Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ffe42f9 by security tracker role at 2023-07-21T20:12:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository
pimcore/pi ...)
+ TODO: check
+CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
+ TODO: check
+CVE-2023-3820 (SQL Injection in GitHub repository pimcore/pimcore prior to
10.6.4.)
+ TODO: check
+CVE-2023-3819 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
+ TODO: check
+CVE-2023-3102 (A sensitive information leak issue has been discovered in
GitLab EE af ...)
+ TODO: check
+CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise
before 1. ...)
+ TODO: check
+CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2023-38173 (Microsoft Edge for Android Spoofing Vulnerability)
+ TODO: check
+CVE-2023-37915 (OpenDDS is an open source C++ implementation of the Object
Management ...)
+ TODO: check
+CVE-2023-37905 (ckeditor-wordcount-plugin is an open source WordCount Plugin
for CKEdi ...)
+ TODO: check
+CVE-2023-37903 (vm2 is an open source vm/sandbox for Node.js. In vm2 for
versions up t ...)
+ TODO: check
+CVE-2023-37901 (Indico is an open source a general-purpose, web based event
management ...)
+ TODO: check
+CVE-2023-37742 (WebBoss.io CMS before v3.6.8.1 was discovered to contain a
reflected c ...)
+ TODO: check
+CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0 allows
attackers to a ...)
+ TODO: check
+CVE-2023-35392 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+ TODO: check
CVE-2023-3815 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: y_project RuoYi
CVE-2023-3813 (The Jupiter X Core plugin for WordPress is vulnerable to
arbitrary fil ...)
@@ -1273,7 +1303,7 @@ CVE-2023-3618 (A flaw was found in libtiff. A specially
crafted tiff file can le
[bullseye] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/529
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8
(v4.5.1rc1)
-CVE-2023-3603
+CVE-2023-3603 (A missing allocation check in sftp server processing read
requests may ...)
- libssh <not-affected> (Vulnerable code not present in 0.10.5/any
released version)
NOTE:
https://git.libssh.org/projects/libssh.git/commit/?id=fe80f47b0ae8902d229ef9b8a1b4fa949b92e720
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221791
@@ -2534,7 +2564,7 @@ CVE-2023-31248 (Linux Kernel nftables Use-After-Free
Local Privilege Escalation
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2
-CVE-2023-3484
+CVE-2023-3484 (An issue has been discovered in GitLab EE affecting all
versions start ...)
- gitlab <not-affected> (Specific to EE)
CVE-2023-35786 (Zoho ManageEngine ADManager Plus before 7183 allows admin
users to exp ...)
NOT-FOR-US: Zoho
@@ -23772,8 +23802,8 @@ CVE-2023-26302 (Denial of service could be caused to
the command line interface
NOTE: https://github.com/advisories/GHSA-jrwr-5x3p-hvc3
NOTE: https://github.com/executablebooks/markdown-it-py/pull/247
NOTE:
https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c
(v2.2.0)
-CVE-2023-26301
- RESERVED
+CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially
vulnerable to a ...)
+ TODO: check
CVE-2023-26300
RESERVED
CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU)
vulnerability has be ...)
@@ -25110,10 +25140,10 @@ CVE-2023-25843
RESERVED
CVE-2023-25842
RESERVED
-CVE-2023-25841
- RESERVED
-CVE-2023-25840
- RESERVED
+CVE-2023-25841 (There is a stored Cross-site Scripting vulnerability in Esri
ArcGIS Se ...)
+ TODO: check
+CVE-2023-25840 (There is a Cross-site Scripting vulnerabilityin ArcGIS Server
in versi ...)
+ TODO: check
CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights
Desktop f ...)
NOT-FOR-US: Esri ArcGIS
CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights
2022.1 for ...)
@@ -40363,7 +40393,7 @@ CVE-2023-21721 (Microsoft OneNote Elevation of
Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21720 (Microsoft Edge (Chromium-based) Tampering Vulnerability)
NOT-FOR-US: Microsoft
-CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability.)
+CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-21718 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -113018,7 +113048,7 @@ CVE-2022-23260
RESERVED
CVE-2022-23259 (Microsoft Dynamics 365 (on-premises) Remote Code Execution
Vulnerabili ...)
NOT-FOR-US: Microsoft
-CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability.)
+CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-23257 (Windows Hyper-V Remote Code Execution Vulnerability)
NOT-FOR-US: Microsoft
@@ -149714,8 +149744,8 @@ CVE-2021-35393 (Realtek Jungle SDK version v2.x up to
v3.4.14B provides a 'WiFi
NOT-FOR-US: Realtek Jungle SDK
CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a
'WiFi Simple ...)
NOT-FOR-US: Realtek Jungle SDK
-CVE-2021-35391
- RESERVED
+CVE-2021-35391 (Server Side Request Forgery vulnerability found in Deskpro
Support Des ...)
+ TODO: check
CVE-2021-35390
RESERVED
CVE-2021-35389
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffe42f9533203a4d5dc8e451733577200061688
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffe42f9533203a4d5dc8e451733577200061688
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
