[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 5 20:12:21 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d2d36bd by security tracker role at 2023-12-05T20:12:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,78 @@
-CVE-2023-49070
+CVE-2023-6448 (Unitronics Vision Series PLCs and HMIs use default administrative pass ...)
+	TODO: check
+CVE-2023-6357 (A low-privileged remote attacker could exploit the vulnerability and i ...)
+	TODO: check
+CVE-2023-6180 (The tokio-boring library in version 4.0.0 is affected by a memory leak ...)
+	TODO: check
+CVE-2023-49448 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49447 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49446 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49398 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49397 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49396 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49395 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49383 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49382 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49381 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49380 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49379 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49378 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49377 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49376 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49375 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49374 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49373 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-49372 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...)
+	TODO: check
+CVE-2023-46674 (An issue was identified that allowed the unsafe deserialization of jav ...)
+	TODO: check
+CVE-2023-45842 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
+	TODO: check
+CVE-2023-45841 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
+	TODO: check
+CVE-2023-45840 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
+	TODO: check
+CVE-2023-45839 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
+	TODO: check
+CVE-2023-45838 (Multiple data integrity vulnerabilities exist in the package hash chec ...)
+	TODO: check
+CVE-2023-45287 (Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...)
+	TODO: check
+CVE-2023-45085 (An issue exists in SoftIron HyperCloud where compute nodes may come on ...)
+	TODO: check
+CVE-2023-45084 (An issue exists in SoftIron HyperCloud where drive caddy removal and r ...)
+	TODO: check
+CVE-2023-45083 (An Improper Privilege Management vulnerability exists in HyperCloud th ...)
+	TODO: check
+CVE-2023-44298 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...)
+	TODO: check
+CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...)
+	TODO: check
+CVE-2023-43628 (An integer overflow vulnerability exists in the NTRIP Stream Parsing f ...)
+	TODO: check
+CVE-2023-43608 (A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR func ...)
+	TODO: check
+CVE-2023-41835 (When a Multipart request is performed but some of the fields exceed th ...)
+	TODO: check
+CVE-2023-49070 (Pre-auth RCE in Apache Ofbiz 18.12.09.  It's due to XML-RPCno longer m ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2023-6269 (An argument injection vulnerability has been identified in the  admini ...)
 	NOT-FOR-US: Atos
@@ -130376,8 +130450,8 @@ CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a se
 	NOT-FOR-US: OX App Suite
 CVE-2022-24404 (Lack of cryptographic integrity check on TETRA air-interface encrypted ...)
 	NOT-FOR-US: TETRA
-CVE-2022-24403
-	RESERVED
+CVE-2022-24403 (The TETRA TA61 identity encryption function internally uses a 64-bit v ...)
+	TODO: check
 CVE-2022-24402 (The TETRA TEA1 keystream generator implements a key register initializ ...)
 	NOT-FOR-US: TETRA
 CVE-2022-24401 (Adversary-induced keystream re-use on TETRA air-interface encrypted tr ...)
@@ -291759,17 +291833,17 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow
 	NOTE: /usr/sbin/maidat not installed suid root on Debian
 CVE-2019-18861
 	RESERVED
-CVE-2023-49288 [SQUID-2023:9 Denial of Service in HTTP Collapsed Forwarding]
+CVE-2023-49288 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and  ...)
 	- squid 6.1-1
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5
-CVE-2023-49286 [SQUID-2023:8 Denial of Service in Helper Process management]
+CVE-2023-49286 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and  ...)
 	- squid 6.5-1 (low)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
 	NOTE: https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 (SQUID_6_5)
 	NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
-CVE-2023-49285 [SQUID-2023:7 Denial of Service in HTTP Message processing]
+CVE-2023-49285 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and  ...)
 	- squid 6.5-1 (low)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d2d36bd6d8aba53b13ca0ed5dfc4d1abcec9b77

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d2d36bd6d8aba53b13ca0ed5dfc4d1abcec9b77
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231205/dc400ac7/attachment.htm>

More information about the debian-security-tracker-commits mailing list