Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2f17286b by Dylan Aïssi at 2024-05-16T10:11:09+02:00 Update dlt-daemon CVEs - - - - - 80f9f616 by Salvatore Bonaccorso at 2024-05-16T12:17:38+00:00 Merge branch 'wip/daissi/dlt-daemon' into 'master' Update dlt-daemon CVEs See merge request security-tracker-team/security-tracker!175 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -50284,7 +50284,9 @@ CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resour NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552 NOTE: https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discover ...) - NOT-FOR-US: COVESA + - dlt-daemon 2.18.9-1 + NOTE: https://github.com/COVESA/dlt-daemon/issues/436 + NOTE: https://github.com/COVESA/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899 (2.18.9) CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...) NOT-FOR-US: Ivanti CVE-2023-35083 (Allows an authenticated attacker with network access to read arbitrary ...) @@ -87739,7 +87741,9 @@ CVE-2023-26259 CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass. The method ...) NOT-FOR-US: Arcserve CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...) - NOT-FOR-US: Connected Vehicle Systems Alliance + - dlt-daemon 2.18.9-1 + NOTE: https://github.com/COVESA/dlt-daemon/issues/440 + NOTE: https://github.com/COVESA/dlt-daemon/commit/b6149e203f919c899fefc702a17fbb78bdec3700 (2.18.9) CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...) NOT-FOR-US: Plugin for Jira CVE-2023-26255 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...) @@ -128623,9 +128627,11 @@ CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file ...) NOT-FOR-US: Systematic FIX Adapter (ALFAFX) CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...) - NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA) + - dlt-daemon 2.18.9-1 + NOTE: https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272 (2.18.9) CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...) - NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA) + - dlt-daemon 2.18.9-1 + NOTE: https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272 (2.18.9) CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerability allo ...) - gajim 1.5.0-1 [bullseye] - gajim <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7161e96533dc8ec426316178f875eba4257706ad...80f9f6168b6b9112df8d8e0b7190143be45b1455 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7161e96533dc8ec426316178f875eba4257706ad...80f9f6168b6b9112df8d8e0b7190143be45b1455 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits