[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jun 10 09:12:23 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2d8214b by security tracker role at 2023-06-10T08:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2023-3188 (Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncas ...)
+	TODO: check
+CVE-2023-3187 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
 CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Management S ...)
 	NOT-FOR-US: SourceCodester Sales Tracker Management System
 CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...)
@@ -7776,8 +7780,8 @@ CVE-2023-29753 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android
 	TODO: check
 CVE-2023-29752 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...)
 	TODO: check
-CVE-2023-29751
-	RESERVED
+CVE-2023-29751 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...)
+	TODO: check
 CVE-2023-29750
 	RESERVED
 CVE-2023-29749 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...)
@@ -17942,8 +17946,8 @@ CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server i
 	NOT-FOR-US: RPA: Synchronization Engine
 CVE-2023-26466 (A user with non-Admin access can change a configuration file on the cl ...)
 	NOT-FOR-US: RPA: Synchronization Engine
-CVE-2023-26465
-	RESERVED
+CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.)
+	TODO: check
 CVE-2023-25944
 	RESERVED
 CVE-2023-25779
@@ -18875,8 +18879,8 @@ CVE-2023-26134
 	RESERVED
 CVE-2023-26133
 	RESERVED
-CVE-2023-26132
-	RESERVED
+CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...)
+	TODO: check
 CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...)
 	TODO: check
 CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...)
@@ -101407,7 +101411,7 @@ CVE-2022-24861 (Databasir is a team-oriented relational database model document
 CVE-2022-24860 (Databasir is a team-oriented relational database model document manage ...)
 	NOT-FOR-US: Databasir
 CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...)
-	{DLA-3039-1}
+	{DLA-3451-1 DLA-3039-1}
 	- pypdf2 1.27.9-1 (bug #1009879)
 	[bullseye] - pypdf2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2d8214beefc4eff5c86c0845bcdc75ec879f57f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2d8214beefc4eff5c86c0845bcdc75ec879f57f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230610/bf90f5b3/attachment.htm>
