[Git][security-tracker-team/security-tracker][master] automatic update

Sat Aug 26 09:12:51 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
74afe9de by security tracker role at 2023-08-26T08:12:39+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2023-4546 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...)
+	TODO: check
+CVE-2023-4545 (A vulnerability was found in IBOS OA 4.5.5. It has been classified as  ...)
+	TODO: check
+CVE-2023-4544 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...)
+	TODO: check
+CVE-2023-4543 (A vulnerability was found in IBOS OA 4.5.5. It has been declared as cr ...)
+	TODO: check
+CVE-2023-4542 (A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has ...)
+	TODO: check
+CVE-2023-4524
+	REJECTED
+CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of service: remote attacker ...)
+	TODO: check
+CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
+	TODO: check
+CVE-2023-40587 (Pyramid is an open source Python web framework. A path traversal vulne ...)
+	TODO: check
+CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...)
+	TODO: check
+CVE-2023-40585 (ironic-image is a container image to run OpenStack Ironic as part of M ...)
+	TODO: check
+CVE-2023-40583 (libp2p is a networking stack and library modularized out of The IPFS P ...)
+	TODO: check
+CVE-2023-40571 (weblogic-framework is a tool for detecting weblogic vulnerabilities. V ...)
+	TODO: check
+CVE-2023-40166 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
+	TODO: check
+CVE-2023-40164 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...)
+	TODO: check
+CVE-2023-39291 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...)
+	TODO: check
+CVE-2023-39290 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...)
+	TODO: check
+CVE-2023-39289 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...)
+	TODO: check
+CVE-2023-39288 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...)
+	TODO: check
+CVE-2023-39287 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...)
+	TODO: check
+CVE-2023-36741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
+	TODO: check
+CVE-2023-34723 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...)
+	TODO: check
+CVE-2023-2906 (Due to a failure in validating the length provided by an attacker-craf ...)
+	TODO: check
 CVE-2023-4534 (A vulnerability, which was classified as problematic, was found in Neo ...)
 	NOT-FOR-US: NeoMind Fusion Platform
 CVE-2023-4520 (The FV Flowplayer Video Player plugin for WordPress is vulnerable to S ...)
@@ -1942,17 +1988,17 @@ CVE-2023-32002 (The use of `Module._load()` can bypass the policy mechanism and
 	NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002
 	NOTE: https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a (v18.x)
 	NOTE: https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1 (main)
-CVE-2023-38712 [nvalid IKEv1 repeat IKE SA delete causes crash and restart]
+CVE-2023-38712 (An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an  ...)
 	- libreswan 4.12-1
 	NOTE: https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.txt
 	NOTE: https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.patch
-CVE-2023-38711 [Invalid IKEv1 Quick Mode ID causes restart]
+CVE-2023-38711 (An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick  ...)
 	- libreswan 4.12-1
 	[bullseye] - libreswan <not-affected> (Vulnerable code not present)
 	[buster] - libreswan <not-affected> (Vulnerable code not present)
 	NOTE: https://libreswan.org/security/CVE-2023-38711/CVE-2023-38711.txt
 	NOTE: https://libreswan.org/security/CVE-2023-38711/CVE-2023-38711.patch
-CVE-2023-38710 [Invalid IKEv2 REKEY proposal causes restart]
+CVE-2023-38710 (An issue was discovered in Libreswan before 4.12. When an IKEv2 Child  ...)
 	- libreswan 4.12-1
 	NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.txt
 	NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.patch



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74afe9dee48be5085ebf097636fe5b466c24071c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74afe9dee48be5085ebf097636fe5b466c24071c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230826/a8897dd8/attachment-0001.htm>
