[Git][security-tracker-team/security-tracker][master] new ATS issues

Wed, 14 Jun 2023 03:39:16 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fe28c019 by Moritz Muehlenhoff at 2023-06-14T12:38:43+02:00
new ATS issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -48,7 +48,11 @@ CVE-2023-34149 (Allocation of Resources Without Limits or 
Throttling vulnerabili
 CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure 
inWooCommerce Str ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       TODO: check
+       - trafficserver <unfixed>
+       NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
+       NOTE: 
https://github.com/apache/trafficserver/commit/867c48c1adf9e795c8d85c48d2d0f07f08aa87ec
 (master)
+       NOTE: 
https://github.com/apache/trafficserver/commit/726a79cb2f70fcbe0e2139aab3fe56930d3d8c27
 (9.2.x)
+       NOTE: 
https://github.com/apache/trafficserver/commit/496fa2c4cbdf2b3d6c61760a3fb6675b74b549f0
 (8.1.x)
 CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection 
vulnerabil ...)
        - hoteldruid <unfixed>
        NOTE: 
https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5
@@ -5940,7 +5944,11 @@ CVE-2023-30633
 CVE-2023-30632
        RESERVED
 CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software 
Foundation  ...)
-       TODO: check
+       - trafficserver <unfixed>
+       NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
+       NOTE: 
https://github.com/apache/trafficserver/commit/8d1ad1dfe4d0ee179029f37c7e8d4caab601cb7b
 (master)
+       NOTE: 
https://github.com/apache/trafficserver/commit/ee46128fc7099956145be2147e4ddad7fbc7299b
 (9.2.x)
+       NOTE: 
https://github.com/apache/trafficserver/commit/35dd3efde78a73aefa257e12b8fe78d6cd646ba0
 (8.1.x)
 CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local 
file. This  ...)
        - dmidecode <unfixed> (bug #1034483)
        [bookworm] - dmidecode <no-dsa> (Minor issue)
@@ -35881,7 +35889,11 @@ CVE-2022-47186
 CVE-2022-47185
        RESERVED
 CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       TODO: check
+       - trafficserver <unfixed>
+       NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
+       NOTE: 
https://github.com/apache/trafficserver/commit/105af3ca30e59fbb89013e83a484a04559b4cf25
 (master)
+       NOTE: 
https://github.com/apache/trafficserver/commit/c371b7b21a7e774f852af86b85c87d5d877a14bd
 (9.2.x)
+       NOTE: 
https://github.com/apache/trafficserver/commit/b49ae063632b1f40b9bd45aa66524924e2c26600
 (8.1.x)
 CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP 
Extra Blo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47182



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe28c019b17e52c3ca14e28f9b5c1b506eda8a8c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe28c019b17e52c3ca14e28f9b5c1b506eda8a8c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to