Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cc0e9a59 by security tracker role at 2023-06-09T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker
Management S ...)
+ TODO: check
+CVE-2023-3183 (A vulnerability was found in SourceCodester Performance
Indicator Syst ...)
+ TODO: check
+CVE-2023-3141 (A use-after-free flaw was found in r592_remove in
drivers/memstick/hos ...)
+ TODO: check
+CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link
DI-7500G-CI-19.05 ...)
+ TODO: check
+CVE-2023-34245 (@udecode/plate-link is the link handler for the udecode/plate
rich-tex ...)
+ TODO: check
+CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system
for IoT ...)
+ TODO: check
+CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection
vulnerabilit ...)
+ TODO: check
+CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a
termination ...)
+ TODO: check
+CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it
skipped ...)
+ TODO: check
+CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that
enables ea ...)
+ TODO: check
CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found
Inform ...)
NOT-FOR-US: SourceCodester
CVE-2023-3176 (A vulnerability, which was classified as critical, was found in
Source ...)
@@ -1529,7 +1549,7 @@ CVE-2023-33439 (Sourcecodester Faculty Evaluation System
v1.0 is vulnerable to S
NOT-FOR-US: Sourcecodester Faculty Evaluation System
CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS).
Attackers ...)
NOT-FOR-US: skycaiji
-CVE-2023-33255 (An issue was discovered in Papaya Viewer 4a42701.
User-supplied input ...)
+CVE-2023-33255 (An issue was discovered in Papaya Viewer 1.0.1449.
User-supplied input ...)
NOT-FOR-US: Papaya Viewer
CVE-2023-33247 (Talend Data Catalog remote harvesting server before
8.0-20230413 conta ...)
NOT-FOR-US: Talend
@@ -2815,13 +2835,13 @@ CVE-2023-2444 (A cross site request forgery
vulnerability exists in Rockwell Aut
NOT-FOR-US: Rockwell Automation
CVE-2023-2443 (Rockwell Automation ThinManager product allows the use of
medium stren ...)
NOT-FOR-US: Rockwell Automation
-CVE-2023-2455 [Row security policies disregard user ID changes after inlining]
+CVE-2023-2455 (Row security policies disregard user ID changes after inlining;
Postgr ...)
{DSA-5401-1 DLA-3422-1}
- postgresql-15 15.3-0+deb12u1
- postgresql-13 <removed>
- postgresql-11 <removed>
NOTE:
https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/
-CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats protective search_path
changes]
+CVE-2023-2454 (schema_element defeats protective search_path changes; It was
found th ...)
{DSA-5401-1 DLA-3422-1}
- postgresql-15 15.3-0+deb12u1
- postgresql-13 <removed>
@@ -3727,12 +3747,12 @@ CVE-2023-2288 (The Otter WordPress plugin before 2.2.6
does not sanitize some us
NOT-FOR-US: WordPress plugin
CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does
not li ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2286
- RESERVED
-CVE-2023-2285
- RESERVED
-CVE-2023-2284
- RESERVED
+CVE-2023-2286 (The WP Activity Log for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable
to Cros ...)
+ TODO: check
+CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
CVE-2023-31222
RESERVED
CVE-2023-31221
@@ -3998,8 +4018,8 @@ CVE-2023-2263
RESERVED
CVE-2023-2262
RESERVED
-CVE-2023-2261
- RESERVED
+CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to
authorizatio ...)
+ TODO: check
CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub
repository ...)
NOT-FOR-US: Alf.io
CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
@@ -5092,8 +5112,8 @@ CVE-2023-2123
RESERVED
CVE-2023-2122
RESERVED
-CVE-2023-2121
- RESERVED
+CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff
viewer ...)
+ TODO: check
CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is
vulnerable to Re ...)
NOT-FOR-US: Thumbnail carousel slider plugin for WordPress
CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is
vulnerable ...)
@@ -6685,8 +6705,8 @@ CVE-2023-30264 (CLTPHP <=6.0 is vulnerable to
Unrestricted Upload of File with D
NOT-FOR-US: CLTPHP
CVE-2023-30263
RESERVED
-CVE-2023-30262
- RESERVED
+CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and
MIMpacs serv ...)
+ TODO: check
CVE-2023-30261
RESERVED
CVE-2023-30260
@@ -7724,10 +7744,10 @@ CVE-2023-29769
RESERVED
CVE-2023-29768
RESERVED
-CVE-2023-29767
- RESERVED
-CVE-2023-29766
- RESERVED
+CVE-2023-29767 (An issue found in CrossX v.1.15.3 for Android allows a local
attacker ...)
+ TODO: check
+CVE-2023-29766 (An issue found in CrossX v.1.15.3 for Android allows a local
attacker ...)
+ TODO: check
CVE-2023-29765
RESERVED
CVE-2023-29764
@@ -7736,32 +7756,32 @@ CVE-2023-29763
RESERVED
CVE-2023-29762
RESERVED
-CVE-2023-29761
- RESERVED
+CVE-2023-29761 (An issue found in Sleep v.20230303 for Android allows
unauthorized app ...)
+ TODO: check
CVE-2023-29760
RESERVED
-CVE-2023-29759
- RESERVED
-CVE-2023-29758
- RESERVED
-CVE-2023-29757
- RESERVED
-CVE-2023-29756
- RESERVED
-CVE-2023-29755
- RESERVED
+CVE-2023-29759 (An issue found in FlightAware v.5.8.0 for Android allows
unauthorized ...)
+ TODO: check
+CVE-2023-29758 (An issue found in Blue Light Filter v.1.5.5 for Android allows
unautho ...)
+ TODO: check
+CVE-2023-29757 (An issue found in Blue Light Filter v.1.5.5 for Android allows
unautho ...)
+ TODO: check
+CVE-2023-29756 (An issue found in Twilight v.13.3 for Android allows
unauthorized apps ...)
+ TODO: check
+CVE-2023-29755 (An issue found in Twilight v.13.3 for Android allows
unauthorized apps ...)
+ TODO: check
CVE-2023-29754
RESERVED
-CVE-2023-29753
- RESERVED
-CVE-2023-29752
- RESERVED
+CVE-2023-29753 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for
Android allows ...)
+ TODO: check
+CVE-2023-29752 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for
Android allows ...)
+ TODO: check
CVE-2023-29751
RESERVED
CVE-2023-29750
RESERVED
-CVE-2023-29749
- RESERVED
+CVE-2023-29749 (An issue found in Yandex Navigator v.6.60 for Android allows
unauthori ...)
+ TODO: check
CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for
Android has an ...)
NOT-FOR-US: Story Saver for Instragram
CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for
Android exists ...)
@@ -7830,12 +7850,12 @@ CVE-2023-29716
RESERVED
CVE-2023-29715
RESERVED
-CVE-2023-29714
- RESERVED
-CVE-2023-29713
- RESERVED
-CVE-2023-29712
- RESERVED
+CVE-2023-29714 (Cross Site Scripting vulnerability found in Vade Secure
Gateway allows ...)
+ TODO: check
+CVE-2023-29713 (Cross Site Scripting vulnerability found in Vade Secure
Gateway allows ...)
+ TODO: check
+CVE-2023-29712 (Cross Site Scripting vulnerability found in Vade Secure
Gateway allows ...)
+ TODO: check
CVE-2023-29711
RESERVED
CVE-2023-29710
@@ -12032,8 +12052,8 @@ CVE-2023-1430 (The FluentCRM - Marketing Automation For
WordPress plugin for Wo
NOT-FOR-US: WordPress plugin
CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
NOT-FOR-US: pimcore
-CVE-2023-1428
- RESERVED
+CVE-2023-1428 (There exists an vulnerability causing an abort() to be called
in gRPC. ...)
+ TODO: check
CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did
not en ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure
that posts ...)
@@ -14690,8 +14710,8 @@ CVE-2023-27708
RESERVED
CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows
a remote ...)
NOT-FOR-US: DedeCMS
-CVE-2023-27706
- RESERVED
+CVE-2023-27706 (Bitwarden Desktop v1.20.0 and above stores the biometric key
in plaint ...)
+ TODO: check
CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer
overflow via th ...)
NOT-FOR-US: APNG Optimizer
CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to
contain ...)
@@ -26136,8 +26156,8 @@ CVE-2023-23700
RESERVED
CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0342
- RESERVED
+CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact
sensitive PEM k ...)
+ TODO: check
CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of
editorconfig ...)
- editorconfig-core 0.12.6-0.1
[bullseye] - editorconfig-core <no-dsa> (Minor issue)
@@ -89919,6 +89939,7 @@ CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management
Key Performance Indicator
CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator
System 5+ e ...)
NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator
System
CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x
before 2.7.6, ...)
+ {DLA-3450-1}
- ruby3.0 3.0.4-1 (bug #1009956)
- ruby2.7 <removed> (bug #1009957)
[bullseye] - ruby2.7 <postponed> (Minor issue, fix with next Ruby
security release)
@@ -148298,6 +148319,7 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x,
and SingularityPRO before 3.
- singularity-container 3.9.5+ds1-2 (bug #990201)
NOTE:
https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x
before 0.3.5 ...)
+ {DLA-3450-1}
- ruby3.1 3.1.2-4 (bug #1024799)
- ruby3.0 <removed> (bug #1024800)
- ruby2.7 <removed>
@@ -274022,8 +274044,8 @@ CVE-2019-16285 (If a local user has been configured
and logged in, an unauthenti
NOT-FOR-US: HP
CVE-2019-16284 (A potential security vulnerability has been identified in
multiple HP ...)
NOT-FOR-US: HP
-CVE-2019-16283
- RESERVED
+CVE-2019-16283 (A potential security vulnerability has been identified with a
version ...)
+ TODO: check
CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting
(XSS) ex ...)
NOT-FOR-US: NCH Express Invoice
CVE-2019-16281 (Ptarmigan before 0.2.3 lacks API token validation, e.g., an
"if (token ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0e9a5988abb47086e2758d9f329fa821236ca3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0e9a5988abb47086e2758d9f329fa821236ca3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
