Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4265b5fe by security tracker role at 2023-08-19T08:11:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4433 (Cross-site Scripting (XSS) - Stored in GitHub repository
cockpit-hq/co ...)
+ TODO: check
+CVE-2023-4432 (Cross-site Scripting (XSS) - Reflected in GitHub repository
cockpit-hq ...)
+ TODO: check
+CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to
version ...)
+ TODO: check
+CVE-2023-40174 (Social media skeleton is an uncompleted/framework social media
project ...)
+ TODO: check
+CVE-2023-40173 (Social media skeleton is an uncompleted/framework social media
project ...)
+ TODO: check
+CVE-2023-40172 (Social media skeleton is an uncompleted/framework social media
project ...)
+ TODO: check
+CVE-2023-40037 (Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS
access in ...)
+ TODO: check
+CVE-2023-38839 (SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a
remote ...)
+ TODO: check
+CVE-2023-2971 (Improper path handling in Typora before 1.7.0-dev on Windows
and Linux ...)
+ TODO: check
CVE-2023-4422 (Cross-site Scripting (XSS) - Stored in GitHub repository
cockpit-hq/co ...)
NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
CVE-2023-4415 (A vulnerability was found in Ruijie RG-EW1200G 07161417 r483.
It has b ...)
@@ -2742,7 +2760,7 @@ CVE-2023-4010 (A flaw was found in the USB Host
Controller Driver framework in t
- linux <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2227726
NOTE: https://github.com/wanrenmi/a-usb-kernel-bug
-CVE-2023-3997 (Splunk SOAR versions 6.0.2 and earlier are indirectly affected
by a po ...)
+CVE-2023-3997 (Splunk SOAR versions lower than 6.1.0 are indirectly affected
by a pot ...)
NOT-FOR-US: Splunk SOAR
CVE-2023-3983 (An authenticated SQL injection vulnerability exists in
Advantech iView ...)
NOT-FOR-US: Advantech iView
@@ -12580,12 +12598,12 @@ CVE-2023-25183 (In Snap One OvrC Pro versions prior
to 7.2, when logged into the
NOT-FOR-US: Snap One
CVE-2023-2319 (It was discovered that an update for PCS package in
RHBA-2023:2151 err ...)
NOT-FOR-US: ed Hat Enterprise Linux 9.2 specific security regression
from CVE-2023-28154
-CVE-2023-2318
- RESERVED
-CVE-2023-2317
- RESERVED
-CVE-2023-2316
- RESERVED
+CVE-2023-2318 (DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in
MarkText 0. ...)
+ TODO: check
+CVE-2023-2317 (DOM-based XSS in updater/update.html in Typora before 1.6.7 on
Windows ...)
+ TODO: check
+CVE-2023-2316 (Improper path handling in Typora before 1.6.7 on Windows and
Linux all ...)
+ TODO: check
CVE-2023-2315
RESERVED
CVE-2023-31269
@@ -14151,8 +14169,8 @@ CVE-2023-2112 (Desktop component service allows lateral
movement between session
NOT-FOR-US: M-Files
CVE-2023-2111 (The Fast & Effective Popups & Lead-Generation for WordPress
plugin bef ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-2110
- RESERVED
+CVE-2023-2110 (Improper path handling in Obsidian desktop before 1.2.8 on
Windows, Li ...)
+ TODO: check
CVE-2023-30775 (A vulnerability was found in the libtiff library. This
security flaw c ...)
- tiff 4.5.0-2 (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/464
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4265b5fe2ed284fa9ea23df74a6df364561cf904
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4265b5fe2ed284fa9ea23df74a6df364561cf904
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
