[Git][security-tracker-team/security-tracker][master] automatic update

Sun Jun 11 21:12:49 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28c68f97 by security tracker role at 2023-06-11T20:12:34+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2023-3192 (Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.)
+	TODO: check
 CVE-2023-3191 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-3190 (Improper Encoding or Escaping of Output in GitHub repository nilsteamp ...)
@@ -583,7 +585,7 @@ CVE-2023-34417
 	- firefox 114.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417
 CVE-2023-34416
-	{DSA-5421-1 DLA-3448-1}
+	{DSA-5423-1 DSA-5421-1 DLA-3448-1}
 	- firefox 114.0-1
 	- firefox-esr 102.12.0esr-1
 	- thunderbird 1:102.12.0-1
@@ -594,7 +596,7 @@ CVE-2023-34415
 	- firefox 114.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34415
 CVE-2023-34414
-	{DSA-5421-1 DLA-3448-1}
+	{DSA-5423-1 DSA-5421-1 DLA-3448-1}
 	- firefox 114.0-1
 	- firefox-esr 102.12.0esr-1
 	- thunderbird 1:102.12.0-1
@@ -19555,10 +19557,10 @@ CVE-2023-25914
 	RESERVED
 CVE-2023-25913
 	RESERVED
-CVE-2023-25912
-	RESERVED
-CVE-2023-25911
-	RESERVED
+CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows an una ...)
+	TODO: check
+CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...)
+	TODO: check
 CVE-2023-25910
 	RESERVED
 CVE-2023-0872
@@ -30100,16 +30102,16 @@ CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versio
 	- gitlab <unfixed>
 CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over another use ...)
 	NOT-FOR-US: IBM
-CVE-2023-22586
-	RESERVED
-CVE-2023-22585
-	RESERVED
-CVE-2023-22584
-	RESERVED
-CVE-2023-22583
-	RESERVED
-CVE-2023-22582
-	RESERVED
+CVE-2023-22586 (The Danfoss AK-EM100 web applications allow for Local File Inclusion i ...)
+	TODO: check
+CVE-2023-22585 (The Danfoss AK-EM100 web applications allow for Reflected Cross-Site S ...)
+	TODO: check
+CVE-2023-22584 (The Danfoss AK-EM100 stores login credentials in cleartext.)
+	TODO: check
+CVE-2023-22583 (The Danfoss AK-EM100 web forms allow for SQL injection in the login fo ...)
+	TODO: check
+CVE-2023-22582 (The Danfoss AK-EM100 web applications allow for Reflected Cross-Site S ...)
+	TODO: check
 CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it possible f ...)
 	NOT-FOR-US: White Rabbit Switch
 CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c68f9773f7d57a2c82f7e791c470ca23336424

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28c68f9773f7d57a2c82f7e791c470ca23336424
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230611/7fae846a/attachment-0001.htm>
