Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9650100c by security tracker role at 2023-07-15T08:12:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2023-3678 (A vulnerability was found in SourceCodester AC Repair and
Services Sys ...)
+ TODO: check
+CVE-2023-38350 (PNP4Nagios through 81ebfc5 has stored XSS in the AJAX
controller via t ...)
+ TODO: check
+CVE-2023-38349 (PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX
controlle ...)
+ TODO: check
+CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary
JSON and ...)
+ TODO: check
+CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via
filename ...)
+ TODO: check
+CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command
injection ...)
+ TODO: check
+CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer
overflow v ...)
+ TODO: check
+CVE-2023-37472 (Knowage is an open source suite for business analytics. The
applicatio ...)
+ TODO: check
+CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript
Object Signin ...)
+ TODO: check
+CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
+ TODO: check
+CVE-2023-37268 (Warpgate is an SSH, HTTPS and MySQL bastion host for Linux
that doesn' ...)
+ TODO: check
+CVE-2023-36818 (Discourse is an open source discussion platform. In affected
versions ...)
+ TODO: check
+CVE-2023-36466 (Discourse is an open source discussion platform. When editing
a topic, ...)
+ TODO: check
+CVE-2023-35802 (IQ Engine before 10.6r1 on Extreme Network AP devices has a
Buffer Ove ...)
+ TODO: check
+CVE-2023-34236 (Weave GitOps Terraform Controller (aka Weave TF-controller) is
a contr ...)
+ TODO: check
CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to
10.5.24.)
NOT-FOR-US: pimcore
CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository
plaidweb/webment ...)
@@ -2080,6 +2110,7 @@ CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an
AREA element of an image
CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG
document.)
NOT-FOR-US: Joplin
CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting,
merging, crop ...)
+ {DLA-3497-1}
- pypdf2 1.27.9-1
[bullseye] - pypdf2 <no-dsa> (Minor issue)
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9650100c4c72c44f552d968a0b0f7bf83fe19c91
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9650100c4c72c44f552d968a0b0f7bf83fe19c91
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
