[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Tue, 05 Dec 2023 12:12:31 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9d2d36bd by security tracker role at 2023-12-05T20:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,78 @@
-CVE-2023-49070
+CVE-2023-6448 (Unitronics Vision Series PLCs and HMIs use default 
administrative pass ...)
+       TODO: check
+CVE-2023-6357 (A low-privileged remote attacker could exploit the 
vulnerability and i ...)
+       TODO: check
+CVE-2023-6180 (The tokio-boring library in version 4.0.0 is affected by a 
memory leak ...)
+       TODO: check
+CVE-2023-49448 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49447 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49446 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49398 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49397 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49396 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49395 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49383 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49382 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49381 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49380 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49379 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49378 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49377 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49376 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49375 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49374 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49373 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-49372 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site 
Request Forger ...)
+       TODO: check
+CVE-2023-46674 (An issue was identified that allowed the unsafe 
deserialization of jav ...)
+       TODO: check
+CVE-2023-45842 (Multiple data integrity vulnerabilities exist in the package 
hash chec ...)
+       TODO: check
+CVE-2023-45841 (Multiple data integrity vulnerabilities exist in the package 
hash chec ...)
+       TODO: check
+CVE-2023-45840 (Multiple data integrity vulnerabilities exist in the package 
hash chec ...)
+       TODO: check
+CVE-2023-45839 (Multiple data integrity vulnerabilities exist in the package 
hash chec ...)
+       TODO: check
+CVE-2023-45838 (Multiple data integrity vulnerabilities exist in the package 
hash chec ...)
+       TODO: check
+CVE-2023-45287 (Before Go 1.20, the RSA based TLS key exchanges used the 
math/big libr ...)
+       TODO: check
+CVE-2023-45085 (An issue exists in SoftIron HyperCloud where compute nodes may 
come on ...)
+       TODO: check
+CVE-2023-45084 (An issue exists in SoftIron HyperCloud where drive caddy 
removal and r ...)
+       TODO: check
+CVE-2023-45083 (An Improper Privilege Management vulnerability exists in 
HyperCloud th ...)
+       TODO: check
+CVE-2023-44298 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision 
BIOS, ve ...)
+       TODO: check
+CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision 
BIOS, ve ...)
+       TODO: check
+CVE-2023-43628 (An integer overflow vulnerability exists in the NTRIP Stream 
Parsing f ...)
+       TODO: check
+CVE-2023-43608 (A data integrity vulnerability exists in the 
BR_NO_CHECK_HASH_FOR func ...)
+       TODO: check
+CVE-2023-41835 (When a Multipart request is performed but some of the fields 
exceed th ...)
+       TODO: check
+CVE-2023-49070 (Pre-auth RCE in Apache Ofbiz 18.12.09.  It's due to XML-RPCno 
longer m ...)
        NOT-FOR-US: Apache OFBiz
 CVE-2023-6269 (An argument injection vulnerability has been identified in the  
admini ...)
        NOT-FOR-US: Atos
@@ -130376,8 +130450,8 @@ CVE-2022-24405 (OX App Suite through 7.10.6 allows OS 
Command Injection via a se
        NOT-FOR-US: OX App Suite
 CVE-2022-24404 (Lack of cryptographic integrity check on TETRA air-interface 
encrypted ...)
        NOT-FOR-US: TETRA
-CVE-2022-24403
-       RESERVED
+CVE-2022-24403 (The TETRA TA61 identity encryption function internally uses a 
64-bit v ...)
+       TODO: check
 CVE-2022-24402 (The TETRA TEA1 keystream generator implements a key register 
initializ ...)
        NOT-FOR-US: TETRA
 CVE-2022-24401 (Adversary-induced keystream re-use on TETRA air-interface 
encrypted tr ...)
@@ -291759,17 +291833,17 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 
is installed setuid and allow
        NOTE: /usr/sbin/maidat not installed suid root on Debian
 CVE-2019-18861
        RESERVED
-CVE-2023-49288 [SQUID-2023:9 Denial of Service in HTTP Collapsed Forwarding]
+CVE-2023-49288 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, 
FTP, and  ...)
        - squid 6.1-1
        - squid3 <removed>
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5
-CVE-2023-49286 [SQUID-2023:8 Denial of Service in Helper Process management]
+CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, 
FTP, and  ...)
        - squid 6.5-1 (low)
        - squid3 <removed>
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
        NOTE: 
https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264
 (SQUID_6_5)
        NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
-CVE-2023-49285 [SQUID-2023:7 Denial of Service in HTTP Message processing]
+CVE-2023-49285 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, 
FTP, and  ...)
        - squid 6.5-1 (low)
        - squid3 <removed>
        NOTE: 
https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d2d36bd6d8aba53b13ca0ed5dfc4d1abcec9b77

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d2d36bd6d8aba53b13ca0ed5dfc4d1abcec9b77
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to