Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fcf9282e by security tracker role at 2023-08-06T20:12:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2023-4196 (Cross-site Scripting (XSS) - Stored in GitHub repository
cockpit-hq/co ...)
+ TODO: check
+CVE-2023-4195 (PHP Remote File Inclusion in GitHub repository
cockpit-hq/cockpit prio ...)
+ TODO: check
+CVE-2023-4186 (A vulnerability was found in SourceCodester Pharmacy Management
System ...)
+ TODO: check
+CVE-2023-4185 (A vulnerability was found in SourceCodester Online Hospital
Management ...)
+ TODO: check
+CVE-2023-4184 (A vulnerability was found in SourceCodester Inventory
Management Syste ...)
+ TODO: check
+CVE-2023-4183 (A vulnerability has been found in SourceCodester Inventory
Management ...)
+ TODO: check
+CVE-2023-4182 (A vulnerability, which was classified as critical, was found in
Source ...)
+ TODO: check
+CVE-2023-4181 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
CVE-2023-4190 (Insufficient Session Expiration in GitHub repository
admidio/admidio p ...)
NOT-FOR-US: admidio
CVE-2023-4180 (A vulnerability classified as critical was found in
SourceCodester Fre ...)
@@ -28083,7 +28099,7 @@ CVE-2023-25579 (Nextcloud server is a self hosted home
cloud product. In affecte
CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI)
framework. ...)
NOT-FOR-US: Starlite
CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library.
Prior to ver ...)
- {DLA-3346-1}
+ {DSA-5470-1 DLA-3346-1}
- python-werkzeug 2.2.2-3 (bug #1031370)
NOTE:
https://github.com/pallets/werkzeug/commit/fe899d0cdf767a7289a8bf746b7f72c2907a1b4b
(2.2.3)
NOTE:
https://github.com/pallets/werkzeug/commit/09449ee77934a0c883f5959785864ecae6aaa2c9
(2.2.3)
@@ -32817,7 +32833,7 @@ CVE-2023-23936 (Undici is an HTTP/1.1 client for
Node.js. Starting with version
CVE-2023-23935 (Discourse is an open-source messaging platform. In versions
3.0.1 and ...)
NOT-FOR-US: Discourse
CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library.
Browsers may ...)
- {DLA-3346-1}
+ {DSA-5470-1 DLA-3346-1}
- python-werkzeug 2.2.2-3 (bug #1031370)
NOTE:
https://github.com/pallets/werkzeug/commit/8c2b4b82d0cade0d37e6a88e2cd2413878e8ebd4
(2.2.3)
NOTE:
https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q
@@ -216072,6 +216088,7 @@ CVE-2020-22338
CVE-2020-22337
RESERVED
CVE-2020-22336 (An issue was discovered in pdfcrack 0.17 thru 0.18, allows
attackers t ...)
+ {DLA-3517-1}
- pdfcrack 0.19-1
NOTE: https://sourceforge.net/p/pdfcrack/bugs/12/
CVE-2020-22335
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcf9282efdb89459070b0d18c2db15bc5264d3ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fcf9282efdb89459070b0d18c2db15bc5264d3ef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
