[Git][security-tracker-team/security-tracker][master] automatic update

Sun May 7 09:12:21 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d04f63a by security tracker role at 2023-05-07T08:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-32290 (The myMail app through 14.30 for iOS sends cleartext credentials in a  ...)
+	TODO: check
 CVE-2023-2560 (A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has ...)
 	NOT-FOR-US: jja8 NewBingGoGo
 CVE-2016-15031 (A vulnerability was found in PHP-Login 1.0. It has been declared as cr ...)
@@ -993,8 +995,7 @@ CVE-2023-31049
 	RESERVED
 CVE-2023-31048
 	RESERVED
-CVE-2023-31047 [Potential bypass of validation when uploading multiple files using one form field]
-	RESERVED
+CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...)
 	{DLA-3415-1}
 	- python-django 3:3.2.19-1 (bug #1035467)
 	NOTE: https://www.djangoproject.com/weblog/2023/may/03/security-releases/
@@ -17676,8 +17677,8 @@ CVE-2023-25493
 	RESERVED
 CVE-2023-25492 (A valid, authenticated user may be able to trigger a denial of service ...)
 	NOT-FOR-US: Lenovo
-CVE-2023-25491
-	RESERVED
+CVE-2023-25491 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Samue ...)
+	TODO: check
 CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25489
@@ -20775,8 +20776,8 @@ CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Verib
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24401
 	RESERVED
-CVE-2023-24400
-	RESERVED
+CVE-2023-24400 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-ma ...)
+	TODO: check
 CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-24398 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d04f63a137ce79e97e43e499a0eb32e8277626f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d04f63a137ce79e97e43e499a0eb32e8277626f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230507/f57235e4/attachment.htm>
