[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2023-3083/teampass
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 3 10:08:09 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a9582889 by Salvatore Bonaccorso at 2023-06-03T11:08:51+02:00
Add CVE-2023-3083/teampass
- - - - -
b40afe94 by Salvatore Bonaccorso at 2023-06-03T11:10:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-3083 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
- TODO: check
+ - teampass <itp> (bug #730180)
CVE-2023-3055 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross- ...)
NOT-FOR-US: Page Builder by AZEXO plugin for WordPress
CVE-2023-3053 (The Page Builder by AZEXO plugin for WordPress is vulnerable to unauth ...)
@@ -11,7 +11,7 @@ CVE-2023-3051 (The Page Builder by AZEXO plugin for WordPress is vulnerable to S
CVE-2023-3044 (An excessively large PDF page size (found in fuzz testing, unlikely in ...)
TODO: check
CVE-2023-33143 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-2816 (Consul and Consul Enterprise allowed any user with service:write permi ...)
TODO: check
CVE-2023-2781 (The User Email Verification for WooCommerce plugin for WordPress is vu ...)
@@ -21,9 +21,9 @@ CVE-2023-2416 (The Online Booking & Scheduling Calendar for WordPress by vcita p
CVE-2023-2415 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...)
NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress
CVE-2023-2407 (The Event Registration Calendar By vcita plugin, versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2406 (The Event Registration Calendar By vcita plugin, versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2405 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...)
NOT-FOR-US: CRM and Lead Management by vcita plugin for WordPress
CVE-2023-2404 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...)
@@ -166,9 +166,9 @@ CVE-2023-32310 (DataEase is an open source data visualization and analysis tool.
CVE-2023-32181 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...)
TODO: check
CVE-2015-10109 (A vulnerability was found in Video Playlist and Gallery Plugin up to 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2014-125104 (A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-XXXX [RUSTSEC-2023-0039]
- rust-buffered-reader <unfixed> (bug #1037018)
[bookworm] - rust-buffered-reader <no-dsa> (Minor issue)
@@ -3824,7 +3824,7 @@ CVE-2023-2203 (A flaw was found in the WebKitGTK package. An improper input vali
CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosariosi ...)
NOT-FOR-US: RosarioSIS
CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injection vi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-2200
RESERVED
CVE-2023-2199
@@ -4799,11 +4799,11 @@ CVE-2023-30606 (Discourse is an open source platform for community discussion. I
CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery project cont ...)
NOT-FOR-US: Archery
CVE-2023-30604 (It is identified a vulnerability of insufficient authentication in the ...)
- TODO: check
+ NOT-FOR-US: Hitron Technologies
CVE-2023-30603 (Hitron Technologies CODA-5310 Telnet function with the default account ...)
- TODO: check
+ NOT-FOR-US: Hitron Technologies
CVE-2023-30602 (Hitron Technologies CODA-5310\u2019s Telnet function transfers sensiti ...)
- TODO: check
+ NOT-FOR-US: Hitron Technologies
CVE-2023-30601 (Privilege escalation when enabling FQL/Audit logs allows user with JMX ...)
- cassandra <itp> (bug #585905)
CVE-2023-30600
@@ -4921,13 +4921,13 @@ CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in
CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Minova Technology eTrace
CVE-2023-2063 (Unrestricted Upload of File with Dangerous Type vulnerability in FTP f ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-2062 (Missing Password Field Masking vulnerability in Mitsubishi Electric Co ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-2061 (Use of Hard-coded Password vulnerability in FTP function on Mitsubishi ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-2060 (Weak Password Requirements vulnerability in FTP function on Mitsubishi ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2023-2059 (A vulnerability was found in DedeCMS 5.7.87. It has been rated as prob ...)
NOT-FOR-US: DedeCMS
CVE-2023-2058 (A vulnerability was found in EyouCms up to 1.6.2. It has been declared ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8d490126c4dbcdb315645df07ca14123e46e43be...b40afe94f15d89a41e7e96a37a10760da5b83dd7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8d490126c4dbcdb315645df07ca14123e46e43be...b40afe94f15d89a41e7e96a37a10760da5b83dd7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230603/d0917ad2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list