[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 3 21:12:20 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dab9027b by security tracker role at 2023-06-03T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2023-3086 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
+	TODO: check
+CVE-2023-3085 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2023-3084 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
+	TODO: check
+CVE-2023-32582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle ...)
+	TODO: check
 CVE-2023-3083 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-3055 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross- ...)
@@ -417,6 +425,7 @@ CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
 CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...)
 	NOT-FOR-US: Wordapp plugin for WordPress
 CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
+	{DLA-3443-1}
 	[experimental] - wireshark 4.0.6-1~exp1
 	- wireshark <unfixed>
 	[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -657,42 +666,55 @@ CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0.
 CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...)
 	NOT-FOR-US: OpenEMR
 CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome prior  ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2940 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2939 (Insufficient data validation in Installer in Google Chrome on Windows  ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2938 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2937 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2936 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2935 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2934 (Out of bounds memory access in Mojo in Google Chrome prior to 114.0.57 ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2933 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed  ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2932 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed  ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2931 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed  ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2930 (Use after free in Extensions in Google Chrome prior to 114.0.5735.90 a ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2929 (Out of bounds write in Swiftshader in Google Chrome prior to 114.0.573 ...)
+	{DSA-5418-1}
 	- chromium 114.0.5735.90-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been declar ...)
@@ -797,6 +819,7 @@ CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084
 	NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/19ed05756313a0181fd3188eae0557f688bfddaf (v3.7.0)
 CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 ...)
+	{DLA-3443-1}
 	[experimental] - wireshark 4.0.6-1~exp1
 	- wireshark <unfixed>
 	[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -804,6 +827,7 @@ CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083
 CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...)
+	{DLA-3443-1}
 	[experimental] - wireshark 4.0.6-1~exp1
 	- wireshark <unfixed>
 	[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -811,6 +835,7 @@ CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081
 CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...)
+	{DLA-3443-1}
 	[experimental] - wireshark 4.0.6-1~exp1
 	- wireshark <unfixed>
 	[bookworm] - wireshark <no-dsa> (Minor issue)
@@ -149414,6 +149439,7 @@ CVE-2021-32864
 CVE-2021-32863
 	REJECTED
 CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...)
+	{DLA-3442-1}
 	- nbconvert 6.5.1-1
 	NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq
 	NOTE: https://github.com/jupyter/nbconvert/commit/d09000bbf076410ce4bd4d9a406f9bbe849cd5c6 (6.5.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dab9027baec79b4eba06085ad772ce5cf4b89b32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dab9027baec79b4eba06085ad772ce5cf4b89b32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230603/30ac6291/attachment.htm>

More information about the debian-security-tracker-commits mailing list