[Git][security-tracker-team/security-tracker][master] automatic update

Sun Aug 6 21:12:28 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fcf9282e by security tracker role at 2023-08-06T20:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2023-4196 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...)
+	TODO: check
+CVE-2023-4195 (PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prio ...)
+	TODO: check
+CVE-2023-4186 (A vulnerability was found in SourceCodester Pharmacy Management System ...)
+	TODO: check
+CVE-2023-4185 (A vulnerability was found in SourceCodester Online Hospital Management ...)
+	TODO: check
+CVE-2023-4184 (A vulnerability was found in SourceCodester Inventory Management Syste ...)
+	TODO: check
+CVE-2023-4183 (A vulnerability has been found in SourceCodester Inventory Management  ...)
+	TODO: check
+CVE-2023-4182 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2023-4181 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
 CVE-2023-4190 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...)
 	NOT-FOR-US: admidio
 CVE-2023-4180 (A vulnerability classified as critical was found in SourceCodester Fre ...)
@@ -28083,7 +28099,7 @@ CVE-2023-25579 (Nextcloud server is a self hosted home cloud product. In affecte
 CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. ...)
 	NOT-FOR-US: Starlite
 CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
-	{DLA-3346-1}
+	{DSA-5470-1 DLA-3346-1}
 	- python-werkzeug 2.2.2-3 (bug #1031370)
 	NOTE: https://github.com/pallets/werkzeug/commit/fe899d0cdf767a7289a8bf746b7f72c2907a1b4b (2.2.3)
 	NOTE: https://github.com/pallets/werkzeug/commit/09449ee77934a0c883f5959785864ecae6aaa2c9 (2.2.3)
@@ -32817,7 +32833,7 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version
 CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.1 and  ...)
 	NOT-FOR-US: Discourse
 CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...)
-	{DLA-3346-1}
+	{DSA-5470-1 DLA-3346-1}
 	- python-werkzeug 2.2.2-3 (bug #1031370)
 	NOTE: https://github.com/pallets/werkzeug/commit/8c2b4b82d0cade0d37e6a88e2cd2413878e8ebd4 (2.2.3)
 	NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
@@ -216072,6 +216088,7 @@ CVE-2020-22338
 CVE-2020-22337
 	RESERVED
 CVE-2020-22336 (An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers t ...)
+	{DLA-3517-1}
 	- pdfcrack 0.19-1
 	NOTE: https://sourceforge.net/p/pdfcrack/bugs/12/
 CVE-2020-22335



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcf9282efdb89459070b0d18c2db15bc5264d3ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcf9282efdb89459070b0d18c2db15bc5264d3ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230806/f26437bf/attachment.htm>
