[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 29 20:12:33 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
56da5933 by security tracker role at 2023-11-29T20:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,16 +1,42 @@
-CVE-2023-49674
+CVE-2023-6378 (A serialization vulnerability in logback receiver component part of  l ...)
+	TODO: check
+CVE-2023-6218 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...)
+	TODO: check
+CVE-2023-6217 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...)
+	TODO: check
+CVE-2023-6070 (A server-side request forgery vulnerability in ESM prior to version 11 ...)
+	TODO: check
+CVE-2023-49091 (Cosmos provides users the ability self-host a home server by acting as ...)
+	TODO: check
+CVE-2023-49090 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...)
+	TODO: check
+CVE-2023-49083 (cryptography is a package designed to expose cryptographic primitives  ...)
+	TODO: check
+CVE-2023-49079 (Misskey is an open source, decentralized social media platform. Misske ...)
+	TODO: check
+CVE-2023-48882 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...)
+	TODO: check
+CVE-2023-48881 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...)
+	TODO: check
+CVE-2023-48880 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...)
+	TODO: check
+CVE-2023-44383 (October is a Content Management System (CMS) and web platform to assis ...)
+	TODO: check
+CVE-2023-40626 (The language file parsing process could be manipulated to expose envir ...)
+	TODO: check
+CVE-2023-49674 (A missing permission check in Jenkins NeuVector Vulnerability Scanner  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-49673
+CVE-2023-49673 (A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-49656
+CVE-2023-49656 (Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML pa ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-49655
+CVE-2023-49655 (A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Pl ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-49654
+CVE-2023-49654 (Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier  ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-49653
+CVE-2023-49653 (Jenkins Jira Plugin 3.11 and earlier does not set the appropriate cont ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2023-49652
+CVE-2023-49652 (Incorrect permission checks in Jenkins Google Compute Engine Plugin 4. ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-49092 (RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a ...)
 	- rust-rsa <unfixed> (bug #1057096)
@@ -40,27 +66,27 @@ CVE-2023-45480 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered
 	NOT-FOR-US: Tenda
 CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...)
 	NOT-FOR-US: Tenda
-CVE-2023-6351
+CVE-2023-6351 (Use after free in libavif in Google Chrome prior to 119.0.6045.199 all ...)
 	- chromium 119.0.6045.199-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6350
+CVE-2023-6350 (Use after free in libavif in Google Chrome prior to 119.0.6045.199 all ...)
 	- chromium 119.0.6045.199-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6348
+CVE-2023-6348 (Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199  ...)
 	- chromium 119.0.6045.199-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6347
+CVE-2023-6347 (Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowe ...)
 	- chromium 119.0.6045.199-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6346
+CVE-2023-6346 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 al ...)
 	- chromium 119.0.6045.199-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2023-6345
+CVE-2023-6345 (Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allo ...)
 	- chromium 119.0.6045.199-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-6359 (A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LM ...)
 	NOT-FOR-US: Alumne LMS
-CVE-2023-6239 (Improperly calculated effective permissions in M-Files Server versions ...)
+CVE-2023-6239 (Under rare conditions, the effective permissions of an object might be ...)
 	NOT-FOR-US: M-Files
 CVE-2023-6201 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
 	NOT-FOR-US: Univera Computer System Panorama
@@ -936,7 +962,7 @@ CVE-2023-5776 (The Post Meta Data Manager plugin for WordPress is vulnerable to
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...)
 	NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE
-CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities\xc2affecting 3DSwym  ...)
+CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in  ...)
 	NOT-FOR-US: 3DSwym in 3DSwymer from Release 3DEXPERIENCE
 CVE-2023-5055 (Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.)
 	NOT-FOR-US: zephyr-rtos
@@ -45108,7 +45134,7 @@ CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights Des
 	NOT-FOR-US: Esri ArcGIS
 CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 2022.1 for ...)
 	NOT-FOR-US: Esri ArcGIS
-CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...)
+CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri ArcGIS Enterprise ...)
 	NOT-FOR-US: Esri
 CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...)
 	NOT-FOR-US: Esri



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56da5933b71334799e8af505dabe3b06a33e83bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/56da5933b71334799e8af505dabe3b06a33e83bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231129/2d456857/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list