Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9efe1d0b by security tracker role at 2023-06-30T20:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-3485 (Insecure defaults in open-source Temporal Server before version
1.20 o ...)
+ TODO: check
+CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository
hestiacp/h ...)
+ TODO: check
+CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA
4.5.5. Aff ...)
+ TODO: check
+CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M
argument is a ...)
+ TODO: check
+CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows
JavaScript injec ...)
+ TODO: check
+CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly
sanitized in ...)
+ TODO: check
+CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions
in serve ...)
+ TODO: check
+CVE-2023-37305 (An issue was discovered in the ProofreadPage (aka Proofread
Page) exte ...)
+ TODO: check
+CVE-2023-37304 (An issue was discovered in the DoubleWiki extension for
MediaWiki thro ...)
+ TODO: check
+CVE-2023-37303 (An issue was discovered in the CheckUser extension for
MediaWiki throu ...)
+ TODO: check
+CVE-2023-37302 (An issue was discovered in SiteLinksView.php in Wikibase in
MediaWiki ...)
+ TODO: check
+CVE-2023-37301 (An issue was discovered in SubmitEntityAction in Wikibase in
MediaWiki ...)
+ TODO: check
+CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the
CheckUser exten ...)
+ TODO: check
+CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an
image map.)
+ TODO: check
+CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG
document.)
+ TODO: check
+CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting,
merging, crop ...)
+ TODO: check
+CVE-2023-36807 (pypdf is a pure-python PDF library capable of splitting,
merging, crop ...)
+ TODO: check
+CVE-2023-36477 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2023-35178 (Certain HP LaserJet Pro print products are potentially
vulnerable to B ...)
+ TODO: check
+CVE-2023-35177 (Certain HP LaserJet Pro print products are potentially
vulnerable to a ...)
+ TODO: check
+CVE-2023-35176 (Certain HP LaserJet Pro print products are potentially
vulnerable to B ...)
+ TODO: check
+CVE-2023-35175 (Certain HP LaserJet Pro print products are potentially
vulnerable to P ...)
+ TODO: check
+CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was
discovered to c ...)
+ TODO: check
+CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router
3.1.3683.0 and ...)
+ TODO: check
+CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows
attackers t ...)
+ TODO: check
CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has
been de ...)
NOT-FOR-US: RocketSoft Rocket LMS
CVE-2023-3476 (A vulnerability was found in SimplePHPscripts GuestBook Script
2.2. It ...)
@@ -1468,6 +1518,7 @@ CVE-2023-34453 (snappy-java is a fast
compressor/decompressor for Java. Due to u
CVE-2023-34242 (Cilium is a networking, observability, and security solution
with an e ...)
- cilium <itp> (bug #858303)
CVE-2023-34241 (OpenPrinting CUPS is a standards-based, open source printing
system fo ...)
+ {DLA-3476-1}
- cups 2.4.2-5 (bug #1038885)
[bookworm] - cups <no-dsa> (Minor issue; exploitable under specific
conditions; can be fixed via point release)
[bullseye] - cups <no-dsa> (Minor issue; exploitable under specific
conditions; can be fixed via point release)
@@ -11912,8 +11963,8 @@ CVE-2023-29147
RESERVED
CVE-2023-29146
RESERVED
-CVE-2023-29145
- RESERVED
+CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly
ensure w ...)
+ TODO: check
CVE-2023-29144
RESERVED
CVE-2023-29143
@@ -17728,8 +17779,8 @@ CVE-2023-27471
RESERVED
CVE-2023-27470
RESERVED
-CVE-2023-27469
- RESERVED
+CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary
file de ...)
+ TODO: check
CVE-2023-27468
RESERVED
CVE-2023-27467
@@ -20735,8 +20786,8 @@ CVE-2023-26301
RESERVED
CVE-2023-26300
RESERVED
-CVE-2023-26299
- RESERVED
+CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU)
vulnerability has be ...)
+ TODO: check
CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
NOT-FOR-US: HP
CVE-2023-26297 (Previous versions of HP Device Manager (prior to HPDM 5.0.10)
could po ...)
@@ -60420,7 +60471,7 @@ CVE-2022-3152 (Unverified Password Change in GitHub
repository phpfusion/phpfusi
NOT-FOR-US: PHP-Fusion
CVE-2022-3151 (The WP Custom Cursors WordPress plugin before 3.0.1 does not
have CSRF ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3150 (The WP Custom Cursors WordPress plugin through 3.0 does not
properly s ...)
+CVE-2022-3150 (The WP Custom Cursors WordPress plugin before 3.2 does not
properly sa ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3149 (The WP Custom Cursors WordPress plugin before 3.0.1 does not
have CSRF ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9efe1d0be33fed0ce21f0c82d40b663a327d887a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9efe1d0be33fed0ce21f0c82d40b663a327d887a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
