[Git][security-tracker-team/security-tracker][master] automatic update

Fri Nov 24 20:12:09 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9221deb by security tracker role at 2023-11-24T20:11:59+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2023-6293 (Prototype Pollution in GitHub repository robinbuschmann/sequelize-type ...)
+	TODO: check
+CVE-2023-6277 (An out-of-memory flaw was found in libtiff. Passing a crafted tiff fil ...)
+	TODO: check
+CVE-2023-6276 (A vulnerability classified as critical has been found in Tongda OA 201 ...)
+	TODO: check
+CVE-2023-6275 (A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1. ...)
+	TODO: check
+CVE-2023-6274 (A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. ...)
+	TODO: check
+CVE-2023-6251 (Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, < ...)
+	TODO: check
+CVE-2023-49298 (OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios i ...)
+	TODO: check
+CVE-2023-48712 (Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux ...)
+	TODO: check
+CVE-2023-48711 (google-translate-api-browser is an npm package which interfaces with t ...)
+	TODO: check
+CVE-2023-48708 (CodeIgniter Shield is an authentication and authorization provider for ...)
+	TODO: check
+CVE-2023-48707 (CodeIgniter Shield is an authentication and authorization provider for ...)
+	TODO: check
+CVE-2023-48312 (capsule-proxy is a reverse proxy for the capsule operator project. Aff ...)
+	TODO: check
+CVE-2023-46575 (A SQL injection vulnerability in Meshery before 0.6.179 allows a remot ...)
+	TODO: check
+CVE-2023-38914
+	REJECTED
 CVE-2023-49068
 	NOT-FOR-US: Apache DolphinScheduler
 CVE-2023-49216 (Usedesk before 1.7.57 allows profile stored XSS.)
@@ -561,7 +589,7 @@ CVE-2023-5764
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247629
 	TODO: check with Red Hat for details
 CVE-2023-41913
-	{DSA-5560-1}
+	{DSA-5560-1 DLA-3663-1}
 	- strongswan <unfixed>
 	NOTE: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html
 	NOTE: Patches: https://download.strongswan.org/security/CVE-2023-41913/
@@ -2159,6 +2187,7 @@ CVE-2023-46735 (Symfony is a PHP framework for web and console applications and
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr
 	NOTE: https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962 (v6.3.8)
 CVE-2023-46734 (Symfony is a PHP framework for web and console applications and a set  ...)
+	{DLA-3664-1}
 	- symfony 5.4.31+dfsg-1 (bug #1055774)
 	[bookworm] - symfony <no-dsa> (Minor issue)
 	[bullseye] - symfony <no-dsa> (Minor issue)
@@ -81957,7 +81986,7 @@ CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive
 	NOT-FOR-US: Bento4
 CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long exponents ...)
 	NOTE: Generic Diffie-Hellman protocol issue
-CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) through 2.5.1 a ...)
+CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 al ...)
 	NOT-FOR-US: Laravel Filemanager
 CVE-2022-40733
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9221debf1937af3f670c0063e7cc7f1842792ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9221debf1937af3f670c0063e7cc7f1842792ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231124/f956b19b/attachment.htm>
