[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jul 15 09:12:34 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9650100c by security tracker role at 2023-07-15T08:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2023-3678 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...)
+	TODO: check
+CVE-2023-38350 (PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via t ...)
+	TODO: check
+CVE-2023-38349 (PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controlle ...)
+	TODO: check
+CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary JSON and ...)
+	TODO: check
+CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via filename ...)
+	TODO: check
+CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command injection ...)
+	TODO: check
+CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow v ...)
+	TODO: check
+CVE-2023-37472 (Knowage is an open source suite for business analytics. The applicatio ...)
+	TODO: check
+CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript Object Signin ...)
+	TODO: check
+CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2023-37268 (Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn' ...)
+	TODO: check
+CVE-2023-36818 (Discourse is an open source discussion platform. In affected versions  ...)
+	TODO: check
+CVE-2023-36466 (Discourse is an open source discussion platform. When editing a topic, ...)
+	TODO: check
+CVE-2023-35802 (IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Ove ...)
+	TODO: check
+CVE-2023-34236 (Weave GitOps Terraform Controller (aka Weave TF-controller) is a contr ...)
+	TODO: check
 CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.)
 	NOT-FOR-US: pimcore
 CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webment ...)
@@ -2080,6 +2110,7 @@ CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image
 CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.)
 	NOT-FOR-US: Joplin
 CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...)
+	{DLA-3497-1}
 	- pypdf2 1.27.9-1
 	[bullseye] - pypdf2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9650100c4c72c44f552d968a0b0f7bf83fe19c91

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9650100c4c72c44f552d968a0b0f7bf83fe19c91
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230715/1a2a4e81/attachment.htm>
