[Git][security-tracker-team/security-tracker][master] Add two new hoteldruid issues

Wed, 14 Jun 2023 02:29:16 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
90d9ac39 by Salvatore Bonaccorso at 2023-06-14T11:28:34+02:00
Add two new hoteldruid issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,7 +37,8 @@ CVE-2023-3001 (A CWE-502: Deserialization of Untrusted Data 
vulnerability exists
 CVE-2023-34944 (An arbitrary file upload vulnerability in the 
/fileUpload.lib.php comp ...)
        NOT-FOR-US: Chamilo LMS
 CVE-2023-34537 (A Reflected XSS was discovered in HotelDruid version 3.0.5, an 
attacke ...)
-       TODO: check
+       - hoteldruid <unfixed>
+       NOTE: 
https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5
 CVE-2023-34396 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
        TODO: check
 CVE-2023-34250 (Discourse is an open source discussion platform. Prior to 
version 3.0. ...)
@@ -49,7 +50,8 @@ CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII 
Disclosure inWooCommer
 CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
        TODO: check
 CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection 
vulnerabil ...)
-       TODO: check
+       - hoteldruid <unfixed>
+       NOTE: 
https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5
 CVE-2023-33146 (Microsoft Office Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-33145 (Microsoft Edge (Chromium-based) Information Disclosure 
Vulnerability)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90d9ac3933c3af528165a58d9b5933b691862a37

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90d9ac3933c3af528165a58d9b5933b691862a37
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to