[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Oct 22 09:12:08 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e9b979e by security tracker role at 2023-10-22T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2023-46301 (iTerm2 before 3.4.20 allow (potentially remote) code execution because ...)
+ TODO: check
+CVE-2023-46300 (iTerm2 before 3.4.20 allow (potentially remote) code execution because ...)
+ TODO: check
+CVE-2023-46298 (Next.js before 13.4.20-canary.13 lacks a cache-control header and thus ...)
+ TODO: check
+CVE-2023-46078 (Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Seria ...)
+ TODO: check
+CVE-2023-46067 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Fon ...)
+ TODO: check
+CVE-2023-38735 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote ...)
+ TODO: check
+CVE-2023-38276 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...)
+ TODO: check
+CVE-2023-38275 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...)
+ TODO: check
CVE-2023-5349 [memory leak]
- ruby-rmagick 5.3.0-1
NOTE: https://github.com/rmagick/rmagick/pull/1406
@@ -256,7 +272,8 @@ CVE-2023-46277 (please (aka pleaser) through 0.5.4 allows privilege escalation t
- rust-pleaser <unfixed> (bug #1054289)
NOTE: https://gitlab.com/edneville/please/-/issues/13
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0066.html
-CVE-2023-46267 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...)
+CVE-2023-46267
+ REJECTED
- roundcube 1.6.4+dfsg-1
NOTE: https://github.com/roundcube/roundcubemail/issues/9168
NOTE: https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d (1.6.4)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9b979e2391bcca072af492ce0dc951c8869106
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9b979e2391bcca072af492ce0dc951c8869106
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231022/a58f5c4d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list