[Git][security-tracker-team/security-tracker][master] automatic update

Sat May 20 21:12:13 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
209e6c9b by security tracker role at 2023-05-20T20:12:03+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2023-33244 (Obsidian before 1.2.2 allows calls to unintended APIs (for microphone  ...)
+	TODO: check
+CVE-2023-2713 (Authorization Bypass Through User-Controlled Key vulnerability  in "Re ...)
+	TODO: check
+CVE-2023-2712 (Unrestricted Upload of File with Dangerous Type vulnerability  in "Ren ...)
+	TODO: check
 CVE-2023-32677 (Zulip is an open-source team collaboration tool with unique topic-base ...)
 	NOT-FOR-US: Zulip
 CVE-2023-2824 (A vulnerability was found in SourceCodester Dental Clinic Appointment  ...)
@@ -18,7 +24,7 @@ CVE-2023-2715 (The Groundhogg plugin for WordPress is vulnerable to unauthorized
 	NOT-FOR-US: Groundhogg plugin for WordPress
 CVE-2023-2714 (The Groundhogg plugin for WordPress is vulnerable to unauthorized modi ...)
 	NOT-FOR-US: Groundhogg plugin for WordPress
-CVE-2023-32700 [improperly secured shell-escape in LuaTeX]
+CVE-2023-32700 (LuaTeX before 1.17.0 allows execution of arbitrary shell commands when ...)
 	{DSA-5406-1 DLA-3427-1}
 	- texlive-bin 2022.20220321.62855-5.1
 	NOTE: https://tug.org/~mseven/luatex.html
@@ -705,7 +711,7 @@ CVE-2023-2454 [CREATE SCHEMA ... schema_element defeats protective search_path c
 	- postgresql-13 <removed>
 	- postgresql-11 <removed>
 	NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/
-CVE-2023-32668 (LuaTeX before 1.17.0 enables the socket library by default.)
+CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the default sett ...)
 	- texlive-bin <unfixed>
 	[bullseye] - texlive-bin <no-dsa> (Minor issue)
 	[buster] - texlive-bin <no-dsa> (Minor issue)
@@ -8027,16 +8033,16 @@ CVE-2023-1698 (In multiple products of WAGO a vulnerability allows an unauthenti
 	NOT-FOR-US: WAGO
 CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the Packet For ...)
 	NOT-FOR-US: Juniper
-CVE-2023-1696
-	RESERVED
+CVE-2023-1696 (The multimedia video module has a vulnerability in data processing.Suc ...)
+	TODO: check
 CVE-2023-1695
 	RESERVED
-CVE-2023-1694
-	RESERVED
-CVE-2023-1693
-	RESERVED
-CVE-2023-1692
-	RESERVED
+CVE-2023-1694 (The Settings module has the file privilege escalation vulnerability.Su ...)
+	TODO: check
+CVE-2023-1693 (The Settings module has the file privilege escalation vulnerability.Su ...)
+	TODO: check
+CVE-2023-1692 (The window management module lacks permission verification.Successful  ...)
+	TODO: check
 CVE-2023-1691
 	RESERVED
 CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/209e6c9b9715fa2301d94b53c9fd991ebddfc3c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/209e6c9b9715fa2301d94b53c9fd991ebddfc3c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230520/22d3418f/attachment.htm>
