[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 14 21:12:36 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6908d47 by security tracker role at 2023-07-14T20:12:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.)
+	TODO: check
+CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webment ...)
+	TODO: check
+CVE-2023-3633 (An out-of-bounds writevulnerability in Bitdefender Engines on Windows  ...)
+	TODO: check
+CVE-2023-3434 (Improper Input Validation in the hyperlink interpretation inSavoir-fai ...)
+	TODO: check
+CVE-2023-3433 (The "nickname" field within Savoir-faire Linux's Jami application is s ...)
+	TODO: check
+CVE-2023-38325 (The cryptography package before 41.0.2 for Python mishandles SSH certi ...)
+	TODO: check
+CVE-2023-38253 (An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str fun ...)
+	TODO: check
+CVE-2023-38252 (An out-of-bounds read flaw was found in w3m, in the Strnew_size functi ...)
+	TODO: check
+CVE-2023-37474 (Copyparty is a portable file server. Versions prior to 1.8.2 are subje ...)
+	TODO: check
+CVE-2023-37473 (zenstruck/collections is a set of helpers for iterating/paginating/fil ...)
+	TODO: check
+CVE-2023-37224 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...)
+	TODO: check
+CVE-2023-37223 (Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6 ...)
+	TODO: check
+CVE-2023-36888 (Microsoft Edge for Android (Chromium-based) Tampering Vulnerability)
+	TODO: check
+CVE-2023-36887 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability)
+	TODO: check
+CVE-2023-36883 (Microsoft Edge for iOS Spoofing Vulnerability)
+	TODO: check
+CVE-2023-36850 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...)
+	TODO: check
+CVE-2023-36849 (An Improper Check or Handling of Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2023-36848 (An Improper Handling of Undefined Values vulnerability in the periodic ...)
+	TODO: check
+CVE-2023-36840 (A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) o ...)
+	TODO: check
+CVE-2023-36838 (An Out-of-bounds Read vulnerability in the flow processing daemon (flo ...)
+	TODO: check
+CVE-2023-36836 (A Use of an Uninitialized Resource vulnerability in the routing protoc ...)
+	TODO: check
+CVE-2023-36835 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2023-36834 (An Incomplete Internal State Distinction vulnerability in the packet f ...)
+	TODO: check
+CVE-2023-36833 (A Use After Free vulnerability in the packet forwarding engine (PFE) o ...)
+	TODO: check
+CVE-2023-36832 (An Improper Handling of Exceptional Conditions vulnerability in packet ...)
+	TODO: check
+CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions vulnerability  ...)
+	TODO: check
+CVE-2023-36119 (File upload vulnerability in PHPGurukul Online Security Guards Hiring  ...)
+	TODO: check
+CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible way to se ...)
+	TODO: check
+CVE-2023-32761 (Cross Site Request Forgery (CSRF) vulnerability in Archer Platform bef ...)
+	TODO: check
+CVE-2023-32760 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...)
+	TODO: check
+CVE-2023-32759 (An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6. ...)
+	TODO: check
+CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug that c ...)
+	TODO: check
 CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...)
 	- froxlor <itp> (bug #581792)
 CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...)
@@ -921,7 +985,7 @@ CVE-2023-32054 (Volume Shadow Copy Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-32053 (Windows Installer Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
-CVE-2023-32052 (Microsoft Power Apps Spoofing Vulnerability)
+CVE-2023-32052 (Microsoft Power Apps (online) Spoofing Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-32051 (Raw Image Extension Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
@@ -3484,6 +3548,7 @@ CVE-2023-2784 (Mattermost fails to verify if the requestor is a sysadmin or not,
 CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided in th ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...)
+	{DSA-5452-1}
 	- gpac <unfixed>
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/
@@ -5289,6 +5354,7 @@ CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2.
 	NOTE: https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073
 	NOTE: https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594
 CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...)
+	{DSA-5452-1}
 	- gpac <unfixed>
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69
@@ -14584,8 +14650,8 @@ CVE-2023-28987
 	RESERVED
 CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2023-28985
-	RESERVED
+CVE-2023-28985 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
+	TODO: check
 CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning Manager ...)
 	NOT-FOR-US: Juniper
 CVE-2023-28983 (An OS Command Injection vulnerability in gRPC Network Operations Inter ...)
@@ -15055,6 +15121,7 @@ CVE-2023-28864
 CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of  ...)
 	NOT-FOR-US: AMI
 CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...)
+	{DLA-3496-1}
 	- lemonldap-ng 2.16.1+ds-1
 	[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u4
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2896
@@ -25136,6 +25203,7 @@ CVE-2023-0762 (The Clock In Portal- Staff & Attendance Management WordPress plug
 CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...)
+	{DSA-5452-1}
 	- gpac <unfixed> (bug #1033116)
 	[buster] - gpac <end-of-life> (EOL in buster LTS)
 	NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21
@@ -27184,8 +27252,8 @@ CVE-2023-24898 (Windows SMB Denial of Service Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...)
 	NOT-FOR-US: .NET
-CVE-2023-24896
-	RESERVED
+CVE-2023-24896 (Dynamics 365 Finance Spoofing Vulnerability)
+	TODO: check
 CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...)
 	NOT-FOR-US: .NET
 CVE-2023-24894



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6908d47e19d40fddf0489a0722eb1d1ba4a2b73

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6908d47e19d40fddf0489a0722eb1d1ba4a2b73
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/85530bf0/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list