Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02c6652a by security tracker role at 2023-07-08T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-3566 (A vulnerability was found in wallabag 2.5.4. It has been
declared as p ...)
+ TODO: check
+CVE-2023-3565 (Cross-site Scripting (XSS) - Generic in GitHub repository
nilsteampass ...)
+ TODO: check
+CVE-2023-3564 (A vulnerability was found in GZ Scripts GZ Multi Hotel Booking
System ...)
+ TODO: check
+CVE-2023-3563 (A vulnerability was found in GZ Scripts GZ E Learning Platform
1.8 and ...)
+ TODO: check
+CVE-2023-3562 (A vulnerability has been found in GZ Scripts PHP CRM Platform
1.8 and ...)
+ TODO: check
+CVE-2023-3561 (A vulnerability, which was classified as problematic, was found
in GZ ...)
+ TODO: check
+CVE-2023-3560 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2023-3559 (A vulnerability classified as problematic was found in GZ
Scripts PHP ...)
+ TODO: check
+CVE-2023-3558 (A vulnerability classified as problematic has been found in GZ
Scripts ...)
+ TODO: check
+CVE-2023-3557 (A vulnerability was found in GZ Scripts Property Listing Script
1.0. I ...)
+ TODO: check
+CVE-2023-3556 (A vulnerability was found in GZ Scripts Car Listing Script PHP
1.8. It ...)
+ TODO: check
+CVE-2023-3555 (A vulnerability was found in GZ Scripts PHP Vacation Rental
Script 1.8 ...)
+ TODO: check
+CVE-2023-3554 (A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and
classi ...)
+ TODO: check
+CVE-2023-3553 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ TODO: check
+CVE-2023-3552 (Improper Encoding or Escaping of Output in GitHub repository
nilsteamp ...)
+ TODO: check
+CVE-2023-3551 (Code Injection in GitHub repository nilsteampassnet/teampass
prior to ...)
+ TODO: check
CVE-2023-37270 (Piwigo is open source photo gallery software. Prior to version
13.8.0, ...)
- piwigo <removed>
CVE-2023-37269 (Winter is a free, open-source content management system (CMS)
based on ...)
@@ -9390,16 +9422,16 @@ CVE-2023-30451
RESERVED
CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the
redpanda.rpc_server_tls f ...)
NOT-FOR-US: Redpanda
-CVE-2023-30449
- RESERVED
-CVE-2023-30448
- RESERVED
-CVE-2023-30447
- RESERVED
-CVE-2023-30446
- RESERVED
-CVE-2023-30445
- RESERVED
+CVE-2023-30449 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
+CVE-2023-30448 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
+CVE-2023-30447 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
+CVE-2023-30446 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
+CVE-2023-30445 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 10.5 ...)
+ TODO: check
CVE-2023-30444 (IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5
is vulne ...)
NOT-FOR-US: IBM
CVE-2023-30443
@@ -17330,12 +17362,12 @@ CVE-2023-27871 (IBM Aspera Faspex 4.4.2 could allow a
remote attacker to obtain
NOT-FOR-US: IBM
CVE-2023-27870 (IBM Spectrum Virtualize 8.5, under certain circumstances,
could disclo ...)
NOT-FOR-US: IBM
-CVE-2023-27869
- RESERVED
-CVE-2023-27868
- RESERVED
-CVE-2023-27867
- RESERVED
+CVE-2023-27869 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5,
11.1, an ...)
+ TODO: check
+CVE-2023-27868 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5,
11.1, an ...)
+ TODO: check
+CVE-2023-27867 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5,
11.1, an ...)
+ TODO: check
CVE-2023-27866 (IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to
remote code e ...)
NOT-FOR-US: IBM
CVE-2023-27865
@@ -63117,6 +63149,7 @@ CVE-2022-39370 (GLPI stands for Gestionnaire Libre de
Parc Informatique. GLPI is
NOTE:
https://github.com/glpi-project/glpi/security/advisories/GHSA-6c2p-wgx9-vrjc
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-39369 (phpCAS is an authentication library that allows PHP
applications to ea ...)
+ {DLA-3485-1}
- php-cas 1.6.0-1 (bug #1023571)
NOTE:
https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64
NOTE: Fixed by:
https://github.com/apereo/phpCAS/commit/b759361d904a2cb2a3bcee9411fc348cfde5d163
(1.6.0)
@@ -72176,11 +72209,13 @@ CVE-2022-36182 (Hashicorp Boundary v0.8.0 is
vulnerable to Clickjacking which al
CVE-2022-36181
RESERVED
CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting
(XSS) via /f ...)
+ {DLA-3487-1}
- fusiondirectory <removed>
[bullseye] - fusiondirectory <no-dsa> (Minor issue)
NOTE:
https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/
NOTE:
https://github.com/fusiondirectory/fusiondirectory/commit/fadebb79b932a0260bdb8723eb23694a3ae62366
(fusiondirectory-1.3.1)
CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling.)
+ {DLA-3487-1}
- fusiondirectory <removed>
[bullseye] - fusiondirectory <no-dsa> (Minor issue)
NOTE:
https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c6652a173b06dcd38a64eeff51cf502ec05ba1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c6652a173b06dcd38a64eeff51cf502ec05ba1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
