Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: dab9027b by security tracker role at 2023-06-03T20:12:10+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,11 @@ +CVE-2023-3086 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + TODO: check +CVE-2023-3085 (A vulnerability, which was classified as problematic, has been found i ...) + TODO: check +CVE-2023-3084 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + TODO: check +CVE-2023-32582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle ...) + TODO: check CVE-2023-3083 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) - teampass <itp> (bug #730180) CVE-2023-3055 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross- ...) @@ -417,6 +425,7 @@ CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...) NOT-FOR-US: Wordapp plugin for WordPress CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) + {DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark <unfixed> [bookworm] - wireshark <no-dsa> (Minor issue) @@ -657,42 +666,55 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0. CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) NOT-FOR-US: OpenEMR CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome prior ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2940 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2939 (Insufficient data validation in Installer in Google Chrome on Windows ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2938 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2937 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2936 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2935 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2934 (Out of bounds memory access in Mojo in Google Chrome prior to 114.0.57 ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2933 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2932 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2931 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2930 (Use after free in Extensions in Google Chrome prior to 114.0.5735.90 a ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2929 (Out of bounds write in Swiftshader in Google Chrome prior to 114.0.573 ...) + {DSA-5418-1} - chromium 114.0.5735.90-1 [buster] - chromium <end-of-life> (see DSA 5046) CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been declar ...) @@ -797,6 +819,7 @@ CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3. NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084 NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/19ed05756313a0181fd3188eae0557f688bfddaf (v3.7.0) CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 ...) + {DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark <unfixed> [bookworm] - wireshark <no-dsa> (Minor issue) @@ -804,6 +827,7 @@ CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083 CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) + {DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark <unfixed> [bookworm] - wireshark <no-dsa> (Minor issue) @@ -811,6 +835,7 @@ CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081 CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...) + {DLA-3443-1} [experimental] - wireshark 4.0.6-1~exp1 - wireshark <unfixed> [bookworm] - wireshark <no-dsa> (Minor issue) @@ -149414,6 +149439,7 @@ CVE-2021-32864 CVE-2021-32863 REJECTED CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...) + {DLA-3442-1} - nbconvert 6.5.1-1 NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq NOTE: https://github.com/jupyter/nbconvert/commit/d09000bbf076410ce4bd4d9a406f9bbe849cd5c6 (6.5.1) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dab9027baec79b4eba06085ad772ce5cf4b89b32 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dab9027baec79b4eba06085ad772ce5cf4b89b32 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits