Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1fffe0d5 by security tracker role at 2023-06-17T08:11:59+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,8 +1,18 @@ +CVE-2023-3295 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + TODO: check +CVE-2023-35790 (An issue was discovered in dec_patch_dictionary.cc in libjxl before 0. ...) + TODO: check +CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka rabbitmq-c) ...) + TODO: check +CVE-2023-34459 (OpenZeppelin Contracts is a library for smart contract development. St ...) + TODO: check +CVE-2023-33438 (A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer Te ...) + TODO: check CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-sto ...) TODO: check CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...) TODO: check -CVE-2023-35788 [net/sched: flower: fix possible OOB write in fl_set_geneve_opt()] +CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c ...) - linux 6.3.7-1 NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1 NOTE: https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5) @@ -180,7 +190,7 @@ CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 r NOT-FOR-US: adslr VW2100 router CVE-2023-2847 (During internal security analysis, a local privilege escalation vulner ...) NOT-FOR-US: ESET -CVE-2023-2820 (An information disclosure vulnerability in thefaye endpoint in Proofpo ...) +CVE-2023-2820 (An information disclosure vulnerability in the faye endpoint in Proofp ...) NOT-FOR-US: Proofpoint CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI in Proof ...) NOT-FOR-US: Proofpoint @@ -5386,12 +5396,12 @@ CVE-2023-30907 RESERVED CVE-2023-30906 RESERVED -CVE-2023-30905 - RESERVED -CVE-2023-30904 - RESERVED -CVE-2023-30903 - RESERVED +CVE-2023-30905 (The MC990 X and UV300 RMC component has and inadequate default configu ...) + TODO: check +CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may result in t ...) + TODO: check +CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service (DoS) w ...) + TODO: check CVE-2023-30902 RESERVED CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) @@ -13565,8 +13575,8 @@ CVE-2023-28297 (Windows Remote Procedure Call Service (RPCSS) Elevation of Privi NOT-FOR-US: Microsoft CVE-2023-28296 (Visual Studio Remote Code Execution Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-28295 - RESERVED +CVE-2023-28295 (Microsoft Publisher Remote Code Execution Vulnerability) + TODO: check CVE-2023-28294 RESERVED CVE-2023-28293 (Windows Kernel Elevation of Privilege Vulnerability) @@ -13581,8 +13591,8 @@ CVE-2023-28289 RESERVED CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability) NOT-FOR-US: Microsoft -CVE-2023-28287 - RESERVED +CVE-2023-28287 (Microsoft Publisher Remote Code Execution Vulnerability) + TODO: check CVE-2023-28286 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) NOT-FOR-US: Microsoft CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability) @@ -242410,7 +242420,7 @@ CVE-2020-9285 (Some versions of Sonos One (1st and 2nd generation) allow partial CVE-2020-9284 RESERVED CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) - {DLA-2455-1 DLA-2453-1 DLA-2402-1} + {DLA-3455-1 DLA-2455-1 DLA-2453-1 DLA-2402-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462) [jessie] - golang-go.crypto <no-dsa> (Minor issue) NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 @@ -289555,7 +289565,7 @@ CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote attacker ...) NOT-FOR-US: MailPoet plugin for WordPress CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...) - {DLA-2402-1 DLA-1920-1} + {DLA-3455-1 DLA-2402-1 DLA-1920-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442 NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text") @@ -289563,7 +289573,7 @@ CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsi NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200. CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...) - {DLA-2527-1 DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1} + {DLA-3455-1 DLA-2527-1 DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 NOTE: https://github.com/golang/go/issues/30965 NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fffe0d5f3657fc553f035b58df84ae223504221 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fffe0d5f3657fc553f035b58df84ae223504221 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits