[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jul 8 21:12:26 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02c6652a by security tracker role at 2023-07-08T20:12:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2023-3566 (A vulnerability was found in wallabag 2.5.4. It has been declared as p ...)
+ TODO: check
+CVE-2023-3565 (Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampass ...)
+ TODO: check
+CVE-2023-3564 (A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System ...)
+ TODO: check
+CVE-2023-3563 (A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and ...)
+ TODO: check
+CVE-2023-3562 (A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and ...)
+ TODO: check
+CVE-2023-3561 (A vulnerability, which was classified as problematic, was found in GZ ...)
+ TODO: check
+CVE-2023-3560 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2023-3559 (A vulnerability classified as problematic was found in GZ Scripts PHP ...)
+ TODO: check
+CVE-2023-3558 (A vulnerability classified as problematic has been found in GZ Scripts ...)
+ TODO: check
+CVE-2023-3557 (A vulnerability was found in GZ Scripts Property Listing Script 1.0. I ...)
+ TODO: check
+CVE-2023-3556 (A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. It ...)
+ TODO: check
+CVE-2023-3555 (A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8 ...)
+ TODO: check
+CVE-2023-3554 (A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classi ...)
+ TODO: check
+CVE-2023-3553 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+ TODO: check
+CVE-2023-3552 (Improper Encoding or Escaping of Output in GitHub repository nilsteamp ...)
+ TODO: check
+CVE-2023-3551 (Code Injection in GitHub repository nilsteampassnet/teampass prior to ...)
+ TODO: check
CVE-2023-37270 (Piwigo is open source photo gallery software. Prior to version 13.8.0, ...)
- piwigo <removed>
CVE-2023-37269 (Winter is a free, open-source content management system (CMS) based on ...)
@@ -9390,16 +9422,16 @@ CVE-2023-30451
RESERVED
CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls f ...)
NOT-FOR-US: Redpanda
-CVE-2023-30449
- RESERVED
-CVE-2023-30448
- RESERVED
-CVE-2023-30447
- RESERVED
-CVE-2023-30446
- RESERVED
-CVE-2023-30445
- RESERVED
+CVE-2023-30449 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2023-30448 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2023-30447 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2023-30446 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2023-30445 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
CVE-2023-30444 (IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulne ...)
NOT-FOR-US: IBM
CVE-2023-30443
@@ -17330,12 +17362,12 @@ CVE-2023-27871 (IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain
NOT-FOR-US: IBM
CVE-2023-27870 (IBM Spectrum Virtualize 8.5, under certain circumstances, could disclo ...)
NOT-FOR-US: IBM
-CVE-2023-27869
- RESERVED
-CVE-2023-27868
- RESERVED
-CVE-2023-27867
- RESERVED
+CVE-2023-27869 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...)
+ TODO: check
+CVE-2023-27868 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...)
+ TODO: check
+CVE-2023-27867 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...)
+ TODO: check
CVE-2023-27866 (IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code e ...)
NOT-FOR-US: IBM
CVE-2023-27865
@@ -63117,6 +63149,7 @@ CVE-2022-39370 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6c2p-wgx9-vrjc
NOTE: Only supported behind an authenticated HTTP zone
CVE-2022-39369 (phpCAS is an authentication library that allows PHP applications to ea ...)
+ {DLA-3485-1}
- php-cas 1.6.0-1 (bug #1023571)
NOTE: https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64
NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/b759361d904a2cb2a3bcee9411fc348cfde5d163 (1.6.0)
@@ -72176,11 +72209,13 @@ CVE-2022-36182 (Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which al
CVE-2022-36181
RESERVED
CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /f ...)
+ {DLA-3487-1}
- fusiondirectory <removed>
[bullseye] - fusiondirectory <no-dsa> (Minor issue)
NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/
NOTE: https://github.com/fusiondirectory/fusiondirectory/commit/fadebb79b932a0260bdb8723eb23694a3ae62366 (fusiondirectory-1.3.1)
CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling.)
+ {DLA-3487-1}
- fusiondirectory <removed>
[bullseye] - fusiondirectory <no-dsa> (Minor issue)
NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c6652a173b06dcd38a64eeff51cf502ec05ba1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02c6652a173b06dcd38a64eeff51cf502ec05ba1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230708/0df09bb7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list