[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 14 Jul 2023 01:11:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c8cfc32a by security tracker role at 2023-07-14T08:11:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,63 @@
+CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository 
froxlor/f ...)
+       TODO: check
+CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial 
of ser ...)
+       TODO: check
+CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 
3.6.14  ...)
+       TODO: check
+CVE-2023-3514 (Improper Privilege Control in RazerCentralSerivce Named Pipe in 
Razer  ...)
+       TODO: check
+CVE-2023-3513 (Improper Privilege Control in RazerCentralSerivce Named Pipe in 
Razer  ...)
+       TODO: check
+CVE-2023-38286 (Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin 
(aka Spr ...)
+       TODO: check
+CVE-2023-37849 (A DLL hijacking vulnerability in Panda Security VPN for 
Windows prior  ...)
+       TODO: check
+CVE-2023-37839 (An arbitrary file upload vulnerability in 
/dede/file_manage_control.ph ...)
+       TODO: check
+CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer 
overflo ...)
+       TODO: check
+CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable 
assertion ...)
+       TODO: check
+CVE-2023-37723 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were 
discovered ...)
+       TODO: check
+CVE-2023-37722 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were 
discovered ...)
+       TODO: check
+CVE-2023-37721 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were 
discovered ...)
+       TODO: check
+CVE-2023-37719 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were 
discovered ...)
+       TODO: check
+CVE-2023-37718 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were 
discovered ...)
+       TODO: check
+CVE-2023-37717 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, 
AC10 V1.0,  ...)
+       TODO: check
+CVE-2023-37716 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, 
AC10 V1.0,  ...)
+       TODO: check
+CVE-2023-37715 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were 
discovered ...)
+       TODO: check
+CVE-2023-37714 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were 
discovered ...)
+       TODO: check
+CVE-2023-37599 (An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to 
obtain s ...)
+       TODO: check
+CVE-2023-37598 (A Cross Site Request Forgery (CSRF) vulnerability in 
issabel-pbx v.4.0 ...)
+       TODO: check
+CVE-2023-37468 (Feedbacksystem is a personalized feedback system for students 
using ar ...)
+       TODO: check
+CVE-2023-37466 (vm2 is an advanced vm/sandbox for Node.js. The library 
contains critic ...)
+       TODO: check
+CVE-2023-37278 (GLPI is a Free Asset and IT Management Software package, Data 
center m ...)
+       TODO: check
+CVE-2023-37275 (Auto-GPT is an experimental open-source application showcasing 
the cap ...)
+       TODO: check
+CVE-2023-37274 (Auto-GPT is an experimental open-source application showcasing 
the cap ...)
+       TODO: check
+CVE-2023-37273 (Auto-GPT is an experimental open-source application showcasing 
the cap ...)
+       TODO: check
+CVE-2023-37272 (JS7 is an Open Source Job Scheduler. Users specify file names 
when upl ...)
+       TODO: check
+CVE-2023-36473 (Discourse is an open source discussion platform. A CSP 
(Content Securi ...)
+       TODO: check
+CVE-2023-35945 (Envoy is a cloud-native high-performance edge/middle/service 
proxy. En ...)
+       TODO: check
 CVE-2023-3661 (A vulnerability was found in SourceCodester AC Repair and 
Services Sys ...)
        NOT-FOR-US: SourceCodester AC Repair and Services System
 CVE-2023-3660 (A vulnerability was found in Campcodes Retro Cellphone Online 
Store 1. ...)
@@ -545,11 +605,11 @@ CVE-2023-36690 (Cross-Site Request Forgery (CSRF) 
vulnerability in VibeThemes WP
        NOT-FOR-US: WordPress theme
 CVE-2023-36687 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea 
Tarantini Me ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-36538 (Improper access control in Zoom Rooms before version 5.15.0 
may allow  ...)
+CVE-2023-36538 (Improper access control in Zoom Rooms for Windows before 
version 5.15. ...)
        NOT-FOR-US: Zoom
-CVE-2023-36537 (Improper privilege management in Zoom Rooms before version 
5.14.5 may  ...)
+CVE-2023-36537 (Improper privilege management in Zoom Rooms for Windows before 
version ...)
        NOT-FOR-US: Zoom
-CVE-2023-36536 (Untrusted search path in the installer for Zoom Rooms before 
version 5 ...)
+CVE-2023-36536 (Untrusted search path in the installer for Zoom Rooms for 
Windows befo ...)
        NOT-FOR-US: Zoom
 CVE-2023-36522 (Cross-Site Request Forgery (CSRF) vulnerability in WePupil 
Quiz Expert ...)
        NOT-FOR-US: WordPress plugin
@@ -723,9 +783,9 @@ CVE-2023-34561 (A buffer overflow in the level parsing code 
of RobTop Games AB G
        NOT-FOR-US: WordPress plugin
 CVE-2023-34185 (Cross-Site Request Forgery (CSRF) vulnerability in John Brien 
WordPres ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-34119 (Insecure temporary file in the installer for Zoom Rooms before 
version ...)
+CVE-2023-34119 (Insecure temporary file in the installer for Zoom Rooms for 
Windowsbef ...)
        NOT-FOR-US: Zoom
-CVE-2023-34118 (Improper privilege management in Zoom Rooms before version 
5.14.5 may  ...)
+CVE-2023-34118 (Improper privilege management in Zoom Rooms for Windows before 
version ...)
        NOT-FOR-US: Zoom
 CVE-2023-34117 (Relative path traversal in the Zoom Client SDK before version 
5.15.0 m ...)
        NOT-FOR-US: Zoom
@@ -9455,8 +9515,8 @@ CVE-2023-2084 (The Essential Blocks plugin for WordPress 
is vulnerable to unauth
        NOT-FOR-US: WordPress plugin
 CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to 
unauthorize ...)
        NOT-FOR-US: WordPress plugin
-CVE-2023-2082
-       RESERVED
+CVE-2023-2082 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin 
for WordP ...)
+       TODO: check
 CVE-2023-2081
        RESERVED
 CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
@@ -74466,6 +74526,7 @@ CVE-2022-2402 (The vulnerability in the driver 
dlpfde.sys enables a user logged
 CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost 
version ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2022-2400 (External Control of File Name or Path in GitHub repository 
dompdf/domp ...)
+       {DLA-3495-1}
        - php-dompdf 2.0.2+dfsg-1 (bug #1015874)
        [bullseye] - php-dompdf <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
@@ -132507,6 +132568,7 @@ CVE-2021-41770 (Ping Identity PingFederate before 
10.3.1 mishandles pre-parsing
        NOT-FOR-US: Ping Identity PingFederate
 CVE-2021-3838 [Deserialization of Untrusted Data using PHAR deserialization]
        RESERVED
+       {DLA-3495-1}
        - php-dompdf 2.0.2+dfsg-1
        [bullseye] - php-dompdf <no-dsa> (Minor issue)
        NOTE: https://github.com/dompdf/dompdf/issues/2564



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8cfc32ac959273dc434b4d56025f1768f902e0d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8cfc32ac959273dc434b4d56025f1768f902e0d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to