[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Aug 6 09:12:37 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2eea82c4 by security tracker role at 2023-08-06T08:12:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2023-4190 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...)
+	TODO: check
+CVE-2023-4180 (A vulnerability classified as critical was found in SourceCodester Fre ...)
+	TODO: check
+CVE-2023-4179 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2023-4177 (A vulnerability was found in EmpowerID up to 7.205.0.0. It has been ra ...)
+	TODO: check
+CVE-2023-4176 (A vulnerability was found in SourceCodester Hospital Management System ...)
+	TODO: check
+CVE-2023-4175 (A vulnerability was found in mooSocial mooTravel 3.1.8 and classified  ...)
+	TODO: check
+CVE-2023-4174 (A vulnerability has been found in mooSocial mooStore 3.1.6 and classif ...)
+	TODO: check
+CVE-2023-4173 (A vulnerability, which was classified as problematic, was found in moo ...)
+	TODO: check
+CVE-2023-4172 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-4171 (A vulnerability classified as problematic was found in Chengdu Flash F ...)
+	TODO: check
+CVE-2023-37874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Dimit ...)
+	TODO: check
+CVE-2023-37873 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...)
+	TODO: check
+CVE-2023-37581 (Insufficient input validation and sanitation in Weblog Category name,  ...)
+	TODO: check
+CVE-2023-36689 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactor ...)
+	TODO: check
+CVE-2023-36686 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlow ...)
+	TODO: check
+CVE-2023-36678 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-b ...)
+	TODO: check
+CVE-2023-34377 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jose ...)
+	TODO: check
+CVE-2023-34010 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability insubmodule ...)
+	TODO: check
+CVE-2023-32600 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-4189 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...)
 	TODO: check
 CVE-2023-4188 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-g ...)
@@ -612,7 +650,7 @@ CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057
 CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox  ...)
-	{DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -622,7 +660,7 @@ CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Fir
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056
 CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...)
-	{DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -654,7 +692,7 @@ CVE-2023-4051 (A website could have obscured the full screen notification by usi
 	- firefox 116.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051
 CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer  ...)
-	{DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -664,7 +702,7 @@ CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack bu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050
 CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...)
-	{DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -674,7 +712,7 @@ CVE-2023-4049 (Race conditions in reference counting code were found through cod
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049
 CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...)
-	{DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -684,7 +722,7 @@ CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048
 CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...)
-	{DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -694,7 +732,7 @@ CVE-2023-4047 (A bug in popup notifications delay calculation could have made it
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047
 CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...)
-	{DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -704,7 +742,7 @@ CVE-2023-4046 (In some circumstances, a stale value could have been used for a g
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046
 CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...)
-	{DSA-5464-1}
+	{DSA-5469-1 DSA-5464-1}
 	- firefox 116.0-1
 	- firefox-esr 115.1.0esr-1
 	- thunderbird 1:115.1.0-1
@@ -13135,8 +13173,8 @@ CVE-2023-30493
 	RESERVED
 CVE-2023-30492
 	RESERVED
-CVE-2023-30491
-	RESERVED
+CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard ...)
+	TODO: check
 CVE-2023-30490
 	RESERVED
 CVE-2023-30489



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eea82c4ef4fb4e655a86a1afd51fee5e5ff169e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eea82c4ef4fb4e655a86a1afd51fee5e5ff169e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230806/2db3c83e/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list