[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 22 21:10:42 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8163efde by security tracker role at 2023-04-22T20:10:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2023-31038
+	RESERVED
+CVE-2023-2245 (A vulnerability was found in hansunCMS 1.4.3. It has been declared as  ...)
+	TODO: check
+CVE-2023-2244 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...)
+	TODO: check
+CVE-2023-2243 (A vulnerability was found in SourceCodester Complaint Management Syste ...)
+	TODO: check
+CVE-2023-2242 (A vulnerability has been found in SourceCodester Online Computer and L ...)
+	TODO: check
+CVE-2023-2241 (A vulnerability, which was classified as critical, was found in PoDoFo ...)
+	TODO: check
+CVE-2012-10014
+	RESERVED
+CVE-2012-10013
+	RESERVED
 CVE-2023-31037
 	RESERVED
 CVE-2023-31036
@@ -250,8 +266,8 @@ CVE-2023-30913
 	RESERVED
 CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...)
 	NOT-FOR-US: microweber
-CVE-2023-2239
-	RESERVED
+CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor in G ...)
+	TODO: check
 CVE-2023-2238
 	RESERVED
 CVE-2023-2237
@@ -288,8 +304,8 @@ CVE-2023-2222
 	RESERVED
 CVE-2023-2221
 	RESERVED
-CVE-2022-4944
-	RESERVED
+CVE-2022-4944 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
 CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...)
 	NOT-FOR-US: Dream Technology mica
 CVE-2023-2219 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...)
@@ -729,18 +745,23 @@ CVE-2023-30793
 CVE-2023-2138 (Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-mod ...)
 	NOT-FOR-US: nuxtlabs/github-module
 CVE-2023-2137 (Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.13 ...)
+	{DSA-5393-1}
 	- chromium 112.0.5615.138-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2136 (Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allo ...)
+	{DSA-5393-1}
 	- chromium 112.0.5615.138-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2135 (Use after free in DevTools in Google Chrome prior to 112.0.5615.137 al ...)
+	{DSA-5393-1}
 	- chromium 112.0.5615.138-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2134 (Out of bounds memory access in Service Worker API in Google Chrome pri ...)
+	{DSA-5393-1}
 	- chromium 112.0.5615.138-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrome pri ...)
+	{DSA-5393-1}
 	- chromium 112.0.5615.138-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2132
@@ -3746,7 +3767,7 @@ CVE-2023-29551
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29551
 CVE-2023-29550
 	RESERVED
-	{DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3759,7 +3780,7 @@ CVE-2023-29549
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29549
 CVE-2023-29548
 	RESERVED
-	{DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3799,7 +3820,7 @@ CVE-2023-29542
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29542
 CVE-2023-29541
 	RESERVED
-	{DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3812,7 +3833,7 @@ CVE-2023-29540
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29540
 CVE-2023-29539
 	RESERVED
-	{DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3829,7 +3850,7 @@ CVE-2023-29537
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29537
 CVE-2023-29536
 	RESERVED
-	{DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3838,7 +3859,7 @@ CVE-2023-29536
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29536
 CVE-2023-29535
 	RESERVED
-	{DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3851,7 +3872,7 @@ CVE-2023-29534
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534
 CVE-2023-29533
 	RESERVED
-	{DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
 	- firefox 112.0-1
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
@@ -3910,7 +3931,7 @@ CVE-2023-1946 (A vulnerability was found in SourceCodester Survey Application Sy
 	NOT-FOR-US: SourceCodester Survey Application System
 CVE-2023-1945
 	RESERVED
-	{DSA-5385-1 DLA-3391-1}
+	{DSA-5392-1 DSA-5385-1 DLA-3391-1}
 	- firefox-esr 102.10.0esr-1
 	- thunderbird 1:102.10.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945
@@ -4036,6 +4057,7 @@ CVE-2023-29480
 	NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/
 CVE-2023-29479
 	RESERVED
+	{DSA-5392-1}
 	- rnp <unfixed> (bug #1034558)
 	- thunderbird 1:102.10.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29479
@@ -4418,8 +4440,8 @@ CVE-2023-1877 (Command Injection in GitHub repository microweber/microweber prio
 	NOT-FOR-US: microweber
 CVE-2023-1876
 	REJECTED
-CVE-2023-1875
-	RESERVED
+CVE-2023-1875 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
+	TODO: check
 CVE-2023-1874 (The WP Data Access plugin for WordPress is vulnerable to privilege esc ...)
 	NOT-FOR-US: WP Data Access plugin for WordPress
 CVE-2023-1873 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -7617,6 +7639,7 @@ CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versi
 	NOTE: https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 (v1.1.1)
 	NOTE: https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf
 CVE-2023-28427 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...)
+	{DSA-5392-1}
 	- node-matrix-js-sdk <unfixed> (bug #1033621)
 	[bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
 	[buster] - node-matrix-js-sdk <no-dsa> (Minor issue)
@@ -18746,6 +18769,7 @@ CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitiz
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0547
 	RESERVED
+	{DSA-5392-1}
 	- thunderbird 1:102.10.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547
 CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not proper ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8163efdec326cce2f439528875c7a5226c2a02c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8163efdec326cce2f439528875c7a5226c2a02c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230422/11ca6eb7/attachment.htm>
