Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9221deb by security tracker role at 2023-11-24T20:11:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2023-6293 (Prototype Pollution in GitHub repository
robinbuschmann/sequelize-type ...)
+ TODO: check
+CVE-2023-6277 (An out-of-memory flaw was found in libtiff. Passing a crafted
tiff fil ...)
+ TODO: check
+CVE-2023-6276 (A vulnerability classified as critical has been found in Tongda
OA 201 ...)
+ TODO: check
+CVE-2023-6275 (A vulnerability was found in TOTVS Fluig Platform
1.6.x/1.7.x/1.8.0/1. ...)
+ TODO: check
+CVE-2023-6274 (A vulnerability was found in Beijing Baichuo Smart S80 up to
20231108. ...)
+ TODO: check
+CVE-2023-6251 (Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, <
2.1.0p37, < ...)
+ TODO: check
+CVE-2023-49298 (OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain
scenarios i ...)
+ TODO: check
+CVE-2023-48712 (Warpgate is an open source SSH, HTTPS and MySQL bastion host
for Linux ...)
+ TODO: check
+CVE-2023-48711 (google-translate-api-browser is an npm package which
interfaces with t ...)
+ TODO: check
+CVE-2023-48708 (CodeIgniter Shield is an authentication and authorization
provider for ...)
+ TODO: check
+CVE-2023-48707 (CodeIgniter Shield is an authentication and authorization
provider for ...)
+ TODO: check
+CVE-2023-48312 (capsule-proxy is a reverse proxy for the capsule operator
project. Aff ...)
+ TODO: check
+CVE-2023-46575 (A SQL injection vulnerability in Meshery before 0.6.179 allows
a remot ...)
+ TODO: check
+CVE-2023-38914
+ REJECTED
CVE-2023-49068
NOT-FOR-US: Apache DolphinScheduler
CVE-2023-49216 (Usedesk before 1.7.57 allows profile stored XSS.)
@@ -561,7 +589,7 @@ CVE-2023-5764
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247629
TODO: check with Red Hat for details
CVE-2023-41913
- {DSA-5560-1}
+ {DSA-5560-1 DLA-3663-1}
- strongswan <unfixed>
NOTE:
https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html
NOTE: Patches: https://download.strongswan.org/security/CVE-2023-41913/
@@ -2159,6 +2187,7 @@ CVE-2023-46735 (Symfony is a PHP framework for web and
console applications and
NOTE:
https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr
NOTE:
https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962
(v6.3.8)
CVE-2023-46734 (Symfony is a PHP framework for web and console applications
and a set ...)
+ {DLA-3664-1}
- symfony 5.4.31+dfsg-1 (bug #1055774)
[bookworm] - symfony <no-dsa> (Minor issue)
[bullseye] - symfony <no-dsa> (Minor issue)
@@ -81957,7 +81986,7 @@ CVE-2022-40736 (An issue was discovered in Bento4
1.6.0-639. There ie excessive
NOT-FOR-US: Bento4
CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long
exponents ...)
NOTE: Generic Diffie-Hellman protocol issue
-CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through
2.5.1 a ...)
+CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) before
2.6.4 al ...)
NOT-FOR-US: Laravel Filemanager
CVE-2022-40733
RESERVED
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9221debf1937af3f670c0063e7cc7f1842792ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9221debf1937af3f670c0063e7cc7f1842792ae
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
