Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: cc0e9a59 by security tracker role at 2023-06-09T20:12:27+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,23 @@ +CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Management S ...) + TODO: check +CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...) + TODO: check +CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...) + TODO: check +CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...) + TODO: check +CVE-2023-34245 (@udecode/plate-link is the link handler for the udecode/plate rich-tex ...) + TODO: check +CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) + TODO: check +CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...) + TODO: check +CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termination ...) + TODO: check +CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it skipped ...) + TODO: check +CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that enables ea ...) + TODO: check CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) NOT-FOR-US: SourceCodester CVE-2023-3176 (A vulnerability, which was classified as critical, was found in Source ...) @@ -1529,7 +1549,7 @@ CVE-2023-33439 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to S NOT-FOR-US: Sourcecodester Faculty Evaluation System CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers ...) NOT-FOR-US: skycaiji -CVE-2023-33255 (An issue was discovered in Papaya Viewer 4a42701. User-supplied input ...) +CVE-2023-33255 (An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input ...) NOT-FOR-US: Papaya Viewer CVE-2023-33247 (Talend Data Catalog remote harvesting server before 8.0-20230413 conta ...) NOT-FOR-US: Talend @@ -2815,13 +2835,13 @@ CVE-2023-2444 (A cross site request forgery vulnerability exists in Rockwell Aut NOT-FOR-US: Rockwell Automation CVE-2023-2443 (Rockwell Automation ThinManager product allows the use of medium stren ...) NOT-FOR-US: Rockwell Automation -CVE-2023-2455 [Row security policies disregard user ID changes after inlining] +CVE-2023-2455 (Row security policies disregard user ID changes after inlining; Postgr ...) {DSA-5401-1 DLA-3422-1} - postgresql-15 15.3-0+deb12u1 - postgresql-13 <removed> - postgresql-11 <removed> NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/ -CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats protective search_path changes] +CVE-2023-2454 (schema_element defeats protective search_path changes; It was found th ...) {DSA-5401-1 DLA-3422-1} - postgresql-15 15.3-0+deb12u1 - postgresql-13 <removed> @@ -3727,12 +3747,12 @@ CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some us NOT-FOR-US: WordPress plugin CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...) NOT-FOR-US: WordPress plugin -CVE-2023-2286 - RESERVED -CVE-2023-2285 - RESERVED -CVE-2023-2284 - RESERVED +CVE-2023-2286 (The WP Activity Log for WordPress is vulnerable to Cross-Site Request ...) + TODO: check +CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable to Cros ...) + TODO: check +CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to unau ...) + TODO: check CVE-2023-31222 RESERVED CVE-2023-31221 @@ -3998,8 +4018,8 @@ CVE-2023-2263 RESERVED CVE-2023-2262 RESERVED -CVE-2023-2261 - RESERVED +CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...) + TODO: check CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) NOT-FOR-US: Alf.io CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template Engine ...) @@ -5092,8 +5112,8 @@ CVE-2023-2123 RESERVED CVE-2023-2122 RESERVED -CVE-2023-2121 - RESERVED +CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer ...) + TODO: check CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...) NOT-FOR-US: Thumbnail carousel slider plugin for WordPress CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...) @@ -6685,8 +6705,8 @@ CVE-2023-30264 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with D NOT-FOR-US: CLTPHP CVE-2023-30263 RESERVED -CVE-2023-30262 - RESERVED +CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and MIMpacs serv ...) + TODO: check CVE-2023-30261 RESERVED CVE-2023-30260 @@ -7724,10 +7744,10 @@ CVE-2023-29769 RESERVED CVE-2023-29768 RESERVED -CVE-2023-29767 - RESERVED -CVE-2023-29766 - RESERVED +CVE-2023-29767 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...) + TODO: check +CVE-2023-29766 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...) + TODO: check CVE-2023-29765 RESERVED CVE-2023-29764 @@ -7736,32 +7756,32 @@ CVE-2023-29763 RESERVED CVE-2023-29762 RESERVED -CVE-2023-29761 - RESERVED +CVE-2023-29761 (An issue found in Sleep v.20230303 for Android allows unauthorized app ...) + TODO: check CVE-2023-29760 RESERVED -CVE-2023-29759 - RESERVED -CVE-2023-29758 - RESERVED -CVE-2023-29757 - RESERVED -CVE-2023-29756 - RESERVED -CVE-2023-29755 - RESERVED +CVE-2023-29759 (An issue found in FlightAware v.5.8.0 for Android allows unauthorized ...) + TODO: check +CVE-2023-29758 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...) + TODO: check +CVE-2023-29757 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...) + TODO: check +CVE-2023-29756 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...) + TODO: check +CVE-2023-29755 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...) + TODO: check CVE-2023-29754 RESERVED -CVE-2023-29753 - RESERVED -CVE-2023-29752 - RESERVED +CVE-2023-29753 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...) + TODO: check +CVE-2023-29752 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...) + TODO: check CVE-2023-29751 RESERVED CVE-2023-29750 RESERVED -CVE-2023-29749 - RESERVED +CVE-2023-29749 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...) + TODO: check CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android has an ...) NOT-FOR-US: Story Saver for Instragram CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...) @@ -7830,12 +7850,12 @@ CVE-2023-29716 RESERVED CVE-2023-29715 RESERVED -CVE-2023-29714 - RESERVED -CVE-2023-29713 - RESERVED -CVE-2023-29712 - RESERVED +CVE-2023-29714 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) + TODO: check +CVE-2023-29713 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) + TODO: check +CVE-2023-29712 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) + TODO: check CVE-2023-29711 RESERVED CVE-2023-29710 @@ -12032,8 +12052,8 @@ CVE-2023-1430 (The FluentCRM - Marketing Automation For WordPress plugin for Wo NOT-FOR-US: WordPress plugin CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) NOT-FOR-US: pimcore -CVE-2023-1428 - RESERVED +CVE-2023-1428 (There exists an vulnerability causing an abort() to be called in gRPC. ...) + TODO: check CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not en ...) NOT-FOR-US: WordPress plugin CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts ...) @@ -14690,8 +14710,8 @@ CVE-2023-27708 RESERVED CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...) NOT-FOR-US: DedeCMS -CVE-2023-27706 - RESERVED +CVE-2023-27706 (Bitwarden Desktop v1.20.0 and above stores the biometric key in plaint ...) + TODO: check CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer overflow via th ...) NOT-FOR-US: APNG Optimizer CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...) @@ -26136,8 +26156,8 @@ CVE-2023-23700 RESERVED CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) NOT-FOR-US: WordPress plugin -CVE-2023-0342 - RESERVED +CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM k ...) + TODO: check CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...) - editorconfig-core 0.12.6-0.1 [bullseye] - editorconfig-core <no-dsa> (Minor issue) @@ -89919,6 +89939,7 @@ CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management Key Performance Indicator CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ e ...) NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...) + {DLA-3450-1} - ruby3.0 3.0.4-1 (bug #1009956) - ruby2.7 <removed> (bug #1009957) [bullseye] - ruby2.7 <postponed> (Minor issue, fix with next Ruby security release) @@ -148298,6 +148319,7 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3. - singularity-container 3.9.5+ds1-2 (bug #990201) NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622- CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...) + {DLA-3450-1} - ruby3.1 3.1.2-4 (bug #1024799) - ruby3.0 <removed> (bug #1024800) - ruby2.7 <removed> @@ -274022,8 +274044,8 @@ CVE-2019-16285 (If a local user has been configured and logged in, an unauthenti NOT-FOR-US: HP CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP ...) NOT-FOR-US: HP -CVE-2019-16283 - RESERVED +CVE-2019-16283 (A potential security vulnerability has been identified with a version ...) + TODO: check CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...) NOT-FOR-US: NCH Express Invoice CVE-2019-16281 (Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0e9a5988abb47086e2758d9f329fa821236ca3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0e9a5988abb47086e2758d9f329fa821236ca3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits