[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 22 09:12:19 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0317700c by security tracker role at 2023-06-22T08:12:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...)
+	TODO: check
+CVE-2023-33842 (IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 r ...)
+	TODO: check
+CVE-2023-33405 (Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.)
+	TODO: check
+CVE-2023-32449 (Dell PowerStore versions prior to 3.5 contain an improper verification ...)
+	TODO: check
+CVE-2019-25152 (The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for Woo ...)
+	TODO: check
 CVE-2023-3359 [nvmem: brcm_nvram: Add check for kzalloc]
 	- linux 6.1.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -719,6 +729,7 @@ CVE-2023-34149 (Allocation of Resources Without Limits or Throttling vulnerabili
 CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure inWooCommerce Str ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	{DSA-5435-1}
 	- trafficserver 9.2.1+ds-1 (bug #1038248)
 	NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
 	NOTE: https://github.com/apache/trafficserver/commit/867c48c1adf9e795c8d85c48d2d0f07f08aa87ec (master)
@@ -6679,6 +6690,7 @@ CVE-2023-30633
 CVE-2023-30632
 	RESERVED
 CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software Foundation  ...)
+	{DSA-5435-1}
 	- trafficserver 9.2.1+ds-1 (bug #1038248)
 	NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
 	NOTE: https://github.com/apache/trafficserver/commit/8d1ad1dfe4d0ee179029f37c7e8d4caab601cb7b (master)
@@ -11509,8 +11521,8 @@ CVE-2023-28958
 	RESERVED
 CVE-2023-28957
 	RESERVED
-CVE-2023-28956
-	RESERVED
+CVE-2023-28956 (IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 ma ...)
+	TODO: check
 CVE-2023-28955
 	RESERVED
 CVE-2023-28954
@@ -14352,8 +14364,8 @@ CVE-2023-28173
 	RESERVED
 CVE-2023-28172
 	RESERVED
-CVE-2023-28171
-	RESERVED
+CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2023-28170
 	RESERVED
 CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...)
@@ -16114,6 +16126,7 @@ CVE-2023-1184 (A vulnerability, which was classified as problematic, has been fo
 	NOT-FOR-US: ECshop
 CVE-2023-1183
 	RESERVED
+	{DSA-5437-1 DSA-5436-1 DLA-3468-1 DLA-3467-1}
 	- hsqldb 2.7.2-1
 	- hsqldb1.8.0 1.8.0.10+dfsg-12
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/
@@ -16142,12 +16155,12 @@ CVE-2023-27633
 	RESERVED
 CVE-2023-27632
 	RESERVED
-CVE-2023-27631
-	RESERVED
+CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-27630
 	RESERVED
-CVE-2023-27629
-	RESERVED
+CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-27628
 	RESERVED
 CVE-2023-27627
@@ -16180,8 +16193,8 @@ CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian H
 	NOT-FOR-US: WordPress plugin
 CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-27612
-	RESERVED
+CVE-2023-27612 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-27611
 	RESERVED
 CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelope ...)
@@ -16809,8 +16822,8 @@ CVE-2023-27415
 	RESERVED
 CVE-2023-27414 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Bo ...)
 	TODO: check
-CVE-2023-27413
-	RESERVED
+CVE-2023-27413 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
+	TODO: check
 CVE-2023-27412
 	RESERVED
 CVE-2023-27411
@@ -20198,8 +20211,8 @@ CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Re
 	[bullseye] - angular.js <no-dsa> (Minor issue)
 	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
-CVE-2023-26115
-	RESERVED
+CVE-2023-26115 (All versions of the package word-wrap are vulnerable to Regular Expres ...)
+	TODO: check
 CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable to Mi ...)
 	NOT-FOR-US: Node code-server
 CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...)
@@ -25935,8 +25948,8 @@ CVE-2023-24263
 	RESERVED
 CVE-2023-24262
 	RESERVED
-CVE-2023-24261
-	RESERVED
+CVE-2023-24261 (A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows  ...)
+	TODO: check
 CVE-2023-24260
 	RESERVED
 CVE-2023-24259
@@ -36743,6 +36756,7 @@ CVE-2022-47186
 CVE-2022-47185
 	RESERVED
 CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	{DSA-5435-1}
 	- trafficserver 9.2.1+ds-1 (bug #1038248)
 	NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
 	NOTE: https://github.com/apache/trafficserver/commit/105af3ca30e59fbb89013e83a484a04559b4cf25 (master)
@@ -161490,7 +161504,7 @@ CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.1
 CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an impro ...)
 	- foreman <itp> (bug #663101)
 CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...)
-	{DLA-3047-1}
+	{DLA-3466-1 DLA-3047-1}
 	- avahi 0.8-7 (bug #984938)
 	[bullseye] - avahi 0.8-5+deb11u2
 	NOTE: https://github.com/lathiat/avahi/pull/330



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0317700c37c6c04b9466dfa4b4335d5a2569e95c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0317700c37c6c04b9466dfa4b4335d5a2569e95c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230622/e4cc436a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list