[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 14 09:11:43 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8cfc32a by security tracker role at 2023-07-14T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...)
+	TODO: check
+CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...)
+	TODO: check
+CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14  ...)
+	TODO: check
+CVE-2023-3514 (Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer  ...)
+	TODO: check
+CVE-2023-3513 (Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer  ...)
+	TODO: check
+CVE-2023-38286 (Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spr ...)
+	TODO: check
+CVE-2023-37849 (A DLL hijacking vulnerability in Panda Security VPN for Windows prior  ...)
+	TODO: check
+CVE-2023-37839 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...)
+	TODO: check
+CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer overflo ...)
+	TODO: check
+CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable assertion ...)
+	TODO: check
+CVE-2023-37723 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
+	TODO: check
+CVE-2023-37722 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
+	TODO: check
+CVE-2023-37721 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
+	TODO: check
+CVE-2023-37719 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
+	TODO: check
+CVE-2023-37718 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
+	TODO: check
+CVE-2023-37717 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0,  ...)
+	TODO: check
+CVE-2023-37716 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0,  ...)
+	TODO: check
+CVE-2023-37715 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
+	TODO: check
+CVE-2023-37714 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...)
+	TODO: check
+CVE-2023-37599 (An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain s ...)
+	TODO: check
+CVE-2023-37598 (A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0 ...)
+	TODO: check
+CVE-2023-37468 (Feedbacksystem is a personalized feedback system for students using ar ...)
+	TODO: check
+CVE-2023-37466 (vm2 is an advanced vm/sandbox for Node.js. The library contains critic ...)
+	TODO: check
+CVE-2023-37278 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+	TODO: check
+CVE-2023-37275 (Auto-GPT is an experimental open-source application showcasing the cap ...)
+	TODO: check
+CVE-2023-37274 (Auto-GPT is an experimental open-source application showcasing the cap ...)
+	TODO: check
+CVE-2023-37273 (Auto-GPT is an experimental open-source application showcasing the cap ...)
+	TODO: check
+CVE-2023-37272 (JS7 is an Open Source Job Scheduler. Users specify file names when upl ...)
+	TODO: check
+CVE-2023-36473 (Discourse is an open source discussion platform. A CSP (Content Securi ...)
+	TODO: check
+CVE-2023-35945 (Envoy is a cloud-native high-performance edge/middle/service proxy. En ...)
+	TODO: check
 CVE-2023-3661 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
 	NOT-FOR-US: SourceCodester AC Repair and Services System
 CVE-2023-3660 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...)
@@ -545,11 +605,11 @@ CVE-2023-36690 (Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WP
 	NOT-FOR-US: WordPress theme
 CVE-2023-36687 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Me ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-36538 (Improper access control in Zoom Rooms before version 5.15.0 may allow  ...)
+CVE-2023-36538 (Improper access control in Zoom Rooms for Windows before version 5.15. ...)
 	NOT-FOR-US: Zoom
-CVE-2023-36537 (Improper privilege management in Zoom Rooms before version 5.14.5 may  ...)
+CVE-2023-36537 (Improper privilege management in Zoom Rooms for Windows before version ...)
 	NOT-FOR-US: Zoom
-CVE-2023-36536 (Untrusted search path in the installer for Zoom Rooms before version 5 ...)
+CVE-2023-36536 (Untrusted search path in the installer for Zoom Rooms for Windows befo ...)
 	NOT-FOR-US: Zoom
 CVE-2023-36522 (Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert ...)
 	NOT-FOR-US: WordPress plugin
@@ -723,9 +783,9 @@ CVE-2023-34561 (A buffer overflow in the level parsing code of RobTop Games AB G
 	NOT-FOR-US: WordPress plugin
 CVE-2023-34185 (Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPres ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-34119 (Insecure temporary file in the installer for Zoom Rooms before version ...)
+CVE-2023-34119 (Insecure temporary file in the installer for Zoom Rooms for Windowsbef ...)
 	NOT-FOR-US: Zoom
-CVE-2023-34118 (Improper privilege management in Zoom Rooms before version 5.14.5 may  ...)
+CVE-2023-34118 (Improper privilege management in Zoom Rooms for Windows before version ...)
 	NOT-FOR-US: Zoom
 CVE-2023-34117 (Relative path traversal in the Zoom Client SDK before version 5.15.0 m ...)
 	NOT-FOR-US: Zoom
@@ -9455,8 +9515,8 @@ CVE-2023-2084 (The Essential Blocks plugin for WordPress is vulnerable to unauth
 	NOT-FOR-US: WordPress plugin
 CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-2082
-	RESERVED
+CVE-2023-2082 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...)
+	TODO: check
 CVE-2023-2081
 	RESERVED
 CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -74466,6 +74526,7 @@ CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user logged
 CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost version ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2022-2400 (External Control of File Name or Path in GitHub repository dompdf/domp ...)
+	{DLA-3495-1}
 	- php-dompdf 2.0.2+dfsg-1 (bug #1015874)
 	[bullseye] - php-dompdf <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
@@ -132507,6 +132568,7 @@ CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing
 	NOT-FOR-US: Ping Identity PingFederate
 CVE-2021-3838 [Deserialization of Untrusted Data using PHAR deserialization]
 	RESERVED
+	{DLA-3495-1}
 	- php-dompdf 2.0.2+dfsg-1
 	[bullseye] - php-dompdf <no-dsa> (Minor issue)
 	NOTE: https://github.com/dompdf/dompdf/issues/2564



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8cfc32ac959273dc434b4d56025f1768f902e0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8cfc32ac959273dc434b4d56025f1768f902e0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/0dad149c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list