Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02063b9a by security tracker role at 2023-08-05T20:11:48+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4189 (Cross-site Scripting (XSS) - Reflected in GitHub repository
instantsof ...)
+ TODO: check
+CVE-2023-4188 (SQL Injection in GitHub repository instantsoft/icms2 prior to
2.16.1-g ...)
+ TODO: check
+CVE-2023-4187 (Cross-site Scripting (XSS) - Stored in GitHub repository
instantsoft/i ...)
+ TODO: check
+CVE-2023-4170 (A vulnerability was found in DedeBIZ 6.2.10. It has been rated
as prob ...)
+ TODO: check
+CVE-2023-4169 (A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It
has been ...)
+ TODO: check
+CVE-2023-4168 (A vulnerability was found in Templatecookie Adlisting 2.14.0.
It has b ...)
+ TODO: check
+CVE-2023-4167 (A vulnerability was found in Media Browser Emby Server 4.7.13.0
and cl ...)
+ TODO: check
+CVE-2023-4166 (A vulnerability has been found in Tongda OA and classified as
critical ...)
+ TODO: check
+CVE-2023-4165 (A vulnerability, which was classified as critical, was found in
Tongda ...)
+ TODO: check
CVE-2023-39508 (Execution with Unnecessary Privileges, : Exposure of Sensitive
Informa ...)
- airflow <itp> (bug #819700)
CVE-2023-39346 (LinuxASMCallGraph is software for drawing the call graph of
the progra ...)
@@ -949,14 +967,16 @@ CVE-2023-38604 (An out-of-bounds write issue was
addressed with improved input v
CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This
issue i ...)
NOT-FOR-US: Apple
CVE-2023-38599 (A logic issue was addressed with improved state management.
This issue ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
- [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
+ [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38598 (A use-after-free issue was addressed with improved memory
management. ...)
NOT-FOR-US: Apple
CVE-2023-38592 (A logic issue was addressed with improved restrictions. This
issue is ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
@@ -1072,6 +1092,7 @@ CVE-2023-3956 (The InstaWP Connect plugin for WordPress
is vulnerable to unautho
CVE-2023-3451
REJECTED
CVE-2023-38611 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
@@ -1086,24 +1107,28 @@ CVE-2023-38603 (The issue was addressed with improved
checks. This issue is fixe
CVE-2023-38602 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2023-38600 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38597 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38595 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
NOTE: https://webkitgtk.org/security/WSA-2023-0007.html
CVE-2023-38594 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
@@ -1114,6 +1139,7 @@ CVE-2023-38593 (A logic issue was addressed with improved
checks. This issue is
CVE-2023-38580 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2023-38572 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
@@ -1143,6 +1169,7 @@ CVE-2023-38258 (The issue was addressed with improved
checks. This issue is fixe
CVE-2023-38136 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2023-38133 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+ {DSA-5468-1}
- webkit2gtk 2.40.5-1
[buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster)
- wpewebkit 2.40.5-1
@@ -8509,7 +8536,7 @@ CVE-2023-2887 (Authentication Bypass by Spoofing
vulnerability in CBOT Chatbot a
NOT-FOR-US: CBOT Chatbot
CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT
Chatbot ...)
NOT-FOR-US: CBOT Chatbot
-CVE-2023-2885 (Channel Accessible by Non-Endpoint vulnerability in CBOT
Chatbot allow ...)
+CVE-2023-2885 (Improper Enforcement of Message Integrity During Transmission
in a Com ...)
NOT-FOR-US: CBOT Chatbot
CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator
(PRNG), U ...)
NOT-FOR-US: CBOT Chatbot
@@ -41591,7 +41618,7 @@ CVE-2022-4558 (A vulnerability was found in Alinto SOGo
up to 5.7.1. It has been
[bullseye] - sogo <no-dsa> (Minor issue)
[buster] - sogo <no-dsa> (Minor issue)
NOTE:
https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3
(SOGo-5.8.0)
-CVE-2022-4557 (Improper Input Validation vulnerability in Group Arge Energy
and Contr ...)
+CVE-2022-4557 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web
CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and
classified as ...)
- sogo 5.8.0-1
@@ -109087,7 +109114,7 @@ CVE-2022-24797 (Pomerium is an identity-aware access
proxy. In distributed servi
CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for
running ...)
NOT-FOR-US: RaspberryMatic
CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and
generation libra ...)
- {DLA-3492-1}
+ {DLA-3516-1 DLA-3492-1}
- ruby-yajl 1.4.3-1 (bug #1014803)
[bullseye] - ruby-yajl <no-dsa> (Minor issue)
[buster] - ruby-yajl <no-dsa> (Minor issue)
@@ -386901,7 +386928,7 @@ CVE-2017-16518
CVE-2017-16517
RESERVED
CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file
is suppl ...)
- {DLA-3492-1 DLA-1167-1}
+ {DLA-3516-1 DLA-3492-1 DLA-1167-1}
- ruby-yajl 1.2.0-3.1 (low; bug #880691)
[stretch] - ruby-yajl <no-dsa> (Minor issue)
[jessie] - ruby-yajl <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02063b9a8266f23cc803a915f9d4dcba7327fc53
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02063b9a8266f23cc803a915f9d4dcba7327fc53
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
