[Git][security-tracker-team/security-tracker][master] new ATS issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jun 14 11:39:08 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe28c019 by Moritz Muehlenhoff at 2023-06-14T12:38:43+02:00
new ATS issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -48,7 +48,11 @@ CVE-2023-34149 (Allocation of Resources Without Limits or Throttling vulnerabili
CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure inWooCommerce Str ...)
NOT-FOR-US: WordPress plugin
CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ - trafficserver <unfixed>
+ NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
+ NOTE: https://github.com/apache/trafficserver/commit/867c48c1adf9e795c8d85c48d2d0f07f08aa87ec (master)
+ NOTE: https://github.com/apache/trafficserver/commit/726a79cb2f70fcbe0e2139aab3fe56930d3d8c27 (9.2.x)
+ NOTE: https://github.com/apache/trafficserver/commit/496fa2c4cbdf2b3d6c61760a3fb6675b74b549f0 (8.1.x)
CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...)
- hoteldruid <unfixed>
NOTE: https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5
@@ -5940,7 +5944,11 @@ CVE-2023-30633
CVE-2023-30632
RESERVED
CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software Foundation ...)
- TODO: check
+ - trafficserver <unfixed>
+ NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
+ NOTE: https://github.com/apache/trafficserver/commit/8d1ad1dfe4d0ee179029f37c7e8d4caab601cb7b (master)
+ NOTE: https://github.com/apache/trafficserver/commit/ee46128fc7099956145be2147e4ddad7fbc7299b (9.2.x)
+ NOTE: https://github.com/apache/trafficserver/commit/35dd3efde78a73aefa257e12b8fe78d6cd646ba0 (8.1.x)
CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This ...)
- dmidecode <unfixed> (bug #1034483)
[bookworm] - dmidecode <no-dsa> (Minor issue)
@@ -35881,7 +35889,11 @@ CVE-2022-47186
CVE-2022-47185
RESERVED
CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ - trafficserver <unfixed>
+ NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
+ NOTE: https://github.com/apache/trafficserver/commit/105af3ca30e59fbb89013e83a484a04559b4cf25 (master)
+ NOTE: https://github.com/apache/trafficserver/commit/c371b7b21a7e774f852af86b85c87d5d877a14bd (9.2.x)
+ NOTE: https://github.com/apache/trafficserver/commit/b49ae063632b1f40b9bd45aa66524924e2c26600 (8.1.x)
CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Blo ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47182
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe28c019b17e52c3ca14e28f9b5c1b506eda8a8c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe28c019b17e52c3ca14e28f9b5c1b506eda8a8c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230614/9c7039fb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list