diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2023-08-05 20:11:48 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2023-08-05 20:11:48 +0000 |
| commit | 02063b9a8266f23cc803a915f9d4dcba7327fc53 (patch) | |
| tree | 238fcca7d3e6098b3125944caf307d99076463cf /data | |
| parent | d4af5b202196a67e6599e5e8fbd6476c653b6409 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index cc064e0144..6b1616c8eb 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,21 @@ +CVE-2023-4189 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...) + TODO: check +CVE-2023-4188 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-g ...) + TODO: check +CVE-2023-4187 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) + TODO: check +CVE-2023-4170 (A vulnerability was found in DedeBIZ 6.2.10. It has been rated as prob ...) + TODO: check +CVE-2023-4169 (A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been ...) + TODO: check +CVE-2023-4168 (A vulnerability was found in Templatecookie Adlisting 2.14.0. It has b ...) + TODO: check +CVE-2023-4167 (A vulnerability was found in Media Browser Emby Server 4.7.13.0 and cl ...) + TODO: check +CVE-2023-4166 (A vulnerability has been found in Tongda OA and classified as critical ...) + TODO: check +CVE-2023-4165 (A vulnerability, which was classified as critical, was found in Tongda ...) + TODO: check CVE-2023-39508 (Execution with Unnecessary Privileges, : Exposure of Sensitive Informa ...) - airflow <itp> (bug #819700) CVE-2023-39346 (LinuxASMCallGraph is software for drawing the call graph of the progra ...) @@ -949,14 +967,16 @@ CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input v CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 - [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) + [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38598 (A use-after-free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 @@ -1072,6 +1092,7 @@ CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unautho CVE-2023-3451 REJECTED CVE-2023-38611 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 @@ -1086,24 +1107,28 @@ CVE-2023-38603 (The issue was addressed with improved checks. This issue is fixe CVE-2023-38602 (A permissions issue was addressed with additional restrictions. This i ...) NOT-FOR-US: Apple CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 [bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm) NOTE: https://webkitgtk.org/security/WSA-2023-0007.html CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 @@ -1114,6 +1139,7 @@ CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is CVE-2023-38580 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 @@ -1143,6 +1169,7 @@ CVE-2023-38258 (The issue was addressed with improved checks. This issue is fixe CVE-2023-38136 (The issue was addressed with improved memory handling. This issue is f ...) NOT-FOR-US: Apple CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} - webkit2gtk 2.40.5-1 [buster] - webkit2gtk <end-of-life> (webkit2gtk EOL in buster) - wpewebkit 2.40.5-1 @@ -8509,7 +8536,7 @@ CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot a NOT-FOR-US: CBOT Chatbot CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot ...) NOT-FOR-US: CBOT Chatbot -CVE-2023-2885 (Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allow ...) +CVE-2023-2885 (Improper Enforcement of Message Integrity During Transmission in a Com ...) NOT-FOR-US: CBOT Chatbot CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), U ...) NOT-FOR-US: CBOT Chatbot @@ -41591,7 +41618,7 @@ CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has been [bullseye] - sogo <no-dsa> (Minor issue) [buster] - sogo <no-dsa> (Minor issue) NOTE: https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 (SOGo-5.8.0) -CVE-2022-4557 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...) +CVE-2022-4557 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ...) - sogo 5.8.0-1 @@ -109087,7 +109114,7 @@ CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed servi CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running ...) NOT-FOR-US: RaspberryMatic CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...) - {DLA-3492-1} + {DLA-3516-1 DLA-3492-1} - ruby-yajl 1.4.3-1 (bug #1014803) [bullseye] - ruby-yajl <no-dsa> (Minor issue) [buster] - ruby-yajl <no-dsa> (Minor issue) @@ -386901,7 +386928,7 @@ CVE-2017-16518 CVE-2017-16517 RESERVED CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is suppl ...) - {DLA-3492-1 DLA-1167-1} + {DLA-3516-1 DLA-3492-1 DLA-1167-1} - ruby-yajl 1.2.0-3.1 (low; bug #880691) [stretch] - ruby-yajl <no-dsa> (Minor issue) [jessie] - ruby-yajl <no-dsa> (Minor issue) |