Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 29cb2e3b by security tracker role at 2023-06-26T08:12:00+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,17 @@ +CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) + TODO: check +CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...) + TODO: check +CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission validation f ...) + TODO: check +CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows ...) + TODO: check +CVE-2023-36662 (The TechTime User Management components for Atlassian products allow s ...) + TODO: check +CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth ...) + TODO: check +CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory ...) + TODO: check CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...) NOT-FOR-US: Campcodes Retro Cellphone Online Store CVE-2023-36632 (The legacy email.utils.parseaddr function in Python through 3.11.4 all ...) @@ -3592,7 +3606,7 @@ CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10. CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...) NOT-FOR-US: Teltonika CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...) - {DSA-5419-1} + {DSA-5419-1 DLA-3471-1} [experimental] - c-ares 1.19.1-1 - c-ares 1.18.1-3 NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc @@ -5576,7 +5590,7 @@ CVE-2023-31132 CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...) NOT-FOR-US: Greenplum Database CVE-2023-31130 (c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ...) - {DSA-5419-1} + {DSA-5419-1 DLA-3471-1} [experimental] - c-ares 1.19.1-1 - c-ares 1.18.1-3 NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v @@ -10337,10 +10351,10 @@ CVE-2023-29426 RESERVED CVE-2023-29425 RESERVED -CVE-2023-29424 - RESERVED -CVE-2023-29423 - RESERVED +CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plai ...) + TODO: check +CVE-2023-29423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) + TODO: check CVE-2023-29422 RESERVED CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtiff pac ...) @@ -11464,8 +11478,8 @@ CVE-2023-29095 RESERVED CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...) NOT-FOR-US: WordPress plugin -CVE-2023-29093 - RESERVED +CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...) TODO: check CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow ...) @@ -11846,16 +11860,16 @@ CVE-2023-28994 RESERVED CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) NOT-FOR-US: WordPress plugin -CVE-2023-28992 - RESERVED -CVE-2023-28991 - RESERVED +CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...) + TODO: check +CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) + TODO: check CVE-2023-28990 RESERVED CVE-2023-28989 RESERVED -CVE-2023-28988 - RESERVED +CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) + TODO: check CVE-2023-28987 RESERVED CVE-2023-28986 @@ -12518,10 +12532,10 @@ CVE-2023-1622 REJECTED CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all versions start ...) TODO: check -CVE-2023-1620 - RESERVED -CVE-2023-1619 - RESERVED +CVE-2023-1620 (Multiple WAGO devices in multiple versions may allow an authenticated ...) + TODO: check +CVE-2023-1619 (Multiple WAGO devices in multiple versions may allow an authenticated ...) + TODO: check CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...) NOT-FOR-US: Mitsubishi CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...) @@ -17054,8 +17068,8 @@ CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/netwo NOT-FOR-US: Epson CVE-2023-1151 (A vulnerability was found in SourceCodester Electronic Medical Records ...) NOT-FOR-US: SourceCodester Electronic Medical Records System -CVE-2023-1150 - RESERVED +CVE-2023-1150 (Uncontrolled resource consumption in Series WAGO 750-3x/-8x products m ...) + TODO: check CVE-2023-1149 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...) NOT-FOR-US: btcpayserver CVE-2023-1148 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...) @@ -27618,8 +27632,8 @@ CVE-2023-23549 RESERVED CVE-2023-23548 RESERVED -CVE-2023-22359 - RESERVED +CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...) + TODO: check CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions < ...) - check-mk <removed> CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29cb2e3bb7566f7a4638b34ce3ba40e52c5dc8d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29cb2e3bb7566f7a4638b34ce3ba40e52c5dc8d1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits