[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e12d1f1 by security tracker role at 2023-12-30T20:11:42+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2023-7181 (A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified ...)
+	TODO: check
+CVE-2023-7180 (A vulnerability has been found in Tongda OA 2017 up to 11.9 and classi ...)
+	TODO: check
+CVE-2023-7179 (A vulnerability, which was classified as critical, was found in Campco ...)
+	TODO: check
+CVE-2023-7178 (A vulnerability, which was classified as critical, has been found in C ...)
+	TODO: check
+CVE-2023-7177 (A vulnerability classified as critical was found in Campcodes Online C ...)
+	TODO: check
+CVE-2023-7176 (A vulnerability classified as critical has been found in Campcodes Onl ...)
+	TODO: check
+CVE-2023-7175 (A vulnerability was found in Campcodes Online College Library System 1 ...)
+	TODO: check
+CVE-2023-7173 (A vulnerability, which was classified as problematic, was found in PHP ...)
+	TODO: check
+CVE-2023-7172 (A vulnerability, which was classified as critical, has been found in P ...)
+	TODO: check
+CVE-2023-6998 (Improper privilege management vulnerability in CoolKit Technology eWeL ...)
+	TODO: check
+CVE-2023-52263 (Brave Browser before 1.59.40 does not properly restrict the schema for ...)
+	TODO: check
+CVE-2023-52262 (outdoorbits little-backup-box (aka Little Backup Box) before f39f91c a ...)
+	TODO: check
+CVE-2023-51136 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+	TODO: check
+CVE-2023-51135 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+	TODO: check
+CVE-2023-51133 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...)
+	TODO: check
+CVE-2023-50651 (TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a rem ...)
+	TODO: check
+CVE-2023-50589 (Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL i ...)
+	TODO: check
+CVE-2023-50578 (Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnera ...)
+	TODO: check
+CVE-2023-50550 (layui up to v2.74 was discovered to contain a cross-site scripting (XS ...)
+	TODO: check
+CVE-2023-50110 (TestLink through 1.9.20 allows type juggling for authentication bypass ...)
+	TODO: check
+CVE-2023-49299 (Improper Input Validation vulnerability in Apache DolphinScheduler. An ...)
+	TODO: check
+CVE-2018-25096 (A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/ ...)
+	TODO: check
 CVE-2023-52257 (LogoBee 0.2 allows updates.php?id= XSS.)
 	NOT-FOR-US: LogoBee
 CVE-2023-52252 (Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua ...)
@@ -694,6 +738,7 @@ CVE-2023-34198 (In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 befor
 CVE-2023-7102 (Use of a Third Party library produced a vulnerability in Barracuda Net ...)
 	NOT-FOR-US: Barracuda (its use of Spreadsheet::ParseExcel, cf. CVE-2023-7102)
 CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing ...)
+	{DSA-5592-1}
 	- libspreadsheet-parseexcel-perl 0.6500-4 (bug #1059450)
 	NOTE: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
 	NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc
@@ -2847,6 +2892,7 @@ CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation violation
 	NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
 	NOTE: Seems bogus, this isn't a DoS but only a broken use of an API
 CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...)
+	{DLA-3700-1}
 	- cjson 1.7.17-1 (bug #1059287)
 	NOTE: https://github.com/DaveGamble/cJSON/issues/802
 	NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
@@ -4335,18 +4381,21 @@ CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective cross-si
 CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...)
 	NOT-FOR-US: DedeCMS
 CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer overflow vu ...)
+	{DLA-3699-1}
 	- libde265 1.0.15-1 (bug #1059275)
 	[bookworm] - libde265 <no-dsa> (Minor issue)
 	[bullseye] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/432
 	NOTE: Fixed by: https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb (v1.0.15)
 CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...)
+	{DLA-3699-1}
 	- libde265 1.0.15-1 (bug #1059275)
 	[bookworm] - libde265 <no-dsa> (Minor issue)
 	[bullseye] - libde265 <no-dsa> (Minor issue)
 	NOTE: https://github.com/strukturag/libde265/issues/434
 	NOTE: Fixed by: https://github.com/strukturag/libde265/commit/7e4faf254bbd2e52b0f216cb987573a2cce97b54 (v1.0.15)
 CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...)
+	{DLA-3699-1}
 	- libde265 1.0.15-1 (bug #1059275)
 	[bookworm] - libde265 <no-dsa> (Minor issue)
 	[bullseye] - libde265 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e12d1f19482049feefbe7675e9cbcc6286d738c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e12d1f19482049feefbe7675e9cbcc6286d738c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231230/4bd5e780/attachment.htm>