[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 8 21:12:22 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
efc85425 by security tracker role at 2023-06-08T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,43 @@
+CVE-2023-3165 (A vulnerability was found in SourceCodester Life Insurance Management  ...)
+	TODO: check
+CVE-2023-3163 (A vulnerability was found in y_project RuoYi up to 4.7.7. It has been  ...)
+	TODO: check
+CVE-2023-34962 (Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a st ...)
+	TODO: check
+CVE-2023-34961 (Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site  ...)
+	TODO: check
+CVE-2023-34959 (An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute ...)
+	TODO: check
+CVE-2023-34958 (Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a stud ...)
+	TODO: check
+CVE-2023-34571 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-34570 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-34569 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-34568 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-34567 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-34566 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain  ...)
+	TODO: check
+CVE-2023-34231 (gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a  ...)
+	TODO: check
+CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which currently suppor ...)
+	TODO: check
+CVE-2023-33660 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...)
+	TODO: check
+CVE-2023-33658 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...)
+	TODO: check
+CVE-2023-33657 (A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerabil ...)
+	TODO: check
+CVE-2023-33443 (Incorrect access control in the administrative functionalities of BES- ...)
+	TODO: check
+CVE-2023-32750 (Pydio Cells through 4.1.2 allows SSRF. For longer running processes, P ...)
+	TODO: check
+CVE-2023-32749 (Pydio Cells allows users by default to create so-called external users ...)
+	TODO: check
 CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- ...)
 	[experimental] - dbus 1.15.6-1
 	- dbus <unfixed> (bug #1037151)
@@ -1110,7 +1150,7 @@ CVE-2023-2972 (Prototype Pollution in GitHub repository antfu/utils prior to 0.7
 CVE-2023-2968 (A remote attacker can trigger a denial of service in the socket.remote ...)
 	NOT-FOR-US: JFROG
 CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object identifi ...)
-	{DSA-5417-1}
+	{DSA-5417-1 DLA-3449-1}
 	- openssl 3.0.9-1
 	NOTE: https://www.openssl.org/news/secadv/20230530.txt
 	NOTE: https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 (OpenSSL_1_1_1u)
@@ -18224,8 +18264,8 @@ CVE-2023-0956
 	RESERVED
 CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-0954
-	RESERVED
+CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and ...)
+	TODO: check
 CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...)
 	NOT-FOR-US: Devolutions Server
 CVE-2023-0952 (Improper access controls on entries in Devolutions Server  2022.3.12 a ...)
@@ -23913,13 +23953,13 @@ CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_che
 CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ...)
-	{DSA-5417-1}
+	{DSA-5417-1 DLA-3449-1}
 	- openssl 3.0.9-1 (bug #1034720)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0)
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (OpenSSL_1_1_1-stable)
 CVE-2023-0465 (Applications that use a non-default option when verifying certificates ...)
-	{DSA-5417-1}
+	{DSA-5417-1 DLA-3449-1}
 	- openssl 3.0.9-1 (bug #1034720)
 	NOTE: https://www.openssl.org/news/secadv/20230328.txt
 	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0.9)
@@ -23929,7 +23969,7 @@ CVE-2023-0465 (Applications that use a non-default option when verifying certifi
 	NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f675d164e5d9648c3537a0f5efe1cc2fd232b4a9 (OpenSSL_1_1_1-stable)
 	NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23a4cbeb3ad80da3830f760f624599f24236bc38 (OpenSSL_1_1_1-stable)
 CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...)
-	{DSA-5417-1}
+	{DSA-5417-1 DLA-3449-1}
 	- openssl 3.0.9-1 (bug #1034720)
 	NOTE: https://www.openssl.org/news/secadv/20230322.txt
 	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 (openssl-3.0)
@@ -29064,7 +29104,7 @@ CVE-2023-22835
 	RESERVED
 CVE-2023-22834
 	RESERVED
-CVE-2023-22833 (Palantir discovered a software bug in a recently released version of F ...)
+CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...)
 	TODO: check
 CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19. ...)
 	NOT-FOR-US: Apache NiFi



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc854252f99239cdf8f593c2e44b7bbae58a430

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efc854252f99239cdf8f593c2e44b7bbae58a430
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230608/9733d849/attachment.htm>

More information about the debian-security-tracker-commits mailing list