[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9650100c by security tracker role at 2023-07-15T08:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2023-3678 (A vulnerability was found in SourceCodester AC Repair and 
Services Sys ...)
+       TODO: check
+CVE-2023-38350 (PNP4Nagios through 81ebfc5 has stored XSS in the AJAX 
controller via t ...)
+       TODO: check
+CVE-2023-38349 (PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX 
controlle ...)
+       TODO: check
+CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary 
JSON and ...)
+       TODO: check
+CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via 
filename ...)
+       TODO: check
+CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command 
injection ...)
+       TODO: check
+CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer 
overflow v ...)
+       TODO: check
+CVE-2023-37472 (Knowage is an open source suite for business analytics. The 
applicatio ...)
+       TODO: check
+CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript 
Object Signin ...)
+       TODO: check
+CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime 
services fo ...)
+       TODO: check
+CVE-2023-37268 (Warpgate is an SSH, HTTPS and MySQL bastion host for Linux 
that doesn' ...)
+       TODO: check
+CVE-2023-36818 (Discourse is an open source discussion platform. In affected 
versions  ...)
+       TODO: check
+CVE-2023-36466 (Discourse is an open source discussion platform. When editing 
a topic, ...)
+       TODO: check
+CVE-2023-35802 (IQ Engine before 10.6r1 on Extreme Network AP devices has a 
Buffer Ove ...)
+       TODO: check
+CVE-2023-34236 (Weave GitOps Terraform Controller (aka Weave TF-controller) is 
a contr ...)
+       TODO: check
 CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 
10.5.24.)
        NOT-FOR-US: pimcore
 CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository 
plaidweb/webment ...)
@@ -2080,6 +2110,7 @@ CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an 
AREA element of an image
 CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG 
document.)
        NOT-FOR-US: Joplin
 CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, 
merging, crop ...)
+       {DLA-3497-1}
        - pypdf2 1.27.9-1
        [bullseye] - pypdf2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9650100c4c72c44f552d968a0b0f7bf83fe19c91

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9650100c4c72c44f552d968a0b0f7bf83fe19c91
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits