[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 9 21:12:42 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc0e9a59 by security tracker role at 2023-06-09T20:12:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Management S ...)
+ TODO: check
+CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...)
+ TODO: check
+CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...)
+ TODO: check
+CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...)
+ TODO: check
+CVE-2023-34245 (@udecode/plate-link is the link handler for the udecode/plate rich-tex ...)
+ TODO: check
+CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system for IoT ...)
+ TODO: check
+CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termination ...)
+ TODO: check
+CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it skipped ...)
+ TODO: check
+CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that enables ea ...)
+ TODO: check
CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found Inform ...)
NOT-FOR-US: SourceCodester
CVE-2023-3176 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -1529,7 +1549,7 @@ CVE-2023-33439 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to S
NOT-FOR-US: Sourcecodester Faculty Evaluation System
CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers ...)
NOT-FOR-US: skycaiji
-CVE-2023-33255 (An issue was discovered in Papaya Viewer 4a42701. User-supplied input ...)
+CVE-2023-33255 (An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input ...)
NOT-FOR-US: Papaya Viewer
CVE-2023-33247 (Talend Data Catalog remote harvesting server before 8.0-20230413 conta ...)
NOT-FOR-US: Talend
@@ -2815,13 +2835,13 @@ CVE-2023-2444 (A cross site request forgery vulnerability exists in Rockwell Aut
NOT-FOR-US: Rockwell Automation
CVE-2023-2443 (Rockwell Automation ThinManager product allows the use of medium stren ...)
NOT-FOR-US: Rockwell Automation
-CVE-2023-2455 [Row security policies disregard user ID changes after inlining]
+CVE-2023-2455 (Row security policies disregard user ID changes after inlining; Postgr ...)
{DSA-5401-1 DLA-3422-1}
- postgresql-15 15.3-0+deb12u1
- postgresql-13 <removed>
- postgresql-11 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/
-CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats protective search_path changes]
+CVE-2023-2454 (schema_element defeats protective search_path changes; It was found th ...)
{DSA-5401-1 DLA-3422-1}
- postgresql-15 15.3-0+deb12u1
- postgresql-13 <removed>
@@ -3727,12 +3747,12 @@ CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some us
NOT-FOR-US: WordPress plugin
CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2286
- RESERVED
-CVE-2023-2285
- RESERVED
-CVE-2023-2284
- RESERVED
+CVE-2023-2286 (The WP Activity Log for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable to Cros ...)
+ TODO: check
+CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to unau ...)
+ TODO: check
CVE-2023-31222
RESERVED
CVE-2023-31221
@@ -3998,8 +4018,8 @@ CVE-2023-2263
RESERVED
CVE-2023-2262
RESERVED
-CVE-2023-2261
- RESERVED
+CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...)
+ TODO: check
CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub repository ...)
NOT-FOR-US: Alf.io
CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template Engine ...)
@@ -5092,8 +5112,8 @@ CVE-2023-2123
RESERVED
CVE-2023-2122
RESERVED
-CVE-2023-2121
- RESERVED
+CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer ...)
+ TODO: check
CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...)
NOT-FOR-US: Thumbnail carousel slider plugin for WordPress
CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...)
@@ -6685,8 +6705,8 @@ CVE-2023-30264 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with D
NOT-FOR-US: CLTPHP
CVE-2023-30263
RESERVED
-CVE-2023-30262
- RESERVED
+CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and MIMpacs serv ...)
+ TODO: check
CVE-2023-30261
RESERVED
CVE-2023-30260
@@ -7724,10 +7744,10 @@ CVE-2023-29769
RESERVED
CVE-2023-29768
RESERVED
-CVE-2023-29767
- RESERVED
-CVE-2023-29766
- RESERVED
+CVE-2023-29767 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...)
+ TODO: check
+CVE-2023-29766 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...)
+ TODO: check
CVE-2023-29765
RESERVED
CVE-2023-29764
@@ -7736,32 +7756,32 @@ CVE-2023-29763
RESERVED
CVE-2023-29762
RESERVED
-CVE-2023-29761
- RESERVED
+CVE-2023-29761 (An issue found in Sleep v.20230303 for Android allows unauthorized app ...)
+ TODO: check
CVE-2023-29760
RESERVED
-CVE-2023-29759
- RESERVED
-CVE-2023-29758
- RESERVED
-CVE-2023-29757
- RESERVED
-CVE-2023-29756
- RESERVED
-CVE-2023-29755
- RESERVED
+CVE-2023-29759 (An issue found in FlightAware v.5.8.0 for Android allows unauthorized ...)
+ TODO: check
+CVE-2023-29758 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...)
+ TODO: check
+CVE-2023-29757 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...)
+ TODO: check
+CVE-2023-29756 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...)
+ TODO: check
+CVE-2023-29755 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...)
+ TODO: check
CVE-2023-29754
RESERVED
-CVE-2023-29753
- RESERVED
-CVE-2023-29752
- RESERVED
+CVE-2023-29753 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...)
+ TODO: check
+CVE-2023-29752 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...)
+ TODO: check
CVE-2023-29751
RESERVED
CVE-2023-29750
RESERVED
-CVE-2023-29749
- RESERVED
+CVE-2023-29749 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...)
+ TODO: check
CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android has an ...)
NOT-FOR-US: Story Saver for Instragram
CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...)
@@ -7830,12 +7850,12 @@ CVE-2023-29716
RESERVED
CVE-2023-29715
RESERVED
-CVE-2023-29714
- RESERVED
-CVE-2023-29713
- RESERVED
-CVE-2023-29712
- RESERVED
+CVE-2023-29714 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...)
+ TODO: check
+CVE-2023-29713 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...)
+ TODO: check
+CVE-2023-29712 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...)
+ TODO: check
CVE-2023-29711
RESERVED
CVE-2023-29710
@@ -12032,8 +12052,8 @@ CVE-2023-1430 (The FluentCRM - Marketing Automation For WordPress plugin for Wo
NOT-FOR-US: WordPress plugin
CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
NOT-FOR-US: pimcore
-CVE-2023-1428
- RESERVED
+CVE-2023-1428 (There exists an vulnerability causing an abort() to be called in gRPC. ...)
+ TODO: check
CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not en ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts ...)
@@ -14690,8 +14710,8 @@ CVE-2023-27708
RESERVED
CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...)
NOT-FOR-US: DedeCMS
-CVE-2023-27706
- RESERVED
+CVE-2023-27706 (Bitwarden Desktop v1.20.0 and above stores the biometric key in plaint ...)
+ TODO: check
CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer overflow via th ...)
NOT-FOR-US: APNG Optimizer
CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...)
@@ -26136,8 +26156,8 @@ CVE-2023-23700
RESERVED
CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-0342
- RESERVED
+CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM k ...)
+ TODO: check
CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...)
- editorconfig-core 0.12.6-0.1
[bullseye] - editorconfig-core <no-dsa> (Minor issue)
@@ -89919,6 +89939,7 @@ CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management Key Performance Indicator
CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ e ...)
NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System
CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...)
+ {DLA-3450-1}
- ruby3.0 3.0.4-1 (bug #1009956)
- ruby2.7 <removed> (bug #1009957)
[bullseye] - ruby2.7 <postponed> (Minor issue, fix with next Ruby security release)
@@ -148298,6 +148319,7 @@ CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.
- singularity-container 3.9.5+ds1-2 (bug #990201)
NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...)
+ {DLA-3450-1}
- ruby3.1 3.1.2-4 (bug #1024799)
- ruby3.0 <removed> (bug #1024800)
- ruby2.7 <removed>
@@ -274022,8 +274044,8 @@ CVE-2019-16285 (If a local user has been configured and logged in, an unauthenti
NOT-FOR-US: HP
CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP ...)
NOT-FOR-US: HP
-CVE-2019-16283
- RESERVED
+CVE-2019-16283 (A potential security vulnerability has been identified with a version ...)
+ TODO: check
CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...)
NOT-FOR-US: NCH Express Invoice
CVE-2019-16281 (Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0e9a5988abb47086e2758d9f329fa821236ca3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc0e9a5988abb47086e2758d9f329fa821236ca3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230609/7b3cf259/attachment.htm>
More information about the debian-security-tracker-commits
mailing list