[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 21 21:12:33 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7ffe42f9 by security tracker role at 2023-07-21T20:12:23+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...)
+	TODO: check
+CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+	TODO: check
+CVE-2023-3820 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.)
+	TODO: check
+CVE-2023-3819 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
+	TODO: check
+CVE-2023-3102 (A sensitive information leak issue has been discovered in GitLab EE af ...)
+	TODO: check
+CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise before 1. ...)
+	TODO: check
+CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-38173 (Microsoft Edge for Android Spoofing Vulnerability)
+	TODO: check
+CVE-2023-37915 (OpenDDS is an open source C++ implementation of the Object Management  ...)
+	TODO: check
+CVE-2023-37905 (ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEdi ...)
+	TODO: check
+CVE-2023-37903 (vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up t ...)
+	TODO: check
+CVE-2023-37901 (Indico is an open source a general-purpose, web based event management ...)
+	TODO: check
+CVE-2023-37742 (WebBoss.io CMS before v3.6.8.1 was discovered to contain a reflected c ...)
+	TODO: check
+CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0 allows attackers to a ...)
+	TODO: check
+CVE-2023-35392 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
+	TODO: check
 CVE-2023-3815 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: y_project RuoYi
 CVE-2023-3813 (The Jupiter X Core plugin for WordPress is vulnerable to arbitrary fil ...)
@@ -1273,7 +1303,7 @@ CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can le
 	[bullseye] - tiff <no-dsa> (Minor issue)
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/529
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 (v4.5.1rc1)
-CVE-2023-3603
+CVE-2023-3603 (A missing allocation check in sftp server processing read requests may ...)
 	- libssh <not-affected> (Vulnerable code not present in 0.10.5/any released version)
 	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=fe80f47b0ae8902d229ef9b8a1b4fa949b92e720
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221791
@@ -2534,7 +2564,7 @@ CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege Escalation
 	- linux <unfixed>
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2
-CVE-2023-3484
+CVE-2023-3484 (An issue has been discovered in GitLab EE affecting all versions start ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2023-35786 (Zoho ManageEngine ADManager Plus before 7183 allows admin users to exp ...)
 	NOT-FOR-US: Zoho
@@ -23772,8 +23802,8 @@ CVE-2023-26302 (Denial of service could be caused to the command line interface
 	NOTE: https://github.com/advisories/GHSA-jrwr-5x3p-hvc3
 	NOTE: https://github.com/executablebooks/markdown-it-py/pull/247
 	NOTE: https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c (v2.2.0)
-CVE-2023-26301
-	RESERVED
+CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...)
+	TODO: check
 CVE-2023-26300
 	RESERVED
 CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
@@ -25110,10 +25140,10 @@ CVE-2023-25843
 	RESERVED
 CVE-2023-25842
 	RESERVED
-CVE-2023-25841
-	RESERVED
-CVE-2023-25840
-	RESERVED
+CVE-2023-25841 (There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Se ...)
+	TODO: check
+CVE-2023-25840 (There is a Cross-site Scripting vulnerabilityin ArcGIS Server in versi ...)
+	TODO: check
 CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights Desktop f ...)
 	NOT-FOR-US: Esri ArcGIS
 CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 2022.1 for ...)
@@ -40363,7 +40393,7 @@ CVE-2023-21721 (Microsoft OneNote Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-21720 (Microsoft Edge (Chromium-based) Tampering Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.)
+CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-21718 (Microsoft SQL ODBC Driver Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -113018,7 +113048,7 @@ CVE-2022-23260
 	RESERVED
 CVE-2022-23259 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
 	NOT-FOR-US: Microsoft
-CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability.)
+CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-23257 (Windows Hyper-V Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -149714,8 +149744,8 @@ CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi
 	NOT-FOR-US: Realtek Jungle SDK
 CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...)
 	NOT-FOR-US: Realtek Jungle SDK
-CVE-2021-35391
-	RESERVED
+CVE-2021-35391 (Server Side Request Forgery vulnerability found in Deskpro Support Des ...)
+	TODO: check
 CVE-2021-35390
 	RESERVED
 CVE-2021-35389



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffe42f9533203a4d5dc8e451733577200061688

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ffe42f9533203a4d5dc8e451733577200061688
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230721/8b01c822/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list