[Git][security-tracker-team/security-tracker][master] automatic update

Sat Aug 19 09:12:06 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4265b5fe by security tracker role at 2023-08-19T08:11:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2023-4433 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...)
+	TODO: check
+CVE-2023-4432 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...)
+	TODO: check
+CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to version ...)
+	TODO: check
+CVE-2023-40174 (Social media skeleton is an uncompleted/framework social media project ...)
+	TODO: check
+CVE-2023-40173 (Social media skeleton is an uncompleted/framework social media project ...)
+	TODO: check
+CVE-2023-40172 (Social media skeleton is an uncompleted/framework social media project ...)
+	TODO: check
+CVE-2023-40037 (Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in  ...)
+	TODO: check
+CVE-2023-38839 (SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote  ...)
+	TODO: check
+CVE-2023-2971 (Improper path handling in Typora before 1.7.0-dev on Windows and Linux ...)
+	TODO: check
 CVE-2023-4422 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...)
 	NOT-FOR-US: Cockpit Content Platform (different from src:cockpit)
 CVE-2023-4415 (A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has b ...)
@@ -2742,7 +2760,7 @@ CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in t
 	- linux <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2227726
 	NOTE: https://github.com/wanrenmi/a-usb-kernel-bug
-CVE-2023-3997 (Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a po ...)
+CVE-2023-3997 (Splunk SOAR versions lower than 6.1.0 are indirectly affected by a pot ...)
 	NOT-FOR-US: Splunk SOAR
 CVE-2023-3983 (An authenticated SQL injection vulnerability exists in Advantech iView ...)
 	NOT-FOR-US: Advantech iView
@@ -12580,12 +12598,12 @@ CVE-2023-25183 (In Snap One OvrC Pro versions prior to 7.2, when logged into the
 	NOT-FOR-US: Snap One
 CVE-2023-2319 (It was discovered that an update for PCS package in RHBA-2023:2151 err ...)
 	NOT-FOR-US: ed Hat Enterprise Linux 9.2 specific security regression from CVE-2023-28154
-CVE-2023-2318
-	RESERVED
-CVE-2023-2317
-	RESERVED
-CVE-2023-2316
-	RESERVED
+CVE-2023-2318 (DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0. ...)
+	TODO: check
+CVE-2023-2317 (DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows ...)
+	TODO: check
+CVE-2023-2316 (Improper path handling in Typora before 1.6.7 on Windows and Linux all ...)
+	TODO: check
 CVE-2023-2315
 	RESERVED
 CVE-2023-31269
@@ -14151,8 +14169,8 @@ CVE-2023-2112 (Desktop component service allows lateral movement between session
 	NOT-FOR-US: M-Files
 CVE-2023-2111 (The Fast & Effective Popups & Lead-Generation for WordPress plugin bef ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-2110
-	RESERVED
+CVE-2023-2110 (Improper path handling in Obsidian desktop before 1.2.8 on Windows, Li ...)
+	TODO: check
 CVE-2023-30775 (A vulnerability was found in the libtiff library. This security flaw c ...)
 	- tiff 4.5.0-2 (unimportant)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/464



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4265b5fe2ed284fa9ea23df74a6df364561cf904

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4265b5fe2ed284fa9ea23df74a6df364561cf904
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230819/3927c234/attachment-0001.htm>
