[Git][security-tracker-team/security-tracker][master] automatic update

Sun May 21 09:12:05 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
623b63be by security tracker role at 2023-05-21T08:11:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2023-32589 (Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexie ...)
+	TODO: check
+CVE-2023-2826 (A vulnerability has been found in SourceCodester Class Scheduling Syst ...)
+	TODO: check
 CVE-2023-33244 (Obsidian before 1.2.2 allows calls to unintended APIs (for microphone  ...)
 	NOT-FOR-US: Obsidian
 CVE-2023-2713 (Authorization Bypass Through User-Controlled Key vulnerability  in "Re ...)
@@ -21923,8 +21927,8 @@ CVE-2023-24416
 	RESERVED
 CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBo ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-24414
-	RESERVED
+CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...)
+	TODO: check
 CVE-2023-24413
 	RESERVED
 CVE-2023-24412
@@ -23232,8 +23236,8 @@ CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-23890
-	RESERVED
+CVE-2023-23890 (Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb R ...)
+	TODO: check
 CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23888
@@ -27270,8 +27274,8 @@ CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tric
 	NOT-FOR-US: WordPress plugin
 CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-22689
-	RESERVED
+CVE-2023-22689 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...)
+	TODO: check
 CVE-2023-22688
 	RESERVED
 CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...)
@@ -33185,8 +33189,8 @@ CVE-2022-47136
 	RESERVED
 CVE-2022-47135
 	RESERVED
-CVE-2022-47134
-	RESERVED
+CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...)
+	TODO: check
 CVE-2022-47133
 	RESERVED
 CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...)
@@ -127275,6 +127279,7 @@ CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1
 	NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44)
 	NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64)
 CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity)
+	{DLA-3428-1}
 	- node-nth-check 2.0.1-1
 	[bullseye] - node-nth-check 2.0.0-1+deb11u1
 	[stretch] - node-nth-check <end-of-life> (Nodejs in stretch not covered by security support)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623b63bedc2f8f517521046f24876cd1259562cd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/623b63bedc2f8f517521046f24876cd1259562cd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230521/3a626f3c/attachment.htm>
