Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e12d1f1 by security tracker role at 2023-12-30T20:11:42+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2023-7181 (A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and
classified ...)
+ TODO: check
+CVE-2023-7180 (A vulnerability has been found in Tongda OA 2017 up to 11.9 and
classi ...)
+ TODO: check
+CVE-2023-7179 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2023-7178 (A vulnerability, which was classified as critical, has been
found in C ...)
+ TODO: check
+CVE-2023-7177 (A vulnerability classified as critical was found in Campcodes
Online C ...)
+ TODO: check
+CVE-2023-7176 (A vulnerability classified as critical has been found in
Campcodes Onl ...)
+ TODO: check
+CVE-2023-7175 (A vulnerability was found in Campcodes Online College Library
System 1 ...)
+ TODO: check
+CVE-2023-7173 (A vulnerability, which was classified as problematic, was found
in PHP ...)
+ TODO: check
+CVE-2023-7172 (A vulnerability, which was classified as critical, has been
found in P ...)
+ TODO: check
+CVE-2023-6998 (Improper privilege management vulnerability in CoolKit
Technology eWeL ...)
+ TODO: check
+CVE-2023-52263 (Brave Browser before 1.59.40 does not properly restrict the
schema for ...)
+ TODO: check
+CVE-2023-52262 (outdoorbits little-backup-box (aka Little Backup Box) before
f39f91c a ...)
+ TODO: check
+CVE-2023-51136 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain ...)
+ TODO: check
+CVE-2023-51135 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain ...)
+ TODO: check
+CVE-2023-51133 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to
contain ...)
+ TODO: check
+CVE-2023-50651 (TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to
contain a rem ...)
+ TODO: check
+CVE-2023-50589 (Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain
a SQL i ...)
+ TODO: check
+CVE-2023-50578 (Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection
vulnera ...)
+ TODO: check
+CVE-2023-50550 (layui up to v2.74 was discovered to contain a cross-site
scripting (XS ...)
+ TODO: check
+CVE-2023-50110 (TestLink through 1.9.20 allows type juggling for
authentication bypass ...)
+ TODO: check
+CVE-2023-49299 (Improper Input Validation vulnerability in Apache
DolphinScheduler. An ...)
+ TODO: check
+CVE-2018-25096 (A vulnerability was found in MdAlAmin-aol Own Health Record
0.1-alpha/ ...)
+ TODO: check
CVE-2023-52257 (LogoBee 0.2 allows updates.php?id= XSS.)
NOT-FOR-US: LogoBee
CVE-2023-52252 (Unified Remote 3.13.0 allows remote attackers to execute
arbitrary Lua ...)
@@ -694,6 +738,7 @@ CVE-2023-34198 (In Stormshield Network Security (SNS) 1.0.0
through 3.7.36 befor
CVE-2023-7102 (Use of a Third Party library produced a vulnerability in
Barracuda Net ...)
NOT-FOR-US: Barracuda (its use of Spreadsheet::ParseExcel, cf.
CVE-2023-7102)
CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for
parsing ...)
+ {DSA-5592-1}
- libspreadsheet-parseexcel-perl 0.6500-4 (bug #1059450)
NOTE:
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc
@@ -2847,6 +2892,7 @@ CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a
segmentation violation
NOTE: Fixed by:
https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
NOTE: Seems bogus, this isn't a DoS but only a broken use of an API
CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation
violation via t ...)
+ {DLA-3700-1}
- cjson 1.7.17-1 (bug #1059287)
NOTE: https://github.com/DaveGamble/cJSON/issues/802
NOTE: Fixed by:
https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8
@@ -4335,18 +4381,21 @@ CVE-2023-49493 (DedeCMS v5.7.111 was discovered to
contain a reflective cross-si
CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective
cross-site scr ...)
NOT-FOR-US: DedeCMS
CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer
overflow vu ...)
+ {DLA-3699-1}
- libde265 1.0.15-1 (bug #1059275)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/432
NOTE: Fixed by:
https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb
(v1.0.15)
CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a
heap-buffer-overflow vuln ...)
+ {DLA-3699-1}
- libde265 1.0.15-1 (bug #1059275)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
NOTE: https://github.com/strukturag/libde265/issues/434
NOTE: Fixed by:
https://github.com/strukturag/libde265/commit/7e4faf254bbd2e52b0f216cb987573a2cce97b54
(v1.0.15)
CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a
heap-buffer-overflow vuln ...)
+ {DLA-3699-1}
- libde265 1.0.15-1 (bug #1059275)
[bookworm] - libde265 <no-dsa> (Minor issue)
[bullseye] - libde265 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e12d1f19482049feefbe7675e9cbcc6286d738c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e12d1f19482049feefbe7675e9cbcc6286d738c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
