Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 052e3688 by Moritz Muehlenhoff at 2023-06-08T19:22:26+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -5,7 +5,7 @@ CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash [bullseye] - dbus <no-dsa> (Minor issue) NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 CVE-2023-34239 (Gradio is an open-source Python library that is used to build machine ...) - TODO: check + NOT-FOR-US: Gradio CVE-2023-34238 (Gatsby is a free and open source framework based on React. The Gatsby ...) - gatsby <itp> (bug #922188) CVE-2023-33849 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) @@ -17,13 +17,13 @@ CVE-2023-33847 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, CVE-2023-33846 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) NOT-FOR-US: IBM CVE-2023-33496 (xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerabili ...) - TODO: check + NOT-FOR-US: xxl-rpc CVE-2023-2986 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...) NOT-FOR-US: Abandoned Cart Lite for WooCommerce plugin for WordPress CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 ...) - TODO: check + NOT-FOR-US: HID SAFE CVE-2023-2866 (If an attacker can trick an authenticated user into loading a maliciou ...) - TODO: check + NOT-FOR-US: Advantech CVE-2023-3153 [service monitor MAC flow is not rate limited] - ovn <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279 @@ -57,7 +57,7 @@ CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A desi CVE-2023-34234 (OpenZeppelin Contracts is a library for smart contract development. By ...) NOT-FOR-US: OpenZeppelin Contracts CVE-2023-34109 (zxcvbn-ts is an open source password strength estimator written in typ ...) - TODO: check + NOT-FOR-US: zxcvbn-ts CVE-2023-34108 (mailcow is a mail server suite based on Dovecot, Postfix and other ope ...) NOT-FOR-US: mailcow CVE-2023-33595 (CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ...) @@ -69,13 +69,13 @@ CVE-2023-33553 (An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows at CVE-2023-33510 (Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary file ...) NOT-FOR-US: Jeecg P3 Biz Chat CVE-2023-33498 (alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privileg ...) - TODO: check + NOT-FOR-US: alist CVE-2023-33284 (Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution ...) - TODO: check + NOT-FOR-US: Marval MSM CVE-2023-33283 (Marval MSM through 14.19.0.12476 uses a static encryption key for secr ...) - TODO: check + NOT-FOR-US: Marval MSM CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account with de ...) - TODO: check + NOT-FOR-US: Marval MSM CVE-2023-2530 (A privilege escalation allowing remote code execution was discovered i ...) TODO: check CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -331,19 +331,19 @@ CVE-2023-3120 (A vulnerability, which was classified as critical, was found in S CVE-2023-3119 (A vulnerability, which was classified as critical, has been found in S ...) NOT-FOR-US: SourceCodester Service Provider Management System CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, t ...) - TODO: check + NOT-FOR-US: Percona Monitoring and Management (PMM) CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...) - TODO: check + NOT-FOR-US: taosdata/grafanaplugin CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...) TODO: check CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...) NOT-FOR-US: Kiwi TCMS CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container ...) - TODO: check + NOT-FOR-US: notation CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and container ...) - TODO: check + NOT-FOR-US: notation CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and container ...) - TODO: check + NOT-FOR-US: notation CVE-2023-33747 (CloudPanel v2.2.2 allows attackers to execute a path traversal.) NOT-FOR-US: CloudPanel CVE-2023-33684 (Weak session management in DB Elettronica Telecomunicazioni SpA SFT DA ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052e36888dcabf6e01c9ac6b8834632b5d530250 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/052e36888dcabf6e01c9ac6b8834632b5d530250 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits