[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 30 21:12:36 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9efe1d0b by security tracker role at 2023-06-30T20:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2023-3485 (Insecure defaults in open-source Temporal Server before version 1.20 o ...)
+	TODO: check
+CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...)
+	TODO: check
+CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 4.5.5. Aff ...)
+	TODO: check
+CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argument is a ...)
+	TODO: check
+CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...)
+	TODO: check
+CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in  ...)
+	TODO: check
+CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions in serve ...)
+	TODO: check
+CVE-2023-37305 (An issue was discovered in the ProofreadPage (aka Proofread Page) exte ...)
+	TODO: check
+CVE-2023-37304 (An issue was discovered in the DoubleWiki extension for MediaWiki thro ...)
+	TODO: check
+CVE-2023-37303 (An issue was discovered in the CheckUser extension for MediaWiki throu ...)
+	TODO: check
+CVE-2023-37302 (An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki  ...)
+	TODO: check
+CVE-2023-37301 (An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki ...)
+	TODO: check
+CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the CheckUser exten ...)
+	TODO: check
+CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image map.)
+	TODO: check
+CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.)
+	TODO: check
+CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...)
+	TODO: check
+CVE-2023-36807 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...)
+	TODO: check
+CVE-2023-36477 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-35178 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...)
+	TODO: check
+CVE-2023-35177 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...)
+	TODO: check
+CVE-2023-35176 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...)
+	TODO: check
+CVE-2023-35175 (Certain HP LaserJet Pro print products are potentially vulnerable to P ...)
+	TODO: check
+CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to c ...)
+	TODO: check
+CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...)
+	TODO: check
+CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers t ...)
+	TODO: check
 CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been de ...)
 	NOT-FOR-US: RocketSoft Rocket LMS
 CVE-2023-3476 (A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It ...)
@@ -1468,6 +1518,7 @@ CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to u
 CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
 CVE-2023-34241 (OpenPrinting CUPS is a standards-based, open source printing system fo ...)
+	{DLA-3476-1}
 	- cups 2.4.2-5 (bug #1038885)
 	[bookworm] - cups <no-dsa> (Minor issue; exploitable under specific conditions; can be fixed via point release)
 	[bullseye] - cups <no-dsa> (Minor issue; exploitable under specific conditions; can be fixed via point release)
@@ -11912,8 +11963,8 @@ CVE-2023-29147
 	RESERVED
 CVE-2023-29146
 	RESERVED
-CVE-2023-29145
-	RESERVED
+CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure w ...)
+	TODO: check
 CVE-2023-29144
 	RESERVED
 CVE-2023-29143
@@ -17728,8 +17779,8 @@ CVE-2023-27471
 	RESERVED
 CVE-2023-27470
 	RESERVED
-CVE-2023-27469
-	RESERVED
+CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file de ...)
+	TODO: check
 CVE-2023-27468
 	RESERVED
 CVE-2023-27467
@@ -20735,8 +20786,8 @@ CVE-2023-26301
 	RESERVED
 CVE-2023-26300
 	RESERVED
-CVE-2023-26299
-	RESERVED
+CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...)
+	TODO: check
 CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
 	NOT-FOR-US: HP
 CVE-2023-26297 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...)
@@ -60420,7 +60471,7 @@ CVE-2022-3152 (Unverified Password Change in GitHub repository phpfusion/phpfusi
 	NOT-FOR-US: PHP-Fusion
 CVE-2022-3151 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2022-3150 (The WP Custom Cursors WordPress plugin through 3.0 does not properly s ...)
+CVE-2022-3150 (The WP Custom Cursors WordPress plugin before 3.2 does not properly sa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3149 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9efe1d0be33fed0ce21f0c82d40b663a327d887a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9efe1d0be33fed0ce21f0c82d40b663a327d887a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230630/d8a4177e/attachment.htm>

More information about the debian-security-tracker-commits mailing list