Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9650100c by security tracker role at 2023-07-15T08:12:22+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,33 @@ +CVE-2023-3678 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) + TODO: check +CVE-2023-38350 (PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via t ...) + TODO: check +CVE-2023-38349 (PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controlle ...) + TODO: check +CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary JSON and ...) + TODO: check +CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via filename ...) + TODO: check +CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command injection ...) + TODO: check +CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow v ...) + TODO: check +CVE-2023-37472 (Knowage is an open source suite for business analytics. The applicatio ...) + TODO: check +CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript Object Signin ...) + TODO: check +CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + TODO: check +CVE-2023-37268 (Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn' ...) + TODO: check +CVE-2023-36818 (Discourse is an open source discussion platform. In affected versions ...) + TODO: check +CVE-2023-36466 (Discourse is an open source discussion platform. When editing a topic, ...) + TODO: check +CVE-2023-35802 (IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Ove ...) + TODO: check +CVE-2023-34236 (Weave GitOps Terraform Controller (aka Weave TF-controller) is a contr ...) + TODO: check CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.) NOT-FOR-US: pimcore CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webment ...) @@ -2080,6 +2110,7 @@ CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.) NOT-FOR-US: Joplin CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...) + {DLA-3497-1} - pypdf2 1.27.9-1 [bullseye] - pypdf2 <no-dsa> (Minor issue) NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9650100c4c72c44f552d968a0b0f7bf83fe19c91 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9650100c4c72c44f552d968a0b0f7bf83fe19c91 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits