Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dab9027b by security tracker role at 2023-06-03T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2023-3086 (Cross-site Scripting (XSS) - Stored in GitHub repository
nilsteampassn ...)
+ TODO: check
+CVE-2023-3085 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-3084 (Cross-site Scripting (XSS) - Stored in GitHub repository
nilsteampassn ...)
+ TODO: check
+CVE-2023-32582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Kyle ...)
+ TODO: check
CVE-2023-3083 (Cross-site Scripting (XSS) - Stored in GitHub repository
nilsteampassn ...)
- teampass <itp> (bug #730180)
CVE-2023-3055 (The Page Builder by AZEXO plugin for WordPress is vulnerable to
Cross- ...)
@@ -417,6 +425,7 @@ CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in
GitHub repository thorsten
CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization
bypass ...)
NOT-FOR-US: Wordapp plugin for WordPress
CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and
3.6.0 to 3 ...)
+ {DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -657,42 +666,55 @@ CVE-2023-2943 (Code Injection in GitHub repository
openemr/openemr prior to 7.0.
CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr
prior t ...)
NOT-FOR-US: OpenEMR
CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome
prior ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2940 (Inappropriate implementation in Downloads in Google Chrome
prior to 11 ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2939 (Insufficient data validation in Installer in Google Chrome on
Windows ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2938 (Inappropriate implementation in Picture In Picture in Google
Chrome pr ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2937 (Inappropriate implementation in Picture In Picture in Google
Chrome pr ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2936 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90
allowed a ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2935 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90
allowed a ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2934 (Out of bounds memory access in Mojo in Google Chrome prior to
114.0.57 ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2933 (Use after free in PDF in Google Chrome prior to 114.0.5735.90
allowed ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2932 (Use after free in PDF in Google Chrome prior to 114.0.5735.90
allowed ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2931 (Use after free in PDF in Google Chrome prior to 114.0.5735.90
allowed ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2930 (Use after free in Extensions in Google Chrome prior to
114.0.5735.90 a ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2929 (Out of bounds write in Swiftshader in Google Chrome prior to
114.0.573 ...)
+ {DSA-5418-1}
- chromium 114.0.5735.90-1
[buster] - chromium <end-of-life> (see DSA 5046)
CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been
declar ...)
@@ -797,6 +819,7 @@ CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to
4.0.5 and 3.6.0 to 3.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084
NOTE: Introduced by:
https://gitlab.com/wireshark/wireshark/-/commit/19ed05756313a0181fd3188eae0557f688bfddaf
(v3.7.0)
CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5
and 3.6.0 ...)
+ {DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -804,6 +827,7 @@ CVE-2023-2856 (VMS TCPIPtrace file parser crash in
Wireshark 4.0.0 to 4.0.5 and
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083
CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and
3.6.0 to 3 ...)
+ {DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -811,6 +835,7 @@ CVE-2023-2858 (NetScaler file parser crash in Wireshark
4.0.0 to 4.0.5 and 3.6.0
NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081
CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to
3.6.13 al ...)
+ {DLA-3443-1}
[experimental] - wireshark 4.0.6-1~exp1
- wireshark <unfixed>
[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -149414,6 +149439,7 @@ CVE-2021-32864
CVE-2021-32863
REJECTED
CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a
cross-sit ...)
+ {DLA-3442-1}
- nbconvert 6.5.1-1
NOTE:
https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
NOTE:
https://github.com/jupyter/nbconvert/commit/d09000bbf076410ce4bd4d9a406f9bbe849cd5c6
(6.5.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dab9027baec79b4eba06085ad772ce5cf4b89b32
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dab9027baec79b4eba06085ad772ce5cf4b89b32
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
