[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 17 09:12:20 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
274d83e4 by security tracker role at 2023-07-17T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2023-3700 (Improper Access Control in GitHub repository alextselegidis/easyappoin ...)
+	TODO: check
+CVE-2023-3696 (Prototype Pollution in GitHub repository automattic/mongoose prior to  ...)
+	TODO: check
+CVE-2023-3695 (A vulnerability classified as critical has been found in Campcodes Bea ...)
+	TODO: check
+CVE-2023-3694 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2023-3693 (A vulnerability classified as critical was found in SourceCodester Lif ...)
+	TODO: check
+CVE-2023-3496
+	REJECTED
+CVE-2023-35901 (IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 thro ...)
+	TODO: check
+CVE-2023-35012 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+	TODO: check
+CVE-2023-33857 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+	TODO: check
+CVE-2023-2760 (An SQL injection vulnerability exists in TapHome core HandleMessageUpd ...)
+	TODO: check
+CVE-2023-2759 (A hidden API exists in TapHome's core platform before version 2023.2 t ...)
+	TODO: check
+CVE-2022-4952 (A vulnerability has been found in OmniSharp csharp-language-server-pro ...)
+	TODO: check
 CVE-2023-3691 (A vulnerability, which was classified as problematic, was found in lay ...)
 	TODO: check
 CVE-2023-3690 (A vulnerability, which was classified as critical, has been found in B ...)
@@ -1852,9 +1876,11 @@ CVE-2021-46891 (Vulnerability of incomplete read and write permission verificati
 CVE-2021-46890 (Vulnerability of incomplete read and write permission verification in  ...)
 	NOT-FOR-US: Huawei
 CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byte ...)
+	{DSA-5453-1}
 	- linux <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3
 CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner ...)
+	{DSA-5453-1}
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2
@@ -1962,6 +1988,7 @@ CVE-2023-2321 (The WPForms Google Sheet Connector WordPress plugin before 3.4.6,
 CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-goo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-36813 (Kanboard is project management software that focuses on the Kanban met ...)
+	{DSA-5454-1}
 	- kanboard 1.2.31+ds-1 (bug #1040265)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx
 	NOTE: https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a
@@ -8891,10 +8918,10 @@ CVE-2023-30991
 	RESERVED
 CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute  ...)
 	NOT-FOR-US: IBM
-CVE-2023-30989
-	RESERVED
-CVE-2023-30988
-	RESERVED
+CVE-2023-30989 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local pr ...)
+	TODO: check
+CVE-2023-30988 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...)
+	TODO: check
 CVE-2023-30987
 	RESERVED
 CVE-2023-30986 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...)
@@ -9504,7 +9531,7 @@ CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the Image
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85)
 CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...)
-	{DSA-5448-1}
+	{DSA-5453-1 DSA-5448-1}
 	- linux 6.3.11-1
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/
@@ -22458,8 +22485,8 @@ CVE-2023-26514
 	RESERVED
 CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...)
 	NOT-FOR-US: Apache Sling
-CVE-2023-26512
-	RESERVED
+CVE-2023-26512 (CWE-502 Deserialization of Untrusted Dataat therabbitmq-connector plug ...)
+	TODO: check
 CVE-2023-1025 (The Simple File List WordPress plugin before 6.0.10 does not sanitise  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274d83e4218c829fdfdb39a4d6daf66810ef0d81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274d83e4218c829fdfdb39a4d6daf66810ef0d81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230717/4f706d3e/attachment.htm>

More information about the debian-security-tracker-commits mailing list