[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 08 Jun 2023 13:12:36 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
efc85425 by security tracker role at 2023-06-08T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2023-3165 (A vulnerability was found in SourceCodester Life Insurance 
Management  ...)
+       TODO: check
+CVE-2023-3163 (A vulnerability was found in y_project RuoYi up to 4.7.7. It 
has been  ...)
+       TODO: check
+CVE-2023-34962 (Incorrect access control in Chamilo v1.11.x up to v1.11.18 
allows a st ...)
+       TODO: check
+CVE-2023-34961 (Chamilo v1.11.x up to v1.11.18 was discovered to contain a 
cross-site  ...)
+       TODO: check
+CVE-2023-34959 (An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to 
execute ...)
+       TODO: check
+CVE-2023-34958 (Incorrect access control in Chamilo 1.11.* up to 1.11.18 
allows a stud ...)
+       TODO: check
+CVE-2023-34571 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-34570 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-34569 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-34568 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-34567 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-34566 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to 
contain  ...)
+       TODO: check
+CVE-2023-34231 (gosnowflake is th Snowflake Golang driver. Prior to version 
1.6.19, a  ...)
+       TODO: check
+CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which 
currently suppor ...)
+       TODO: check
+CVE-2023-33660 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. 
The vuln ...)
+       TODO: check
+CVE-2023-33658 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. 
The vuln ...)
+       TODO: check
+CVE-2023-33657 (A use-after-free vulnerability exists in NanoMQ 0.17.2. The 
vulnerabil ...)
+       TODO: check
+CVE-2023-33443 (Incorrect access control in the administrative functionalities 
of BES- ...)
+       TODO: check
+CVE-2023-32750 (Pydio Cells through 4.1.2 allows SSRF. For longer running 
processes, P ...)
+       TODO: check
+CVE-2023-32749 (Pydio Cells allows users by default to create so-called 
external users ...)
+       TODO: check
 CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to 
crash dbus- ...)
        [experimental] - dbus 1.15.6-1
        - dbus <unfixed> (bug #1037151)
@@ -1110,7 +1150,7 @@ CVE-2023-2972 (Prototype Pollution in GitHub repository 
antfu/utils prior to 0.7
 CVE-2023-2968 (A remote attacker can trigger a denial of service in the 
socket.remote ...)
        NOT-FOR-US: JFROG
 CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object 
identifi ...)
-       {DSA-5417-1}
+       {DSA-5417-1 DLA-3449-1}
        - openssl 3.0.9-1
        NOTE: https://www.openssl.org/news/secadv/20230530.txt
        NOTE: 
https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098
 (OpenSSL_1_1_1u)
@@ -18224,8 +18264,8 @@ CVE-2023-0956
        RESERVED
 CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape 
a param ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-0954
-       RESERVED
+CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 
Dome and ...)
+       TODO: check
 CVE-2023-0953 (Insufficient input sanitization in the documentation feature of 
Devolu ...)
        NOT-FOR-US: Devolutions Server
 CVE-2023-0952 (Improper access controls on entries in Devolutions Server  
2022.3.12 a ...)
@@ -23913,13 +23953,13 @@ CVE-2023-0468 (A use-after-free flaw was found in 
io_uring/poll.c in io_poll_che
 CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not 
properly sanit ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to 
implicit ...)
-       {DSA-5417-1}
+       {DSA-5417-1 DLA-3449-1}
        - openssl 3.0.9-1 (bug #1034720)
        NOTE: https://www.openssl.org/news/secadv/20230328.txt
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908
 (openssl-3.0)
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
 (OpenSSL_1_1_1-stable)
 CVE-2023-0465 (Applications that use a non-default option when verifying 
certificates ...)
-       {DSA-5417-1}
+       {DSA-5417-1 DLA-3449-1}
        - openssl 3.0.9-1 (bug #1034720)
        NOTE: https://www.openssl.org/news/secadv/20230328.txt
        NOTE: Fixed by: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
 (openssl-3.0.9)
@@ -23929,7 +23969,7 @@ CVE-2023-0465 (Applications that use a non-default 
option when verifying certifi
        NOTE: Test: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f675d164e5d9648c3537a0f5efe1cc2fd232b4a9
 (OpenSSL_1_1_1-stable)
        NOTE: Test: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23a4cbeb3ad80da3830f760f624599f24236bc38
 (OpenSSL_1_1_1-stable)
 CVE-2023-0464 (A security vulnerability has been identified in all supported 
versions ...)
-       {DSA-5417-1}
+       {DSA-5417-1 DLA-3449-1}
        - openssl 3.0.9-1 (bug #1034720)
        NOTE: https://www.openssl.org/news/secadv/20230322.txt
        NOTE: 
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
 (openssl-3.0)
@@ -29064,7 +29104,7 @@ CVE-2023-22835
        RESERVED
 CVE-2023-22834
        RESERVED
-CVE-2023-22833 (Palantir discovered a software bug in a recently released 
version of F ...)
+CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 
2.519.0 an ...)
        TODO: check
 CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 
through 1.19. ...)
        NOT-FOR-US: Apache NiFi



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc854252f99239cdf8f593c2e44b7bbae58a430

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc854252f99239cdf8f593c2e44b7bbae58a430
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to