582889 by Salvatore Bonaccorso at 2023-06-03T11:08:51+02:00
Add CVE-2023-3083/teampass
- - - - -
b40afe94 by Salvatore Bonaccorso at 2023-06-03T11:10:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-3083 (Cross-site Scripting (XSS) - Stored in GitHub repository
nilsteampassn ...)
- TODO: check
+ - teampass <itp> (bug #730180)
CVE-2023-3055 (The Page Builder by AZEXO plugin for WordPress is vulnerable to
Cross- ...)
NOT-FOR-US: Page Builder by AZEXO plugin for WordPress
CVE-2023-3053 (The Page Builder by AZEXO plugin for WordPress is vulnerable to
unauth ...)
@@ -11,7 +11,7 @@ CVE-2023-3051 (The Page Builder by AZEXO plugin for WordPress
is vulnerable to S
CVE-2023-3044 (An excessively large PDF page size (found in fuzz testing,
unlikely in ...)
TODO: check
CVE-2023-33143 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-2816 (Consul and Consul Enterprise allowed any user with
service:write permi ...)
TODO: check
CVE-2023-2781 (The User Email Verification for WooCommerce plugin for
WordPress is vu ...)
@@ -21,9 +21,9 @@ CVE-2023-2416 (The Online Booking & Scheduling Calendar for
WordPress by vcita p
CVE-2023-2415 (The Online Booking & Scheduling Calendar for WordPress by vcita
plugin ...)
NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita
plugin for WordPress
CVE-2023-2407 (The Event Registration Calendar By vcita plugin, versions up to
and in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2406 (The Event Registration Calendar By vcita plugin, versions up to
and in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2405 (The CRM and Lead Management by vcita plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: CRM and Lead Management by vcita plugin for WordPress
CVE-2023-2404 (The CRM and Lead Management by vcita plugin for WordPress is
vulnerabl ...)
@@ -166,9 +166,9 @@ CVE-2023-32310 (DataEase is an open source data
visualization and analysis tool.
CVE-2023-32181 (A Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow ...)
TODO: check
CVE-2015-10109 (A vulnerability was found in Video Playlist and Gallery Plugin
up to 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-125104 (A vulnerability was found in VaultPress Plugin up to 1.6.0 on
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-XXXX [RUSTSEC-2023-0039]
- rust-buffered-reader <unfixed> (bug #1037018)
[bookworm] - rust-buffered-reader <no-dsa> (Minor issue)
@@ -3824,7 +3824,7 @@ CVE-2023-2203 (A flaw was found in the WebKitGTK package.
An improper input vali
CVE-2023-2202 (Improper Access Control in GitHub repository
francoisjacquet/rosariosi ...)
NOT-FOR-US: RosarioSIS
CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL
Injection vi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2200
RESERVED
CVE-2023-2199
@@ -4799,11 +4799,11 @@ CVE-2023-30606 (Discourse is an open source platform
for community discussion. I
CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery
project cont ...)
NOT-FOR-US: Archery
CVE-2023-30604 (It is identified a vulnerability of insufficient
authentication in the ...)
- TODO: check
+ NOT-FOR-US: Hitron Technologies
CVE-2023-30603 (Hitron Technologies CODA-5310 Telnet function with the default
account ...)
- TODO: check
+ NOT-FOR-US: Hitron Technologies
CVE-2023-30602 (Hitron Technologies CODA-5310\u2019s Telnet function transfers
sensiti ...)
- TODO: check
+ NOT-FOR-US: Hitron Technologies
CVE-2023-30601 (Privilege escalation when enabling FQL/Audit logs allows user
with JMX ...)
- cassandra <itp> (bug #585905)
CVE-2023-30600
@@ -4921,13 +4921,13 @@ CVE-2023-2065 (Authorization Bypass Through
User-Controlled Key vulnerability in
CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Minova Technology eTrace
CVE-2023-2063 (Unrestricted Upload of File with Dangerous Type vulnerability
in FTP f ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-2062 (Missing Password Field Masking vulnerability in Mitsubishi
Electric Co ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-2061 (Use of Hard-coded Password vulnerability in FTP function on
Mitsubishi ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-2060 (Weak Password Requirements vulnerability in FTP function on
Mitsubishi ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-2059 (A vulnerability was found in DedeCMS 5.7.87. It has been rated
as prob ...)
NOT-FOR-US: DedeCMS
CVE-2023-2058 (A vulnerability was found in EyouCms up to 1.6.2. It has been
declared ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8d490126c4dbcdb315645df07ca14123e46e43be...b40afe94f15d89a41e7e96a37a10760da5b83dd7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8d490126c4dbcdb315645df07ca14123e46e43be...b40afe94f15d89a41e7e96a37a10760da5b83dd7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
