Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1fffe0d5 by security tracker role at 2023-06-17T08:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,18 @@
+CVE-2023-3295 (The Unlimited Elements For Elementor (Free Widgets, Addons,
Templates) ...)
+ TODO: check
+CVE-2023-35790 (An issue was discovered in dec_patch_dictionary.cc in libjxl
before 0. ...)
+ TODO: check
+CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka
rabbitmq-c) ...)
+ TODO: check
+CVE-2023-34459 (OpenZeppelin Contracts is a library for smart contract
development. St ...)
+ TODO: check
+CVE-2023-33438 (A stored Cross-site scripting (XSS) vulnerability in Wolters
Kluwer Te ...)
+ TODO: check
CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository
saleor/react-sto ...)
TODO: check
CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository
salesagility/ ...)
TODO: check
-CVE-2023-35788 [net/sched: flower: fix possible OOB write in
fl_set_geneve_opt()]
+CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in
net/sched/cls_flower.c ...)
- linux 6.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1
NOTE:
https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5)
@@ -180,7 +190,7 @@ CVE-2023-31746 (There is a command injection vulnerability
in the adslr VW2100 r
NOT-FOR-US: adslr VW2100 router
CVE-2023-2847 (During internal security analysis, a local privilege escalation
vulner ...)
NOT-FOR-US: ESET
-CVE-2023-2820 (An information disclosure vulnerability in thefaye endpoint in
Proofpo ...)
+CVE-2023-2820 (An information disclosure vulnerability in the faye endpoint in
Proofp ...)
NOT-FOR-US: Proofpoint
CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI
in Proof ...)
NOT-FOR-US: Proofpoint
@@ -5386,12 +5396,12 @@ CVE-2023-30907
RESERVED
CVE-2023-30906
RESERVED
-CVE-2023-30905
- RESERVED
-CVE-2023-30904
- RESERVED
-CVE-2023-30903
- RESERVED
+CVE-2023-30905 (The MC990 X and UV300 RMC component has and inadequate default
configu ...)
+ TODO: check
+CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may
result in t ...)
+ TODO: check
+CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service
(DoS) w ...)
+ TODO: check
CVE-2023-30902
RESERVED
CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200
family ( ...)
@@ -13565,8 +13575,8 @@ CVE-2023-28297 (Windows Remote Procedure Call Service
(RPCSS) Elevation of Privi
NOT-FOR-US: Microsoft
CVE-2023-28296 (Visual Studio Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-28295
- RESERVED
+CVE-2023-28295 (Microsoft Publisher Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-28294
RESERVED
CVE-2023-28293 (Windows Kernel Elevation of Privilege Vulnerability)
@@ -13581,8 +13591,8 @@ CVE-2023-28289
RESERVED
CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-28287
- RESERVED
+CVE-2023-28287 (Microsoft Publisher Remote Code Execution Vulnerability)
+ TODO: check
CVE-2023-28286 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability)
@@ -242410,7 +242420,7 @@ CVE-2020-9285 (Some versions of Sonos One (1st and
2nd generation) allow partial
CVE-2020-9284
RESERVED
CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975
for Go a ...)
- {DLA-2455-1 DLA-2453-1 DLA-2402-1}
+ {DLA-3455-1 DLA-2455-1 DLA-2453-1 DLA-2402-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462)
[jessie] - golang-go.crypto <no-dsa> (Minor issue)
NOTE:
https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
@@ -289555,7 +289565,7 @@ CVE-2019-11844 (An HTML Injection vulnerability has
been discovered on the RICOH
CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote
attacker ...)
NOT-FOR-US: MailPoet plugin for WordPress
CVE-2019-11841 (A message-forgery issue was discovered in
crypto/openpgp/clearsign/cle ...)
- {DLA-2402-1 DLA-1920-1}
+ {DLA-3455-1 DLA-2402-1 DLA-1920-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE:
https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text")
@@ -289563,7 +289573,7 @@ CVE-2019-11841 (A message-forgery issue was
discovered in crypto/openpgp/clearsi
NOTE:
https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
NOTE: Upstream feels that this is not a security issue. See
https://github.com/golang/go/issues/41200.
CVE-2019-11840 (An issue was discovered in supplementary Go cryptography
libraries, ak ...)
- {DLA-2527-1 DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1}
+ {DLA-3455-1 DLA-2527-1 DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE: https://github.com/golang/go/issues/30965
NOTE:
https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fffe0d5f3657fc553f035b58df84ae223504221
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fffe0d5f3657fc553f035b58df84ae223504221
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
