[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 29 Nov 2023 12:12:41 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
56da5933 by security tracker role at 2023-11-29T20:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,16 +1,42 @@
-CVE-2023-49674
+CVE-2023-6378 (A serialization vulnerability in logback receiver component 
part of  l ...)
+       TODO: check
+CVE-2023-6218 (In Progress MOVEit Transfer versions released before 2022.0.9 
(14.0.9) ...)
+       TODO: check
+CVE-2023-6217 (In Progress MOVEit Transfer versions released before 2022.0.9 
(14.0.9) ...)
+       TODO: check
+CVE-2023-6070 (A server-side request forgery vulnerability in ESM prior to 
version 11 ...)
+       TODO: check
+CVE-2023-49091 (Cosmos provides users the ability self-host a home server by 
acting as ...)
+       TODO: check
+CVE-2023-49090 (CarrierWave is a solution for file uploads for Rails, Sinatra 
and othe ...)
+       TODO: check
+CVE-2023-49083 (cryptography is a package designed to expose cryptographic 
primitives  ...)
+       TODO: check
+CVE-2023-49079 (Misskey is an open source, decentralized social media 
platform. Misske ...)
+       TODO: check
+CVE-2023-48882 (A stored cross-site scripting (XSS) vulnerability in EyouCMS 
v1.6.4-UT ...)
+       TODO: check
+CVE-2023-48881 (A stored cross-site scripting (XSS) vulnerability in EyouCMS 
v1.6.4-UT ...)
+       TODO: check
+CVE-2023-48880 (A stored cross-site scripting (XSS) vulnerability in EyouCMS 
v1.6.4-UT ...)
+       TODO: check
+CVE-2023-44383 (October is a Content Management System (CMS) and web platform 
to assis ...)
+       TODO: check
+CVE-2023-40626 (The language file parsing process could be manipulated to 
expose envir ...)
+       TODO: check
+CVE-2023-49674 (A missing permission check in Jenkins NeuVector Vulnerability 
Scanner  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-49673
+CVE-2023-49673 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
NeuVector ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-49656
+CVE-2023-49656 (Jenkins MATLAB Plugin 2.11.0 and earlier does not configure 
its XML pa ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-49655
+CVE-2023-49655 (A cross-site request forgery (CSRF) vulnerability in Jenkins 
MATLAB Pl ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-49654
+CVE-2023-49654 (Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and 
earlier  ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-49653
+CVE-2023-49653 (Jenkins Jira Plugin 3.11 and earlier does not set the 
appropriate cont ...)
        NOT-FOR-US: Jenkins plugin
-CVE-2023-49652
+CVE-2023-49652 (Incorrect permission checks in Jenkins Google Compute Engine 
Plugin 4. ...)
        NOT-FOR-US: Jenkins plugin
 CVE-2023-49092 (RustCrypto/RSA is a portable RSA implementation in pure Rust. 
Due to a ...)
        - rust-rsa <unfixed> (bug #1057096)
@@ -40,27 +66,27 @@ CVE-2023-45480 (Tenda AC10 version 
US_AC10V4.0si_V16.03.10.13_cn was discovered
        NOT-FOR-US: Tenda
 CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was 
discovered to con ...)
        NOT-FOR-US: Tenda
-CVE-2023-6351
+CVE-2023-6351 (Use after free in libavif in Google Chrome prior to 
119.0.6045.199 all ...)
        - chromium 119.0.6045.199-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6350
+CVE-2023-6350 (Use after free in libavif in Google Chrome prior to 
119.0.6045.199 all ...)
        - chromium 119.0.6045.199-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6348
+CVE-2023-6348 (Type Confusion in Spellcheck in Google Chrome prior to 
119.0.6045.199  ...)
        - chromium 119.0.6045.199-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6347
+CVE-2023-6347 (Use after free in Mojo in Google Chrome prior to 119.0.6045.199 
allowe ...)
        - chromium 119.0.6045.199-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6346
+CVE-2023-6346 (Use after free in WebAudio in Google Chrome prior to 
119.0.6045.199 al ...)
        - chromium 119.0.6045.199-1
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6345
+CVE-2023-6345 (Integer overflow in Skia in Google Chrome prior to 
119.0.6045.199 allo ...)
        - chromium 119.0.6045.199-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-6359 (A Cross-Site Scripting (XSS) vulnerability has been found in 
Alumne LM ...)
        NOT-FOR-US: Alumne LMS
-CVE-2023-6239 (Improperly calculated effective permissions in M-Files Server 
versions ...)
+CVE-2023-6239 (Under rare conditions, the effective permissions of an object 
might be ...)
        NOT-FOR-US: M-Files
 CVE-2023-6201 (Improper Neutralization of Special Elements used in an OS 
Command ('OS ...)
        NOT-FOR-US: Univera Computer System Panorama
@@ -936,7 +962,7 @@ CVE-2023-5776 (The Post Meta Data Manager plugin for 
WordPress is vulnerable to
        NOT-FOR-US: WordPress plugin
 CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting 
3DDashboar ...)
        NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE
-CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities\xc2affecting 
3DSwym  ...)
+CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities affecting 
3DSwym in  ...)
        NOT-FOR-US: 3DSwym in 3DSwymer from Release 3DEXPERIENCE
 CVE-2023-5055 (Possible variant of CVE-2021-3434 in function 
le_ecred_reconf_req.)
        NOT-FOR-US: zephyr-rtos
@@ -45108,7 +45134,7 @@ CVE-2023-25839 (There is SQL injection vulnerability in 
Esri ArcGIS Insights Des
        NOT-FOR-US: Esri ArcGIS
 CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 
2022.1 for ...)
        NOT-FOR-US: Esri ArcGIS
-CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri Portal 
Sites in v ...)
+CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri ArcGIS 
Enterprise ...)
        NOT-FOR-US: Esri
 CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal 
Sites in v ...)
        NOT-FOR-US: Esri



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56da5933b71334799e8af505dabe3b06a33e83bd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56da5933b71334799e8af505dabe3b06a33e83bd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to